10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 946.728713][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 946.737128][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 946.745100][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 946.753073][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 946.761044][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 946.769019][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 946.776989][T18675] Uninit was stored to memory at: [ 946.782023][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 946.787749][T18675] __msan_chain_origin+0x57/0xa0 [ 946.792685][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 946.797791][T18675] get_compat_msghdr+0x108/0x2b0 [ 946.802731][T18675] do_recvmmsg+0xdc7/0x22e0 [ 946.807235][T18675] __sys_recvmmsg+0x340/0x5f0 [ 946.811909][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 946.817977][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 946.824134][T18675] __do_fast_syscall_32+0x129/0x180 [ 946.829336][T18675] do_fast_syscall_32+0x6a/0xc0 [ 946.834185][T18675] do_SYSENTER_32+0x73/0x90 [ 946.838684][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 946.844997][T18675] [ 946.847314][T18675] Uninit was stored to memory at: [ 946.852341][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 946.858233][T18675] __msan_chain_origin+0x57/0xa0 [ 946.863174][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 946.868284][T18675] get_compat_msghdr+0x108/0x2b0 [ 946.873227][T18675] do_recvmmsg+0xdc7/0x22e0 [ 946.877734][T18675] __sys_recvmmsg+0x340/0x5f0 [ 946.882410][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 946.888477][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 946.894627][T18675] __do_fast_syscall_32+0x129/0x180 [ 946.899822][T18675] do_fast_syscall_32+0x6a/0xc0 [ 946.904673][T18675] do_SYSENTER_32+0x73/0x90 [ 946.909175][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 946.915485][T18675] [ 946.917797][T18675] Uninit was stored to memory at: [ 946.922827][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 946.928542][T18675] __msan_chain_origin+0x57/0xa0 [ 946.933475][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 946.938580][T18675] get_compat_msghdr+0x108/0x2b0 [ 946.943515][T18675] do_recvmmsg+0xdc7/0x22e0 [ 946.948018][T18675] __sys_recvmmsg+0x340/0x5f0 [ 946.952692][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 946.958757][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 946.964908][T18675] __do_fast_syscall_32+0x129/0x180 [ 946.970109][T18675] do_fast_syscall_32+0x6a/0xc0 [ 946.974960][T18675] do_SYSENTER_32+0x73/0x90 [ 946.979462][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 946.985769][T18675] [ 946.988088][T18675] Uninit was stored to memory at: [ 946.993113][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 946.998829][T18675] __msan_chain_origin+0x57/0xa0 [ 947.003769][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 947.008876][T18675] get_compat_msghdr+0x108/0x2b0 [ 947.013814][T18675] do_recvmmsg+0xdc7/0x22e0 [ 947.018315][T18675] __sys_recvmmsg+0x340/0x5f0 [ 947.022989][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.029052][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.035208][T18675] __do_fast_syscall_32+0x129/0x180 [ 947.040398][T18675] do_fast_syscall_32+0x6a/0xc0 [ 947.045243][T18675] do_SYSENTER_32+0x73/0x90 [ 947.049746][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.056050][T18675] [ 947.058367][T18675] Uninit was stored to memory at: [ 947.063391][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 947.069105][T18675] __msan_chain_origin+0x57/0xa0 [ 947.074040][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 947.079163][T18675] get_compat_msghdr+0x108/0x2b0 [ 947.084097][T18675] do_recvmmsg+0xdc7/0x22e0 [ 947.088596][T18675] __sys_recvmmsg+0x340/0x5f0 [ 947.093268][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.099327][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.105478][T18675] __do_fast_syscall_32+0x129/0x180 [ 947.110669][T18675] do_fast_syscall_32+0x6a/0xc0 [ 947.115513][T18675] do_SYSENTER_32+0x73/0x90 [ 947.120012][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.126319][T18675] [ 947.128631][T18675] Uninit was stored to memory at: [ 947.133654][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 947.139368][T18675] __msan_chain_origin+0x57/0xa0 [ 947.144309][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 947.149412][T18675] get_compat_msghdr+0x108/0x2b0 [ 947.154343][T18675] do_recvmmsg+0xdc7/0x22e0 [ 947.158842][T18675] __sys_recvmmsg+0x340/0x5f0 [ 947.159678][T18650] not chained 370000 origins [ 947.163528][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.168111][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 947.174161][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.182793][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 947.188925][T18675] __do_fast_syscall_32+0x129/0x180 [ 947.198961][T18650] Call Trace: [ 947.204138][T18675] do_fast_syscall_32+0x6a/0xc0 [ 947.207412][T18650] dump_stack+0x21c/0x280 [ 947.212230][T18675] do_SYSENTER_32+0x73/0x90 [ 947.216536][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 947.221007][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.226706][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 947.232989][T18675] [ 947.238779][T18650] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 947.241066][T18675] Uninit was stored to memory at: [ 947.247110][T18650] ? idle_cpu+0x9a/0x1d0 [ 947.252107][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 947.256316][T18650] ? __irq_exit_rcu+0x7a/0x270 [ 947.262008][T18675] __msan_chain_origin+0x57/0xa0 [ 947.266744][T18650] ? __msan_get_context_state+0x9/0x20 [ 947.271661][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 947.277098][T18650] ? irqentry_exit+0x12/0x50 [ 947.282177][T18675] get_compat_msghdr+0x108/0x2b0 [ 947.286743][T18650] ? sysvec_apic_timer_interrupt+0x11d/0x130 [ 947.291660][T18675] do_recvmmsg+0xdc7/0x22e0 [ 947.297619][T18650] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 947.302103][T18675] __sys_recvmmsg+0x340/0x5f0 [ 947.308234][T18650] ? kmsan_get_metadata+0x116/0x180 [ 947.312901][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.318073][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 947.324193][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.329802][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 947.335924][T18675] __do_fast_syscall_32+0x129/0x180 [ 947.341973][T18650] ? _copy_from_user+0x201/0x310 [ 947.347141][T18675] do_fast_syscall_32+0x6a/0xc0 [ 947.352047][T18650] ? kmsan_get_metadata+0x116/0x180 [ 947.356869][T18675] do_SYSENTER_32+0x73/0x90 [ 947.362041][T18650] __msan_chain_origin+0x57/0xa0 [ 947.366516][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.371423][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 947.377720][T18675] [ 947.382871][T18650] get_compat_msghdr+0x108/0x2b0 [ 947.385175][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 947.390106][T18650] do_recvmmsg+0xdc7/0x22e0 [ 947.396744][T18675] do_recvmmsg+0xc2/0x22e0 [ 947.401218][T18650] ? kmsan_get_metadata+0x116/0x180 [ 947.405610][T18675] do_recvmmsg+0xc2/0x22e0 [ 947.410782][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 947.420781][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 947.426070][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 947.430837][T18650] __sys_recvmmsg+0x340/0x5f0 [ 947.435516][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 947.441316][T18650] ? kmsan_get_metadata+0x116/0x180 [ 947.446612][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.452806][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.459000][T18650] __do_fast_syscall_32+0x129/0x180 [ 947.464210][T18650] do_fast_syscall_32+0x6a/0xc0 [ 947.469064][T18650] do_SYSENTER_32+0x73/0x90 [ 947.473566][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.479888][T18650] RIP: 0023:0xf7fd6549 [ 947.483956][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 947.503557][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 947.511966][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 947.519930][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 947.527896][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 947.535859][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 947.543825][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 947.551790][T18650] Uninit was stored to memory at: [ 947.556816][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 947.562532][T18650] __msan_chain_origin+0x57/0xa0 [ 947.567463][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 947.571507][T18675] not chained 380000 origins [ 947.572578][T18650] get_compat_msghdr+0x108/0x2b0 [ 947.577147][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 947.582063][T18650] do_recvmmsg+0xdc7/0x22e0 [ 947.590708][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 947.595192][T18650] __sys_recvmmsg+0x340/0x5f0 [ 947.605235][T18675] Call Trace: [ 947.609932][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.613210][T18675] dump_stack+0x21c/0x280 [ 947.619343][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.623658][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 947.629780][T18650] __do_fast_syscall_32+0x129/0x180 [ 947.635468][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 947.640637][T18650] do_fast_syscall_32+0x6a/0xc0 [ 947.645978][T18675] ? kmsan_get_metadata+0x116/0x180 [ 947.650810][T18650] do_SYSENTER_32+0x73/0x90 [ 947.655980][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 947.660453][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.666056][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 947.672340][T18650] [ 947.678387][T18675] ? _copy_from_user+0x201/0x310 [ 947.680678][T18650] Uninit was stored to memory at: [ 947.685595][T18675] ? kmsan_get_metadata+0x116/0x180 [ 947.690595][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 947.695763][T18675] __msan_chain_origin+0x57/0xa0 [ 947.701452][T18650] __msan_chain_origin+0x57/0xa0 [ 947.706360][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 947.711277][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 947.716447][T18675] get_compat_msghdr+0x108/0x2b0 [ 947.721528][T18650] get_compat_msghdr+0x108/0x2b0 [ 947.726439][T18675] do_recvmmsg+0xdc7/0x22e0 [ 947.731345][T18650] do_recvmmsg+0xdc7/0x22e0 [ 947.735818][T18675] ? kmsan_get_metadata+0x116/0x180 [ 947.740297][T18650] __sys_recvmmsg+0x340/0x5f0 [ 947.745489][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 947.750135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.755749][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 947.761784][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.767039][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 947.773163][T18650] __do_fast_syscall_32+0x129/0x180 [ 947.777900][T18675] __sys_recvmmsg+0x340/0x5f0 [ 947.783067][T18650] do_fast_syscall_32+0x6a/0xc0 [ 947.787721][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 947.792539][T18650] do_SYSENTER_32+0x73/0x90 [ 947.798315][T18675] ? kmsan_get_metadata+0x116/0x180 [ 947.802791][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.807964][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.814244][T18650] [ 947.820293][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.822582][T18650] Uninit was stored to memory at: [ 947.828720][T18675] __do_fast_syscall_32+0x129/0x180 [ 947.833714][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 947.838883][T18675] do_fast_syscall_32+0x6a/0xc0 [ 947.844585][T18650] __msan_chain_origin+0x57/0xa0 [ 947.849420][T18675] do_SYSENTER_32+0x73/0x90 [ 947.854325][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 947.858803][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.863880][T18650] get_compat_msghdr+0x108/0x2b0 [ 947.870173][T18675] RIP: 0023:0xf7f29549 [ 947.875085][T18650] do_recvmmsg+0xdc7/0x22e0 [ 947.879134][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 947.883609][T18650] __sys_recvmmsg+0x340/0x5f0 [ 947.903181][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 947.907838][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 947.916212][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 947.922256][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 947.930197][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 947.936327][T18650] __do_fast_syscall_32+0x129/0x180 [ 947.944265][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 947.949440][T18650] do_fast_syscall_32+0x6a/0xc0 [ 947.957380][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 947.962206][T18650] do_SYSENTER_32+0x73/0x90 [ 947.970146][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 947.974628][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 947.982573][T18675] Uninit was stored to memory at: [ 947.988875][T18650] [ 947.993886][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 947.996176][T18650] Uninit was stored to memory at: [ 948.001884][T18675] __msan_chain_origin+0x57/0xa0 [ 948.006889][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 948.011808][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.017500][T18650] __msan_chain_origin+0x57/0xa0 [ 948.022579][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.027486][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 948.032396][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.037476][T18650] get_compat_msghdr+0x108/0x2b0 [ 948.041962][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.046870][T18650] do_recvmmsg+0xdc7/0x22e0 [ 948.051519][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.055993][T18650] __sys_recvmmsg+0x340/0x5f0 [ 948.062030][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.066676][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.072801][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.078836][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.084002][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.090126][T18650] __do_fast_syscall_32+0x129/0x180 [ 948.094945][T18675] do_SYSENTER_32+0x73/0x90 [ 948.100114][T18650] do_fast_syscall_32+0x6a/0xc0 [ 948.104586][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.109403][T18650] do_SYSENTER_32+0x73/0x90 [ 948.115690][T18675] [ 948.120176][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.122465][T18675] Uninit was stored to memory at: [ 948.128756][T18650] [ 948.133763][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 948.136054][T18650] Uninit was stored to memory at: [ 948.141753][T18675] __msan_chain_origin+0x57/0xa0 [ 948.146749][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 948.151655][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.157348][T18650] __msan_chain_origin+0x57/0xa0 [ 948.162428][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.167337][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 948.172247][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.177327][T18650] get_compat_msghdr+0x108/0x2b0 [ 948.181802][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.186728][T18650] do_recvmmsg+0xdc7/0x22e0 [ 948.191373][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.195848][T18650] __sys_recvmmsg+0x340/0x5f0 [ 948.201883][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.206534][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.212660][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.218696][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.223862][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.229987][T18650] __do_fast_syscall_32+0x129/0x180 [ 948.234807][T18675] do_SYSENTER_32+0x73/0x90 [ 948.240093][T18650] do_fast_syscall_32+0x6a/0xc0 [ 948.244586][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.249412][T18650] do_SYSENTER_32+0x73/0x90 [ 948.255699][T18675] [ 948.260203][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.262493][T18675] Uninit was stored to memory at: [ 948.268800][T18650] [ 948.273825][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 948.276113][T18650] Uninit was stored to memory at: [ 948.281813][T18675] __msan_chain_origin+0x57/0xa0 [ 948.286810][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 948.291718][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.297423][T18650] __msan_chain_origin+0x57/0xa0 [ 948.302522][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.307449][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 948.312375][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.317456][T18650] get_compat_msghdr+0x108/0x2b0 [ 948.321932][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.326842][T18650] do_recvmmsg+0xdc7/0x22e0 [ 948.331491][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.335968][T18650] __sys_recvmmsg+0x340/0x5f0 [ 948.342016][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.346663][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.352789][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.358826][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.363992][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.370138][T18650] __do_fast_syscall_32+0x129/0x180 [ 948.374954][T18675] do_SYSENTER_32+0x73/0x90 [ 948.380129][T18650] do_fast_syscall_32+0x6a/0xc0 [ 948.384599][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.389420][T18650] do_SYSENTER_32+0x73/0x90 [ 948.395713][T18675] [ 948.400203][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.402495][T18675] Uninit was stored to memory at: [ 948.408789][T18650] [ 948.413814][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 948.416103][T18650] Uninit was stored to memory at: [ 948.421802][T18675] __msan_chain_origin+0x57/0xa0 [ 948.426809][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 948.431712][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.437422][T18650] __msan_chain_origin+0x57/0xa0 [ 948.442500][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.447409][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 948.452330][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.457413][T18650] get_compat_msghdr+0x108/0x2b0 [ 948.461904][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.466812][T18650] do_recvmmsg+0xdc7/0x22e0 [ 948.471461][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.475938][T18650] __sys_recvmmsg+0x340/0x5f0 [ 948.481980][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.486630][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.492755][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.498799][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.503967][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.510097][T18650] __do_fast_syscall_32+0x129/0x180 [ 948.514913][T18675] do_SYSENTER_32+0x73/0x90 [ 948.520081][T18650] do_fast_syscall_32+0x6a/0xc0 [ 948.524559][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.529381][T18650] do_SYSENTER_32+0x73/0x90 [ 948.535664][T18675] [ 948.540150][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.542443][T18675] Uninit was stored to memory at: [ 948.548738][T18650] [ 948.553758][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 948.556049][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 948.561749][T18675] __msan_chain_origin+0x57/0xa0 [ 948.568402][T18650] do_recvmmsg+0xc2/0x22e0 [ 948.573306][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.577693][T18650] do_recvmmsg+0xc2/0x22e0 [ 948.582785][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.592088][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.596598][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.601271][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.607338][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.613491][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.618686][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.623539][T18675] do_SYSENTER_32+0x73/0x90 [ 948.628046][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.634355][T18675] [ 948.636676][T18675] Uninit was stored to memory at: [ 948.641705][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 948.647423][T18675] __msan_chain_origin+0x57/0xa0 [ 948.652360][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.657470][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.662409][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.666912][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.671591][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.677656][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.683809][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.689006][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.693861][T18675] do_SYSENTER_32+0x73/0x90 [ 948.698365][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.704683][T18675] [ 948.707002][T18675] Uninit was stored to memory at: [ 948.712030][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 948.717837][T18675] __msan_chain_origin+0x57/0xa0 [ 948.722776][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 948.727886][T18675] get_compat_msghdr+0x108/0x2b0 [ 948.732821][T18675] do_recvmmsg+0xdc7/0x22e0 [ 948.737321][T18675] __sys_recvmmsg+0x340/0x5f0 [ 948.741997][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 948.748070][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 948.754225][T18675] __do_fast_syscall_32+0x129/0x180 [ 948.759421][T18675] do_fast_syscall_32+0x6a/0xc0 [ 948.764272][T18675] do_SYSENTER_32+0x73/0x90 [ 948.768777][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 948.775087][T18675] [ 948.777404][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 948.784077][T18675] do_recvmmsg+0xc2/0x22e0 [ 948.788493][T18675] do_recvmmsg+0xc2/0x22e0 [ 949.109709][T18650] not chained 390000 origins [ 949.114327][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 949.122990][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 949.133040][T18650] Call Trace: [ 949.136333][T18650] dump_stack+0x21c/0x280 [ 949.140667][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 949.146389][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 949.151764][T18650] ? kmsan_get_metadata+0x116/0x180 [ 949.156962][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 949.162605][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 949.169193][T18650] ? _copy_from_user+0x201/0x310 [ 949.174167][T18650] ? kmsan_get_metadata+0x116/0x180 [ 949.179369][T18650] __msan_chain_origin+0x57/0xa0 [ 949.184307][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.189422][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.194365][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.198880][T18650] ? kmsan_get_metadata+0x116/0x180 [ 949.204087][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 949.209719][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 949.215007][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 949.219771][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.224464][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 949.230269][T18650] ? kmsan_get_metadata+0x116/0x180 [ 949.235471][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.241575][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.247749][T18650] __do_fast_syscall_32+0x129/0x180 [ 949.252970][T18650] do_fast_syscall_32+0x6a/0xc0 [ 949.257819][T18650] do_SYSENTER_32+0x73/0x90 [ 949.262323][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.268644][T18650] RIP: 0023:0xf7fd6549 [ 949.272723][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 949.292334][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 949.300750][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 949.308722][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 949.316695][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 949.324664][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 949.332647][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 949.340616][T18650] Uninit was stored to memory at: [ 949.345651][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 949.351369][T18650] __msan_chain_origin+0x57/0xa0 [ 949.356304][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.361411][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.366347][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.370844][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.375519][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.381582][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.387736][T18650] __do_fast_syscall_32+0x129/0x180 [ 949.392935][T18650] do_fast_syscall_32+0x6a/0xc0 [ 949.397784][T18650] do_SYSENTER_32+0x73/0x90 [ 949.402286][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.408593][T18650] [ 949.410908][T18650] Uninit was stored to memory at: [ 949.415933][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 949.421650][T18650] __msan_chain_origin+0x57/0xa0 [ 949.426588][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.431699][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.436662][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.441179][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.445856][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.451921][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.458089][T18650] __do_fast_syscall_32+0x129/0x180 [ 949.463290][T18650] do_fast_syscall_32+0x6a/0xc0 [ 949.468140][T18650] do_SYSENTER_32+0x73/0x90 [ 949.472643][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.478952][T18650] [ 949.481268][T18650] Uninit was stored to memory at: [ 949.486298][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 949.492014][T18650] __msan_chain_origin+0x57/0xa0 [ 949.496951][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.502579][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.507515][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.507921][T18675] not chained 400000 origins [ 949.512017][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.516585][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 949.521242][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.529875][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 949.535924][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.545954][T18675] Call Trace: [ 949.552097][T18650] __do_fast_syscall_32+0x129/0x180 [ 949.555449][T18675] dump_stack+0x21c/0x280 [ 949.560618][T18650] do_fast_syscall_32+0x6a/0xc0 [ 949.564923][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 949.569739][T18650] do_SYSENTER_32+0x73/0x90 [ 949.575441][T18675] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 949.579914][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.585947][T18675] ? kmsan_get_metadata+0x116/0x180 [ 949.592232][T18650] [ 949.597415][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 949.599706][T18650] Uninit was stored to memory at: [ 949.605321][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 949.610315][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 949.616348][T18675] ? _copy_from_user+0x201/0x310 [ 949.622050][T18650] __msan_chain_origin+0x57/0xa0 [ 949.626954][T18675] ? kmsan_get_metadata+0x116/0x180 [ 949.631862][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.637206][T18675] __msan_chain_origin+0x57/0xa0 [ 949.642286][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.647197][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 949.652106][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.657186][T18675] get_compat_msghdr+0x108/0x2b0 [ 949.661923][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.666832][T18675] do_recvmmsg+0xdc7/0x22e0 [ 949.671493][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.675966][T18675] ? kmsan_get_metadata+0x116/0x180 [ 949.682004][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.687177][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 949.693385][T18650] __do_fast_syscall_32+0x129/0x180 [ 949.698990][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 949.704155][T18650] do_fast_syscall_32+0x6a/0xc0 [ 949.709414][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 949.714236][T18650] do_SYSENTER_32+0x73/0x90 [ 949.718972][T18675] __sys_recvmmsg+0x340/0x5f0 [ 949.723446][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.728106][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 949.734390][T18650] [ 949.740175][T18675] ? kmsan_get_metadata+0x116/0x180 [ 949.742466][T18650] Uninit was stored to memory at: [ 949.747645][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.752643][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 949.758692][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.764383][T18650] __msan_chain_origin+0x57/0xa0 [ 949.770516][T18675] __do_fast_syscall_32+0x129/0x180 [ 949.775421][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.780595][T18675] do_fast_syscall_32+0x6a/0xc0 [ 949.785675][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.790498][T18675] do_SYSENTER_32+0x73/0x90 [ 949.795408][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.799884][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.804358][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.810648][T18675] RIP: 0023:0xf7f29549 [ 949.815301][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.819339][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 949.825365][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.825391][T18650] __do_fast_syscall_32+0x129/0x180 [ 949.844962][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 949.851097][T18650] do_fast_syscall_32+0x6a/0xc0 [ 949.856259][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 949.864644][T18650] do_SYSENTER_32+0x73/0x90 [ 949.869459][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 949.877410][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 949.881878][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 949.889816][T18650] [ 949.896132][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 949.904085][T18650] Uninit was stored to memory at: [ 949.906405][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 949.914360][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 949.919339][T18675] Uninit was stored to memory at: [ 949.927294][T18650] __msan_chain_origin+0x57/0xa0 [ 949.932983][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 949.937974][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 949.942885][T18675] __msan_chain_origin+0x57/0xa0 [ 949.948573][T18650] get_compat_msghdr+0x108/0x2b0 [ 949.953668][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 949.958578][T18650] do_recvmmsg+0xdc7/0x22e0 [ 949.963499][T18675] get_compat_msghdr+0x108/0x2b0 [ 949.968599][T18650] __sys_recvmmsg+0x340/0x5f0 [ 949.973070][T18675] do_recvmmsg+0xdc7/0x22e0 [ 949.977985][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.982634][T18675] __sys_recvmmsg+0x340/0x5f0 [ 949.987121][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 949.993157][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 949.997807][T18650] __do_fast_syscall_32+0x129/0x180 [ 950.003929][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.009980][T18650] do_fast_syscall_32+0x6a/0xc0 [ 950.015150][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.021274][T18650] do_SYSENTER_32+0x73/0x90 [ 950.026094][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.031277][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.035749][T18675] do_SYSENTER_32+0x73/0x90 [ 950.040576][T18650] [ 950.046887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.051696][T18650] Uninit was stored to memory at: [ 950.053997][T18675] [ 950.060307][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 950.065285][T18675] Uninit was stored to memory at: [ 950.067600][T18650] __msan_chain_origin+0x57/0xa0 [ 950.073290][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 950.078281][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 950.083192][T18675] __msan_chain_origin+0x57/0xa0 [ 950.088902][T18650] get_compat_msghdr+0x108/0x2b0 [ 950.093982][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 950.098894][T18650] do_recvmmsg+0xdc7/0x22e0 [ 950.103800][T18675] get_compat_msghdr+0x108/0x2b0 [ 950.108883][T18650] __sys_recvmmsg+0x340/0x5f0 [ 950.113359][T18675] do_recvmmsg+0xdc7/0x22e0 [ 950.118267][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.122925][T18675] __sys_recvmmsg+0x340/0x5f0 [ 950.127398][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.133433][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.138086][T18650] __do_fast_syscall_32+0x129/0x180 [ 950.144207][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.150243][T18650] do_fast_syscall_32+0x6a/0xc0 [ 950.155409][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.161545][T18650] do_SYSENTER_32+0x73/0x90 [ 950.166366][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.171539][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.176013][T18675] do_SYSENTER_32+0x73/0x90 [ 950.180824][T18650] [ 950.187151][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.191615][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 950.193918][T18675] [ 950.200227][T18650] do_recvmmsg+0xc2/0x22e0 [ 950.206861][T18675] Uninit was stored to memory at: [ 950.209176][T18650] do_recvmmsg+0xc2/0x22e0 [ 950.213573][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 950.228658][T18675] __msan_chain_origin+0x57/0xa0 [ 950.233597][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 950.238705][T18675] get_compat_msghdr+0x108/0x2b0 [ 950.243645][T18675] do_recvmmsg+0xdc7/0x22e0 [ 950.248147][T18675] __sys_recvmmsg+0x340/0x5f0 [ 950.252820][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.258885][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.265044][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.270246][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.277009][T18675] do_SYSENTER_32+0x73/0x90 [ 950.281548][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.288411][T18675] [ 950.290742][T18675] Uninit was stored to memory at: [ 950.295774][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 950.301494][T18675] __msan_chain_origin+0x57/0xa0 [ 950.306431][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 950.311541][T18675] get_compat_msghdr+0x108/0x2b0 [ 950.316744][T18675] do_recvmmsg+0xdc7/0x22e0 [ 950.321251][T18675] __sys_recvmmsg+0x340/0x5f0 [ 950.325929][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.331996][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.338149][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.343689][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.348542][T18675] do_SYSENTER_32+0x73/0x90 [ 950.353055][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.359362][T18675] [ 950.361677][T18675] Uninit was stored to memory at: [ 950.366706][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 950.372423][T18675] __msan_chain_origin+0x57/0xa0 [ 950.377359][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 950.382466][T18675] get_compat_msghdr+0x108/0x2b0 [ 950.387401][T18675] do_recvmmsg+0xdc7/0x22e0 [ 950.391941][T18675] __sys_recvmmsg+0x340/0x5f0 [ 950.397224][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.399801][T18650] not chained 410000 origins [ 950.403289][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.407857][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 950.414010][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.422642][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 950.427824][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.437868][T18650] Call Trace: [ 950.442730][T18675] do_SYSENTER_32+0x73/0x90 [ 950.445993][T18650] dump_stack+0x21c/0x280 [ 950.450476][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.454786][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 950.461086][T18675] [ 950.466798][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 950.469090][T18675] Uninit was stored to memory at: [ 950.474478][T18650] ? kmsan_get_metadata+0x116/0x180 [ 950.479479][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 950.484650][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 950.490363][T18675] __msan_chain_origin+0x57/0xa0 [ 950.495972][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 950.500893][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 950.506931][T18650] ? _copy_from_user+0x201/0x310 [ 950.512027][T18675] get_compat_msghdr+0x108/0x2b0 [ 950.516938][T18650] ? kmsan_get_metadata+0x116/0x180 [ 950.521848][T18675] do_recvmmsg+0xdc7/0x22e0 [ 950.527020][T18650] __msan_chain_origin+0x57/0xa0 [ 950.531497][T18675] __sys_recvmmsg+0x340/0x5f0 [ 950.536428][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 950.541077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.546163][T18650] get_compat_msghdr+0x108/0x2b0 [ 950.552202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.557114][T18650] do_recvmmsg+0xdc7/0x22e0 [ 950.563240][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.567718][T18650] ? kmsan_get_metadata+0x116/0x180 [ 950.572904][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.578098][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 950.582934][T18675] do_SYSENTER_32+0x73/0x90 [ 950.588543][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 950.593018][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.598277][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 950.604560][T18675] [ 950.609310][T18650] __sys_recvmmsg+0x340/0x5f0 [ 950.611603][T18675] Uninit was stored to memory at: [ 950.616270][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 950.621271][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 950.627134][T18650] ? kmsan_get_metadata+0x116/0x180 [ 950.632827][T18675] __msan_chain_origin+0x57/0xa0 [ 950.637998][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.642905][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 950.648949][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.654030][T18675] get_compat_msghdr+0x108/0x2b0 [ 950.660160][T18650] __do_fast_syscall_32+0x129/0x180 [ 950.665068][T18675] do_recvmmsg+0xdc7/0x22e0 [ 950.670246][T18650] do_fast_syscall_32+0x6a/0xc0 [ 950.674716][T18675] __sys_recvmmsg+0x340/0x5f0 [ 950.679539][T18650] do_SYSENTER_32+0x73/0x90 [ 950.684190][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.688667][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.694720][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.701013][T18650] RIP: 0023:0xf7fd6549 [ 950.707142][T18675] __do_fast_syscall_32+0x129/0x180 [ 950.711183][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 950.716355][T18675] do_fast_syscall_32+0x6a/0xc0 [ 950.736117][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 950.740946][T18675] do_SYSENTER_32+0x73/0x90 [ 950.749322][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 950.753803][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.761748][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 950.768038][T18675] [ 950.776015][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 950.778316][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 950.786269][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 950.792920][T18675] do_recvmmsg+0xc2/0x22e0 [ 950.800862][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 950.805248][T18675] do_recvmmsg+0xc2/0x22e0 [ 950.817618][T18650] Uninit was stored to memory at: [ 950.822649][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 950.828371][T18650] __msan_chain_origin+0x57/0xa0 [ 950.833309][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 950.838414][T18650] get_compat_msghdr+0x108/0x2b0 [ 950.843354][T18650] do_recvmmsg+0xdc7/0x22e0 [ 950.847860][T18650] __sys_recvmmsg+0x340/0x5f0 [ 950.852540][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.858606][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.864762][T18650] __do_fast_syscall_32+0x129/0x180 [ 950.869961][T18650] do_fast_syscall_32+0x6a/0xc0 [ 950.874811][T18650] do_SYSENTER_32+0x73/0x90 [ 950.879316][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.885626][T18650] [ 950.887948][T18650] Uninit was stored to memory at: [ 950.892976][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 950.898699][T18650] __msan_chain_origin+0x57/0xa0 [ 950.903641][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 950.908747][T18650] get_compat_msghdr+0x108/0x2b0 [ 950.913684][T18650] do_recvmmsg+0xdc7/0x22e0 [ 950.918190][T18650] __sys_recvmmsg+0x340/0x5f0 [ 950.922868][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.928935][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 950.935092][T18650] __do_fast_syscall_32+0x129/0x180 [ 950.940289][T18650] do_fast_syscall_32+0x6a/0xc0 [ 950.945144][T18650] do_SYSENTER_32+0x73/0x90 [ 950.949646][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 950.955955][T18650] [ 950.958273][T18650] Uninit was stored to memory at: [ 950.963303][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 950.969035][T18650] __msan_chain_origin+0x57/0xa0 [ 950.973974][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 950.979084][T18650] get_compat_msghdr+0x108/0x2b0 [ 950.984023][T18650] do_recvmmsg+0xdc7/0x22e0 [ 950.988530][T18650] __sys_recvmmsg+0x340/0x5f0 [ 950.993210][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 950.999279][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.005433][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.010628][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.015478][T18650] do_SYSENTER_32+0x73/0x90 [ 951.019985][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.026293][T18650] [ 951.028611][T18650] Uninit was stored to memory at: [ 951.033638][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.039359][T18650] __msan_chain_origin+0x57/0xa0 [ 951.044301][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.049412][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.054784][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.059299][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.063978][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.070050][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.076205][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.081407][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.086262][T18650] do_SYSENTER_32+0x73/0x90 [ 951.090764][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.097073][T18650] [ 951.099392][T18650] Uninit was stored to memory at: [ 951.104423][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.110144][T18650] __msan_chain_origin+0x57/0xa0 [ 951.115080][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.120191][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.125130][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.129633][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.134308][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.140374][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.146527][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.151726][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.156574][T18650] do_SYSENTER_32+0x73/0x90 [ 951.161078][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.167388][T18650] [ 951.169706][T18650] Uninit was stored to memory at: [ 951.174737][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.180544][T18650] __msan_chain_origin+0x57/0xa0 [ 951.185483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.190592][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.195530][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.200034][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.204714][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.210780][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.216934][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.222164][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.227013][T18650] do_SYSENTER_32+0x73/0x90 [ 951.231657][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.237972][T18650] [ 951.240293][T18650] Uninit was stored to memory at: [ 951.245324][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.251053][T18650] __msan_chain_origin+0x57/0xa0 [ 951.256428][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.261542][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.266485][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.271000][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.275687][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.281759][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.287916][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.293247][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.298128][T18650] do_SYSENTER_32+0x73/0x90 [ 951.302637][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.308947][T18650] [ 951.311266][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 951.317943][T18650] do_recvmmsg+0xc2/0x22e0 [ 951.322358][T18650] do_recvmmsg+0xc2/0x22e0 [ 951.541792][T18650] not chained 420000 origins [ 951.546413][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 951.555075][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 951.565123][T18650] Call Trace: [ 951.568418][T18650] dump_stack+0x21c/0x280 [ 951.572757][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 951.578574][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 951.583960][T18650] ? kmsan_get_metadata+0x116/0x180 [ 951.589161][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 951.594797][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 951.600869][T18650] ? _copy_from_user+0x201/0x310 [ 951.605809][T18650] ? kmsan_get_metadata+0x116/0x180 [ 951.611011][T18650] __msan_chain_origin+0x57/0xa0 [ 951.615954][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.621072][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.626014][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.630521][T18650] ? kmsan_get_metadata+0x116/0x180 [ 951.635729][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 951.641365][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 951.646672][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 951.651445][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.656122][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 951.661926][T18650] ? kmsan_get_metadata+0x116/0x180 [ 951.667125][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.673200][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.679357][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.684560][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.689445][T18650] do_SYSENTER_32+0x73/0x90 [ 951.693951][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.700273][T18650] RIP: 0023:0xf7fd6549 [ 951.704345][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 951.723947][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 951.732374][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 951.740341][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 951.748312][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 951.756282][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 951.764249][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 951.772217][T18650] Uninit was stored to memory at: [ 951.777249][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.782977][T18650] __msan_chain_origin+0x57/0xa0 [ 951.787927][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.793044][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.797984][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.802491][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.807174][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.813246][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.819404][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.824606][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.829459][T18650] do_SYSENTER_32+0x73/0x90 [ 951.833963][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.840275][T18650] [ 951.842596][T18650] Uninit was stored to memory at: [ 951.847626][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.853347][T18650] __msan_chain_origin+0x57/0xa0 [ 951.858282][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.863418][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.868360][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.872867][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.877545][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.883624][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.889778][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.894977][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.899830][T18650] do_SYSENTER_32+0x73/0x90 [ 951.904332][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.910642][T18650] [ 951.913014][T18650] Uninit was stored to memory at: [ 951.918044][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.923766][T18650] __msan_chain_origin+0x57/0xa0 [ 951.928702][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 951.933812][T18650] get_compat_msghdr+0x108/0x2b0 [ 951.938751][T18650] do_recvmmsg+0xdc7/0x22e0 [ 951.943255][T18650] __sys_recvmmsg+0x340/0x5f0 [ 951.947933][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 951.954094][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 951.960266][T18650] __do_fast_syscall_32+0x129/0x180 [ 951.965473][T18650] do_fast_syscall_32+0x6a/0xc0 [ 951.970322][T18650] do_SYSENTER_32+0x73/0x90 [ 951.974828][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 951.981138][T18650] [ 951.983458][T18650] Uninit was stored to memory at: [ 951.988496][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 951.994218][T18650] __msan_chain_origin+0x57/0xa0 [ 951.999153][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 952.004264][T18650] get_compat_msghdr+0x108/0x2b0 [ 952.009202][T18650] do_recvmmsg+0xdc7/0x22e0 [ 952.013706][T18650] __sys_recvmmsg+0x340/0x5f0 [ 952.018382][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.024452][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.030611][T18650] __do_fast_syscall_32+0x129/0x180 [ 952.035813][T18650] do_fast_syscall_32+0x6a/0xc0 [ 952.040663][T18650] do_SYSENTER_32+0x73/0x90 [ 952.045165][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.051477][T18650] [ 952.053810][T18650] Uninit was stored to memory at: [ 952.058841][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 952.064561][T18650] __msan_chain_origin+0x57/0xa0 [ 952.069501][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 952.074614][T18650] get_compat_msghdr+0x108/0x2b0 [ 952.079550][T18650] do_recvmmsg+0xdc7/0x22e0 [ 952.084052][T18650] __sys_recvmmsg+0x340/0x5f0 [ 952.088732][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.094800][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.100964][T18650] __do_fast_syscall_32+0x129/0x180 [ 952.106164][T18650] do_fast_syscall_32+0x6a/0xc0 [ 952.111012][T18650] do_SYSENTER_32+0x73/0x90 [ 952.115539][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.121851][T18650] [ 952.124171][T18650] Uninit was stored to memory at: [ 952.129201][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 952.134924][T18650] __msan_chain_origin+0x57/0xa0 [ 952.139861][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 952.144970][T18650] get_compat_msghdr+0x108/0x2b0 [ 952.149907][T18650] do_recvmmsg+0xdc7/0x22e0 [ 952.154411][T18650] __sys_recvmmsg+0x340/0x5f0 [ 952.159090][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.165195][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.171351][T18650] __do_fast_syscall_32+0x129/0x180 [ 952.176555][T18650] do_fast_syscall_32+0x6a/0xc0 [ 952.181405][T18650] do_SYSENTER_32+0x73/0x90 [ 952.185911][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.192223][T18650] [ 952.194544][T18650] Uninit was stored to memory at: [ 952.199576][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 952.205306][T18650] __msan_chain_origin+0x57/0xa0 [ 952.210241][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 952.215353][T18650] get_compat_msghdr+0x108/0x2b0 [ 952.220306][T18650] do_recvmmsg+0xdc7/0x22e0 [ 952.224811][T18650] __sys_recvmmsg+0x340/0x5f0 [ 952.229496][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.235563][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.241720][T18650] __do_fast_syscall_32+0x129/0x180 [ 952.246916][T18650] do_fast_syscall_32+0x6a/0xc0 [ 952.251764][T18650] do_SYSENTER_32+0x73/0x90 [ 952.256267][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.262576][T18650] [ 952.264898][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 952.271567][T18650] do_recvmmsg+0xc2/0x22e0 [ 952.275990][T18650] do_recvmmsg+0xc2/0x22e0 [ 952.379030][T18675] not chained 430000 origins [ 952.383656][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 952.392314][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 952.402365][T18675] Call Trace: [ 952.405661][T18675] dump_stack+0x21c/0x280 [ 952.409994][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 952.415711][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 952.421086][T18675] ? kmsan_get_metadata+0x116/0x180 [ 952.426284][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 952.432012][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 952.438085][T18675] ? _copy_from_user+0x201/0x310 [ 952.443020][T18675] ? kmsan_get_metadata+0x116/0x180 [ 952.448218][T18675] __msan_chain_origin+0x57/0xa0 [ 952.453158][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 952.458285][T18675] get_compat_msghdr+0x108/0x2b0 [ 952.463232][T18675] do_recvmmsg+0xdc7/0x22e0 [ 952.467736][T18675] ? kmsan_get_metadata+0x116/0x180 [ 952.472943][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 952.478576][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 952.483868][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 952.488643][T18675] __sys_recvmmsg+0x340/0x5f0 [ 952.493323][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 952.499129][T18675] ? kmsan_get_metadata+0x116/0x180 [ 952.499857][T18650] not chained 440000 origins [ 952.504330][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.514994][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.521133][T18675] __do_fast_syscall_32+0x129/0x180 [ 952.526317][T18675] do_fast_syscall_32+0x6a/0xc0 [ 952.531154][T18675] do_SYSENTER_32+0x73/0x90 [ 952.535650][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.541954][T18675] RIP: 0023:0xf7f29549 [ 952.546006][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 952.565598][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 952.573990][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 952.581941][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 952.589892][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 952.597843][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 952.605803][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 952.613762][T18675] Uninit was stored to memory at: [ 952.613775][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 952.613792][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 952.618805][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 952.627445][T18650] Call Trace: [ 952.637493][T18675] __msan_chain_origin+0x57/0xa0 [ 952.643201][T18650] dump_stack+0x21c/0x280 [ 952.646458][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 952.651372][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 952.655669][T18675] get_compat_msghdr+0x108/0x2b0 [ 952.660756][T18650] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 952.666444][T18675] do_recvmmsg+0xdc7/0x22e0 [ 952.671352][T18650] ? kmsan_get_metadata+0x116/0x180 [ 952.677393][T18675] __sys_recvmmsg+0x340/0x5f0 [ 952.681871][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 952.687041][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.691693][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 952.697296][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.703336][T18650] ? _copy_from_user+0x201/0x310 [ 952.709398][T18675] __do_fast_syscall_32+0x129/0x180 [ 952.715521][T18650] ? kmsan_get_metadata+0x116/0x180 [ 952.720435][T18675] do_fast_syscall_32+0x6a/0xc0 [ 952.725611][T18650] __msan_chain_origin+0x57/0xa0 [ 952.730779][T18675] do_SYSENTER_32+0x73/0x90 [ 952.735605][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 952.740513][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.745010][T18650] get_compat_msghdr+0x108/0x2b0 [ 952.750082][T18675] [ 952.756394][T18650] do_recvmmsg+0xdc7/0x22e0 [ 952.761290][T18675] Uninit was stored to memory at: [ 952.763607][T18650] ? kmsan_get_metadata+0x116/0x180 [ 952.768085][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 952.773083][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 952.778253][T18675] __msan_chain_origin+0x57/0xa0 [ 952.783946][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 952.789546][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 952.794458][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 952.799710][T18675] get_compat_msghdr+0x108/0x2b0 [ 952.804813][T18650] __sys_recvmmsg+0x340/0x5f0 [ 952.809548][T18675] do_recvmmsg+0xdc7/0x22e0 [ 952.814456][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 952.819110][T18675] __sys_recvmmsg+0x340/0x5f0 [ 952.823581][T18650] ? kmsan_get_metadata+0x116/0x180 [ 952.829360][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.834031][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 952.839200][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.845242][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 952.851280][T18675] __do_fast_syscall_32+0x129/0x180 [ 952.857423][T18650] __do_fast_syscall_32+0x129/0x180 [ 952.863548][T18675] do_fast_syscall_32+0x6a/0xc0 [ 952.868721][T18650] do_fast_syscall_32+0x6a/0xc0 [ 952.873890][T18675] do_SYSENTER_32+0x73/0x90 [ 952.878716][T18650] do_SYSENTER_32+0x73/0x90 [ 952.883539][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.888015][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 952.892490][T18675] [ 952.898811][T18650] RIP: 0023:0xf7fd6549 [ 952.905106][T18675] Uninit was stored to memory at: [ 952.907422][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 952.911466][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 952.916473][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 952.936062][T18675] __msan_chain_origin+0x57/0xa0 [ 952.941766][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 952.950155][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 952.955074][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 952.963026][T18675] get_compat_msghdr+0x108/0x2b0 [ 952.968110][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 952.976062][T18675] do_recvmmsg+0xdc7/0x22e0 [ 952.980965][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 952.988934][T18675] __sys_recvmmsg+0x340/0x5f0 [ 952.993429][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 953.001381][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.006018][T18650] Uninit was stored to memory at: [ 953.013976][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.020016][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.025016][T18675] __do_fast_syscall_32+0x129/0x180 [ 953.031143][T18650] __msan_chain_origin+0x57/0xa0 [ 953.036849][T18675] do_fast_syscall_32+0x6a/0xc0 [ 953.042017][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.046928][T18675] do_SYSENTER_32+0x73/0x90 [ 953.051752][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.056838][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.061313][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.066207][T18675] [ 953.072519][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.076996][T18675] Uninit was stored to memory at: [ 953.079312][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.083963][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 953.088959][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.094998][T18675] __msan_chain_origin+0x57/0xa0 [ 953.100687][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.106811][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 953.111721][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.116892][T18675] get_compat_msghdr+0x108/0x2b0 [ 953.121977][T18650] do_SYSENTER_32+0x73/0x90 [ 953.126800][T18675] do_recvmmsg+0xdc7/0x22e0 [ 953.131713][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.136205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 953.140667][T18650] [ 953.147001][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.151654][T18650] Uninit was stored to memory at: [ 953.153971][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.160010][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.165005][T18675] __do_fast_syscall_32+0x129/0x180 [ 953.171133][T18650] __msan_chain_origin+0x57/0xa0 [ 953.176824][T18675] do_fast_syscall_32+0x6a/0xc0 [ 953.181995][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.186904][T18675] do_SYSENTER_32+0x73/0x90 [ 953.191726][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.196811][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.201287][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.206181][T18675] [ 953.212590][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.217053][T18675] Uninit was stored to memory at: [ 953.219369][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.224019][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 953.229014][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.235053][T18675] __msan_chain_origin+0x57/0xa0 [ 953.240745][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.246865][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 953.251804][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.256973][T18675] get_compat_msghdr+0x108/0x2b0 [ 953.262058][T18650] do_SYSENTER_32+0x73/0x90 [ 953.266882][T18675] do_recvmmsg+0xdc7/0x22e0 [ 953.271792][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.276267][T18675] __sys_recvmmsg+0x340/0x5f0 [ 953.280731][T18650] [ 953.287041][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.291679][T18650] Uninit was stored to memory at: [ 953.293995][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.300035][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.305031][T18675] __do_fast_syscall_32+0x129/0x180 [ 953.311158][T18650] __msan_chain_origin+0x57/0xa0 [ 953.316847][T18675] do_fast_syscall_32+0x6a/0xc0 [ 953.322031][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.326942][T18675] do_SYSENTER_32+0x73/0x90 [ 953.331783][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.336883][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.341374][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.346269][T18675] [ 953.352580][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.357040][T18675] Uninit was stored to memory at: [ 953.359358][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.364010][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 953.369004][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.375050][T18675] __msan_chain_origin+0x57/0xa0 [ 953.380756][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.386879][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 953.391789][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.396958][T18675] get_compat_msghdr+0x108/0x2b0 [ 953.402043][T18650] do_SYSENTER_32+0x73/0x90 [ 953.406866][T18675] do_recvmmsg+0xdc7/0x22e0 [ 953.411778][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.416253][T18675] __sys_recvmmsg+0x340/0x5f0 [ 953.420719][T18650] [ 953.427030][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.431669][T18650] Uninit was stored to memory at: [ 953.433986][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.440028][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.445037][T18675] __do_fast_syscall_32+0x129/0x180 [ 953.451182][T18650] __msan_chain_origin+0x57/0xa0 [ 953.457310][T18675] do_fast_syscall_32+0x6a/0xc0 [ 953.462492][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.467510][T18675] do_SYSENTER_32+0x73/0x90 [ 953.472343][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.477432][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.481909][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.486806][T18675] [ 953.493117][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.497598][T18675] Uninit was stored to memory at: [ 953.499913][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.504564][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 953.509568][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.515602][T18675] __msan_chain_origin+0x57/0xa0 [ 953.521292][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.527432][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 953.532343][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.537511][T18675] get_compat_msghdr+0x108/0x2b0 [ 953.542596][T18650] do_SYSENTER_32+0x73/0x90 [ 953.547419][T18675] do_recvmmsg+0xdc7/0x22e0 [ 953.552330][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.556848][T18675] __sys_recvmmsg+0x340/0x5f0 [ 953.561315][T18650] [ 953.567624][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.572263][T18650] Uninit was stored to memory at: [ 953.574568][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.574592][T18675] __do_fast_syscall_32+0x129/0x180 [ 953.580633][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.585627][T18675] do_fast_syscall_32+0x6a/0xc0 [ 953.591756][T18650] __msan_chain_origin+0x57/0xa0 [ 953.596925][T18675] do_SYSENTER_32+0x73/0x90 [ 953.602616][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.607440][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.612346][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.616809][T18675] [ 953.621921][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.628209][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 953.633128][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.635432][T18675] do_recvmmsg+0xc2/0x22e0 [ 953.639908][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.646554][T18675] do_recvmmsg+0xc2/0x22e0 [ 953.651207][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.672179][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.677376][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.682225][T18650] do_SYSENTER_32+0x73/0x90 [ 953.686759][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.693075][T18650] [ 953.695391][T18650] Uninit was stored to memory at: [ 953.700424][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.706146][T18650] __msan_chain_origin+0x57/0xa0 [ 953.711085][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.716196][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.721147][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.725655][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.730332][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.736399][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.742561][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.747757][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.752605][T18650] do_SYSENTER_32+0x73/0x90 [ 953.757111][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.763422][T18650] [ 953.765743][T18650] Uninit was stored to memory at: [ 953.770769][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 953.776492][T18650] __msan_chain_origin+0x57/0xa0 [ 953.781429][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 953.786541][T18650] get_compat_msghdr+0x108/0x2b0 [ 953.791483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 953.796027][T18650] __sys_recvmmsg+0x340/0x5f0 [ 953.800706][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 953.806896][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 953.813052][T18650] __do_fast_syscall_32+0x129/0x180 [ 953.818249][T18650] do_fast_syscall_32+0x6a/0xc0 [ 953.823103][T18650] do_SYSENTER_32+0x73/0x90 [ 953.827606][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 953.833917][T18650] [ 953.836239][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 953.842916][T18650] do_recvmmsg+0xc2/0x22e0 [ 953.847336][T18650] do_recvmmsg+0xc2/0x22e0 [ 954.147357][T18675] not chained 450000 origins [ 954.151977][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 954.160639][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 954.170687][T18675] Call Trace: [ 954.173993][T18675] dump_stack+0x21c/0x280 [ 954.178331][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 954.184055][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 954.189517][T18675] ? kmsan_get_metadata+0x116/0x180 [ 954.194718][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 954.200355][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 954.206428][T18675] ? _copy_from_user+0x201/0x310 [ 954.211366][T18675] ? kmsan_get_metadata+0x116/0x180 [ 954.216575][T18675] __msan_chain_origin+0x57/0xa0 [ 954.221516][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 954.226638][T18675] get_compat_msghdr+0x108/0x2b0 [ 954.231585][T18675] do_recvmmsg+0xdc7/0x22e0 [ 954.236094][T18675] ? kmsan_get_metadata+0x116/0x180 [ 954.241305][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 954.246944][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 954.252232][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 954.257001][T18675] __sys_recvmmsg+0x340/0x5f0 [ 954.261678][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 954.267483][T18675] ? kmsan_get_metadata+0x116/0x180 [ 954.272689][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.278765][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.284929][T18675] __do_fast_syscall_32+0x129/0x180 [ 954.290146][T18675] do_fast_syscall_32+0x6a/0xc0 [ 954.295007][T18675] do_SYSENTER_32+0x73/0x90 [ 954.299522][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.305844][T18675] RIP: 0023:0xf7f29549 [ 954.309915][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 954.329521][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 954.337937][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 954.345910][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 954.353880][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 954.361852][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 954.369822][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 954.377797][T18675] Uninit was stored to memory at: [ 954.382832][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 954.388558][T18675] __msan_chain_origin+0x57/0xa0 [ 954.393498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 954.398610][T18675] get_compat_msghdr+0x108/0x2b0 [ 954.403556][T18675] do_recvmmsg+0xdc7/0x22e0 [ 954.408843][T18675] __sys_recvmmsg+0x340/0x5f0 [ 954.413522][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.419587][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.425741][T18675] __do_fast_syscall_32+0x129/0x180 [ 954.431025][T18675] do_fast_syscall_32+0x6a/0xc0 [ 954.435874][T18675] do_SYSENTER_32+0x73/0x90 [ 954.440386][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.446699][T18675] [ 954.449018][T18675] Uninit was stored to memory at: [ 954.454069][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 954.459795][T18675] __msan_chain_origin+0x57/0xa0 [ 954.464730][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 954.469843][T18675] get_compat_msghdr+0x108/0x2b0 [ 954.474788][T18675] do_recvmmsg+0xdc7/0x22e0 [ 954.479301][T18675] __sys_recvmmsg+0x340/0x5f0 [ 954.483976][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.490040][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.496195][T18675] __do_fast_syscall_32+0x129/0x180 [ 954.501441][T18675] do_fast_syscall_32+0x6a/0xc0 [ 954.506726][T18675] do_SYSENTER_32+0x73/0x90 [ 954.511232][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.516305][T18650] not chained 460000 origins [ 954.517569][T18675] [ 954.522162][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 954.524456][T18675] Uninit was stored to memory at: [ 954.533187][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 954.538198][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 954.548218][T18650] Call Trace: [ 954.553929][T18675] __msan_chain_origin+0x57/0xa0 [ 954.557188][T18650] dump_stack+0x21c/0x280 [ 954.562098][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 954.566404][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 954.571486][T18675] get_compat_msghdr+0x108/0x2b0 [ 954.577178][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 954.582091][T18675] do_recvmmsg+0xdc7/0x22e0 [ 954.587432][T18650] ? kmsan_get_metadata+0x116/0x180 [ 954.591923][T18675] __sys_recvmmsg+0x340/0x5f0 [ 954.597094][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 954.601741][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.607350][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 954.613386][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.619438][T18650] ? _copy_from_user+0x201/0x310 [ 954.625565][T18675] __do_fast_syscall_32+0x129/0x180 [ 954.630487][T18650] ? kmsan_get_metadata+0x116/0x180 [ 954.635680][T18675] do_fast_syscall_32+0x6a/0xc0 [ 954.640855][T18650] __msan_chain_origin+0x57/0xa0 [ 954.645674][T18675] do_SYSENTER_32+0x73/0x90 [ 954.650584][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 954.655061][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.660144][T18650] get_compat_msghdr+0x108/0x2b0 [ 954.666430][T18675] [ 954.671354][T18650] do_recvmmsg+0xdc7/0x22e0 [ 954.673661][T18675] Uninit was stored to memory at: [ 954.678150][T18650] ? kmsan_get_metadata+0x116/0x180 [ 954.683151][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 954.688412][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 954.694103][T18675] __msan_chain_origin+0x57/0xa0 [ 954.699710][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 954.704638][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 954.709900][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 954.714982][T18675] get_compat_msghdr+0x108/0x2b0 [ 954.719721][T18650] __sys_recvmmsg+0x340/0x5f0 [ 954.724632][T18675] do_recvmmsg+0xdc7/0x22e0 [ 954.729279][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 954.733755][T18675] __sys_recvmmsg+0x340/0x5f0 [ 954.739530][T18650] ? kmsan_get_metadata+0x116/0x180 [ 954.744199][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.749378][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.755417][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.761457][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.767583][T18675] __do_fast_syscall_32+0x129/0x180 [ 954.773709][T18650] __do_fast_syscall_32+0x129/0x180 [ 954.778880][T18675] do_fast_syscall_32+0x6a/0xc0 [ 954.784050][T18650] do_fast_syscall_32+0x6a/0xc0 [ 954.788874][T18675] do_SYSENTER_32+0x73/0x90 [ 954.793698][T18650] do_SYSENTER_32+0x73/0x90 [ 954.798174][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.802651][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.808936][T18675] [ 954.815246][T18650] RIP: 0023:0xf7fd6549 [ 954.817541][T18675] Uninit was stored to memory at: [ 954.821593][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 954.826613][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 954.846205][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 954.851908][T18675] __msan_chain_origin+0x57/0xa0 [ 954.860287][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 954.865201][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 954.873143][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 954.878231][T18675] get_compat_msghdr+0x108/0x2b0 [ 954.886175][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 954.891092][T18675] do_recvmmsg+0xdc7/0x22e0 [ 954.899034][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 954.903778][T18675] __sys_recvmmsg+0x340/0x5f0 [ 954.911718][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 954.916373][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.924309][T18650] Uninit was stored to memory at: [ 954.930359][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 954.935360][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 954.941485][T18675] __do_fast_syscall_32+0x129/0x180 [ 954.947178][T18650] __msan_chain_origin+0x57/0xa0 [ 954.952347][T18675] do_fast_syscall_32+0x6a/0xc0 [ 954.957256][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 954.962094][T18675] do_SYSENTER_32+0x73/0x90 [ 954.967191][T18650] get_compat_msghdr+0x108/0x2b0 [ 954.971669][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 954.976583][T18650] do_recvmmsg+0xdc7/0x22e0 [ 954.982867][T18675] [ 954.987370][T18650] __sys_recvmmsg+0x340/0x5f0 [ 954.989663][T18675] Uninit was stored to memory at: [ 954.994339][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 954.999339][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 955.005376][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.011069][T18675] __msan_chain_origin+0x57/0xa0 [ 955.017195][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.022103][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 955.027294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.032377][T18675] get_compat_msghdr+0x108/0x2b0 [ 955.037201][T18650] do_SYSENTER_32+0x73/0x90 [ 955.042113][T18675] do_recvmmsg+0xdc7/0x22e0 [ 955.046592][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.051067][T18675] __sys_recvmmsg+0x340/0x5f0 [ 955.057354][T18650] [ 955.062016][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.064311][T18650] Uninit was stored to memory at: [ 955.070362][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.075362][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 955.081485][T18675] __do_fast_syscall_32+0x129/0x180 [ 955.087175][T18650] __msan_chain_origin+0x57/0xa0 [ 955.092345][T18675] do_fast_syscall_32+0x6a/0xc0 [ 955.097253][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 955.102075][T18675] do_SYSENTER_32+0x73/0x90 [ 955.107156][T18650] get_compat_msghdr+0x108/0x2b0 [ 955.111639][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.116548][T18650] do_recvmmsg+0xdc7/0x22e0 [ 955.122833][T18675] [ 955.127318][T18650] __sys_recvmmsg+0x340/0x5f0 [ 955.129620][T18675] Uninit was stored to memory at: [ 955.134280][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.139283][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 955.145322][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.151015][T18675] __msan_chain_origin+0x57/0xa0 [ 955.157141][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.162048][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 955.167219][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.172316][T18675] get_compat_msghdr+0x108/0x2b0 [ 955.177142][T18650] do_SYSENTER_32+0x73/0x90 [ 955.182059][T18675] do_recvmmsg+0xdc7/0x22e0 [ 955.186536][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.191013][T18675] __sys_recvmmsg+0x340/0x5f0 [ 955.197299][T18650] [ 955.201974][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.204270][T18650] Uninit was stored to memory at: [ 955.210319][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.215320][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 955.221457][T18675] __do_fast_syscall_32+0x129/0x180 [ 955.227170][T18650] __msan_chain_origin+0x57/0xa0 [ 955.232343][T18675] do_fast_syscall_32+0x6a/0xc0 [ 955.237254][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 955.242083][T18675] do_SYSENTER_32+0x73/0x90 [ 955.247177][T18650] get_compat_msghdr+0x108/0x2b0 [ 955.251656][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.256586][T18650] do_recvmmsg+0xdc7/0x22e0 [ 955.262866][T18675] [ 955.267360][T18650] __sys_recvmmsg+0x340/0x5f0 [ 955.269657][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 955.274317][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.280961][T18675] do_recvmmsg+0xc2/0x22e0 [ 955.287017][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.291418][T18675] do_recvmmsg+0xc2/0x22e0 [ 955.297546][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.307132][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.311987][T18650] do_SYSENTER_32+0x73/0x90 [ 955.316491][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.322829][T18650] [ 955.325191][T18650] Uninit was stored to memory at: [ 955.330313][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 955.336063][T18650] __msan_chain_origin+0x57/0xa0 [ 955.340997][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 955.346109][T18650] get_compat_msghdr+0x108/0x2b0 [ 955.351045][T18650] do_recvmmsg+0xdc7/0x22e0 [ 955.355544][T18650] __sys_recvmmsg+0x340/0x5f0 [ 955.360221][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.366285][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.372438][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.377636][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.382482][T18650] do_SYSENTER_32+0x73/0x90 [ 955.387003][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.393337][T18650] [ 955.395656][T18650] Uninit was stored to memory at: [ 955.400681][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 955.406398][T18650] __msan_chain_origin+0x57/0xa0 [ 955.411332][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 955.416451][T18650] get_compat_msghdr+0x108/0x2b0 [ 955.421394][T18650] do_recvmmsg+0xdc7/0x22e0 [ 955.425917][T18650] __sys_recvmmsg+0x340/0x5f0 [ 955.430620][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.436687][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.442839][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.448035][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.452885][T18650] do_SYSENTER_32+0x73/0x90 [ 955.457389][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.461522][T18675] not chained 470000 origins [ 955.463708][T18650] [ 955.468289][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 955.470578][T18650] Uninit was stored to memory at: [ 955.470609][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 955.479242][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 955.484255][T18650] __msan_chain_origin+0x57/0xa0 [ 955.489951][T18675] Call Trace: [ 955.502865][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 955.507779][T18675] dump_stack+0x21c/0x280 [ 955.511038][T18650] get_compat_msghdr+0x108/0x2b0 [ 955.516130][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 955.520431][T18650] do_recvmmsg+0xdc7/0x22e0 [ 955.525344][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 955.531050][T18650] __sys_recvmmsg+0x340/0x5f0 [ 955.535524][T18675] ? kmsan_get_metadata+0x116/0x180 [ 955.540870][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.545537][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 955.550706][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.556748][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 955.562353][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.568480][T18675] ? _copy_from_user+0x201/0x310 [ 955.574543][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.579712][T18675] ? kmsan_get_metadata+0x116/0x180 [ 955.584625][T18650] do_SYSENTER_32+0x73/0x90 [ 955.589467][T18675] __msan_chain_origin+0x57/0xa0 [ 955.594653][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.599127][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 955.604024][T18650] [ 955.610335][T18675] get_compat_msghdr+0x108/0x2b0 [ 955.615407][T18650] Uninit was stored to memory at: [ 955.617733][T18675] do_recvmmsg+0xdc7/0x22e0 [ 955.622644][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 955.627638][T18675] ? kmsan_get_metadata+0x116/0x180 [ 955.632131][T18650] __msan_chain_origin+0x57/0xa0 [ 955.637825][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 955.643165][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 955.648078][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 955.653699][T18650] get_compat_msghdr+0x108/0x2b0 [ 955.658785][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 955.664039][T18650] do_recvmmsg+0xdc7/0x22e0 [ 955.668951][T18675] __sys_recvmmsg+0x340/0x5f0 [ 955.673685][T18650] __sys_recvmmsg+0x340/0x5f0 [ 955.678160][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 955.682825][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.687472][T18675] ? kmsan_get_metadata+0x116/0x180 [ 955.693255][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.699294][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.704481][T18650] __do_fast_syscall_32+0x129/0x180 [ 955.710608][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.716645][T18650] do_fast_syscall_32+0x6a/0xc0 [ 955.721817][T18675] __do_fast_syscall_32+0x129/0x180 [ 955.727939][T18650] do_SYSENTER_32+0x73/0x90 [ 955.732763][T18675] do_fast_syscall_32+0x6a/0xc0 [ 955.737934][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.742409][T18675] do_SYSENTER_32+0x73/0x90 [ 955.747218][T18650] [ 955.753529][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.758014][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 955.760352][T18675] RIP: 0023:0xf7f29549 [ 955.766654][T18650] do_recvmmsg+0xc2/0x22e0 [ 955.773298][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 955.777340][T18650] do_recvmmsg+0xc2/0x22e0 [ 955.781745][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 955.814115][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 955.822086][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 955.830054][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 955.838038][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 955.846013][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 955.853985][T18675] Uninit was stored to memory at: [ 955.859020][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 955.864750][T18675] __msan_chain_origin+0x57/0xa0 [ 955.869697][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 955.874816][T18675] get_compat_msghdr+0x108/0x2b0 [ 955.879759][T18675] do_recvmmsg+0xdc7/0x22e0 [ 955.884269][T18675] __sys_recvmmsg+0x340/0x5f0 [ 955.888954][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.895021][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.901177][T18675] __do_fast_syscall_32+0x129/0x180 [ 955.906379][T18675] do_fast_syscall_32+0x6a/0xc0 [ 955.911228][T18675] do_SYSENTER_32+0x73/0x90 [ 955.915736][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.922052][T18675] [ 955.924383][T18675] Uninit was stored to memory at: [ 955.929411][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 955.935133][T18675] __msan_chain_origin+0x57/0xa0 [ 955.940069][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 955.945178][T18675] get_compat_msghdr+0x108/0x2b0 [ 955.950144][T18675] do_recvmmsg+0xdc7/0x22e0 [ 955.954651][T18675] __sys_recvmmsg+0x340/0x5f0 [ 955.959332][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 955.965397][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 955.971550][T18675] __do_fast_syscall_32+0x129/0x180 [ 955.976748][T18675] do_fast_syscall_32+0x6a/0xc0 [ 955.981601][T18675] do_SYSENTER_32+0x73/0x90 [ 955.986106][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 955.992417][T18675] [ 955.994734][T18675] Uninit was stored to memory at: [ 955.999762][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 956.005482][T18675] __msan_chain_origin+0x57/0xa0 [ 956.010419][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.015531][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.020468][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.024975][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.029655][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.035730][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.041882][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.047080][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.051930][T18675] do_SYSENTER_32+0x73/0x90 [ 956.056432][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 956.062741][T18675] [ 956.065183][T18675] Uninit was stored to memory at: [ 956.070211][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 956.075934][T18675] __msan_chain_origin+0x57/0xa0 [ 956.080883][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.085995][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.090932][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.095435][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.100113][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.106179][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.112335][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.117535][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.122384][T18675] do_SYSENTER_32+0x73/0x90 [ 956.126891][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 956.133202][T18675] [ 956.135525][T18675] Uninit was stored to memory at: [ 956.140554][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 956.146275][T18675] __msan_chain_origin+0x57/0xa0 [ 956.151210][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.156321][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.161258][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.165763][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.170440][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.176513][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.182676][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.187903][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.192755][T18675] do_SYSENTER_32+0x73/0x90 [ 956.197261][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 956.203599][T18675] [ 956.205917][T18675] Uninit was stored to memory at: [ 956.210945][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 956.216669][T18675] __msan_chain_origin+0x57/0xa0 [ 956.221609][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.226720][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.231668][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.236179][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.240862][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.246941][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.253104][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.258306][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.263159][T18675] do_SYSENTER_32+0x73/0x90 [ 956.267664][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 956.273976][T18675] [ 956.276296][T18675] Uninit was stored to memory at: [ 956.281335][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 956.287155][T18675] __msan_chain_origin+0x57/0xa0 [ 956.292100][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.297217][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.302154][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.306659][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.311349][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.317423][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.323586][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.328786][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.333637][T18675] do_SYSENTER_32+0x73/0x90 [ 956.338144][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 956.344454][T18675] [ 956.346774][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 956.353449][T18675] do_recvmmsg+0xc2/0x22e0 [ 956.357863][T18675] do_recvmmsg+0xc2/0x22e0 [ 956.655001][T18675] not chained 480000 origins [ 956.659615][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 956.668282][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 956.678351][T18675] Call Trace: [ 956.681648][T18675] dump_stack+0x21c/0x280 [ 956.685989][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 956.691708][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 956.699346][T18675] ? kmsan_get_metadata+0x116/0x180 [ 956.704549][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 956.710187][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 956.716256][T18675] ? _copy_from_user+0x201/0x310 [ 956.721194][T18675] ? kmsan_get_metadata+0x116/0x180 [ 956.726394][T18675] __msan_chain_origin+0x57/0xa0 [ 956.731357][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.736483][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.741428][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.745938][T18675] ? kmsan_get_metadata+0x116/0x180 [ 956.751148][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 956.756787][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 956.762073][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 956.766841][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.771523][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 956.777327][T18675] ? kmsan_get_metadata+0x116/0x180 [ 956.782613][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.788683][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.794839][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.800041][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.804894][T18675] do_SYSENTER_32+0x73/0x90 [ 956.809398][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 956.815737][T18675] RIP: 0023:0xf7f29549 [ 956.819806][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 956.839415][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 956.847829][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 956.855803][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 956.863793][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 956.871763][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 956.879732][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 956.887699][T18675] Uninit was stored to memory at: [ 956.892570][T18650] not chained 490000 origins [ 956.892744][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 956.897303][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 956.903010][T18675] __msan_chain_origin+0x57/0xa0 [ 956.911647][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 956.916593][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 956.926636][T18650] Call Trace: [ 956.931734][T18675] get_compat_msghdr+0x108/0x2b0 [ 956.934994][T18650] dump_stack+0x21c/0x280 [ 956.939903][T18675] do_recvmmsg+0xdc7/0x22e0 [ 956.944209][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 956.948691][T18675] __sys_recvmmsg+0x340/0x5f0 [ 956.954382][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 956.959037][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 956.964380][T18650] ? kmsan_get_metadata+0x116/0x180 [ 956.970423][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 956.975596][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 956.981720][T18675] __do_fast_syscall_32+0x129/0x180 [ 956.987328][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 956.992497][T18675] do_fast_syscall_32+0x6a/0xc0 [ 956.998537][T18650] ? _copy_from_user+0x201/0x310 [ 957.003363][T18675] do_SYSENTER_32+0x73/0x90 [ 957.008274][T18650] ? kmsan_get_metadata+0x116/0x180 [ 957.012757][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.017929][T18650] __msan_chain_origin+0x57/0xa0 [ 957.024223][T18675] [ 957.029147][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.031441][T18675] Uninit was stored to memory at: [ 957.036535][T18650] get_compat_msghdr+0x108/0x2b0 [ 957.041549][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 957.046460][T18650] do_recvmmsg+0xdc7/0x22e0 [ 957.052155][T18675] __msan_chain_origin+0x57/0xa0 [ 957.056641][T18650] ? kmsan_get_metadata+0x116/0x180 [ 957.061564][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 957.066739][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 957.071822][T18675] get_compat_msghdr+0x108/0x2b0 [ 957.077430][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 957.082355][T18675] do_recvmmsg+0xdc7/0x22e0 [ 957.087627][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 957.092103][T18675] __sys_recvmmsg+0x340/0x5f0 [ 957.096842][T18650] __sys_recvmmsg+0x340/0x5f0 [ 957.101493][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.106141][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 957.112180][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.117958][T18650] ? kmsan_get_metadata+0x116/0x180 [ 957.124088][T18675] __do_fast_syscall_32+0x129/0x180 [ 957.129262][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.134431][T18675] do_fast_syscall_32+0x6a/0xc0 [ 957.140470][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.145292][T18675] do_SYSENTER_32+0x73/0x90 [ 957.151418][T18650] __do_fast_syscall_32+0x129/0x180 [ 957.155896][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.161066][T18650] do_fast_syscall_32+0x6a/0xc0 [ 957.167365][T18675] [ 957.172214][T18650] do_SYSENTER_32+0x73/0x90 [ 957.174507][T18675] Uninit was stored to memory at: [ 957.179011][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.184010][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 957.190302][T18650] RIP: 0023:0xf7fd6549 [ 957.196000][T18675] __msan_chain_origin+0x57/0xa0 [ 957.200039][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 957.204951][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 957.224526][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 957.229614][T18675] get_compat_msghdr+0x108/0x2b0 [ 957.238004][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 957.242939][T18675] do_recvmmsg+0xdc7/0x22e0 [ 957.250885][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 957.255369][T18675] __sys_recvmmsg+0x340/0x5f0 [ 957.263314][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 957.267970][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.277041][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 957.283094][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.291037][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 957.297170][T18675] __do_fast_syscall_32+0x129/0x180 [ 957.305105][T18650] Uninit was stored to memory at: [ 957.310310][T18675] do_fast_syscall_32+0x6a/0xc0 [ 957.315310][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 957.320182][T18675] do_SYSENTER_32+0x73/0x90 [ 957.325876][T18650] __msan_chain_origin+0x57/0xa0 [ 957.330366][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.335278][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.341577][T18675] [ 957.346671][T18650] get_compat_msghdr+0x108/0x2b0 [ 957.348967][T18675] Uninit was stored to memory at: [ 957.353888][T18650] do_recvmmsg+0xdc7/0x22e0 [ 957.358885][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 957.363363][T18650] __sys_recvmmsg+0x340/0x5f0 [ 957.369073][T18675] __msan_chain_origin+0x57/0xa0 [ 957.373722][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.378628][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 957.384669][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.389769][T18675] get_compat_msghdr+0x108/0x2b0 [ 957.395915][T18650] __do_fast_syscall_32+0x129/0x180 [ 957.400834][T18675] do_recvmmsg+0xdc7/0x22e0 [ 957.406021][T18650] do_fast_syscall_32+0x6a/0xc0 [ 957.410497][T18675] __sys_recvmmsg+0x340/0x5f0 [ 957.415437][T18650] do_SYSENTER_32+0x73/0x90 [ 957.420108][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.424592][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.430632][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.436938][T18650] [ 957.443081][T18675] __do_fast_syscall_32+0x129/0x180 [ 957.445375][T18650] Uninit was stored to memory at: [ 957.450555][T18675] do_fast_syscall_32+0x6a/0xc0 [ 957.455566][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 957.460571][T18675] do_SYSENTER_32+0x73/0x90 [ 957.466267][T18650] __msan_chain_origin+0x57/0xa0 [ 957.470770][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.475682][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.481986][T18675] [ 957.487084][T18650] get_compat_msghdr+0x108/0x2b0 [ 957.489378][T18675] Uninit was stored to memory at: [ 957.494302][T18650] do_recvmmsg+0xdc7/0x22e0 [ 957.499299][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 957.503781][T18650] __sys_recvmmsg+0x340/0x5f0 [ 957.509495][T18675] __msan_chain_origin+0x57/0xa0 [ 957.514149][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.519056][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 957.525099][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.530182][T18675] get_compat_msghdr+0x108/0x2b0 [ 957.536311][T18650] __do_fast_syscall_32+0x129/0x180 [ 957.541239][T18675] do_recvmmsg+0xdc7/0x22e0 [ 957.546395][T18650] do_fast_syscall_32+0x6a/0xc0 [ 957.546418][T18650] do_SYSENTER_32+0x73/0x90 [ 957.550917][T18675] __sys_recvmmsg+0x340/0x5f0 [ 957.555743][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.560217][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.564854][T18650] [ 957.571164][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.577191][T18650] Uninit was stored to memory at: [ 957.579508][T18675] __do_fast_syscall_32+0x129/0x180 [ 957.585637][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 957.590647][T18675] do_fast_syscall_32+0x6a/0xc0 [ 957.595821][T18650] __msan_chain_origin+0x57/0xa0 [ 957.601510][T18675] do_SYSENTER_32+0x73/0x90 [ 957.606332][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.611246][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.615718][T18650] get_compat_msghdr+0x108/0x2b0 [ 957.620809][T18675] [ 957.627125][T18650] do_recvmmsg+0xdc7/0x22e0 [ 957.632016][T18675] Uninit was stored to memory at: [ 957.634333][T18650] __sys_recvmmsg+0x340/0x5f0 [ 957.638825][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 957.643821][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.648470][T18675] __msan_chain_origin+0x57/0xa0 [ 957.654161][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.660211][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 957.665127][T18650] __do_fast_syscall_32+0x129/0x180 [ 957.671259][T18675] get_compat_msghdr+0x108/0x2b0 [ 957.676345][T18650] do_fast_syscall_32+0x6a/0xc0 [ 957.681518][T18675] do_recvmmsg+0xdc7/0x22e0 [ 957.686434][T18650] do_SYSENTER_32+0x73/0x90 [ 957.691261][T18675] __sys_recvmmsg+0x340/0x5f0 [ 957.695740][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.700218][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.704856][T18650] [ 957.711167][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.717210][T18650] Uninit was stored to memory at: [ 957.719528][T18675] __do_fast_syscall_32+0x129/0x180 [ 957.725657][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 957.730651][T18675] do_fast_syscall_32+0x6a/0xc0 [ 957.735824][T18650] __msan_chain_origin+0x57/0xa0 [ 957.741513][T18675] do_SYSENTER_32+0x73/0x90 [ 957.746335][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.751246][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.756210][T18650] get_compat_msghdr+0x108/0x2b0 [ 957.761282][T18675] [ 957.767594][T18650] do_recvmmsg+0xdc7/0x22e0 [ 957.772491][T18675] Uninit was stored to memory at: [ 957.774808][T18650] __sys_recvmmsg+0x340/0x5f0 [ 957.779287][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 957.784280][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.788932][T18675] __msan_chain_origin+0x57/0xa0 [ 957.794624][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.800661][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 957.805575][T18650] __do_fast_syscall_32+0x129/0x180 [ 957.811695][T18675] get_compat_msghdr+0x108/0x2b0 [ 957.816799][T18650] do_fast_syscall_32+0x6a/0xc0 [ 957.821970][T18675] do_recvmmsg+0xdc7/0x22e0 [ 957.826878][T18650] do_SYSENTER_32+0x73/0x90 [ 957.831716][T18675] __sys_recvmmsg+0x340/0x5f0 [ 957.836195][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.840669][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.845408][T18650] [ 957.851736][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.857767][T18650] Uninit was stored to memory at: [ 957.860090][T18675] __do_fast_syscall_32+0x129/0x180 [ 957.866232][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 957.871252][T18675] do_fast_syscall_32+0x6a/0xc0 [ 957.876425][T18650] __msan_chain_origin+0x57/0xa0 [ 957.882117][T18675] do_SYSENTER_32+0x73/0x90 [ 957.886938][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.891859][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.896361][T18650] get_compat_msghdr+0x108/0x2b0 [ 957.901433][T18675] [ 957.907745][T18650] do_recvmmsg+0xdc7/0x22e0 [ 957.912645][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 957.914962][T18650] __sys_recvmmsg+0x340/0x5f0 [ 957.919435][T18675] do_recvmmsg+0xc2/0x22e0 [ 957.926084][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 957.930743][T18675] do_recvmmsg+0xc2/0x22e0 [ 957.935131][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 957.951701][T18650] __do_fast_syscall_32+0x129/0x180 [ 957.956898][T18650] do_fast_syscall_32+0x6a/0xc0 [ 957.961741][T18650] do_SYSENTER_32+0x73/0x90 [ 957.966244][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 957.972555][T18650] [ 957.974872][T18650] Uninit was stored to memory at: [ 957.979902][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 957.985624][T18650] __msan_chain_origin+0x57/0xa0 [ 957.990652][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 957.995833][T18650] get_compat_msghdr+0x108/0x2b0 [ 958.000772][T18650] do_recvmmsg+0xdc7/0x22e0 [ 958.005365][T18650] __sys_recvmmsg+0x340/0x5f0 [ 958.010074][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.016180][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.022333][T18650] __do_fast_syscall_32+0x129/0x180 [ 958.027529][T18650] do_fast_syscall_32+0x6a/0xc0 [ 958.032378][T18650] do_SYSENTER_32+0x73/0x90 [ 958.036884][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.043192][T18650] [ 958.045505][T18650] Uninit was stored to memory at: [ 958.050530][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 958.056246][T18650] __msan_chain_origin+0x57/0xa0 [ 958.061178][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 958.066289][T18650] get_compat_msghdr+0x108/0x2b0 [ 958.071223][T18650] do_recvmmsg+0xdc7/0x22e0 [ 958.075722][T18650] __sys_recvmmsg+0x340/0x5f0 [ 958.080397][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.086457][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.092607][T18650] __do_fast_syscall_32+0x129/0x180 [ 958.097801][T18650] do_fast_syscall_32+0x6a/0xc0 [ 958.102647][T18650] do_SYSENTER_32+0x73/0x90 [ 958.107146][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.113455][T18650] [ 958.115773][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 958.122444][T18650] do_recvmmsg+0xc2/0x22e0 [ 958.126853][T18650] do_recvmmsg+0xc2/0x22e0 [ 958.181524][T18675] not chained 500000 origins [ 958.186205][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 958.194872][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 958.205010][T18675] Call Trace: [ 958.208304][T18675] dump_stack+0x21c/0x280 [ 958.212642][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 958.218364][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 958.223741][T18675] ? kmsan_get_metadata+0x116/0x180 [ 958.228944][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 958.234592][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 958.240663][T18675] ? _copy_from_user+0x201/0x310 [ 958.245609][T18675] ? kmsan_get_metadata+0x116/0x180 [ 958.250812][T18675] __msan_chain_origin+0x57/0xa0 [ 958.255754][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.260875][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.265820][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.270330][T18675] ? kmsan_get_metadata+0x116/0x180 [ 958.275542][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 958.281187][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 958.286489][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 958.291268][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.295955][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 958.301759][T18675] ? kmsan_get_metadata+0x116/0x180 [ 958.306963][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.313038][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.319199][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.324407][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.329262][T18675] do_SYSENTER_32+0x73/0x90 [ 958.333772][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.340102][T18675] RIP: 0023:0xf7f29549 [ 958.344176][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 958.363810][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 958.372234][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 958.380209][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 958.388185][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 958.396159][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 958.404136][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 958.412115][T18675] Uninit was stored to memory at: [ 958.417258][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.422995][T18675] __msan_chain_origin+0x57/0xa0 [ 958.427939][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.433051][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.437997][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.442514][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.447199][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.453270][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.459425][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.464626][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.469475][T18675] do_SYSENTER_32+0x73/0x90 [ 958.473980][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.480290][T18675] [ 958.482608][T18675] Uninit was stored to memory at: [ 958.487641][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.493363][T18675] __msan_chain_origin+0x57/0xa0 [ 958.498298][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.503411][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.508349][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.512852][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.517531][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.523608][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.529773][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.534973][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.539848][T18675] do_SYSENTER_32+0x73/0x90 [ 958.544356][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.550667][T18675] [ 958.552988][T18675] Uninit was stored to memory at: [ 958.558024][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.563750][T18675] __msan_chain_origin+0x57/0xa0 [ 958.568701][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.573814][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.578748][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.583256][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.587935][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.594015][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.600187][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.605387][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.610245][T18675] do_SYSENTER_32+0x73/0x90 [ 958.614748][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.621061][T18675] [ 958.623375][T18675] Uninit was stored to memory at: [ 958.628405][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.634127][T18675] __msan_chain_origin+0x57/0xa0 [ 958.639062][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.644171][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.649109][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.653612][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.658288][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.664356][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.670511][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.675710][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.680561][T18675] do_SYSENTER_32+0x73/0x90 [ 958.685067][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.691376][T18675] [ 958.693695][T18675] Uninit was stored to memory at: [ 958.698727][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.704447][T18675] __msan_chain_origin+0x57/0xa0 [ 958.709385][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.714501][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.719439][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.723945][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.728620][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.734202][T18650] not chained 510000 origins [ 958.734688][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.739260][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 958.745419][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.754347][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 958.759529][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.769550][T18650] Call Trace: [ 958.774384][T18675] do_SYSENTER_32+0x73/0x90 [ 958.777646][T18650] dump_stack+0x21c/0x280 [ 958.782125][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.786430][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 958.792710][T18675] [ 958.798412][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 958.800706][T18675] Uninit was stored to memory at: [ 958.806060][T18650] ? kmsan_get_metadata+0x116/0x180 [ 958.811060][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.816234][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 958.821941][T18675] __msan_chain_origin+0x57/0xa0 [ 958.827549][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 958.832459][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.838499][T18650] ? _copy_from_user+0x201/0x310 [ 958.843579][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.848499][T18650] ? kmsan_get_metadata+0x116/0x180 [ 958.853414][T18675] do_recvmmsg+0xdc7/0x22e0 [ 958.858585][T18650] __msan_chain_origin+0x57/0xa0 [ 958.863060][T18675] __sys_recvmmsg+0x340/0x5f0 [ 958.867970][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 958.872621][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.877704][T18650] get_compat_msghdr+0x108/0x2b0 [ 958.883743][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.888654][T18650] do_recvmmsg+0xdc7/0x22e0 [ 958.894784][T18675] __do_fast_syscall_32+0x129/0x180 [ 958.899258][T18650] ? kmsan_get_metadata+0x116/0x180 [ 958.904431][T18675] do_fast_syscall_32+0x6a/0xc0 [ 958.909607][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 958.914428][T18675] do_SYSENTER_32+0x73/0x90 [ 958.920034][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 958.924510][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 958.929767][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 958.936055][T18675] [ 958.940820][T18650] __sys_recvmmsg+0x340/0x5f0 [ 958.943115][T18675] Uninit was stored to memory at: [ 958.947807][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 958.952806][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 958.958581][T18650] ? kmsan_get_metadata+0x116/0x180 [ 958.964273][T18675] __msan_chain_origin+0x57/0xa0 [ 958.969450][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 958.974362][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 958.980407][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 958.985490][T18675] get_compat_msghdr+0x108/0x2b0 [ 958.991619][T18650] __do_fast_syscall_32+0x129/0x180 [ 958.996527][T18675] do_recvmmsg+0xdc7/0x22e0 [ 959.001702][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.006179][T18675] __sys_recvmmsg+0x340/0x5f0 [ 959.011004][T18650] do_SYSENTER_32+0x73/0x90 [ 959.015652][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.020133][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.026168][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.032462][T18650] RIP: 0023:0xf7fd6549 [ 959.038592][T18675] __do_fast_syscall_32+0x129/0x180 [ 959.042634][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 959.047806][T18675] do_fast_syscall_32+0x6a/0xc0 [ 959.067381][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 959.072214][T18675] do_SYSENTER_32+0x73/0x90 [ 959.080593][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 959.085092][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.093071][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 959.099372][T18675] [ 959.107327][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 959.109645][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 959.117595][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 959.124340][T18675] do_recvmmsg+0xc2/0x22e0 [ 959.132278][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 959.136671][T18675] do_recvmmsg+0xc2/0x22e0 [ 959.144607][T18650] Uninit was stored to memory at: [ 959.154011][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.159746][T18650] __msan_chain_origin+0x57/0xa0 [ 959.164682][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.169797][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.174831][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.179368][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.184047][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.190117][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.196274][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.201475][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.206329][T18650] do_SYSENTER_32+0x73/0x90 [ 959.210834][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.217164][T18650] [ 959.219481][T18650] Uninit was stored to memory at: [ 959.224506][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.230227][T18650] __msan_chain_origin+0x57/0xa0 [ 959.235165][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.240273][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.245211][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.249713][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.254387][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.260460][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.266613][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.271810][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.276658][T18650] do_SYSENTER_32+0x73/0x90 [ 959.281166][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.287481][T18650] [ 959.289804][T18650] Uninit was stored to memory at: [ 959.294843][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.300568][T18650] __msan_chain_origin+0x57/0xa0 [ 959.305507][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.310623][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.315566][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.319097][T18675] not chained 520000 origins [ 959.320076][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.324667][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 959.329321][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.337954][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 959.344003][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.354022][T18675] Call Trace: [ 959.360175][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.363438][T18675] dump_stack+0x21c/0x280 [ 959.368628][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.372932][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 959.377775][T18650] do_SYSENTER_32+0x73/0x90 [ 959.383467][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 959.387946][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.393286][T18675] ? kmsan_get_metadata+0x116/0x180 [ 959.399573][T18650] [ 959.404756][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 959.407048][T18650] Uninit was stored to memory at: [ 959.412667][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 959.417661][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.423701][T18675] ? _copy_from_user+0x201/0x310 [ 959.429391][T18650] __msan_chain_origin+0x57/0xa0 [ 959.434314][T18675] ? kmsan_get_metadata+0x116/0x180 [ 959.439247][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.444424][T18675] __msan_chain_origin+0x57/0xa0 [ 959.449502][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.454428][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 959.459347][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.464433][T18675] get_compat_msghdr+0x108/0x2b0 [ 959.468917][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.473835][T18675] do_recvmmsg+0xdc7/0x22e0 [ 959.478498][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.482973][T18675] ? kmsan_get_metadata+0x116/0x180 [ 959.489012][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.494188][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 959.500332][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.506199][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 959.511382][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.516640][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 959.521484][T18650] do_SYSENTER_32+0x73/0x90 [ 959.526223][T18675] __sys_recvmmsg+0x340/0x5f0 [ 959.530703][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.535352][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 959.541639][T18650] [ 959.547426][T18675] ? kmsan_get_metadata+0x116/0x180 [ 959.549746][T18650] Uninit was stored to memory at: [ 959.554928][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.559942][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.565982][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.572194][T18650] __msan_chain_origin+0x57/0xa0 [ 959.578319][T18675] __do_fast_syscall_32+0x129/0x180 [ 959.583228][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.588403][T18675] do_fast_syscall_32+0x6a/0xc0 [ 959.593483][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.598309][T18675] do_SYSENTER_32+0x73/0x90 [ 959.603219][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.607696][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.612170][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.618463][T18675] RIP: 0023:0xf7f29549 [ 959.623138][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.627182][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 959.633239][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.652830][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 959.658965][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.667345][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 959.672520][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.680462][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 959.685291][T18650] do_SYSENTER_32+0x73/0x90 [ 959.693233][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 959.697734][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.705676][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 959.711968][T18650] [ 959.719922][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 959.722222][T18650] Uninit was stored to memory at: [ 959.730170][T18675] Uninit was stored to memory at: [ 959.735183][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.740177][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 959.745870][T18650] __msan_chain_origin+0x57/0xa0 [ 959.751578][T18675] __msan_chain_origin+0x57/0xa0 [ 959.756496][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.761420][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 959.766527][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.771613][T18675] get_compat_msghdr+0x108/0x2b0 [ 959.776555][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.781490][T18675] do_recvmmsg+0xdc7/0x22e0 [ 959.785995][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.790467][T18675] __sys_recvmmsg+0x340/0x5f0 [ 959.795118][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.799780][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.805821][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.811859][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.817986][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.824129][T18675] __do_fast_syscall_32+0x129/0x180 [ 959.829304][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.834475][T18675] do_fast_syscall_32+0x6a/0xc0 [ 959.839301][T18650] do_SYSENTER_32+0x73/0x90 [ 959.844124][T18675] do_SYSENTER_32+0x73/0x90 [ 959.848605][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.853083][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.859379][T18650] [ 959.865678][T18675] [ 959.867982][T18650] Uninit was stored to memory at: [ 959.870301][T18675] Uninit was stored to memory at: [ 959.875324][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 959.880340][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 959.886032][T18650] __msan_chain_origin+0x57/0xa0 [ 959.891720][T18675] __msan_chain_origin+0x57/0xa0 [ 959.896631][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 959.901538][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 959.906624][T18650] get_compat_msghdr+0x108/0x2b0 [ 959.911707][T18675] get_compat_msghdr+0x108/0x2b0 [ 959.916619][T18650] do_recvmmsg+0xdc7/0x22e0 [ 959.921529][T18675] do_recvmmsg+0xdc7/0x22e0 [ 959.926005][T18650] __sys_recvmmsg+0x340/0x5f0 [ 959.930480][T18675] __sys_recvmmsg+0x340/0x5f0 [ 959.935153][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.939804][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 959.945843][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.951882][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 959.958010][T18650] __do_fast_syscall_32+0x129/0x180 [ 959.964152][T18675] __do_fast_syscall_32+0x129/0x180 [ 959.969326][T18650] do_fast_syscall_32+0x6a/0xc0 [ 959.974500][T18675] do_fast_syscall_32+0x6a/0xc0 [ 959.979323][T18650] do_SYSENTER_32+0x73/0x90 [ 959.984146][T18675] do_SYSENTER_32+0x73/0x90 [ 959.988626][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.993114][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 959.999399][T18650] [ 960.005696][T18675] [ 960.008004][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 960.010320][T18675] Uninit was stored to memory at: [ 960.016978][T18650] do_recvmmsg+0xc2/0x22e0 [ 960.021978][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.026365][T18650] do_recvmmsg+0xc2/0x22e0 [ 960.032058][T18675] __msan_chain_origin+0x57/0xa0 [ 960.041358][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.046578][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.051509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.056011][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.060691][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.066762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.072931][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.078134][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.082986][T18675] do_SYSENTER_32+0x73/0x90 [ 960.087488][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.093798][T18675] [ 960.096116][T18675] Uninit was stored to memory at: [ 960.101146][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.106870][T18675] __msan_chain_origin+0x57/0xa0 [ 960.111809][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.116921][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.121858][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.126360][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.131045][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.137110][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.143268][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.148465][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.153320][T18675] do_SYSENTER_32+0x73/0x90 [ 960.157828][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.164142][T18675] [ 960.166465][T18675] Uninit was stored to memory at: [ 960.171506][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.177410][T18675] __msan_chain_origin+0x57/0xa0 [ 960.182350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.187460][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.192400][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.196905][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.201587][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.207669][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.213824][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.219020][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.223874][T18675] do_SYSENTER_32+0x73/0x90 [ 960.228379][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.234700][T18675] [ 960.237016][T18675] Uninit was stored to memory at: [ 960.242306][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.248025][T18675] __msan_chain_origin+0x57/0xa0 [ 960.253005][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.258116][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.263060][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.267571][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.272248][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.278314][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.284480][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.289684][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.294541][T18675] do_SYSENTER_32+0x73/0x90 [ 960.299045][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.305358][T18675] [ 960.307680][T18675] Uninit was stored to memory at: [ 960.312713][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.318435][T18675] __msan_chain_origin+0x57/0xa0 [ 960.323372][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.328481][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.333421][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.337925][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.342603][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.348670][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.354826][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.360025][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.364874][T18675] do_SYSENTER_32+0x73/0x90 [ 960.369382][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.375694][T18675] [ 960.378014][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 960.384692][T18675] do_recvmmsg+0xc2/0x22e0 [ 960.389108][T18675] do_recvmmsg+0xc2/0x22e0 [ 960.613291][T18675] not chained 530000 origins [ 960.617915][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 960.626582][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 960.636633][T18675] Call Trace: [ 960.639927][T18675] dump_stack+0x21c/0x280 [ 960.644267][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 960.649991][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 960.655370][T18675] ? kmsan_get_metadata+0x116/0x180 [ 960.660598][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 960.666237][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 960.672305][T18675] ? _copy_from_user+0x201/0x310 [ 960.677243][T18675] ? kmsan_get_metadata+0x116/0x180 [ 960.682449][T18675] __msan_chain_origin+0x57/0xa0 [ 960.687388][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.692507][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.697452][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.701964][T18675] ? kmsan_get_metadata+0x116/0x180 [ 960.707173][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 960.712811][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 960.718101][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 960.722867][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.727546][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 960.733350][T18675] ? kmsan_get_metadata+0x116/0x180 [ 960.738550][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.744630][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.750789][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.755994][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.760847][T18675] do_SYSENTER_32+0x73/0x90 [ 960.765362][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.771681][T18675] RIP: 0023:0xf7f29549 [ 960.775753][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 960.795360][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 960.803777][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 960.811749][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 960.819718][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 960.827687][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 960.835832][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 960.843803][T18675] Uninit was stored to memory at: [ 960.848837][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.854561][T18675] __msan_chain_origin+0x57/0xa0 [ 960.859497][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.864607][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.869544][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.874071][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.878749][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.884827][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.890979][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.896178][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.901028][T18675] do_SYSENTER_32+0x73/0x90 [ 960.905561][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.911872][T18675] [ 960.914201][T18675] Uninit was stored to memory at: [ 960.919231][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.924951][T18675] __msan_chain_origin+0x57/0xa0 [ 960.929927][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 960.935037][T18675] get_compat_msghdr+0x108/0x2b0 [ 960.939977][T18675] do_recvmmsg+0xdc7/0x22e0 [ 960.944479][T18675] __sys_recvmmsg+0x340/0x5f0 [ 960.949156][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 960.955224][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 960.961378][T18675] __do_fast_syscall_32+0x129/0x180 [ 960.966578][T18675] do_fast_syscall_32+0x6a/0xc0 [ 960.971427][T18675] do_SYSENTER_32+0x73/0x90 [ 960.975932][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 960.982241][T18675] [ 960.984560][T18675] Uninit was stored to memory at: [ 960.989588][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 960.995312][T18675] __msan_chain_origin+0x57/0xa0 [ 961.000248][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.005360][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.010308][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.014813][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.019490][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.025556][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.031709][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.036934][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.041783][T18675] do_SYSENTER_32+0x73/0x90 [ 961.046287][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.052597][T18675] [ 961.054914][T18675] Uninit was stored to memory at: [ 961.059942][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 961.065666][T18675] __msan_chain_origin+0x57/0xa0 [ 961.070601][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.075711][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.080652][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.085157][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.089835][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.095907][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.102066][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.107298][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.112146][T18675] do_SYSENTER_32+0x73/0x90 [ 961.116660][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.122972][T18675] [ 961.125291][T18675] Uninit was stored to memory at: [ 961.130318][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 961.136052][T18675] __msan_chain_origin+0x57/0xa0 [ 961.141003][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.146115][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.151054][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.155563][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.160247][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.166352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.172508][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.177704][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.182557][T18675] do_SYSENTER_32+0x73/0x90 [ 961.187066][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.193374][T18675] [ 961.195690][T18675] Uninit was stored to memory at: [ 961.200718][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 961.206442][T18675] __msan_chain_origin+0x57/0xa0 [ 961.211376][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.216489][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.221427][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.225937][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.230619][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.236706][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.242865][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.248071][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.252924][T18675] do_SYSENTER_32+0x73/0x90 [ 961.257456][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.263769][T18675] [ 961.266150][T18675] Uninit was stored to memory at: [ 961.271233][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 961.276965][T18675] __msan_chain_origin+0x57/0xa0 [ 961.281908][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.287021][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.291960][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.296468][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.301147][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.307223][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.313379][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.318663][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.323515][T18675] do_SYSENTER_32+0x73/0x90 [ 961.328023][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.334335][T18675] [ 961.336657][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 961.343329][T18675] do_recvmmsg+0xc2/0x22e0 [ 961.347742][T18675] do_recvmmsg+0xc2/0x22e0 [ 961.552704][T18675] not chained 540000 origins [ 961.557323][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 961.565984][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 961.576029][T18675] Call Trace: [ 961.579333][T18675] dump_stack+0x21c/0x280 [ 961.583667][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 961.589471][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 961.594845][T18675] ? kmsan_get_metadata+0x116/0x180 [ 961.600043][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 961.605682][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 961.611751][T18675] ? _copy_from_user+0x201/0x310 [ 961.616692][T18675] ? kmsan_get_metadata+0x116/0x180 [ 961.621893][T18675] __msan_chain_origin+0x57/0xa0 [ 961.626831][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.631946][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.636886][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.641392][T18675] ? kmsan_get_metadata+0x116/0x180 [ 961.646600][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 961.652233][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 961.657520][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 961.662284][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.666962][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 961.672764][T18675] ? kmsan_get_metadata+0x116/0x180 [ 961.677964][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.684031][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.690187][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.695389][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.700238][T18675] do_SYSENTER_32+0x73/0x90 [ 961.701871][T18650] not chained 550000 origins [ 961.704783][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.715652][T18675] RIP: 0023:0xf7f29549 [ 961.719707][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 961.739313][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 961.747704][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 961.755674][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 961.763626][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 961.771580][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 961.779532][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 961.787484][T18675] Uninit was stored to memory at: [ 961.787497][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 961.787512][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 961.792521][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 961.801151][T18650] Call Trace: [ 961.811196][T18675] __msan_chain_origin+0x57/0xa0 [ 961.816885][T18650] dump_stack+0x21c/0x280 [ 961.820158][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.825071][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 961.829380][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.834464][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 961.840157][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.845065][T18650] ? kmsan_get_metadata+0x116/0x180 [ 961.850518][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.854997][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 961.860427][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 961.865084][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 961.870685][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 961.876723][T18650] ? _copy_from_user+0x201/0x310 [ 961.882762][T18675] __do_fast_syscall_32+0x129/0x180 [ 961.888883][T18650] ? kmsan_get_metadata+0x116/0x180 [ 961.893795][T18675] do_fast_syscall_32+0x6a/0xc0 [ 961.898966][T18650] __msan_chain_origin+0x57/0xa0 [ 961.904136][T18675] do_SYSENTER_32+0x73/0x90 [ 961.908959][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 961.913868][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 961.918342][T18650] get_compat_msghdr+0x108/0x2b0 [ 961.923412][T18675] [ 961.929722][T18650] do_recvmmsg+0xdc7/0x22e0 [ 961.934619][T18675] Uninit was stored to memory at: [ 961.936935][T18650] ? kmsan_get_metadata+0x116/0x180 [ 961.941415][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 961.946431][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 961.951602][T18675] __msan_chain_origin+0x57/0xa0 [ 961.957292][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 961.963026][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 961.967938][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 961.973207][T18675] get_compat_msghdr+0x108/0x2b0 [ 961.978294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 961.983030][T18675] do_recvmmsg+0xdc7/0x22e0 [ 961.987939][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 961.992589][T18675] __sys_recvmmsg+0x340/0x5f0 [ 961.997063][T18650] ? kmsan_get_metadata+0x116/0x180 [ 962.002846][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.007494][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.012681][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.018719][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.024774][T18675] __do_fast_syscall_32+0x129/0x180 [ 962.030900][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.037024][T18675] do_fast_syscall_32+0x6a/0xc0 [ 962.042196][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.047375][T18675] do_SYSENTER_32+0x73/0x90 [ 962.052199][T18650] do_SYSENTER_32+0x73/0x90 [ 962.057025][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.061501][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.065961][T18675] [ 962.072266][T18650] RIP: 0023:0xf7fd6549 [ 962.078555][T18675] Uninit was stored to memory at: [ 962.080871][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 962.084914][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 962.090016][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 962.109605][T18675] __msan_chain_origin+0x57/0xa0 [ 962.115292][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 962.123676][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 962.128690][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 962.136646][T18675] get_compat_msghdr+0x108/0x2b0 [ 962.141734][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 962.149689][T18675] do_recvmmsg+0xdc7/0x22e0 [ 962.154591][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 962.162565][T18675] __sys_recvmmsg+0x340/0x5f0 [ 962.167038][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 962.174994][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.179631][T18650] Uninit was stored to memory at: [ 962.187589][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.193639][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.198636][T18675] __do_fast_syscall_32+0x129/0x180 [ 962.204760][T18650] __msan_chain_origin+0x57/0xa0 [ 962.210449][T18675] do_fast_syscall_32+0x6a/0xc0 [ 962.215618][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.220527][T18675] do_SYSENTER_32+0x73/0x90 [ 962.225349][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.230434][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.234909][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.239805][T18675] [ 962.246116][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.250577][T18675] Uninit was stored to memory at: [ 962.252910][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.257560][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 962.262565][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.268599][T18675] __msan_chain_origin+0x57/0xa0 [ 962.274291][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.280413][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 962.285326][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.290509][T18675] get_compat_msghdr+0x108/0x2b0 [ 962.295599][T18650] do_SYSENTER_32+0x73/0x90 [ 962.300423][T18675] do_recvmmsg+0xdc7/0x22e0 [ 962.305336][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.309810][T18675] __sys_recvmmsg+0x340/0x5f0 [ 962.314274][T18650] [ 962.320576][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.320599][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.325239][T18650] Uninit was stored to memory at: [ 962.327554][T18675] __do_fast_syscall_32+0x129/0x180 [ 962.333597][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.339725][T18675] do_fast_syscall_32+0x6a/0xc0 [ 962.344726][T18650] __msan_chain_origin+0x57/0xa0 [ 962.349893][T18675] do_SYSENTER_32+0x73/0x90 [ 962.355587][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.360411][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.365337][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.369800][T18675] [ 962.374896][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.381182][T18675] Uninit was stored to memory at: [ 962.386104][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.388430][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 962.392907][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.397904][T18675] __msan_chain_origin+0x57/0xa0 [ 962.402558][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.408248][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 962.414303][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.419220][T18675] get_compat_msghdr+0x108/0x2b0 [ 962.425353][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.430439][T18675] do_recvmmsg+0xdc7/0x22e0 [ 962.435612][T18650] do_SYSENTER_32+0x73/0x90 [ 962.440524][T18675] __sys_recvmmsg+0x340/0x5f0 [ 962.445350][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.449824][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.454287][T18650] [ 962.458963][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.465253][T18650] Uninit was stored to memory at: [ 962.471332][T18675] __do_fast_syscall_32+0x129/0x180 [ 962.473642][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.479777][T18675] do_fast_syscall_32+0x6a/0xc0 [ 962.484796][T18650] __msan_chain_origin+0x57/0xa0 [ 962.489966][T18675] do_SYSENTER_32+0x73/0x90 [ 962.495656][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.500480][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.505388][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.509859][T18675] [ 962.514954][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.521240][T18675] Uninit was stored to memory at: [ 962.526162][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.528643][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 962.533126][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.538124][T18675] __msan_chain_origin+0x57/0xa0 [ 962.542773][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.548462][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 962.554500][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.559406][T18675] get_compat_msghdr+0x108/0x2b0 [ 962.565535][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.570617][T18675] do_recvmmsg+0xdc7/0x22e0 [ 962.575786][T18650] do_SYSENTER_32+0x73/0x90 [ 962.580696][T18675] __sys_recvmmsg+0x340/0x5f0 [ 962.585519][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.589992][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.594454][T18650] [ 962.599114][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.605401][T18650] Uninit was stored to memory at: [ 962.611448][T18675] __do_fast_syscall_32+0x129/0x180 [ 962.613759][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.619880][T18675] do_fast_syscall_32+0x6a/0xc0 [ 962.624868][T18650] __msan_chain_origin+0x57/0xa0 [ 962.624891][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.630088][T18675] do_SYSENTER_32+0x73/0x90 [ 962.635781][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.640634][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.645542][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.650613][T18675] [ 962.655101][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.659998][T18675] Uninit was stored to memory at: [ 962.666308][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.670805][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 962.673108][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.677758][T18675] __msan_chain_origin+0x57/0xa0 [ 962.682755][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.688793][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 962.694484][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.700608][T18675] get_compat_msghdr+0x108/0x2b0 [ 962.705536][T18650] do_SYSENTER_32+0x73/0x90 [ 962.710708][T18675] do_recvmmsg+0xdc7/0x22e0 [ 962.715793][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.720617][T18675] __sys_recvmmsg+0x340/0x5f0 [ 962.725514][T18650] [ 962.730002][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.734465][T18650] Uninit was stored to memory at: [ 962.740774][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.745427][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.747730][T18675] __do_fast_syscall_32+0x129/0x180 [ 962.753789][T18650] __msan_chain_origin+0x57/0xa0 [ 962.758783][T18675] do_fast_syscall_32+0x6a/0xc0 [ 962.764906][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.770600][T18675] do_SYSENTER_32+0x73/0x90 [ 962.775789][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.780717][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.785547][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.790615][T18675] [ 962.795105][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.800005][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 962.806313][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.810811][T18675] do_recvmmsg+0xc2/0x22e0 [ 962.813120][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.817767][T18675] do_recvmmsg+0xc2/0x22e0 [ 962.824518][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.850667][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.855609][T18650] do_SYSENTER_32+0x73/0x90 [ 962.860148][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.866456][T18650] [ 962.868773][T18650] Uninit was stored to memory at: [ 962.873802][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.879524][T18650] __msan_chain_origin+0x57/0xa0 [ 962.884466][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.889668][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.894639][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.899145][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.903825][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.909890][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.916043][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.921243][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.926099][T18650] do_SYSENTER_32+0x73/0x90 [ 962.930603][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 962.936911][T18650] [ 962.939226][T18650] Uninit was stored to memory at: [ 962.944254][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 962.949997][T18650] __msan_chain_origin+0x57/0xa0 [ 962.954930][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 962.960033][T18650] get_compat_msghdr+0x108/0x2b0 [ 962.964972][T18650] do_recvmmsg+0xdc7/0x22e0 [ 962.969471][T18650] __sys_recvmmsg+0x340/0x5f0 [ 962.974144][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 962.980206][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 962.986358][T18650] __do_fast_syscall_32+0x129/0x180 [ 962.991553][T18650] do_fast_syscall_32+0x6a/0xc0 [ 962.996403][T18650] do_SYSENTER_32+0x73/0x90 [ 963.000903][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.007212][T18650] [ 963.009531][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 963.016206][T18650] do_recvmmsg+0xc2/0x22e0 [ 963.020617][T18650] do_recvmmsg+0xc2/0x22e0 [ 963.020641][T18675] not chained 560000 origins [ 963.029604][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 963.038267][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 963.048923][T18675] Call Trace: [ 963.052218][T18675] dump_stack+0x21c/0x280 [ 963.056559][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 963.062285][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 963.067659][T18675] ? kmsan_get_metadata+0x116/0x180 [ 963.072860][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 963.078495][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 963.084581][T18675] ? _copy_from_user+0x201/0x310 [ 963.089524][T18675] ? kmsan_get_metadata+0x116/0x180 [ 963.094733][T18675] __msan_chain_origin+0x57/0xa0 [ 963.099672][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.104788][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.109730][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.114239][T18675] ? kmsan_get_metadata+0x116/0x180 [ 963.119448][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 963.125086][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 963.130377][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 963.135143][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.139822][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 963.145627][T18675] ? kmsan_get_metadata+0x116/0x180 [ 963.150833][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.156906][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.163062][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.168266][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.173118][T18675] do_SYSENTER_32+0x73/0x90 [ 963.177625][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.183948][T18675] RIP: 0023:0xf7f29549 [ 963.188016][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 963.207620][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 963.216034][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 963.224118][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 963.232088][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 963.240062][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 963.248031][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 963.256003][T18675] Uninit was stored to memory at: [ 963.261044][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.266766][T18675] __msan_chain_origin+0x57/0xa0 [ 963.271703][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.276812][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.281749][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.286258][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.290938][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.297006][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.303165][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.308376][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.313228][T18675] do_SYSENTER_32+0x73/0x90 [ 963.317733][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.324045][T18675] [ 963.326366][T18675] Uninit was stored to memory at: [ 963.331399][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.337121][T18675] __msan_chain_origin+0x57/0xa0 [ 963.342053][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.347166][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.352109][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.356614][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.361291][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.367357][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.373512][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.378710][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.383560][T18675] do_SYSENTER_32+0x73/0x90 [ 963.388062][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.394369][T18675] [ 963.396686][T18675] Uninit was stored to memory at: [ 963.401713][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.407435][T18675] __msan_chain_origin+0x57/0xa0 [ 963.412369][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.417483][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.422429][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.426934][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.431610][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.437678][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.443838][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.449040][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.453893][T18675] do_SYSENTER_32+0x73/0x90 [ 963.458401][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.464713][T18675] [ 963.467032][T18675] Uninit was stored to memory at: [ 963.472061][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.477784][T18675] __msan_chain_origin+0x57/0xa0 [ 963.482721][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.487834][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.492796][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.497302][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.501979][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.508048][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.514203][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.519399][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.524249][T18675] do_SYSENTER_32+0x73/0x90 [ 963.528754][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.535060][T18675] [ 963.537378][T18675] Uninit was stored to memory at: [ 963.542404][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.548126][T18675] __msan_chain_origin+0x57/0xa0 [ 963.553066][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.558182][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.563121][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.567629][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.572325][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.578390][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.584544][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.589741][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.594794][T18675] do_SYSENTER_32+0x73/0x90 [ 963.599297][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.605609][T18675] [ 963.607929][T18675] Uninit was stored to memory at: [ 963.612959][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.618684][T18675] __msan_chain_origin+0x57/0xa0 [ 963.623620][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.628729][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.633668][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.638177][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.642855][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.648926][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.655085][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.660294][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.665151][T18675] do_SYSENTER_32+0x73/0x90 [ 963.669655][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.670517][T18650] not chained 570000 origins [ 963.675968][T18675] [ 963.680551][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 963.682848][T18675] Uninit was stored to memory at: [ 963.691494][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 963.696523][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 963.706541][T18650] Call Trace: [ 963.712243][T18675] __msan_chain_origin+0x57/0xa0 [ 963.715506][T18650] dump_stack+0x21c/0x280 [ 963.720414][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 963.724719][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 963.729800][T18675] get_compat_msghdr+0x108/0x2b0 [ 963.735493][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 963.740404][T18675] do_recvmmsg+0xdc7/0x22e0 [ 963.745746][T18650] ? kmsan_get_metadata+0x116/0x180 [ 963.750226][T18675] __sys_recvmmsg+0x340/0x5f0 [ 963.755399][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 963.760047][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.765654][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 963.771689][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.777728][T18650] ? _copy_from_user+0x201/0x310 [ 963.783854][T18675] __do_fast_syscall_32+0x129/0x180 [ 963.788761][T18650] ? kmsan_get_metadata+0x116/0x180 [ 963.793947][T18675] do_fast_syscall_32+0x6a/0xc0 [ 963.799122][T18650] __msan_chain_origin+0x57/0xa0 [ 963.803947][T18675] do_SYSENTER_32+0x73/0x90 [ 963.808859][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.813433][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.818519][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.824804][T18675] [ 963.829731][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.832042][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 963.836525][T18650] ? kmsan_get_metadata+0x116/0x180 [ 963.843173][T18675] do_recvmmsg+0xc2/0x22e0 [ 963.848367][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 963.852753][T18675] do_recvmmsg+0xc2/0x22e0 [ 963.858358][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 963.863401][ C1] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'tsc' as unstable because the skew is too large: [ 963.868144][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 963.880168][ C1] clocksource: 'acpi_pm' wd_now: 2731d8 wd_last: a6c857 mask: ffffff [ 963.884836][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.884856][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 963.884871][T18650] ? kmsan_get_metadata+0x116/0x180 [ 963.884890][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.885033][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.895063][ C1] clocksource: 'tsc' cs_now: 2075c36392d cs_last: 20619ef37b4 mask: ffffffffffffffff [ 963.899684][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.905530][ C1] tsc: Marking TSC unstable due to clocksource watchdog [ 963.910677][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.951133][T18650] do_SYSENTER_32+0x73/0x90 [ 963.951166][ T8481] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. [ 963.955634][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.955646][T18650] RIP: 0023:0xf7fd6549 [ 963.955664][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 963.955673][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 963.955689][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 963.955732][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 963.965255][ T8481] sched_clock: Marking unstable (964008994861, -57859036)<-(963955668110, -4531962) [ 963.971497][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 963.961135][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 963.961135][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Uninit was stored to memory at: [ 963.961135][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 963.961135][T18650] __msan_chain_origin+0x57/0xa0 [ 963.961135][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 963.961135][T18650] get_compat_msghdr+0x108/0x2b0 [ 963.961135][T18650] do_recvmmsg+0xdc7/0x22e0 [ 963.961135][T18650] __sys_recvmmsg+0x340/0x5f0 [ 963.961135][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 963.961135][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 963.961135][T18650] __do_fast_syscall_32+0x129/0x180 [ 963.961135][T18650] do_fast_syscall_32+0x6a/0xc0 [ 963.961135][T18650] do_SYSENTER_32+0x73/0x90 [ 963.961135][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 963.961135][T18650] [ 963.961135][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 963.961135][T18650] do_recvmmsg+0xc2/0x22e0 [ 963.961135][T18650] do_recvmmsg+0xc2/0x22e0 [ 964.876933][T18675] not chained 580000 origins [ 964.881555][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 964.888880][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 964.888880][T18675] Call Trace: [ 964.888880][T18675] dump_stack+0x21c/0x280 [ 964.888880][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 964.888880][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 964.888880][T18675] ? kmsan_get_metadata+0x116/0x180 [ 964.888880][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 964.888880][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 964.888880][T18675] ? _copy_from_user+0x201/0x310 [ 964.888880][T18675] ? kmsan_get_metadata+0x116/0x180 [ 964.888880][T18675] __msan_chain_origin+0x57/0xa0 [ 964.888880][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 964.888880][T18675] get_compat_msghdr+0x108/0x2b0 [ 964.888880][T18675] do_recvmmsg+0xdc7/0x22e0 [ 964.888880][T18675] ? kmsan_get_metadata+0x116/0x180 [ 964.888880][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 964.888880][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 964.888880][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 964.888880][T18675] __sys_recvmmsg+0x340/0x5f0 [ 964.888880][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 964.888880][T18675] ? kmsan_get_metadata+0x116/0x180 [ 964.888880][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 964.888880][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 964.888880][T18675] __do_fast_syscall_32+0x129/0x180 [ 964.888880][T18675] do_fast_syscall_32+0x6a/0xc0 [ 964.888880][T18675] do_SYSENTER_32+0x73/0x90 [ 964.888880][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 964.888880][T18675] RIP: 0023:0xf7f29549 [ 964.888880][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 964.888880][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 964.888880][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 964.888880][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 964.888880][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 964.888880][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 964.888880][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 964.888880][T18675] Uninit was stored to memory at: [ 964.888880][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 964.888880][T18675] __msan_chain_origin+0x57/0xa0 [ 964.888880][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 964.888880][T18675] get_compat_msghdr+0x108/0x2b0 [ 964.888880][T18675] do_recvmmsg+0xdc7/0x22e0 [ 964.888880][T18675] __sys_recvmmsg+0x340/0x5f0 [ 964.888880][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 964.888880][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 964.888880][T18675] __do_fast_syscall_32+0x129/0x180 [ 964.888880][T18675] do_fast_syscall_32+0x6a/0xc0 [ 964.888880][T18675] do_SYSENTER_32+0x73/0x90 [ 964.888880][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 964.888880][T18675] [ 964.888880][T18675] Uninit was stored to memory at: [ 964.888880][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 964.888880][T18675] __msan_chain_origin+0x57/0xa0 [ 964.888880][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 964.888880][T18675] get_compat_msghdr+0x108/0x2b0 [ 964.888880][T18675] do_recvmmsg+0xdc7/0x22e0 [ 964.888880][T18675] __sys_recvmmsg+0x340/0x5f0 [ 964.888880][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 964.888880][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 964.888880][T18675] __do_fast_syscall_32+0x129/0x180 [ 964.888880][T18675] do_fast_syscall_32+0x6a/0xc0 [ 964.888880][T18675] do_SYSENTER_32+0x73/0x90 [ 964.888880][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 965.242734][T18675] [ 965.242734][T18675] Uninit was stored to memory at: [ 965.242734][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 965.242734][T18675] __msan_chain_origin+0x57/0xa0 [ 965.242734][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 965.242734][T18675] get_compat_msghdr+0x108/0x2b0 [ 965.242734][T18675] do_recvmmsg+0xdc7/0x22e0 [ 965.242734][T18675] __sys_recvmmsg+0x340/0x5f0 [ 965.242734][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 965.242734][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 965.242734][T18675] __do_fast_syscall_32+0x129/0x180 [ 965.242734][T18675] do_fast_syscall_32+0x6a/0xc0 [ 965.242734][T18675] do_SYSENTER_32+0x73/0x90 [ 965.242734][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 965.242734][T18675] [ 965.242734][T18675] Uninit was stored to memory at: [ 965.242734][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 965.242734][T18675] __msan_chain_origin+0x57/0xa0 [ 965.242734][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 965.242734][T18675] get_compat_msghdr+0x108/0x2b0 [ 965.242734][T18675] do_recvmmsg+0xdc7/0x22e0 [ 965.242734][T18675] __sys_recvmmsg+0x340/0x5f0 [ 965.242734][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 965.242734][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 965.242734][T18675] __do_fast_syscall_32+0x129/0x180 [ 965.242734][T18675] do_fast_syscall_32+0x6a/0xc0 [ 965.242734][T18675] do_SYSENTER_32+0x73/0x90 [ 965.242734][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 965.242734][T18675] [ 965.242734][T18675] Uninit was stored to memory at: [ 965.242734][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 965.242734][T18675] __msan_chain_origin+0x57/0xa0 [ 965.242734][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 965.242734][T18675] get_compat_msghdr+0x108/0x2b0 [ 965.242734][T18675] do_recvmmsg+0xdc7/0x22e0 [ 965.242734][T18675] __sys_recvmmsg+0x340/0x5f0 [ 965.242734][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 965.242734][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 965.242734][T18675] __do_fast_syscall_32+0x129/0x180 [ 965.242734][T18675] do_fast_syscall_32+0x6a/0xc0 [ 965.242734][T18675] do_SYSENTER_32+0x73/0x90 [ 965.242734][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 965.242734][T18675] [ 965.242734][T18675] Uninit was stored to memory at: [ 965.242734][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 965.242734][T18675] __msan_chain_origin+0x57/0xa0 [ 965.242734][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 965.242734][T18675] get_compat_msghdr+0x108/0x2b0 [ 965.242734][T18675] do_recvmmsg+0xdc7/0x22e0 [ 965.242734][T18675] __sys_recvmmsg+0x340/0x5f0 [ 965.242734][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 965.242734][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 965.242734][T18675] __do_fast_syscall_32+0x129/0x180 [ 965.242734][T18675] do_fast_syscall_32+0x6a/0xc0 [ 965.242734][T18675] do_SYSENTER_32+0x73/0x90 [ 965.242734][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 965.242734][T18675] [ 965.242734][T18675] Uninit was stored to memory at: [ 965.242734][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 965.242734][T18675] __msan_chain_origin+0x57/0xa0 [ 965.242734][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 965.242734][T18675] get_compat_msghdr+0x108/0x2b0 [ 965.242734][T18675] do_recvmmsg+0xdc7/0x22e0 [ 965.242734][T18675] __sys_recvmmsg+0x340/0x5f0 [ 965.242734][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 965.242734][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 965.242734][T18675] __do_fast_syscall_32+0x129/0x180 [ 965.242734][T18675] do_fast_syscall_32+0x6a/0xc0 [ 965.242734][T18675] do_SYSENTER_32+0x73/0x90 [ 965.242734][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 965.242734][T18675] [ 965.242734][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 965.242734][T18675] do_recvmmsg+0xc2/0x22e0 [ 965.242734][T18675] do_recvmmsg+0xc2/0x22e0 [ 965.709503][T18718] clocksource: Switched to clocksource acpi_pm [ 965.882401][T18675] not chained 590000 origins [ 965.887009][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 965.892196][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 965.892196][T18675] Call Trace: [ 965.892196][T18675] dump_stack+0x21c/0x280 [ 965.892196][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 965.892196][T18675] ? kmsan_get_metadata+0x116/0x180 [ 965.892196][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 965.892196][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 965.892196][T18675] ? _copy_from_user+0x201/0x310 [ 965.892196][T18675] ? kmsan_get_metadata+0x116/0x180 [ 965.892196][T18675] __msan_chain_origin+0x57/0xa0 [ 965.892196][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 965.952395][T18675] get_compat_msghdr+0x108/0x2b0 [ 965.952395][T18675] do_recvmmsg+0xdc7/0x22e0 [ 965.952395][T18675] ? kmsan_get_metadata+0x116/0x180 [ 965.952395][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 965.952395][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 965.952395][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 965.952395][T18675] __sys_recvmmsg+0x340/0x5f0 [ 965.952395][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 965.952395][T18675] ? kmsan_get_metadata+0x116/0x180 [ 965.952395][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 965.952395][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 965.952395][T18675] __do_fast_syscall_32+0x129/0x180 [ 965.952395][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.022569][T18675] do_SYSENTER_32+0x73/0x90 [ 966.022569][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.022569][T18675] RIP: 0023:0xf7f29549 [ 966.022569][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 966.022569][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 966.022569][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 966.022569][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 966.022569][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 966.022569][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 966.022569][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 966.022569][T18675] Uninit was stored to memory at: [ 966.022569][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.022569][T18675] __msan_chain_origin+0x57/0xa0 [ 966.022569][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.022569][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.022569][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.022569][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.022569][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.022569][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.022569][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.022569][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.022569][T18675] do_SYSENTER_32+0x73/0x90 [ 966.022569][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.022569][T18675] [ 966.022569][T18675] Uninit was stored to memory at: [ 966.182326][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.182326][T18675] __msan_chain_origin+0x57/0xa0 [ 966.182326][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.182326][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.182326][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.182326][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.182326][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.182326][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.182326][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.182326][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.182326][T18675] do_SYSENTER_32+0x73/0x90 [ 966.182326][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.182326][T18675] [ 966.182326][T18675] Uninit was stored to memory at: [ 966.182326][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.182326][T18675] __msan_chain_origin+0x57/0xa0 [ 966.182326][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.182326][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.182326][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.182326][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.182326][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.182326][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.182326][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.182326][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.182326][T18675] do_SYSENTER_32+0x73/0x90 [ 966.182326][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.182326][T18675] [ 966.182326][T18675] Uninit was stored to memory at: [ 966.182326][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.182326][T18675] __msan_chain_origin+0x57/0xa0 [ 966.182326][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.182326][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.182326][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.182326][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.182326][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.182326][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.182326][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.182326][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.182326][T18675] do_SYSENTER_32+0x73/0x90 [ 966.182326][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.182326][T18675] [ 966.182326][T18675] Uninit was stored to memory at: [ 966.182326][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.182326][T18675] __msan_chain_origin+0x57/0xa0 [ 966.182326][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.182326][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.182326][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.182326][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.182326][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.182326][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.182326][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.182326][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.182326][T18675] do_SYSENTER_32+0x73/0x90 [ 966.182326][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.182326][T18675] [ 966.182326][T18675] Uninit was stored to memory at: [ 966.182326][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.182326][T18675] __msan_chain_origin+0x57/0xa0 [ 966.182326][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.182326][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.182326][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.182326][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.182326][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.182326][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.182326][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.182326][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.182326][T18675] do_SYSENTER_32+0x73/0x90 [ 966.182326][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.182326][T18675] [ 966.182326][T18675] Uninit was stored to memory at: [ 966.182326][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.182326][T18675] __msan_chain_origin+0x57/0xa0 [ 966.182326][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.182326][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.182326][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.182326][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.182326][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.182326][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.182326][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.182326][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.182326][T18675] do_SYSENTER_32+0x73/0x90 [ 966.182326][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.182326][T18675] [ 966.182326][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 966.182326][T18675] do_recvmmsg+0xc2/0x22e0 [ 966.182326][T18675] do_recvmmsg+0xc2/0x22e0 [ 966.760854][T18650] not chained 600000 origins [ 966.765162][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 966.772396][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 966.772396][T18650] Call Trace: [ 966.772396][T18650] dump_stack+0x21c/0x280 [ 966.772396][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 966.772396][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 966.772396][T18650] ? kmsan_get_metadata+0x116/0x180 [ 966.772396][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 966.772396][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 966.772396][T18650] ? _copy_from_user+0x201/0x310 [ 966.772396][T18650] ? kmsan_get_metadata+0x116/0x180 [ 966.772396][T18650] __msan_chain_origin+0x57/0xa0 [ 966.832352][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.832352][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.832352][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.832352][T18650] ? kmsan_get_metadata+0x116/0x180 [ 966.832352][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 966.832352][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 966.832352][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 966.832352][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.832352][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 966.832352][T18650] ? kmsan_get_metadata+0x116/0x180 [ 966.832352][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.832352][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.832352][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.832352][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.832352][T18650] do_SYSENTER_32+0x73/0x90 [ 966.832352][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.832352][T18650] RIP: 0023:0xf7fd6549 [ 966.832352][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 966.942401][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 966.950726][T18675] not chained 610000 origins [ 966.942401][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 966.942401][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 966.942401][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 966.942401][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 966.942401][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 966.952202][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] Call Trace: [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] dump_stack+0x21c/0x280 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] ? _copy_from_user+0x201/0x310 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] __msan_chain_origin+0x57/0xa0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.942401][T18650] [ 966.952202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] do_SYSENTER_32+0x73/0x90 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.942401][T18650] [ 966.952202][T18675] RIP: 0023:0xf7f29549 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] Uninit was stored to memory at: [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] __msan_chain_origin+0x57/0xa0 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.942401][T18650] [ 966.952202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] do_SYSENTER_32+0x73/0x90 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] Uninit was stored to memory at: [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] __msan_chain_origin+0x57/0xa0 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.942401][T18650] [ 966.952202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] do_SYSENTER_32+0x73/0x90 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] Uninit was stored to memory at: [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] __msan_chain_origin+0x57/0xa0 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.942401][T18650] [ 966.952202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] do_SYSENTER_32+0x73/0x90 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] Uninit was stored to memory at: [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] __msan_chain_origin+0x57/0xa0 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.942401][T18650] [ 966.952202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.942401][T18650] Uninit was stored to memory at: [ 966.952202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.942401][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 966.952202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.942401][T18650] __msan_chain_origin+0x57/0xa0 [ 966.952202][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.942401][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 966.952202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.942401][T18650] get_compat_msghdr+0x108/0x2b0 [ 966.952202][T18675] do_SYSENTER_32+0x73/0x90 [ 966.942401][T18650] do_recvmmsg+0xdc7/0x22e0 [ 966.952202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.942401][T18650] __sys_recvmmsg+0x340/0x5f0 [ 966.952202][T18675] [ 966.942401][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.952202][T18675] Uninit was stored to memory at: [ 966.942401][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.952202][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 966.942401][T18650] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] __msan_chain_origin+0x57/0xa0 [ 966.942401][T18650] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 966.942401][T18650] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] get_compat_msghdr+0x108/0x2b0 [ 966.942401][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 966.952202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 966.942401][T18650] [ 966.952202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 966.942401][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 966.952202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 966.942401][T18650] do_recvmmsg+0xc2/0x22e0 [ 966.952202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 966.942401][T18650] do_recvmmsg+0xc2/0x22e0 [ 966.952202][T18675] __do_fast_syscall_32+0x129/0x180 [ 966.952202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 966.952202][T18675] do_SYSENTER_32+0x73/0x90 [ 966.952202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.069692][T18675] [ 968.069692][T18675] Uninit was stored to memory at: [ 968.069692][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 968.069692][T18675] __msan_chain_origin+0x57/0xa0 [ 968.069692][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 968.069692][T18675] get_compat_msghdr+0x108/0x2b0 [ 968.069692][T18675] do_recvmmsg+0xdc7/0x22e0 [ 968.069692][T18675] __sys_recvmmsg+0x340/0x5f0 [ 968.069692][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.069692][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.069692][T18675] __do_fast_syscall_32+0x129/0x180 [ 968.069692][T18675] do_fast_syscall_32+0x6a/0xc0 [ 968.069692][T18675] do_SYSENTER_32+0x73/0x90 [ 968.069692][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.069692][T18675] [ 968.069692][T18675] Uninit was stored to memory at: [ 968.069692][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 968.069692][T18675] __msan_chain_origin+0x57/0xa0 [ 968.069692][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 968.069692][T18675] get_compat_msghdr+0x108/0x2b0 [ 968.069692][T18675] do_recvmmsg+0xdc7/0x22e0 [ 968.069692][T18675] __sys_recvmmsg+0x340/0x5f0 [ 968.069692][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.069692][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.069692][T18675] __do_fast_syscall_32+0x129/0x180 [ 968.069692][T18675] do_fast_syscall_32+0x6a/0xc0 [ 968.202386][T18650] not chained 620000 origins [ 968.069692][T18675] do_SYSENTER_32+0x73/0x90 [ 968.209165][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 968.069692][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.212184][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.069692][T18675] [ 968.212184][T18650] Call Trace: [ 968.069692][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 968.212184][T18650] dump_stack+0x21c/0x280 [ 968.069692][T18675] do_recvmmsg+0xc2/0x22e0 [ 968.212184][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 968.069692][T18675] do_recvmmsg+0xc2/0x22e0 [ 968.212184][T18650] ? __irq_exit_rcu+0x7a/0x270 [ 968.270361][T18650] ? irqentry_exit+0x12/0x50 [ 968.270361][T18650] ? kmsan_get_metadata+0x116/0x180 [ 968.270361][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 968.270361][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 968.270361][T18650] ? _copy_from_user+0x201/0x310 [ 968.270361][T18650] ? kmsan_get_metadata+0x116/0x180 [ 968.270361][T18650] __msan_chain_origin+0x57/0xa0 [ 968.270361][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.270361][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.270361][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.270361][T18650] ? kmsan_get_metadata+0x116/0x180 [ 968.270361][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 968.270361][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 968.270361][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 968.270361][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.270361][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 968.270361][T18650] ? kmsan_get_metadata+0x116/0x180 [ 968.359026][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.363963][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.363963][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.363963][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.382777][T18650] do_SYSENTER_32+0x73/0x90 [ 968.382777][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.382777][T18650] RIP: 0023:0xf7fd6549 [ 968.382777][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 968.382777][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 968.382777][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 968.382777][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 968.382777][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 968.382777][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 968.382777][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 968.382777][T18650] Uninit was stored to memory at: [ 968.382777][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.382777][T18650] __msan_chain_origin+0x57/0xa0 [ 968.382777][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.382777][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.382777][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.382777][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.382777][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.382777][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.382777][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.382777][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.382777][T18650] do_SYSENTER_32+0x73/0x90 [ 968.382777][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.382777][T18650] [ 968.382777][T18650] Uninit was stored to memory at: [ 968.382777][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.382777][T18650] __msan_chain_origin+0x57/0xa0 [ 968.382777][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.382777][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.382777][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.382777][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.382777][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.382777][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.382777][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.382777][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.382777][T18650] do_SYSENTER_32+0x73/0x90 [ 968.382777][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.382777][T18650] [ 968.382777][T18650] Uninit was stored to memory at: [ 968.382777][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.382777][T18650] __msan_chain_origin+0x57/0xa0 [ 968.382777][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.382777][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.382777][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.382777][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.382777][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.382777][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.382777][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.382777][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.382777][T18650] do_SYSENTER_32+0x73/0x90 [ 968.382777][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.382777][T18650] [ 968.382777][T18650] Uninit was stored to memory at: [ 968.682505][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.682505][T18650] __msan_chain_origin+0x57/0xa0 [ 968.682505][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.682505][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.682505][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.682505][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.682505][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.682505][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.682505][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.682505][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.682505][T18650] do_SYSENTER_32+0x73/0x90 [ 968.682505][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.682505][T18650] [ 968.682505][T18650] Uninit was stored to memory at: [ 968.682505][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.682505][T18650] __msan_chain_origin+0x57/0xa0 [ 968.682505][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.682505][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.682505][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.682505][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.682505][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.682505][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.682505][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.682505][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.682505][T18650] do_SYSENTER_32+0x73/0x90 [ 968.682505][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.682505][T18650] [ 968.682505][T18650] Uninit was stored to memory at: [ 968.822471][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.822471][T18650] __msan_chain_origin+0x57/0xa0 [ 968.822471][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.822471][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.822471][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.822471][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.822471][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.822471][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.822471][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.822471][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.822471][T18650] do_SYSENTER_32+0x73/0x90 [ 968.822471][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.822471][T18650] [ 968.822471][T18650] Uninit was stored to memory at: [ 968.822471][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 968.822471][T18650] __msan_chain_origin+0x57/0xa0 [ 968.902450][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 968.902450][T18650] get_compat_msghdr+0x108/0x2b0 [ 968.902450][T18650] do_recvmmsg+0xdc7/0x22e0 [ 968.902450][T18650] __sys_recvmmsg+0x340/0x5f0 [ 968.902450][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 968.902450][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 968.902450][T18650] __do_fast_syscall_32+0x129/0x180 [ 968.902450][T18650] do_fast_syscall_32+0x6a/0xc0 [ 968.902450][T18650] do_SYSENTER_32+0x73/0x90 [ 968.902450][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 968.902450][T18650] [ 968.902450][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 968.902450][T18650] do_recvmmsg+0xc2/0x22e0 [ 968.902450][T18650] do_recvmmsg+0xc2/0x22e0 [ 969.216652][T18650] not chained 630000 origins [ 969.221264][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 969.222197][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 969.222197][T18650] Call Trace: [ 969.222197][T18650] dump_stack+0x21c/0x280 [ 969.222197][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 969.252311][T18650] ? kmsan_get_metadata+0x116/0x180 [ 969.252311][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 969.252311][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 969.252311][T18650] ? _copy_from_user+0x201/0x310 [ 969.252311][T18650] ? kmsan_get_metadata+0x116/0x180 [ 969.252311][T18650] __msan_chain_origin+0x57/0xa0 [ 969.252311][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.252311][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.252311][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.252311][T18650] ? kmsan_get_metadata+0x116/0x180 [ 969.252311][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 969.252311][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 969.252311][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 969.252311][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.252311][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 969.252311][T18650] ? kmsan_get_metadata+0x116/0x180 [ 969.252311][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.252311][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.252311][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.252311][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.252311][T18650] do_SYSENTER_32+0x73/0x90 [ 969.252311][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.252311][T18650] RIP: 0023:0xf7fd6549 [ 969.252311][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 969.252311][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 969.396502][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 969.396502][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 969.396502][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 969.396502][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 969.396502][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Uninit was stored to memory at: [ 969.396502][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 969.396502][T18650] __msan_chain_origin+0x57/0xa0 [ 969.396502][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 969.396502][T18650] get_compat_msghdr+0x108/0x2b0 [ 969.396502][T18650] do_recvmmsg+0xdc7/0x22e0 [ 969.396502][T18650] __sys_recvmmsg+0x340/0x5f0 [ 969.396502][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 969.396502][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 969.396502][T18650] __do_fast_syscall_32+0x129/0x180 [ 969.396502][T18650] do_fast_syscall_32+0x6a/0xc0 [ 969.396502][T18650] do_SYSENTER_32+0x73/0x90 [ 969.396502][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 969.396502][T18650] [ 969.396502][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 969.396502][T18650] do_recvmmsg+0xc2/0x22e0 [ 969.396502][T18650] do_recvmmsg+0xc2/0x22e0 [ 970.099416][T18650] not chained 640000 origins [ 970.102197][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 970.110807][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 970.110807][T18650] Call Trace: [ 970.110807][T18650] dump_stack+0x21c/0x280 [ 970.110807][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 970.110807][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 970.110807][T18650] ? kmsan_get_metadata+0x116/0x180 [ 970.110807][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 970.110807][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 970.110807][T18650] ? _copy_from_user+0x201/0x310 [ 970.162341][T18650] ? kmsan_get_metadata+0x116/0x180 [ 970.162341][T18650] __msan_chain_origin+0x57/0xa0 [ 970.162341][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.162341][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.162341][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.162341][T18650] ? kmsan_get_metadata+0x116/0x180 [ 970.162341][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 970.162341][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 970.162341][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 970.162341][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.162341][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 970.162341][T18650] ? kmsan_get_metadata+0x116/0x180 [ 970.162341][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.162341][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.233173][T18675] not chained 650000 origins [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.232373][T18650] RIP: 0023:0xf7fd6549 [ 970.232373][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 970.232373][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 970.232373][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 970.232373][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 970.232373][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 970.232373][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 970.232373][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 970.242206][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] Call Trace: [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] dump_stack+0x21c/0x280 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] ? _copy_from_user+0x201/0x310 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] __msan_chain_origin+0x57/0xa0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] [ 970.242206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.242206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] do_SYSENTER_32+0x73/0x90 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.232373][T18650] [ 970.242206][T18675] RIP: 0023:0xf7f29549 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.242206][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] Uninit was stored to memory at: [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] __msan_chain_origin+0x57/0xa0 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 970.232373][T18650] [ 970.242206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.242206][T18675] do_SYSENTER_32+0x73/0x90 [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] Uninit was stored to memory at: [ 970.242206][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] __msan_chain_origin+0x57/0xa0 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.232373][T18650] [ 970.242206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] do_SYSENTER_32+0x73/0x90 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.242206][T18675] [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] Uninit was stored to memory at: [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] __msan_chain_origin+0x57/0xa0 [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.232373][T18650] [ 970.242206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] do_SYSENTER_32+0x73/0x90 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.242206][T18675] [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] Uninit was stored to memory at: [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] __msan_chain_origin+0x57/0xa0 [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.232373][T18650] [ 970.242206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.232373][T18650] Uninit was stored to memory at: [ 970.242206][T18675] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 970.242206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] __msan_chain_origin+0x57/0xa0 [ 970.242206][T18675] do_SYSENTER_32+0x73/0x90 [ 970.232373][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 970.242206][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.232373][T18650] get_compat_msghdr+0x108/0x2b0 [ 970.242206][T18675] [ 970.232373][T18650] do_recvmmsg+0xdc7/0x22e0 [ 970.242206][T18675] Uninit was stored to memory at: [ 970.232373][T18650] __sys_recvmmsg+0x340/0x5f0 [ 970.242206][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 970.232373][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.242206][T18675] __msan_chain_origin+0x57/0xa0 [ 970.232373][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.242206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 970.232373][T18650] __do_fast_syscall_32+0x129/0x180 [ 970.242206][T18675] get_compat_msghdr+0x108/0x2b0 [ 970.232373][T18650] do_fast_syscall_32+0x6a/0xc0 [ 970.242206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 970.232373][T18650] do_SYSENTER_32+0x73/0x90 [ 970.242206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 970.232373][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 970.242206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 970.232373][T18650] [ 970.242206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 970.232373][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 970.242206][T18675] __do_fast_syscall_32+0x129/0x180 [ 970.232373][T18650] do_recvmmsg+0xc2/0x22e0 [ 970.242206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 970.232373][T18650] do_recvmmsg+0xc2/0x22e0 [ 970.242206][T18675] do_SYSENTER_32+0x73/0x90 [ 971.378498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.378498][T18675] [ 971.407804][T18675] Uninit was stored to memory at: [ 971.407804][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 971.407804][T18675] __msan_chain_origin+0x57/0xa0 [ 971.422291][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 971.422291][T18675] get_compat_msghdr+0x108/0x2b0 [ 971.422291][T18675] do_recvmmsg+0xdc7/0x22e0 [ 971.422291][T18675] __sys_recvmmsg+0x340/0x5f0 [ 971.422291][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.422291][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.422291][T18675] __do_fast_syscall_32+0x129/0x180 [ 971.422291][T18675] do_fast_syscall_32+0x6a/0xc0 [ 971.422291][T18675] do_SYSENTER_32+0x73/0x90 [ 971.422291][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.422291][T18675] [ 971.422291][T18675] Uninit was stored to memory at: [ 971.422291][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 971.422291][T18675] __msan_chain_origin+0x57/0xa0 [ 971.422291][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 971.422291][T18675] get_compat_msghdr+0x108/0x2b0 [ 971.422291][T18675] do_recvmmsg+0xdc7/0x22e0 [ 971.422291][T18675] __sys_recvmmsg+0x340/0x5f0 [ 971.422291][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.422291][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.422291][T18675] __do_fast_syscall_32+0x129/0x180 [ 971.422291][T18675] do_fast_syscall_32+0x6a/0xc0 [ 971.422291][T18675] do_SYSENTER_32+0x73/0x90 [ 971.422291][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.422291][T18675] [ 971.549562][T18650] not chained 660000 origins [ 971.422291][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 971.552181][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 971.422291][T18675] do_recvmmsg+0xc2/0x22e0 [ 971.552181][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 971.422291][T18675] do_recvmmsg+0xc2/0x22e0 [ 971.552181][T18650] Call Trace: [ 971.552181][T18650] dump_stack+0x21c/0x280 [ 971.596262][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 971.596262][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 971.596262][T18650] ? kmsan_get_metadata+0x116/0x180 [ 971.596262][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 971.596262][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 971.596262][T18650] ? _copy_from_user+0x201/0x310 [ 971.626456][T18650] ? kmsan_get_metadata+0x116/0x180 [ 971.626456][T18650] __msan_chain_origin+0x57/0xa0 [ 971.626456][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 971.626456][T18650] get_compat_msghdr+0x108/0x2b0 [ 971.626456][T18650] do_recvmmsg+0xdc7/0x22e0 [ 971.653513][T18650] ? kmsan_get_metadata+0x116/0x180 [ 971.653513][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 971.653513][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 971.653513][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 971.653513][T18650] __sys_recvmmsg+0x340/0x5f0 [ 971.653513][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 971.653513][T18650] ? kmsan_get_metadata+0x116/0x180 [ 971.653513][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.653513][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.653513][T18650] __do_fast_syscall_32+0x129/0x180 [ 971.653513][T18650] do_fast_syscall_32+0x6a/0xc0 [ 971.653513][T18650] do_SYSENTER_32+0x73/0x90 [ 971.653513][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.653513][T18650] RIP: 0023:0xf7fd6549 [ 971.653513][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 971.653513][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 971.653513][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 971.653513][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 971.653513][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 971.653513][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 971.653513][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 971.653513][T18650] Uninit was stored to memory at: [ 971.653513][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 971.653513][T18650] __msan_chain_origin+0x57/0xa0 [ 971.653513][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 971.653513][T18650] get_compat_msghdr+0x108/0x2b0 [ 971.653513][T18650] do_recvmmsg+0xdc7/0x22e0 [ 971.653513][T18650] __sys_recvmmsg+0x340/0x5f0 [ 971.653513][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.653513][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.653513][T18650] __do_fast_syscall_32+0x129/0x180 [ 971.653513][T18650] do_fast_syscall_32+0x6a/0xc0 [ 971.653513][T18650] do_SYSENTER_32+0x73/0x90 [ 971.653513][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.653513][T18650] [ 971.653513][T18650] Uninit was stored to memory at: [ 971.653513][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 971.653513][T18650] __msan_chain_origin+0x57/0xa0 [ 971.653513][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 971.653513][T18650] get_compat_msghdr+0x108/0x2b0 [ 971.653513][T18650] do_recvmmsg+0xdc7/0x22e0 [ 971.653513][T18650] __sys_recvmmsg+0x340/0x5f0 [ 971.653513][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.653513][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.653513][T18650] __do_fast_syscall_32+0x129/0x180 [ 971.653513][T18650] do_fast_syscall_32+0x6a/0xc0 [ 971.653513][T18650] do_SYSENTER_32+0x73/0x90 [ 971.653513][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.653513][T18650] [ 971.653513][T18650] Uninit was stored to memory at: [ 971.653513][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 971.653513][T18650] __msan_chain_origin+0x57/0xa0 [ 971.653513][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 971.653513][T18650] get_compat_msghdr+0x108/0x2b0 [ 971.653513][T18650] do_recvmmsg+0xdc7/0x22e0 [ 971.653513][T18650] __sys_recvmmsg+0x340/0x5f0 [ 971.653513][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.653513][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.653513][T18650] __do_fast_syscall_32+0x129/0x180 [ 971.653513][T18650] do_fast_syscall_32+0x6a/0xc0 [ 971.653513][T18650] do_SYSENTER_32+0x73/0x90 [ 971.653513][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.653513][T18650] [ 971.653513][T18650] Uninit was stored to memory at: [ 971.653513][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 971.653513][T18650] __msan_chain_origin+0x57/0xa0 [ 971.653513][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 971.653513][T18650] get_compat_msghdr+0x108/0x2b0 [ 971.653513][T18650] do_recvmmsg+0xdc7/0x22e0 [ 971.653513][T18650] __sys_recvmmsg+0x340/0x5f0 [ 971.653513][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 971.653513][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 971.653513][T18650] __do_fast_syscall_32+0x129/0x180 [ 971.653513][T18650] do_fast_syscall_32+0x6a/0xc0 [ 971.653513][T18650] do_SYSENTER_32+0x73/0x90 [ 971.653513][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 971.653513][T18650] [ 971.653513][T18650] Uninit was stored to memory at: [ 971.653513][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 971.653513][T18650] __msan_chain_origin+0x57/0xa0 [ 971.653513][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 971.653513][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.102557][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.102557][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.102557][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.102557][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.102557][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.102557][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.102557][T18650] do_SYSENTER_32+0x73/0x90 [ 972.102557][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.102557][T18650] [ 972.102557][T18650] Uninit was stored to memory at: [ 972.102557][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.102557][T18650] __msan_chain_origin+0x57/0xa0 [ 972.102557][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.102557][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.102557][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.102557][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.102557][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.102557][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.102557][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.102557][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.102557][T18650] do_SYSENTER_32+0x73/0x90 [ 972.102557][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.102557][T18650] [ 972.102557][T18650] Uninit was stored to memory at: [ 972.102557][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.102557][T18650] __msan_chain_origin+0x57/0xa0 [ 972.102557][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.102557][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.102557][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.102557][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.102557][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.102557][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.102557][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.102557][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.102557][T18650] do_SYSENTER_32+0x73/0x90 [ 972.102557][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.102557][T18650] [ 972.102557][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 972.292458][T18650] do_recvmmsg+0xc2/0x22e0 [ 972.292458][T18650] do_recvmmsg+0xc2/0x22e0 [ 972.513194][T18650] not chained 670000 origins [ 972.517805][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 972.522197][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 972.532349][T18650] Call Trace: [ 972.532349][T18650] dump_stack+0x21c/0x280 [ 972.532349][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 972.532349][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 972.532349][T18650] ? kmsan_get_metadata+0x116/0x180 [ 972.532349][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 972.532349][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 972.532349][T18650] ? _copy_from_user+0x201/0x310 [ 972.532349][T18650] ? kmsan_get_metadata+0x116/0x180 [ 972.532349][T18650] __msan_chain_origin+0x57/0xa0 [ 972.532349][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.532349][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.532349][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.532349][T18650] ? kmsan_get_metadata+0x116/0x180 [ 972.532349][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 972.532349][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 972.532349][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 972.532349][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.532349][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 972.532349][T18650] ? kmsan_get_metadata+0x116/0x180 [ 972.532349][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.532349][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.532349][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.532349][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.532349][T18650] do_SYSENTER_32+0x73/0x90 [ 972.532349][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.532349][T18650] RIP: 0023:0xf7fd6549 [ 972.532349][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 972.532349][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 972.532349][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 972.532349][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 972.532349][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 972.532349][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 972.532349][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 972.532349][T18650] Uninit was stored to memory at: [ 972.532349][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.532349][T18650] __msan_chain_origin+0x57/0xa0 [ 972.532349][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.532349][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.532349][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.532349][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.532349][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.532349][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.532349][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.532349][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.532349][T18650] do_SYSENTER_32+0x73/0x90 [ 972.532349][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.532349][T18650] [ 972.532349][T18650] Uninit was stored to memory at: [ 972.532349][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.532349][T18650] __msan_chain_origin+0x57/0xa0 [ 972.532349][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.532349][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.532349][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.532349][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.532349][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.532349][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.532349][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.532349][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.532349][T18650] do_SYSENTER_32+0x73/0x90 [ 972.532349][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.532349][T18650] [ 972.532349][T18650] Uninit was stored to memory at: [ 972.532349][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.532349][T18650] __msan_chain_origin+0x57/0xa0 [ 972.532349][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.902570][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.902570][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.902570][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.902570][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.902570][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.902570][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.902570][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.902570][T18650] do_SYSENTER_32+0x73/0x90 [ 972.902570][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.902570][T18650] [ 972.902570][T18650] Uninit was stored to memory at: [ 972.902570][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.902570][T18650] __msan_chain_origin+0x57/0xa0 [ 972.902570][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.902570][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.902570][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.902570][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.902570][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.902570][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.902570][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.902570][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.902570][T18650] do_SYSENTER_32+0x73/0x90 [ 972.902570][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.902570][T18650] [ 972.902570][T18650] Uninit was stored to memory at: [ 972.902570][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.902570][T18650] __msan_chain_origin+0x57/0xa0 [ 972.902570][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.902570][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.902570][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.902570][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.902570][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.902570][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.902570][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.902570][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.902570][T18650] do_SYSENTER_32+0x73/0x90 [ 972.902570][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.902570][T18650] [ 972.902570][T18650] Uninit was stored to memory at: [ 972.902570][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.902570][T18650] __msan_chain_origin+0x57/0xa0 [ 972.902570][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.902570][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.902570][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.902570][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.902570][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.902570][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.902570][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.902570][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.902570][T18650] do_SYSENTER_32+0x73/0x90 [ 972.902570][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.902570][T18650] [ 972.902570][T18650] Uninit was stored to memory at: [ 972.902570][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 972.902570][T18650] __msan_chain_origin+0x57/0xa0 [ 972.902570][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 972.902570][T18650] get_compat_msghdr+0x108/0x2b0 [ 972.902570][T18650] do_recvmmsg+0xdc7/0x22e0 [ 972.902570][T18650] __sys_recvmmsg+0x340/0x5f0 [ 972.902570][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 972.902570][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 972.902570][T18650] __do_fast_syscall_32+0x129/0x180 [ 972.902570][T18650] do_fast_syscall_32+0x6a/0xc0 [ 972.902570][T18650] do_SYSENTER_32+0x73/0x90 [ 972.902570][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 972.902570][T18650] [ 972.902570][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 972.902570][T18650] do_recvmmsg+0xc2/0x22e0 [ 972.902570][T18650] do_recvmmsg+0xc2/0x22e0 [ 973.434276][T18650] not chained 680000 origins [ 973.438882][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 973.442199][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 973.442199][T18650] Call Trace: [ 973.442199][T18650] dump_stack+0x21c/0x280 [ 973.442199][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 973.442199][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 973.442199][T18650] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 973.442199][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 973.442199][T18650] ? _copy_from_user+0x201/0x310 [ 973.442199][T18650] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 973.442199][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 973.442199][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 973.442199][T18650] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.587787][T18675] not chained 690000 origins [ 973.442199][T18650] RIP: 0023:0xf7fd6549 [ 973.442199][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 973.442199][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 973.442199][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 973.442199][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 973.442199][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 973.442199][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 973.442199][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 973.592205][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] Call Trace: [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] dump_stack+0x21c/0x280 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] ? _copy_from_user+0x201/0x310 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] [ 973.592205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] __do_fast_syscall_32+0x129/0x180 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] do_SYSENTER_32+0x73/0x90 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.442199][T18650] [ 973.592205][T18675] RIP: 0023:0xf7f29549 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] Uninit was stored to memory at: [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] [ 973.592205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] __do_fast_syscall_32+0x129/0x180 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] do_SYSENTER_32+0x73/0x90 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] Uninit was stored to memory at: [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] [ 973.592205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] __do_fast_syscall_32+0x129/0x180 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] do_SYSENTER_32+0x73/0x90 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] Uninit was stored to memory at: [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] [ 973.592205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] __do_fast_syscall_32+0x129/0x180 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] do_SYSENTER_32+0x73/0x90 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] Uninit was stored to memory at: [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] [ 973.592205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] Uninit was stored to memory at: [ 973.592205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 973.592205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] __msan_chain_origin+0x57/0xa0 [ 973.592205][T18675] __do_fast_syscall_32+0x129/0x180 [ 973.442199][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 973.592205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 973.442199][T18650] get_compat_msghdr+0x108/0x2b0 [ 973.592205][T18675] do_SYSENTER_32+0x73/0x90 [ 973.442199][T18650] do_recvmmsg+0xdc7/0x22e0 [ 973.592205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.442199][T18650] __sys_recvmmsg+0x340/0x5f0 [ 973.592205][T18675] [ 973.442199][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.592205][T18675] Uninit was stored to memory at: [ 973.442199][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.592205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 973.442199][T18650] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] __msan_chain_origin+0x57/0xa0 [ 973.442199][T18650] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 973.442199][T18650] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] get_compat_msghdr+0x108/0x2b0 [ 973.442199][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 973.592205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 973.442199][T18650] [ 973.592205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 973.442199][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 973.592205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 973.442199][T18650] do_recvmmsg+0xc2/0x22e0 [ 973.592205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 973.442199][T18650] do_recvmmsg+0xc2/0x22e0 [ 973.592205][T18675] __do_fast_syscall_32+0x129/0x180 [ 973.592205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 973.592205][T18675] do_SYSENTER_32+0x73/0x90 [ 973.592205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.744667][T18675] [ 974.744667][T18675] Uninit was stored to memory at: [ 974.744667][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 974.759972][T18675] __msan_chain_origin+0x57/0xa0 [ 974.759972][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 974.759972][T18675] get_compat_msghdr+0x108/0x2b0 [ 974.759972][T18675] do_recvmmsg+0xdc7/0x22e0 [ 974.759972][T18675] __sys_recvmmsg+0x340/0x5f0 [ 974.759972][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.759972][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.759972][T18675] __do_fast_syscall_32+0x129/0x180 [ 974.759972][T18675] do_fast_syscall_32+0x6a/0xc0 [ 974.759972][T18675] do_SYSENTER_32+0x73/0x90 [ 974.759972][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.759972][T18675] [ 974.759972][T18675] Uninit was stored to memory at: [ 974.759972][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 974.759972][T18675] __msan_chain_origin+0x57/0xa0 [ 974.759972][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 974.759972][T18675] get_compat_msghdr+0x108/0x2b0 [ 974.759972][T18675] do_recvmmsg+0xdc7/0x22e0 [ 974.759972][T18675] __sys_recvmmsg+0x340/0x5f0 [ 974.759972][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.759972][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.759972][T18675] __do_fast_syscall_32+0x129/0x180 [ 974.759972][T18675] do_fast_syscall_32+0x6a/0xc0 [ 974.759972][T18675] do_SYSENTER_32+0x73/0x90 [ 974.759972][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.759972][T18675] [ 974.759972][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 974.759972][T18675] do_recvmmsg+0xc2/0x22e0 [ 974.899759][T18650] not chained 700000 origins [ 974.759972][T18675] do_recvmmsg+0xc2/0x22e0 [ 974.902179][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 974.914190][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 974.914190][T18650] Call Trace: [ 974.914190][T18650] dump_stack+0x21c/0x280 [ 974.914190][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 974.914190][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 974.914190][T18650] ? kmsan_get_metadata+0x116/0x180 [ 974.914190][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 974.914190][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 974.914190][T18650] ? _copy_from_user+0x201/0x310 [ 974.914190][T18650] ? kmsan_get_metadata+0x116/0x180 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] ? kmsan_get_metadata+0x116/0x180 [ 974.975295][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 974.975295][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 974.975295][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 974.975295][T18650] ? kmsan_get_metadata+0x116/0x180 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] RIP: 0023:0xf7fd6549 [ 974.975295][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 974.975295][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 974.975295][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 974.975295][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 974.975295][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 974.975295][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 974.975295][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Uninit was stored to memory at: [ 974.975295][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 974.975295][T18650] __msan_chain_origin+0x57/0xa0 [ 974.975295][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 974.975295][T18650] get_compat_msghdr+0x108/0x2b0 [ 974.975295][T18650] do_recvmmsg+0xdc7/0x22e0 [ 974.975295][T18650] __sys_recvmmsg+0x340/0x5f0 [ 974.975295][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 974.975295][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 974.975295][T18650] __do_fast_syscall_32+0x129/0x180 [ 974.975295][T18650] do_fast_syscall_32+0x6a/0xc0 [ 974.975295][T18650] do_SYSENTER_32+0x73/0x90 [ 974.975295][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 974.975295][T18650] [ 974.975295][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 974.975295][T18650] do_recvmmsg+0xc2/0x22e0 [ 974.975295][T18650] do_recvmmsg+0xc2/0x22e0 [ 975.884888][T18650] not chained 710000 origins [ 975.889495][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 975.892197][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 975.892197][T18650] Call Trace: [ 975.892197][T18650] dump_stack+0x21c/0x280 [ 975.912425][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 975.912425][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 975.912425][T18650] ? kmsan_get_metadata+0x116/0x180 [ 975.912425][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 975.912425][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 975.912425][T18650] ? _copy_from_user+0x201/0x310 [ 975.912425][T18650] ? kmsan_get_metadata+0x116/0x180 [ 975.912425][T18650] __msan_chain_origin+0x57/0xa0 [ 975.912425][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 975.912425][T18650] get_compat_msghdr+0x108/0x2b0 [ 975.912425][T18650] do_recvmmsg+0xdc7/0x22e0 [ 975.912425][T18650] ? kmsan_get_metadata+0x116/0x180 [ 975.912425][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 975.912425][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 975.912425][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 975.912425][T18650] __sys_recvmmsg+0x340/0x5f0 [ 975.912425][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 975.912425][T18650] ? kmsan_get_metadata+0x116/0x180 [ 975.912425][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 975.912425][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 975.912425][T18650] __do_fast_syscall_32+0x129/0x180 [ 975.912425][T18650] do_fast_syscall_32+0x6a/0xc0 [ 975.912425][T18650] do_SYSENTER_32+0x73/0x90 [ 975.912425][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 975.912425][T18650] RIP: 0023:0xf7fd6549 [ 975.912425][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 976.049892][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 976.049892][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 976.049892][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 976.049892][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 976.049892][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 976.106643][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 976.106643][T18650] Uninit was stored to memory at: [ 976.106643][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.106643][T18650] __msan_chain_origin+0x57/0xa0 [ 976.106643][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.106643][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.106643][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.106643][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.106643][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.106643][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.106643][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.106643][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.106643][T18650] do_SYSENTER_32+0x73/0x90 [ 976.106643][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.106643][T18650] [ 976.106643][T18650] Uninit was stored to memory at: [ 976.106643][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.106643][T18650] __msan_chain_origin+0x57/0xa0 [ 976.106643][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.106643][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.106643][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.106643][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.106643][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.106643][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.106643][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.106643][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.106643][T18650] do_SYSENTER_32+0x73/0x90 [ 976.106643][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.106643][T18650] [ 976.106643][T18650] Uninit was stored to memory at: [ 976.106643][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.106643][T18650] __msan_chain_origin+0x57/0xa0 [ 976.106643][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.106643][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.106643][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.106643][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.106643][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.106643][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.106643][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.106643][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.106643][T18650] do_SYSENTER_32+0x73/0x90 [ 976.106643][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.106643][T18650] [ 976.106643][T18650] Uninit was stored to memory at: [ 976.106643][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.106643][T18650] __msan_chain_origin+0x57/0xa0 [ 976.106643][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.106643][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.106643][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.106643][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.106643][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.106643][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.106643][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.106643][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.106643][T18650] do_SYSENTER_32+0x73/0x90 [ 976.106643][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.106643][T18650] [ 976.106643][T18650] Uninit was stored to memory at: [ 976.106643][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.106643][T18650] __msan_chain_origin+0x57/0xa0 [ 976.106643][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.106643][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.106643][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.106643][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.106643][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.433418][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.433418][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.433418][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.433418][T18650] do_SYSENTER_32+0x73/0x90 [ 976.433418][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.433418][T18650] [ 976.433418][T18650] Uninit was stored to memory at: [ 976.433418][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.433418][T18650] __msan_chain_origin+0x57/0xa0 [ 976.433418][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.433418][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.433418][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.433418][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.433418][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.433418][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.433418][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.433418][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.433418][T18650] do_SYSENTER_32+0x73/0x90 [ 976.433418][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.433418][T18650] [ 976.433418][T18650] Uninit was stored to memory at: [ 976.433418][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.433418][T18650] __msan_chain_origin+0x57/0xa0 [ 976.433418][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.433418][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.433418][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.433418][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.433418][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.433418][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.582430][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.582430][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.582430][T18650] do_SYSENTER_32+0x73/0x90 [ 976.582430][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.582430][T18650] [ 976.582430][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 976.582430][T18650] do_recvmmsg+0xc2/0x22e0 [ 976.582430][T18650] do_recvmmsg+0xc2/0x22e0 [ 976.777021][T18675] not chained 720000 origins [ 976.781629][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 976.782211][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 976.782211][T18675] Call Trace: [ 976.782211][T18675] dump_stack+0x21c/0x280 [ 976.782211][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 976.782211][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 976.782211][T18675] ? kmsan_get_metadata+0x116/0x180 [ 976.782211][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 976.782211][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 976.782211][T18675] ? _copy_from_user+0x201/0x310 [ 976.782211][T18675] ? kmsan_get_metadata+0x116/0x180 [ 976.782211][T18675] __msan_chain_origin+0x57/0xa0 [ 976.782211][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.782211][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.782211][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.782211][T18675] ? kmsan_get_metadata+0x116/0x180 [ 976.869350][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 976.869350][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 976.869350][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 976.895424][T18650] not chained 730000 origins [ 976.869350][T18675] ? kmsan_get_metadata+0x116/0x180 [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.869350][T18675] RIP: 0023:0xf7f29549 [ 976.869350][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 976.869350][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 976.869350][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 976.869350][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 976.869350][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 976.869350][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 976.869350][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 976.902181][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] Call Trace: [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] dump_stack+0x21c/0x280 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] ? _copy_from_user+0x201/0x310 [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] __msan_chain_origin+0x57/0xa0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.869350][T18675] [ 976.902181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] do_SYSENTER_32+0x73/0x90 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.869350][T18675] [ 976.902181][T18650] RIP: 0023:0xf7fd6549 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] Uninit was stored to memory at: [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] __msan_chain_origin+0x57/0xa0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.869350][T18675] [ 976.902181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] do_SYSENTER_32+0x73/0x90 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] Uninit was stored to memory at: [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] __msan_chain_origin+0x57/0xa0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.869350][T18675] [ 976.902181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] do_SYSENTER_32+0x73/0x90 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] Uninit was stored to memory at: [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] __msan_chain_origin+0x57/0xa0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.869350][T18675] [ 976.902181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] do_SYSENTER_32+0x73/0x90 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] Uninit was stored to memory at: [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] __msan_chain_origin+0x57/0xa0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.869350][T18675] [ 976.902181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.869350][T18675] Uninit was stored to memory at: [ 976.902181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 976.902181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] __msan_chain_origin+0x57/0xa0 [ 976.902181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.869350][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 976.902181][T18650] __do_fast_syscall_32+0x129/0x180 [ 976.869350][T18675] get_compat_msghdr+0x108/0x2b0 [ 976.902181][T18650] do_fast_syscall_32+0x6a/0xc0 [ 976.869350][T18675] do_recvmmsg+0xdc7/0x22e0 [ 976.902181][T18650] do_SYSENTER_32+0x73/0x90 [ 976.869350][T18675] __sys_recvmmsg+0x340/0x5f0 [ 976.902181][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.869350][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.902181][T18650] [ 976.869350][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] Uninit was stored to memory at: [ 976.869350][T18675] __do_fast_syscall_32+0x129/0x180 [ 976.902181][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 976.869350][T18675] do_fast_syscall_32+0x6a/0xc0 [ 976.902181][T18650] __msan_chain_origin+0x57/0xa0 [ 976.869350][T18675] do_SYSENTER_32+0x73/0x90 [ 976.902181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 976.869350][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 976.902181][T18650] get_compat_msghdr+0x108/0x2b0 [ 976.869350][T18675] [ 976.902181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 976.869350][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 976.902181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 976.869350][T18675] do_recvmmsg+0xc2/0x22e0 [ 976.902181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 976.869350][T18675] do_recvmmsg+0xc2/0x22e0 [ 976.902181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 976.902181][T18650] __do_fast_syscall_32+0x129/0x180 [ 978.071881][T18650] do_fast_syscall_32+0x6a/0xc0 [ 978.071881][T18650] do_SYSENTER_32+0x73/0x90 [ 978.071881][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.071881][T18650] [ 978.092714][T18650] Uninit was stored to memory at: [ 978.097973][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 978.102557][T18650] __msan_chain_origin+0x57/0xa0 [ 978.102557][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 978.102557][T18650] get_compat_msghdr+0x108/0x2b0 [ 978.102557][T18650] do_recvmmsg+0xdc7/0x22e0 [ 978.102557][T18650] __sys_recvmmsg+0x340/0x5f0 [ 978.102557][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.102557][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.102557][T18650] __do_fast_syscall_32+0x129/0x180 [ 978.102557][T18650] do_fast_syscall_32+0x6a/0xc0 [ 978.102557][T18650] do_SYSENTER_32+0x73/0x90 [ 978.102557][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.102557][T18650] [ 978.102557][T18650] Uninit was stored to memory at: [ 978.102557][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 978.102557][T18650] __msan_chain_origin+0x57/0xa0 [ 978.102557][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 978.102557][T18650] get_compat_msghdr+0x108/0x2b0 [ 978.102557][T18650] do_recvmmsg+0xdc7/0x22e0 [ 978.102557][T18650] __sys_recvmmsg+0x340/0x5f0 [ 978.102557][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.102557][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.102557][T18650] __do_fast_syscall_32+0x129/0x180 [ 978.102557][T18650] do_fast_syscall_32+0x6a/0xc0 [ 978.102557][T18650] do_SYSENTER_32+0x73/0x90 [ 978.102557][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.102557][T18650] [ 978.102557][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 978.102557][T18650] do_recvmmsg+0xc2/0x22e0 [ 978.102557][T18650] do_recvmmsg+0xc2/0x22e0 [ 978.831242][T18675] not chained 740000 origins [ 978.832210][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 978.832210][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 978.832210][T18675] Call Trace: [ 978.832210][T18675] dump_stack+0x21c/0x280 [ 978.832210][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 978.832210][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 978.832210][T18675] ? kmsan_get_metadata+0x116/0x180 [ 978.832210][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 978.832210][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 978.832210][T18675] ? _copy_from_user+0x201/0x310 [ 978.832210][T18675] ? kmsan_get_metadata+0x116/0x180 [ 978.832210][T18675] __msan_chain_origin+0x57/0xa0 [ 978.832210][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 978.832210][T18675] get_compat_msghdr+0x108/0x2b0 [ 978.832210][T18675] do_recvmmsg+0xdc7/0x22e0 [ 978.917352][T18675] ? kmsan_get_metadata+0x116/0x180 [ 978.917352][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 978.917352][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 978.917352][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 978.917352][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 978.917352][T18675] ? kmsan_get_metadata+0x116/0x180 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.917352][T18675] RIP: 0023:0xf7f29549 [ 978.917352][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 978.917352][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 978.917352][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 978.917352][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 978.917352][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 978.917352][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 978.917352][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 978.917352][T18675] Uninit was stored to memory at: [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.917352][T18675] [ 978.917352][T18675] Uninit was stored to memory at: [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.917352][T18675] [ 978.917352][T18675] Uninit was stored to memory at: [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.917352][T18675] [ 978.917352][T18675] Uninit was stored to memory at: [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.917352][T18675] [ 978.917352][T18675] Uninit was stored to memory at: [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 979.358824][T18650] not chained 750000 origins [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 979.362181][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 979.362181][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 979.362181][T18650] Call Trace: [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 979.362181][T18650] dump_stack+0x21c/0x280 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.362181][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.362181][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 979.362181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 979.362181][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 979.362181][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.362181][T18650] ? _copy_from_user+0x201/0x310 [ 978.917352][T18675] [ 979.362181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 978.917352][T18675] Uninit was stored to memory at: [ 979.362181][T18650] __msan_chain_origin+0x57/0xa0 [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 979.362181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 979.362181][T18650] get_compat_msghdr+0x108/0x2b0 [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 979.362181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 979.362181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 979.362181][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 979.362181][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.362181][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.362181][T18650] __sys_recvmmsg+0x340/0x5f0 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 979.362181][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 979.362181][T18650] ? kmsan_get_metadata+0x116/0x180 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 979.362181][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.362181][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 978.917352][T18675] [ 979.362181][T18650] __do_fast_syscall_32+0x129/0x180 [ 978.917352][T18675] Uninit was stored to memory at: [ 979.362181][T18650] do_fast_syscall_32+0x6a/0xc0 [ 978.917352][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 979.362181][T18650] do_SYSENTER_32+0x73/0x90 [ 978.917352][T18675] __msan_chain_origin+0x57/0xa0 [ 979.362181][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 978.917352][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 979.362181][T18650] RIP: 0023:0xf7fd6549 [ 978.917352][T18675] get_compat_msghdr+0x108/0x2b0 [ 979.362181][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 978.917352][T18675] do_recvmmsg+0xdc7/0x22e0 [ 979.362181][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 978.917352][T18675] __sys_recvmmsg+0x340/0x5f0 [ 979.362181][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 978.917352][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.362181][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 978.917352][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.362181][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 978.917352][T18675] __do_fast_syscall_32+0x129/0x180 [ 979.362181][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 978.917352][T18675] do_fast_syscall_32+0x6a/0xc0 [ 979.362181][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 978.917352][T18675] do_SYSENTER_32+0x73/0x90 [ 979.362181][T18650] Uninit was stored to memory at: [ 978.917352][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.362181][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 978.917352][T18675] [ 979.362181][T18650] __msan_chain_origin+0x57/0xa0 [ 978.917352][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 979.362181][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 978.917352][T18675] do_recvmmsg+0xc2/0x22e0 [ 979.362181][T18650] get_compat_msghdr+0x108/0x2b0 [ 978.917352][T18675] do_recvmmsg+0xc2/0x22e0 [ 979.362181][T18650] do_recvmmsg+0xdc7/0x22e0 [ 979.825022][T18650] __sys_recvmmsg+0x340/0x5f0 [ 979.825022][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.825022][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.825022][T18650] __do_fast_syscall_32+0x129/0x180 [ 979.846653][T18650] do_fast_syscall_32+0x6a/0xc0 [ 979.846653][T18650] do_SYSENTER_32+0x73/0x90 [ 979.858038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.858038][T18650] [ 979.858038][T18650] Uninit was stored to memory at: [ 979.858038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 979.858038][T18650] __msan_chain_origin+0x57/0xa0 [ 979.858038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 979.858038][T18650] get_compat_msghdr+0x108/0x2b0 [ 979.858038][T18650] do_recvmmsg+0xdc7/0x22e0 [ 979.858038][T18650] __sys_recvmmsg+0x340/0x5f0 [ 979.858038][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.858038][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.858038][T18650] __do_fast_syscall_32+0x129/0x180 [ 979.858038][T18650] do_fast_syscall_32+0x6a/0xc0 [ 979.858038][T18650] do_SYSENTER_32+0x73/0x90 [ 979.858038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.858038][T18650] [ 979.858038][T18650] Uninit was stored to memory at: [ 979.858038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 979.858038][T18650] __msan_chain_origin+0x57/0xa0 [ 979.858038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 979.858038][T18650] get_compat_msghdr+0x108/0x2b0 [ 979.858038][T18650] do_recvmmsg+0xdc7/0x22e0 [ 979.858038][T18650] __sys_recvmmsg+0x340/0x5f0 [ 979.858038][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.858038][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.858038][T18650] __do_fast_syscall_32+0x129/0x180 [ 979.858038][T18650] do_fast_syscall_32+0x6a/0xc0 [ 979.858038][T18650] do_SYSENTER_32+0x73/0x90 [ 979.858038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.858038][T18650] [ 979.858038][T18650] Uninit was stored to memory at: [ 979.858038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 979.858038][T18650] __msan_chain_origin+0x57/0xa0 [ 979.858038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 979.858038][T18650] get_compat_msghdr+0x108/0x2b0 [ 979.858038][T18650] do_recvmmsg+0xdc7/0x22e0 [ 979.858038][T18650] __sys_recvmmsg+0x340/0x5f0 [ 979.858038][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 979.858038][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 979.858038][T18650] __do_fast_syscall_32+0x129/0x180 [ 979.858038][T18650] do_fast_syscall_32+0x6a/0xc0 [ 979.858038][T18650] do_SYSENTER_32+0x73/0x90 [ 979.858038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 979.858038][T18650] [ 979.858038][T18650] Uninit was stored to memory at: [ 979.858038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 979.858038][T18650] __msan_chain_origin+0x57/0xa0 [ 979.858038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 979.858038][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.103602][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.103602][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.103602][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.103602][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.103602][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.103602][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.103602][T18650] do_SYSENTER_32+0x73/0x90 [ 980.103602][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.103602][T18650] [ 980.103602][T18650] Uninit was stored to memory at: [ 980.103602][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.103602][T18650] __msan_chain_origin+0x57/0xa0 [ 980.103602][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.103602][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.103602][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.103602][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.103602][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.103602][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.103602][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.103602][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.103602][T18650] do_SYSENTER_32+0x73/0x90 [ 980.103602][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.103602][T18650] [ 980.103602][T18650] Uninit was stored to memory at: [ 980.103602][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.103602][T18650] __msan_chain_origin+0x57/0xa0 [ 980.103602][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.103602][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.103602][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.103602][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.103602][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.103602][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.103602][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.103602][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.103602][T18650] do_SYSENTER_32+0x73/0x90 [ 980.103602][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.103602][T18650] [ 980.103602][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 980.103602][T18650] do_recvmmsg+0xc2/0x22e0 [ 980.103602][T18650] do_recvmmsg+0xc2/0x22e0 [ 980.523863][T18650] not chained 760000 origins [ 980.528473][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 980.532200][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 980.532200][T18650] Call Trace: [ 980.532200][T18650] dump_stack+0x21c/0x280 [ 980.532200][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 980.555562][T18650] ? kmsan_get_metadata+0x116/0x180 [ 980.555562][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 980.555562][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 980.555562][T18650] ? _copy_from_user+0x201/0x310 [ 980.555562][T18650] ? kmsan_get_metadata+0x116/0x180 [ 980.555562][T18650] __msan_chain_origin+0x57/0xa0 [ 980.592366][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.592366][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.592366][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.592366][T18650] ? kmsan_get_metadata+0x116/0x180 [ 980.592366][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 980.592366][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 980.592366][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 980.592366][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.592366][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 980.592366][T18650] ? kmsan_get_metadata+0x116/0x180 [ 980.592366][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.592366][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.592366][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.592366][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.662322][T18650] do_SYSENTER_32+0x73/0x90 [ 980.662322][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.662322][T18650] RIP: 0023:0xf7fd6549 [ 980.662322][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 980.662322][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 980.662322][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 980.662322][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 980.662322][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 980.662322][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 980.662322][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 980.662322][T18650] Uninit was stored to memory at: [ 980.662322][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.662322][T18650] __msan_chain_origin+0x57/0xa0 [ 980.662322][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.662322][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.662322][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.662322][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.662322][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.662322][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.662322][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.662322][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.662322][T18650] do_SYSENTER_32+0x73/0x90 [ 980.662322][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.662322][T18650] [ 980.662322][T18650] Uninit was stored to memory at: [ 980.662322][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.662322][T18650] __msan_chain_origin+0x57/0xa0 [ 980.662322][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.662322][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.662322][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.662322][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.662322][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.662322][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.662322][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.662322][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.662322][T18650] do_SYSENTER_32+0x73/0x90 [ 980.662322][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.662322][T18650] [ 980.662322][T18650] Uninit was stored to memory at: [ 980.662322][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.662322][T18650] __msan_chain_origin+0x57/0xa0 [ 980.662322][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.911294][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.911294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.911294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.911294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.911294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.911294][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.911294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.911294][T18650] do_SYSENTER_32+0x73/0x90 [ 980.911294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.911294][T18650] [ 980.911294][T18650] Uninit was stored to memory at: [ 980.911294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.911294][T18650] __msan_chain_origin+0x57/0xa0 [ 980.911294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.911294][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.911294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.911294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.911294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.911294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.911294][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.911294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.911294][T18650] do_SYSENTER_32+0x73/0x90 [ 980.911294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.911294][T18650] [ 980.911294][T18650] Uninit was stored to memory at: [ 980.911294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.911294][T18650] __msan_chain_origin+0x57/0xa0 [ 980.911294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.911294][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.911294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.911294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.911294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.911294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.911294][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.911294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.911294][T18650] do_SYSENTER_32+0x73/0x90 [ 980.911294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.911294][T18650] [ 980.911294][T18650] Uninit was stored to memory at: [ 980.911294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.911294][T18650] __msan_chain_origin+0x57/0xa0 [ 980.911294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.911294][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.911294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.911294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.911294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.911294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.911294][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.911294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.911294][T18650] do_SYSENTER_32+0x73/0x90 [ 980.911294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.911294][T18650] [ 980.911294][T18650] Uninit was stored to memory at: [ 980.911294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 980.911294][T18650] __msan_chain_origin+0x57/0xa0 [ 980.911294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 980.911294][T18650] get_compat_msghdr+0x108/0x2b0 [ 980.911294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 980.911294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 980.911294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 980.911294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 980.911294][T18650] __do_fast_syscall_32+0x129/0x180 [ 980.911294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 980.911294][T18650] do_SYSENTER_32+0x73/0x90 [ 980.911294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 980.911294][T18650] [ 980.911294][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 980.911294][T18650] do_recvmmsg+0xc2/0x22e0 [ 980.911294][T18650] do_recvmmsg+0xc2/0x22e0 [ 981.571941][T18650] not chained 770000 origins [ 981.572197][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 981.579441][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 981.579441][T18650] Call Trace: [ 981.579441][T18650] dump_stack+0x21c/0x280 [ 981.579441][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 981.579441][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 981.579441][T18650] ? kmsan_get_metadata+0x116/0x180 [ 981.579441][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 981.579441][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 981.579441][T18650] ? _copy_from_user+0x201/0x310 [ 981.579441][T18650] ? kmsan_get_metadata+0x116/0x180 [ 981.579441][T18650] __msan_chain_origin+0x57/0xa0 [ 981.579441][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 981.579441][T18650] get_compat_msghdr+0x108/0x2b0 [ 981.579441][T18650] do_recvmmsg+0xdc7/0x22e0 [ 981.579441][T18650] ? kmsan_get_metadata+0x116/0x180 [ 981.579441][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 981.579441][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 981.579441][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 981.579441][T18650] __sys_recvmmsg+0x340/0x5f0 [ 981.579441][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 981.579441][T18650] ? kmsan_get_metadata+0x116/0x180 [ 981.579441][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 981.703202][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 981.703202][T18650] __do_fast_syscall_32+0x129/0x180 [ 981.703202][T18650] do_fast_syscall_32+0x6a/0xc0 [ 981.703202][T18650] do_SYSENTER_32+0x73/0x90 [ 981.703202][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 981.703202][T18650] RIP: 0023:0xf7fd6549 [ 981.703202][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 981.703202][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 981.703202][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 981.767096][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 981.767096][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 981.767096][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 981.767096][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 981.802311][T18650] Uninit was stored to memory at: [ 981.802311][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 981.802311][T18650] __msan_chain_origin+0x57/0xa0 [ 981.802311][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 981.802311][T18650] get_compat_msghdr+0x108/0x2b0 [ 981.802311][T18650] do_recvmmsg+0xdc7/0x22e0 [ 981.802311][T18650] __sys_recvmmsg+0x340/0x5f0 [ 981.802311][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 981.802311][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 981.802311][T18650] __do_fast_syscall_32+0x129/0x180 [ 981.802311][T18650] do_fast_syscall_32+0x6a/0xc0 [ 981.802311][T18650] do_SYSENTER_32+0x73/0x90 [ 981.802311][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 981.802311][T18650] [ 981.802311][T18650] Uninit was stored to memory at: [ 981.802311][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 981.802311][T18650] __msan_chain_origin+0x57/0xa0 [ 981.802311][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 981.802311][T18650] get_compat_msghdr+0x108/0x2b0 [ 981.802311][T18650] do_recvmmsg+0xdc7/0x22e0 [ 981.802311][T18650] __sys_recvmmsg+0x340/0x5f0 [ 981.802311][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 981.802311][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 981.802311][T18650] __do_fast_syscall_32+0x129/0x180 [ 981.802311][T18650] do_fast_syscall_32+0x6a/0xc0 [ 981.802311][T18650] do_SYSENTER_32+0x73/0x90 [ 981.802311][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 981.802311][T18650] [ 981.802311][T18650] Uninit was stored to memory at: [ 981.802311][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 981.802311][T18650] __msan_chain_origin+0x57/0xa0 [ 981.802311][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 981.802311][T18650] get_compat_msghdr+0x108/0x2b0 [ 981.802311][T18650] do_recvmmsg+0xdc7/0x22e0 [ 981.802311][T18650] __sys_recvmmsg+0x340/0x5f0 [ 981.802311][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 981.802311][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 981.802311][T18650] __do_fast_syscall_32+0x129/0x180 [ 981.802311][T18650] do_fast_syscall_32+0x6a/0xc0 [ 981.802311][T18650] do_SYSENTER_32+0x73/0x90 [ 981.802311][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 981.802311][T18650] [ 981.802311][T18650] Uninit was stored to memory at: [ 981.802311][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 981.802311][T18650] __msan_chain_origin+0x57/0xa0 [ 981.802311][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 981.802311][T18650] get_compat_msghdr+0x108/0x2b0 [ 981.802311][T18650] do_recvmmsg+0xdc7/0x22e0 [ 981.802311][T18650] __sys_recvmmsg+0x340/0x5f0 [ 981.802311][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 981.802311][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 981.802311][T18650] __do_fast_syscall_32+0x129/0x180 [ 981.802311][T18650] do_fast_syscall_32+0x6a/0xc0 [ 981.802311][T18650] do_SYSENTER_32+0x73/0x90 [ 981.802311][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 981.802311][T18650] [ 981.802311][T18650] Uninit was stored to memory at: [ 981.802311][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 981.802311][T18650] __msan_chain_origin+0x57/0xa0 [ 982.102436][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 982.102436][T18650] get_compat_msghdr+0x108/0x2b0 [ 982.102436][T18650] do_recvmmsg+0xdc7/0x22e0 [ 982.102436][T18650] __sys_recvmmsg+0x340/0x5f0 [ 982.102436][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.102436][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.102436][T18650] __do_fast_syscall_32+0x129/0x180 [ 982.102436][T18650] do_fast_syscall_32+0x6a/0xc0 [ 982.102436][T18650] do_SYSENTER_32+0x73/0x90 [ 982.102436][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.102436][T18650] [ 982.102436][T18650] Uninit was stored to memory at: [ 982.102436][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 982.102436][T18650] __msan_chain_origin+0x57/0xa0 [ 982.102436][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 982.102436][T18650] get_compat_msghdr+0x108/0x2b0 [ 982.102436][T18650] do_recvmmsg+0xdc7/0x22e0 [ 982.102436][T18650] __sys_recvmmsg+0x340/0x5f0 [ 982.102436][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.102436][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.102436][T18650] __do_fast_syscall_32+0x129/0x180 [ 982.102436][T18650] do_fast_syscall_32+0x6a/0xc0 [ 982.102436][T18650] do_SYSENTER_32+0x73/0x90 [ 982.102436][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.102436][T18650] [ 982.102436][T18650] Uninit was stored to memory at: [ 982.102436][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 982.102436][T18650] __msan_chain_origin+0x57/0xa0 [ 982.102436][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 982.102436][T18650] get_compat_msghdr+0x108/0x2b0 [ 982.102436][T18650] do_recvmmsg+0xdc7/0x22e0 [ 982.102436][T18650] __sys_recvmmsg+0x340/0x5f0 [ 982.102436][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.102436][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.102436][T18650] __do_fast_syscall_32+0x129/0x180 [ 982.102436][T18650] do_fast_syscall_32+0x6a/0xc0 [ 982.102436][T18650] do_SYSENTER_32+0x73/0x90 [ 982.102436][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.102436][T18650] [ 982.102436][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 982.102436][T18650] do_recvmmsg+0xc2/0x22e0 [ 982.102436][T18650] do_recvmmsg+0xc2/0x22e0 [ 982.490648][T18675] not chained 780000 origins [ 982.492214][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 982.501292][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 982.501292][T18675] Call Trace: [ 982.501292][T18675] dump_stack+0x21c/0x280 [ 982.501292][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 982.501292][T18675] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 982.501292][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 982.501292][T18675] ? _copy_from_user+0x201/0x310 [ 982.501292][T18675] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.501292][T18675] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 982.501292][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 982.501292][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.501292][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 982.501292][T18675] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.501292][T18675] RIP: 0023:0xf7f29549 [ 982.501292][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 982.501292][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 982.501292][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 982.501292][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 982.501292][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 982.501292][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 982.501292][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 982.501292][T18675] Uninit was stored to memory at: [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.501292][T18675] [ 982.501292][T18675] Uninit was stored to memory at: [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.501292][T18675] [ 982.501292][T18675] Uninit was stored to memory at: [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.501292][T18675] [ 982.501292][T18675] Uninit was stored to memory at: [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.942671][T18650] not chained 790000 origins [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.952073][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.952183][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.952183][T18650] Call Trace: [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.952183][T18650] dump_stack+0x21c/0x280 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.952183][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.952183][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.952183][T18650] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.952183][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.952183][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 982.501292][T18675] [ 982.952183][T18650] ? _copy_from_user+0x201/0x310 [ 982.501292][T18675] Uninit was stored to memory at: [ 982.952183][T18650] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.952183][T18650] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.952183][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.952183][T18650] get_compat_msghdr+0x108/0x2b0 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.952183][T18650] do_recvmmsg+0xdc7/0x22e0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.952183][T18650] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.952183][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.952183][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.952183][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.952183][T18650] __sys_recvmmsg+0x340/0x5f0 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.952183][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.952183][T18650] ? kmsan_get_metadata+0x116/0x180 [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.952183][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.501292][T18675] [ 982.952183][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.501292][T18675] Uninit was stored to memory at: [ 982.952183][T18650] __do_fast_syscall_32+0x129/0x180 [ 982.952183][T18650] do_fast_syscall_32+0x6a/0xc0 [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.952183][T18650] do_SYSENTER_32+0x73/0x90 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.952183][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.952183][T18650] RIP: 0023:0xf7fd6549 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.952183][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.952183][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.952183][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.952183][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.952183][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.952183][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.952183][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.952183][T18650] Uninit was stored to memory at: [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.952183][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 982.501292][T18675] [ 982.952183][T18650] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] Uninit was stored to memory at: [ 982.501292][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 982.952183][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] __msan_chain_origin+0x57/0xa0 [ 982.952183][T18650] get_compat_msghdr+0x108/0x2b0 [ 982.501292][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 982.952183][T18650] do_recvmmsg+0xdc7/0x22e0 [ 982.501292][T18675] get_compat_msghdr+0x108/0x2b0 [ 982.952183][T18650] __sys_recvmmsg+0x340/0x5f0 [ 982.501292][T18675] do_recvmmsg+0xdc7/0x22e0 [ 982.952183][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.501292][T18675] __sys_recvmmsg+0x340/0x5f0 [ 982.952183][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.501292][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 982.952183][T18650] __do_fast_syscall_32+0x129/0x180 [ 982.501292][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 982.952183][T18650] do_fast_syscall_32+0x6a/0xc0 [ 982.501292][T18675] __do_fast_syscall_32+0x129/0x180 [ 982.952183][T18650] do_SYSENTER_32+0x73/0x90 [ 982.501292][T18675] do_fast_syscall_32+0x6a/0xc0 [ 982.952183][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.501292][T18675] do_SYSENTER_32+0x73/0x90 [ 982.952183][T18650] [ 982.501292][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 982.952183][T18650] Uninit was stored to memory at: [ 982.501292][T18675] [ 982.952183][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 982.501292][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 982.952183][T18650] __msan_chain_origin+0x57/0xa0 [ 982.501292][T18675] do_recvmmsg+0xc2/0x22e0 [ 982.952183][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 982.501292][T18675] do_recvmmsg+0xc2/0x22e0 [ 982.952183][T18650] get_compat_msghdr+0x108/0x2b0 [ 983.547566][T18650] do_recvmmsg+0xdc7/0x22e0 [ 983.547566][T18650] __sys_recvmmsg+0x340/0x5f0 [ 983.547566][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.562678][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.562678][T18650] __do_fast_syscall_32+0x129/0x180 [ 983.562678][T18650] do_fast_syscall_32+0x6a/0xc0 [ 983.562678][T18650] do_SYSENTER_32+0x73/0x90 [ 983.562678][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.585993][T18650] [ 983.585993][T18650] Uninit was stored to memory at: [ 983.585993][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 983.585993][T18650] __msan_chain_origin+0x57/0xa0 [ 983.585993][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 983.585993][T18650] get_compat_msghdr+0x108/0x2b0 [ 983.585993][T18650] do_recvmmsg+0xdc7/0x22e0 [ 983.585993][T18650] __sys_recvmmsg+0x340/0x5f0 [ 983.585993][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.585993][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.585993][T18650] __do_fast_syscall_32+0x129/0x180 [ 983.585993][T18650] do_fast_syscall_32+0x6a/0xc0 [ 983.585993][T18650] do_SYSENTER_32+0x73/0x90 [ 983.585993][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.585993][T18650] [ 983.585993][T18650] Uninit was stored to memory at: [ 983.585993][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 983.585993][T18650] __msan_chain_origin+0x57/0xa0 [ 983.585993][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 983.585993][T18650] get_compat_msghdr+0x108/0x2b0 [ 983.585993][T18650] do_recvmmsg+0xdc7/0x22e0 [ 983.585993][T18650] __sys_recvmmsg+0x340/0x5f0 [ 983.585993][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.585993][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.585993][T18650] __do_fast_syscall_32+0x129/0x180 [ 983.585993][T18650] do_fast_syscall_32+0x6a/0xc0 [ 983.585993][T18650] do_SYSENTER_32+0x73/0x90 [ 983.585993][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.585993][T18650] [ 983.732381][T18650] Uninit was stored to memory at: [ 983.732381][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 983.732381][T18650] __msan_chain_origin+0x57/0xa0 [ 983.732381][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 983.732381][T18650] get_compat_msghdr+0x108/0x2b0 [ 983.732381][T18650] do_recvmmsg+0xdc7/0x22e0 [ 983.732381][T18650] __sys_recvmmsg+0x340/0x5f0 [ 983.732381][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.732381][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.732381][T18650] __do_fast_syscall_32+0x129/0x180 [ 983.732381][T18650] do_fast_syscall_32+0x6a/0xc0 [ 983.732381][T18650] do_SYSENTER_32+0x73/0x90 [ 983.791058][T18675] not chained 800000 origins [ 983.732381][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.792209][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 983.732381][T18650] [ 983.792209][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.732381][T18650] Uninit was stored to memory at: [ 983.792209][T18675] Call Trace: [ 983.732381][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 983.792209][T18675] dump_stack+0x21c/0x280 [ 983.732381][T18650] __msan_chain_origin+0x57/0xa0 [ 983.792209][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 983.732381][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 983.792209][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 983.732381][T18650] get_compat_msghdr+0x108/0x2b0 [ 983.792209][T18675] ? kmsan_get_metadata+0x116/0x180 [ 983.732381][T18650] do_recvmmsg+0xdc7/0x22e0 [ 983.792209][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 983.732381][T18650] __sys_recvmmsg+0x340/0x5f0 [ 983.792209][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 983.732381][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.792209][T18675] ? _copy_from_user+0x201/0x310 [ 983.732381][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.792209][T18675] ? kmsan_get_metadata+0x116/0x180 [ 983.732381][T18650] __do_fast_syscall_32+0x129/0x180 [ 983.792209][T18675] __msan_chain_origin+0x57/0xa0 [ 983.732381][T18650] do_fast_syscall_32+0x6a/0xc0 [ 983.792209][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 983.732381][T18650] do_SYSENTER_32+0x73/0x90 [ 983.792209][T18675] get_compat_msghdr+0x108/0x2b0 [ 983.732381][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.792209][T18675] do_recvmmsg+0xdc7/0x22e0 [ 983.732381][T18650] [ 983.792209][T18675] ? kmsan_get_metadata+0x116/0x180 [ 983.732381][T18650] Uninit was stored to memory at: [ 983.792209][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 983.732381][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 983.792209][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 983.732381][T18650] __msan_chain_origin+0x57/0xa0 [ 983.792209][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 983.732381][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 983.792209][T18675] __sys_recvmmsg+0x340/0x5f0 [ 983.732381][T18650] get_compat_msghdr+0x108/0x2b0 [ 983.792209][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 983.732381][T18650] do_recvmmsg+0xdc7/0x22e0 [ 983.792209][T18675] ? kmsan_get_metadata+0x116/0x180 [ 983.732381][T18650] __sys_recvmmsg+0x340/0x5f0 [ 983.792209][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.732381][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 983.792209][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.732381][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 983.792209][T18675] __do_fast_syscall_32+0x129/0x180 [ 983.732381][T18650] __do_fast_syscall_32+0x129/0x180 [ 983.792209][T18675] do_fast_syscall_32+0x6a/0xc0 [ 983.732381][T18650] do_fast_syscall_32+0x6a/0xc0 [ 983.792209][T18675] do_SYSENTER_32+0x73/0x90 [ 983.732381][T18650] do_SYSENTER_32+0x73/0x90 [ 983.792209][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.732381][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 983.792209][T18675] RIP: 0023:0xf7f29549 [ 983.732381][T18650] [ 983.792209][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 983.732381][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 983.792209][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 983.732381][T18650] do_recvmmsg+0xc2/0x22e0 [ 983.792209][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 983.732381][T18650] do_recvmmsg+0xc2/0x22e0 [ 983.792209][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 984.156931][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 984.156931][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 984.176954][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 984.185009][T18675] Uninit was stored to memory at: [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.192438][T18675] [ 984.192438][T18675] Uninit was stored to memory at: [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.192438][T18675] [ 984.192438][T18675] Uninit was stored to memory at: [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.361915][T18650] not chained 810000 origins [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.362182][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.362182][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.362182][T18650] Call Trace: [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.362182][T18650] dump_stack+0x21c/0x280 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.362182][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.362182][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 984.192438][T18675] [ 984.362182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 984.192438][T18675] Uninit was stored to memory at: [ 984.362182][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.362182][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.362182][T18650] ? _copy_from_user+0x201/0x310 [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.362182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.362182][T18650] __msan_chain_origin+0x57/0xa0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.362182][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.362182][T18650] get_compat_msghdr+0x108/0x2b0 [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.362182][T18650] do_recvmmsg+0xdc7/0x22e0 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.362182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.362182][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.362182][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.362182][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.362182][T18650] __sys_recvmmsg+0x340/0x5f0 [ 984.192438][T18675] [ 984.362182][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 984.192438][T18675] Uninit was stored to memory at: [ 984.362182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.362182][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.362182][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.362182][T18650] __do_fast_syscall_32+0x129/0x180 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.362182][T18650] do_fast_syscall_32+0x6a/0xc0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.362182][T18650] do_SYSENTER_32+0x73/0x90 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.362182][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.362182][T18650] RIP: 0023:0xf7fd6549 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.362182][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.362182][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.362182][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.362182][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 984.192438][T18675] [ 984.362182][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 984.192438][T18675] Uninit was stored to memory at: [ 984.362182][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.362182][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.362182][T18650] Uninit was stored to memory at: [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.362182][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.362182][T18650] __msan_chain_origin+0x57/0xa0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.362182][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.362182][T18650] get_compat_msghdr+0x108/0x2b0 [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.362182][T18650] do_recvmmsg+0xdc7/0x22e0 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.362182][T18650] __sys_recvmmsg+0x340/0x5f0 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.362182][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.362182][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.362182][T18650] __do_fast_syscall_32+0x129/0x180 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.362182][T18650] do_fast_syscall_32+0x6a/0xc0 [ 984.192438][T18675] [ 984.362182][T18650] do_SYSENTER_32+0x73/0x90 [ 984.192438][T18675] Uninit was stored to memory at: [ 984.362182][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.192438][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 984.362182][T18650] [ 984.192438][T18675] __msan_chain_origin+0x57/0xa0 [ 984.362182][T18650] Uninit was stored to memory at: [ 984.192438][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 984.362182][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 984.192438][T18675] get_compat_msghdr+0x108/0x2b0 [ 984.362182][T18650] __msan_chain_origin+0x57/0xa0 [ 984.192438][T18675] do_recvmmsg+0xdc7/0x22e0 [ 984.362182][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 984.192438][T18675] __sys_recvmmsg+0x340/0x5f0 [ 984.362182][T18650] get_compat_msghdr+0x108/0x2b0 [ 984.192438][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.362182][T18650] do_recvmmsg+0xdc7/0x22e0 [ 984.192438][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.362182][T18650] __sys_recvmmsg+0x340/0x5f0 [ 984.192438][T18675] __do_fast_syscall_32+0x129/0x180 [ 984.362182][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 984.192438][T18675] do_fast_syscall_32+0x6a/0xc0 [ 984.362182][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 984.192438][T18675] do_SYSENTER_32+0x73/0x90 [ 984.362182][T18650] __do_fast_syscall_32+0x129/0x180 [ 984.192438][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.362182][T18650] do_fast_syscall_32+0x6a/0xc0 [ 984.192438][T18675] [ 984.362182][T18650] do_SYSENTER_32+0x73/0x90 [ 984.192438][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 984.362182][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 984.192438][T18675] do_recvmmsg+0xc2/0x22e0 [ 984.362182][T18650] [ 984.192438][T18675] do_recvmmsg+0xc2/0x22e0 [ 984.362182][T18650] Uninit was stored to memory at: [ 985.063447][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.063447][T18650] __msan_chain_origin+0x57/0xa0 [ 985.063447][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.086660][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.087117][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.087117][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.087117][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.087117][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.087117][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.087117][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.087117][T18650] do_SYSENTER_32+0x73/0x90 [ 985.087117][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.087117][T18650] [ 985.087117][T18650] Uninit was stored to memory at: [ 985.087117][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.087117][T18650] __msan_chain_origin+0x57/0xa0 [ 985.087117][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.087117][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.087117][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.087117][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.087117][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.087117][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.087117][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.087117][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.087117][T18650] do_SYSENTER_32+0x73/0x90 [ 985.087117][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.087117][T18650] [ 985.087117][T18650] Uninit was stored to memory at: [ 985.087117][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.087117][T18650] __msan_chain_origin+0x57/0xa0 [ 985.087117][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.087117][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.087117][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.087117][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.087117][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.087117][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.087117][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.087117][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.087117][T18650] do_SYSENTER_32+0x73/0x90 [ 985.087117][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.087117][T18650] [ 985.087117][T18650] Uninit was stored to memory at: [ 985.087117][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.087117][T18650] __msan_chain_origin+0x57/0xa0 [ 985.087117][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.087117][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.087117][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.087117][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.087117][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.087117][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.087117][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.087117][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.087117][T18650] do_SYSENTER_32+0x73/0x90 [ 985.087117][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.087117][T18650] [ 985.087117][T18650] Uninit was stored to memory at: [ 985.087117][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.087117][T18650] __msan_chain_origin+0x57/0xa0 [ 985.087117][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.087117][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.087117][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.087117][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.087117][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.087117][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.087117][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.087117][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.087117][T18650] do_SYSENTER_32+0x73/0x90 [ 985.087117][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.087117][T18650] [ 985.087117][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 985.087117][T18650] do_recvmmsg+0xc2/0x22e0 [ 985.087117][T18650] do_recvmmsg+0xc2/0x22e0 [ 985.660216][T18650] not chained 820000 origins [ 985.662198][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 985.662198][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 985.662198][T18650] Call Trace: [ 985.662198][T18650] dump_stack+0x21c/0x280 [ 985.662198][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 985.662198][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 985.662198][T18650] ? kmsan_get_metadata+0x116/0x180 [ 985.702382][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 985.702382][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 985.702382][T18650] ? _copy_from_user+0x201/0x310 [ 985.702382][T18650] ? kmsan_get_metadata+0x116/0x180 [ 985.702382][T18650] __msan_chain_origin+0x57/0xa0 [ 985.702382][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.702382][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.702382][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.702382][T18650] ? kmsan_get_metadata+0x116/0x180 [ 985.702382][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 985.702382][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 985.702382][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 985.702382][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.702382][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 985.702382][T18650] ? kmsan_get_metadata+0x116/0x180 [ 985.702382][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.702382][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.702382][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.702382][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.702382][T18650] do_SYSENTER_32+0x73/0x90 [ 985.702382][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.702382][T18650] RIP: 0023:0xf7fd6549 [ 985.702382][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 985.702382][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 985.702382][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 985.702382][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 985.702382][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 985.702382][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 985.702382][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 985.702382][T18650] Uninit was stored to memory at: [ 985.702382][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.702382][T18650] __msan_chain_origin+0x57/0xa0 [ 985.702382][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.702382][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.702382][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.702382][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.702382][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.702382][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.702382][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.702382][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.702382][T18650] do_SYSENTER_32+0x73/0x90 [ 985.702382][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.702382][T18650] [ 985.702382][T18650] Uninit was stored to memory at: [ 985.702382][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.702382][T18650] __msan_chain_origin+0x57/0xa0 [ 985.702382][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.702382][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.702382][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.702382][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.702382][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.702382][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.702382][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.702382][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.702382][T18650] do_SYSENTER_32+0x73/0x90 [ 985.702382][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.702382][T18650] [ 985.702382][T18650] Uninit was stored to memory at: [ 985.702382][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.702382][T18650] __msan_chain_origin+0x57/0xa0 [ 985.702382][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.702382][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.702382][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.702382][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.702382][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.702382][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.702382][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.702382][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.702382][T18650] do_SYSENTER_32+0x73/0x90 [ 985.702382][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.702382][T18650] [ 985.702382][T18650] Uninit was stored to memory at: [ 985.702382][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.702382][T18650] __msan_chain_origin+0x57/0xa0 [ 985.702382][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 985.702382][T18650] get_compat_msghdr+0x108/0x2b0 [ 985.702382][T18650] do_recvmmsg+0xdc7/0x22e0 [ 985.702382][T18650] __sys_recvmmsg+0x340/0x5f0 [ 985.702382][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 985.702382][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 985.702382][T18650] __do_fast_syscall_32+0x129/0x180 [ 985.702382][T18650] do_fast_syscall_32+0x6a/0xc0 [ 985.702382][T18650] do_SYSENTER_32+0x73/0x90 [ 985.702382][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 985.702382][T18650] [ 985.702382][T18650] Uninit was stored to memory at: [ 985.702382][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 985.702382][T18650] __msan_chain_origin+0x57/0xa0 [ 985.702382][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.188821][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.188821][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.188821][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.188821][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.188821][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.188821][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.188821][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.188821][T18650] do_SYSENTER_32+0x73/0x90 [ 986.188821][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.188821][T18650] [ 986.188821][T18650] Uninit was stored to memory at: [ 986.188821][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 986.188821][T18650] __msan_chain_origin+0x57/0xa0 [ 986.188821][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.188821][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.188821][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.188821][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.188821][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.188821][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.188821][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.188821][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.188821][T18650] do_SYSENTER_32+0x73/0x90 [ 986.188821][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.188821][T18650] [ 986.188821][T18650] Uninit was stored to memory at: [ 986.188821][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 986.188821][T18650] __msan_chain_origin+0x57/0xa0 [ 986.188821][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.188821][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.188821][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.188821][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.188821][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.188821][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.188821][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.188821][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.188821][T18650] do_SYSENTER_32+0x73/0x90 [ 986.188821][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.188821][T18650] [ 986.188821][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 986.188821][T18650] do_recvmmsg+0xc2/0x22e0 [ 986.188821][T18650] do_recvmmsg+0xc2/0x22e0 [ 986.611882][T18650] not chained 830000 origins [ 986.612197][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 986.612197][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 986.612197][T18650] Call Trace: [ 986.612197][T18650] dump_stack+0x21c/0x280 [ 986.612197][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 986.612197][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 986.612197][T18650] ? kmsan_get_metadata+0x116/0x180 [ 986.612197][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 986.612197][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 986.612197][T18650] ? _copy_from_user+0x201/0x310 [ 986.672328][T18650] ? kmsan_get_metadata+0x116/0x180 [ 986.672328][T18650] __msan_chain_origin+0x57/0xa0 [ 986.672328][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.672328][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.672328][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.672328][T18650] ? kmsan_get_metadata+0x116/0x180 [ 986.672328][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 986.672328][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 986.672328][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 986.672328][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.672328][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 986.672328][T18650] ? kmsan_get_metadata+0x116/0x180 [ 986.672328][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.742436][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.742436][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.742436][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.742436][T18650] do_SYSENTER_32+0x73/0x90 [ 986.742436][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.742436][T18650] RIP: 0023:0xf7fd6549 [ 986.742436][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 986.742436][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 986.742436][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 986.742436][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 986.742436][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 986.742436][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 986.742436][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.742436][T18650] Uninit was stored to memory at: [ 986.742436][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 986.742436][T18650] __msan_chain_origin+0x57/0xa0 [ 986.742436][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.742436][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.742436][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.742436][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.742436][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.742436][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.742436][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.742436][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.742436][T18650] do_SYSENTER_32+0x73/0x90 [ 986.902447][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.902447][T18650] [ 986.902447][T18650] Uninit was stored to memory at: [ 986.902447][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 986.902447][T18650] __msan_chain_origin+0x57/0xa0 [ 986.902447][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.902447][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.902447][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.902447][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.902447][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.902447][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.902447][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.902447][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.902447][T18650] do_SYSENTER_32+0x73/0x90 [ 986.902447][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.902447][T18650] [ 986.982460][T18650] Uninit was stored to memory at: [ 986.982460][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 986.982460][T18650] __msan_chain_origin+0x57/0xa0 [ 986.982460][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.982460][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.982460][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.982460][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.982460][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.982460][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.982460][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.982460][T18650] do_fast_syscall_32+0x6a/0xc0 [ 986.982460][T18650] do_SYSENTER_32+0x73/0x90 [ 986.982460][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.982460][T18650] [ 986.982460][T18650] Uninit was stored to memory at: [ 986.982460][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 986.982460][T18650] __msan_chain_origin+0x57/0xa0 [ 986.982460][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 986.982460][T18650] get_compat_msghdr+0x108/0x2b0 [ 986.982460][T18650] do_recvmmsg+0xdc7/0x22e0 [ 986.982460][T18650] __sys_recvmmsg+0x340/0x5f0 [ 986.982460][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.982460][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.982460][T18650] __do_fast_syscall_32+0x129/0x180 [ 986.982460][T18650] do_fast_syscall_32+0x6a/0xc0 [ 987.106095][T18675] not chained 840000 origins [ 986.982460][T18650] do_SYSENTER_32+0x73/0x90 [ 987.112206][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 986.982460][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.112206][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 986.982460][T18650] [ 987.112206][T18675] Call Trace: [ 986.982460][T18650] Uninit was stored to memory at: [ 987.112206][T18675] dump_stack+0x21c/0x280 [ 986.982460][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 987.112206][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 986.982460][T18650] __msan_chain_origin+0x57/0xa0 [ 987.112206][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 986.982460][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 987.112206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 986.982460][T18650] get_compat_msghdr+0x108/0x2b0 [ 987.112206][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 986.982460][T18650] do_recvmmsg+0xdc7/0x22e0 [ 987.112206][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 986.982460][T18650] __sys_recvmmsg+0x340/0x5f0 [ 987.112206][T18675] ? _copy_from_user+0x201/0x310 [ 986.982460][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.112206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 986.982460][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.112206][T18675] __msan_chain_origin+0x57/0xa0 [ 986.982460][T18650] __do_fast_syscall_32+0x129/0x180 [ 987.112206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 986.982460][T18650] do_fast_syscall_32+0x6a/0xc0 [ 987.112206][T18675] get_compat_msghdr+0x108/0x2b0 [ 986.982460][T18650] do_SYSENTER_32+0x73/0x90 [ 987.112206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 986.982460][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.112206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 986.982460][T18650] [ 987.112206][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 986.982460][T18650] Uninit was stored to memory at: [ 987.112206][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 986.982460][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 987.112206][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 986.982460][T18650] __msan_chain_origin+0x57/0xa0 [ 987.112206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 986.982460][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 987.112206][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 986.982460][T18650] get_compat_msghdr+0x108/0x2b0 [ 987.112206][T18675] ? kmsan_get_metadata+0x116/0x180 [ 986.982460][T18650] do_recvmmsg+0xdc7/0x22e0 [ 987.112206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.982460][T18650] __sys_recvmmsg+0x340/0x5f0 [ 987.112206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.982460][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.112206][T18675] __do_fast_syscall_32+0x129/0x180 [ 986.982460][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.112206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 986.982460][T18650] __do_fast_syscall_32+0x129/0x180 [ 987.112206][T18675] do_SYSENTER_32+0x73/0x90 [ 986.982460][T18650] do_fast_syscall_32+0x6a/0xc0 [ 987.112206][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 986.982460][T18650] do_SYSENTER_32+0x73/0x90 [ 987.112206][T18675] RIP: 0023:0xf7f29549 [ 986.982460][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.112206][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 986.982460][T18650] [ 987.112206][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 986.982460][T18650] Uninit was stored to memory at: [ 987.112206][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 986.982460][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 987.112206][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 986.982460][T18650] __msan_chain_origin+0x57/0xa0 [ 987.112206][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 986.982460][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 987.112206][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 986.982460][T18650] get_compat_msghdr+0x108/0x2b0 [ 987.112206][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.982460][T18650] do_recvmmsg+0xdc7/0x22e0 [ 987.112206][T18675] Uninit was stored to memory at: [ 986.982460][T18650] __sys_recvmmsg+0x340/0x5f0 [ 987.112206][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 986.982460][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.112206][T18675] __msan_chain_origin+0x57/0xa0 [ 986.982460][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.112206][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 986.982460][T18650] __do_fast_syscall_32+0x129/0x180 [ 987.112206][T18675] get_compat_msghdr+0x108/0x2b0 [ 986.982460][T18650] do_fast_syscall_32+0x6a/0xc0 [ 987.112206][T18675] do_recvmmsg+0xdc7/0x22e0 [ 986.982460][T18650] do_SYSENTER_32+0x73/0x90 [ 987.112206][T18675] __sys_recvmmsg+0x340/0x5f0 [ 986.982460][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.112206][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 986.982460][T18650] [ 987.112206][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 986.982460][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 987.112206][T18675] __do_fast_syscall_32+0x129/0x180 [ 986.982460][T18650] do_recvmmsg+0xc2/0x22e0 [ 987.112206][T18675] do_fast_syscall_32+0x6a/0xc0 [ 986.982460][T18650] do_recvmmsg+0xc2/0x22e0 [ 987.112206][T18675] do_SYSENTER_32+0x73/0x90 [ 987.636733][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.636733][T18675] [ 987.636733][T18675] Uninit was stored to memory at: [ 987.654339][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 987.655009][T18675] __msan_chain_origin+0x57/0xa0 [ 987.655009][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 987.670077][T18675] get_compat_msghdr+0x108/0x2b0 [ 987.670077][T18675] do_recvmmsg+0xdc7/0x22e0 [ 987.670077][T18675] __sys_recvmmsg+0x340/0x5f0 [ 987.670077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.670077][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.670077][T18675] __do_fast_syscall_32+0x129/0x180 [ 987.670077][T18675] do_fast_syscall_32+0x6a/0xc0 [ 987.670077][T18675] do_SYSENTER_32+0x73/0x90 [ 987.670077][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.670077][T18675] [ 987.670077][T18675] Uninit was stored to memory at: [ 987.670077][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 987.670077][T18675] __msan_chain_origin+0x57/0xa0 [ 987.670077][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 987.670077][T18675] get_compat_msghdr+0x108/0x2b0 [ 987.670077][T18675] do_recvmmsg+0xdc7/0x22e0 [ 987.670077][T18675] __sys_recvmmsg+0x340/0x5f0 [ 987.670077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.670077][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.670077][T18675] __do_fast_syscall_32+0x129/0x180 [ 987.670077][T18675] do_fast_syscall_32+0x6a/0xc0 [ 987.670077][T18675] do_SYSENTER_32+0x73/0x90 [ 987.670077][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.670077][T18675] [ 987.670077][T18675] Uninit was stored to memory at: [ 987.670077][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 987.670077][T18675] __msan_chain_origin+0x57/0xa0 [ 987.670077][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 987.809921][T18650] not chained 850000 origins [ 987.670077][T18675] get_compat_msghdr+0x108/0x2b0 [ 987.812180][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 987.670077][T18675] do_recvmmsg+0xdc7/0x22e0 [ 987.812180][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 987.670077][T18675] __sys_recvmmsg+0x340/0x5f0 [ 987.812180][T18650] Call Trace: [ 987.670077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.812180][T18650] dump_stack+0x21c/0x280 [ 987.670077][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.812180][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 987.670077][T18675] __do_fast_syscall_32+0x129/0x180 [ 987.812180][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 987.670077][T18675] do_fast_syscall_32+0x6a/0xc0 [ 987.812180][T18650] ? kmsan_get_metadata+0x116/0x180 [ 987.670077][T18675] do_SYSENTER_32+0x73/0x90 [ 987.812180][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 987.670077][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.812180][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 987.670077][T18675] [ 987.812180][T18650] ? _copy_from_user+0x201/0x310 [ 987.670077][T18675] Uninit was stored to memory at: [ 987.812180][T18650] ? kmsan_get_metadata+0x116/0x180 [ 987.670077][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 987.812180][T18650] __msan_chain_origin+0x57/0xa0 [ 987.670077][T18675] __msan_chain_origin+0x57/0xa0 [ 987.812180][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 987.670077][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 987.812180][T18650] get_compat_msghdr+0x108/0x2b0 [ 987.670077][T18675] get_compat_msghdr+0x108/0x2b0 [ 987.812180][T18650] do_recvmmsg+0xdc7/0x22e0 [ 987.670077][T18675] do_recvmmsg+0xdc7/0x22e0 [ 987.812180][T18650] ? kmsan_get_metadata+0x116/0x180 [ 987.670077][T18675] __sys_recvmmsg+0x340/0x5f0 [ 987.812180][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 987.670077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.812180][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 987.670077][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.812180][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 987.670077][T18675] __do_fast_syscall_32+0x129/0x180 [ 987.812180][T18650] __sys_recvmmsg+0x340/0x5f0 [ 987.670077][T18675] do_fast_syscall_32+0x6a/0xc0 [ 987.812180][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 987.670077][T18675] do_SYSENTER_32+0x73/0x90 [ 987.812180][T18650] ? kmsan_get_metadata+0x116/0x180 [ 987.670077][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.812180][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.670077][T18675] [ 987.812180][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.670077][T18675] Uninit was stored to memory at: [ 987.812180][T18650] __do_fast_syscall_32+0x129/0x180 [ 987.670077][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 987.812180][T18650] do_fast_syscall_32+0x6a/0xc0 [ 987.670077][T18675] __msan_chain_origin+0x57/0xa0 [ 987.812180][T18650] do_SYSENTER_32+0x73/0x90 [ 987.670077][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 987.812180][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.670077][T18675] get_compat_msghdr+0x108/0x2b0 [ 987.812180][T18650] RIP: 0023:0xf7fd6549 [ 987.670077][T18675] do_recvmmsg+0xdc7/0x22e0 [ 987.812180][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 987.670077][T18675] __sys_recvmmsg+0x340/0x5f0 [ 987.812180][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 987.670077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.812180][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 987.670077][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.812180][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 987.670077][T18675] __do_fast_syscall_32+0x129/0x180 [ 987.812180][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 987.670077][T18675] do_fast_syscall_32+0x6a/0xc0 [ 987.812180][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 987.670077][T18675] do_SYSENTER_32+0x73/0x90 [ 987.812180][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 987.670077][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.812180][T18650] Uninit was stored to memory at: [ 987.670077][T18675] [ 987.812180][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 987.670077][T18675] Uninit was stored to memory at: [ 987.812180][T18650] __msan_chain_origin+0x57/0xa0 [ 987.670077][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 987.812180][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 987.670077][T18675] __msan_chain_origin+0x57/0xa0 [ 987.812180][T18650] get_compat_msghdr+0x108/0x2b0 [ 987.670077][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 987.812180][T18650] do_recvmmsg+0xdc7/0x22e0 [ 987.670077][T18675] get_compat_msghdr+0x108/0x2b0 [ 987.812180][T18650] __sys_recvmmsg+0x340/0x5f0 [ 987.670077][T18675] do_recvmmsg+0xdc7/0x22e0 [ 987.812180][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.670077][T18675] __sys_recvmmsg+0x340/0x5f0 [ 987.812180][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.670077][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 987.812180][T18650] __do_fast_syscall_32+0x129/0x180 [ 987.670077][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 987.812180][T18650] do_fast_syscall_32+0x6a/0xc0 [ 987.670077][T18675] __do_fast_syscall_32+0x129/0x180 [ 987.812180][T18650] do_SYSENTER_32+0x73/0x90 [ 987.670077][T18675] do_fast_syscall_32+0x6a/0xc0 [ 987.812180][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.670077][T18675] do_SYSENTER_32+0x73/0x90 [ 987.812180][T18650] [ 987.670077][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 987.812180][T18650] Uninit was stored to memory at: [ 987.670077][T18675] [ 987.812180][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 987.670077][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 987.812180][T18650] __msan_chain_origin+0x57/0xa0 [ 987.670077][T18675] do_recvmmsg+0xc2/0x22e0 [ 987.812180][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 987.670077][T18675] do_recvmmsg+0xc2/0x22e0 [ 987.812180][T18650] get_compat_msghdr+0x108/0x2b0 [ 988.407723][T18650] do_recvmmsg+0xdc7/0x22e0 [ 988.407723][T18650] __sys_recvmmsg+0x340/0x5f0 [ 988.407723][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 988.407723][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 988.407723][T18650] __do_fast_syscall_32+0x129/0x180 [ 988.437001][T18650] do_fast_syscall_32+0x6a/0xc0 [ 988.437001][T18650] do_SYSENTER_32+0x73/0x90 [ 988.437001][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 988.437001][T18650] [ 988.437001][T18650] Uninit was stored to memory at: [ 988.437001][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 988.437001][T18650] __msan_chain_origin+0x57/0xa0 [ 988.437001][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 988.437001][T18650] get_compat_msghdr+0x108/0x2b0 [ 988.437001][T18650] do_recvmmsg+0xdc7/0x22e0 [ 988.437001][T18650] __sys_recvmmsg+0x340/0x5f0 [ 988.437001][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 988.437001][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 988.437001][T18650] __do_fast_syscall_32+0x129/0x180 [ 988.437001][T18650] do_fast_syscall_32+0x6a/0xc0 [ 988.437001][T18650] do_SYSENTER_32+0x73/0x90 [ 988.437001][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 988.437001][T18650] [ 988.437001][T18650] Uninit was stored to memory at: [ 988.437001][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 988.437001][T18650] __msan_chain_origin+0x57/0xa0 [ 988.437001][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 988.437001][T18650] get_compat_msghdr+0x108/0x2b0 [ 988.437001][T18650] do_recvmmsg+0xdc7/0x22e0 [ 988.437001][T18650] __sys_recvmmsg+0x340/0x5f0 [ 988.437001][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 988.437001][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 988.437001][T18650] __do_fast_syscall_32+0x129/0x180 [ 988.437001][T18650] do_fast_syscall_32+0x6a/0xc0 [ 988.437001][T18650] do_SYSENTER_32+0x73/0x90 [ 988.437001][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 988.437001][T18650] [ 988.437001][T18650] Uninit was stored to memory at: [ 988.437001][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 988.437001][T18650] __msan_chain_origin+0x57/0xa0 [ 988.437001][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 988.437001][T18650] get_compat_msghdr+0x108/0x2b0 [ 988.437001][T18650] do_recvmmsg+0xdc7/0x22e0 [ 988.437001][T18650] __sys_recvmmsg+0x340/0x5f0 [ 988.437001][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 988.437001][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 988.437001][T18650] __do_fast_syscall_32+0x129/0x180 [ 988.437001][T18650] do_fast_syscall_32+0x6a/0xc0 [ 988.437001][T18650] do_SYSENTER_32+0x73/0x90 [ 988.437001][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 988.437001][T18650] [ 988.437001][T18650] Uninit was stored to memory at: [ 988.437001][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 988.437001][T18650] __msan_chain_origin+0x57/0xa0 [ 988.437001][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 988.437001][T18650] get_compat_msghdr+0x108/0x2b0 [ 988.437001][T18650] do_recvmmsg+0xdc7/0x22e0 [ 988.437001][T18650] __sys_recvmmsg+0x340/0x5f0 [ 988.437001][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 988.437001][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 988.437001][T18650] __do_fast_syscall_32+0x129/0x180 [ 988.437001][T18650] do_fast_syscall_32+0x6a/0xc0 [ 988.437001][T18650] do_SYSENTER_32+0x73/0x90 [ 988.437001][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 988.437001][T18650] [ 988.437001][T18650] Uninit was stored to memory at: [ 988.437001][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 988.437001][T18650] __msan_chain_origin+0x57/0xa0 [ 988.437001][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 988.437001][T18650] get_compat_msghdr+0x108/0x2b0 [ 988.437001][T18650] do_recvmmsg+0xdc7/0x22e0 [ 988.437001][T18650] __sys_recvmmsg+0x340/0x5f0 [ 988.437001][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 988.437001][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 988.437001][T18650] __do_fast_syscall_32+0x129/0x180 [ 988.437001][T18650] do_fast_syscall_32+0x6a/0xc0 [ 988.437001][T18650] do_SYSENTER_32+0x73/0x90 [ 988.437001][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 988.437001][T18650] [ 988.437001][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 988.437001][T18650] do_recvmmsg+0xc2/0x22e0 [ 988.437001][T18650] do_recvmmsg+0xc2/0x22e0 [ 989.049057][T18650] not chained 860000 origins [ 989.052198][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 989.052198][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 989.052198][T18650] Call Trace: [ 989.052198][T18650] dump_stack+0x21c/0x280 [ 989.052198][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 989.052198][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 989.052198][T18650] ? kmsan_get_metadata+0x116/0x180 [ 989.052198][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 989.052198][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 989.102406][T18650] ? _copy_from_user+0x201/0x310 [ 989.102406][T18650] ? kmsan_get_metadata+0x116/0x180 [ 989.102406][T18650] __msan_chain_origin+0x57/0xa0 [ 989.102406][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.102406][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.102406][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.102406][T18650] ? kmsan_get_metadata+0x116/0x180 [ 989.102406][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 989.102406][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 989.102406][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 989.102406][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.102406][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 989.102406][T18650] ? kmsan_get_metadata+0x116/0x180 [ 989.172316][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.172316][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.172316][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.172316][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.172316][T18650] do_SYSENTER_32+0x73/0x90 [ 989.172316][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.172316][T18650] RIP: 0023:0xf7fd6549 [ 989.172316][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 989.172316][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 989.172316][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 989.172316][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 989.172316][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 989.172316][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 989.172316][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 989.172316][T18650] Uninit was stored to memory at: [ 989.172316][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.172316][T18650] __msan_chain_origin+0x57/0xa0 [ 989.172316][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.172316][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.172316][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.172316][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.172316][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.172316][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.172316][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.172316][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.172316][T18650] do_SYSENTER_32+0x73/0x90 [ 989.172316][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.172316][T18650] [ 989.172316][T18650] Uninit was stored to memory at: [ 989.172316][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.172316][T18650] __msan_chain_origin+0x57/0xa0 [ 989.172316][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.172316][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.172316][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.172316][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.172316][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.172316][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.172316][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.172316][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.172316][T18650] do_SYSENTER_32+0x73/0x90 [ 989.172316][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.172316][T18650] [ 989.172316][T18650] Uninit was stored to memory at: [ 989.172316][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.172316][T18650] __msan_chain_origin+0x57/0xa0 [ 989.172316][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.172316][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.172316][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.172316][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.172316][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.462474][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.462474][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.462474][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.462474][T18650] do_SYSENTER_32+0x73/0x90 [ 989.462474][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.462474][T18650] [ 989.462474][T18650] Uninit was stored to memory at: [ 989.462474][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.462474][T18650] __msan_chain_origin+0x57/0xa0 [ 989.462474][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.462474][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.462474][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.462474][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.462474][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.462474][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.462474][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.462474][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.462474][T18650] do_SYSENTER_32+0x73/0x90 [ 989.462474][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.462474][T18650] [ 989.462474][T18650] Uninit was stored to memory at: [ 989.567038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.567038][T18650] __msan_chain_origin+0x57/0xa0 [ 989.567038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.567038][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.567038][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.567038][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.567038][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.567038][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.567038][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.567038][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.567038][T18650] do_SYSENTER_32+0x73/0x90 [ 989.567038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.567038][T18650] [ 989.567038][T18650] Uninit was stored to memory at: [ 989.567038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.567038][T18650] __msan_chain_origin+0x57/0xa0 [ 989.567038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.567038][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.567038][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.567038][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.567038][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.567038][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.567038][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.567038][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.567038][T18650] do_SYSENTER_32+0x73/0x90 [ 989.567038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.567038][T18650] [ 989.567038][T18650] Uninit was stored to memory at: [ 989.567038][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 989.567038][T18650] __msan_chain_origin+0x57/0xa0 [ 989.567038][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 989.567038][T18650] get_compat_msghdr+0x108/0x2b0 [ 989.567038][T18650] do_recvmmsg+0xdc7/0x22e0 [ 989.567038][T18650] __sys_recvmmsg+0x340/0x5f0 [ 989.567038][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 989.567038][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 989.567038][T18650] __do_fast_syscall_32+0x129/0x180 [ 989.567038][T18650] do_fast_syscall_32+0x6a/0xc0 [ 989.567038][T18650] do_SYSENTER_32+0x73/0x90 [ 989.567038][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 989.567038][T18650] [ 989.567038][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 989.567038][T18650] do_recvmmsg+0xc2/0x22e0 [ 989.567038][T18650] do_recvmmsg+0xc2/0x22e0 [ 990.012978][T18675] not chained 870000 origins [ 990.017589][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 990.022198][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 990.032275][T18675] Call Trace: [ 990.032275][T18675] dump_stack+0x21c/0x280 [ 990.032275][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 990.032275][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 990.032275][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.032275][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 990.032275][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 990.032275][T18675] ? _copy_from_user+0x201/0x310 [ 990.032275][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.032275][T18675] __msan_chain_origin+0x57/0xa0 [ 990.032275][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.032275][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.032275][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.032275][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.032275][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 990.032275][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 990.032275][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 990.032275][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.032275][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 990.032275][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.032275][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.032275][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.032275][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.032275][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.032275][T18675] do_SYSENTER_32+0x73/0x90 [ 990.032275][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.032275][T18675] RIP: 0023:0xf7f29549 [ 990.032275][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 990.185143][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 990.185143][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 990.185143][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 990.185143][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 990.185143][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 990.185143][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 990.185143][T18675] Uninit was stored to memory at: [ 990.185143][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.185143][T18675] __msan_chain_origin+0x57/0xa0 [ 990.185143][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.185143][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.185143][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.185143][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.185143][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.185143][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.185143][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.185143][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.185143][T18675] do_SYSENTER_32+0x73/0x90 [ 990.185143][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.185143][T18675] [ 990.185143][T18675] Uninit was stored to memory at: [ 990.185143][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.185143][T18675] __msan_chain_origin+0x57/0xa0 [ 990.185143][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.185143][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.185143][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.185143][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.185143][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.185143][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.185143][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.185143][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.185143][T18675] do_SYSENTER_32+0x73/0x90 [ 990.185143][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.185143][T18675] [ 990.185143][T18675] Uninit was stored to memory at: [ 990.385856][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.385856][T18675] __msan_chain_origin+0x57/0xa0 [ 990.385856][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.385856][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.385856][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.385856][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.385856][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.385856][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.385856][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.385856][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.385856][T18675] do_SYSENTER_32+0x73/0x90 [ 990.385856][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.385856][T18675] [ 990.385856][T18675] Uninit was stored to memory at: [ 990.385856][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.385856][T18675] __msan_chain_origin+0x57/0xa0 [ 990.385856][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.385856][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.385856][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.385856][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.385856][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.385856][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.385856][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.502337][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.502337][T18675] do_SYSENTER_32+0x73/0x90 [ 990.512322][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.512322][T18675] [ 990.512322][T18675] Uninit was stored to memory at: [ 990.512322][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.512322][T18675] __msan_chain_origin+0x57/0xa0 [ 990.512322][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.512322][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.512322][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.512322][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.512322][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.512322][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.512322][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.512322][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.512322][T18675] do_SYSENTER_32+0x73/0x90 [ 990.512322][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.512322][T18675] [ 990.512322][T18675] Uninit was stored to memory at: [ 990.600011][T18650] not chained 880000 origins [ 990.512322][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.602217][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 990.512322][T18675] __msan_chain_origin+0x57/0xa0 [ 990.602217][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 990.512322][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.602217][T18650] Call Trace: [ 990.512322][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.602217][T18650] dump_stack+0x21c/0x280 [ 990.512322][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.602217][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 990.512322][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.602217][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 990.512322][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.602217][T18650] ? kmsan_get_metadata+0x116/0x180 [ 990.512322][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.602217][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 990.512322][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.602217][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 990.512322][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.602217][T18650] ? _copy_from_user+0x201/0x310 [ 990.512322][T18675] do_SYSENTER_32+0x73/0x90 [ 990.602217][T18650] ? kmsan_get_metadata+0x116/0x180 [ 990.512322][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.602217][T18650] __msan_chain_origin+0x57/0xa0 [ 990.512322][T18675] [ 990.602217][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 990.512322][T18675] Uninit was stored to memory at: [ 990.602217][T18650] get_compat_msghdr+0x108/0x2b0 [ 990.512322][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.602217][T18650] do_recvmmsg+0xdc7/0x22e0 [ 990.512322][T18675] __msan_chain_origin+0x57/0xa0 [ 990.602217][T18650] ? kmsan_get_metadata+0x116/0x180 [ 990.512322][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.602217][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 990.512322][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.602217][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 990.512322][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.602217][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 990.512322][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.602217][T18650] __sys_recvmmsg+0x340/0x5f0 [ 990.512322][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.602217][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 990.512322][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.602217][T18650] ? kmsan_get_metadata+0x116/0x180 [ 990.512322][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.512322][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.602217][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.512322][T18675] do_SYSENTER_32+0x73/0x90 [ 990.602217][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.512322][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.602217][T18650] __do_fast_syscall_32+0x129/0x180 [ 990.512322][T18675] [ 990.602217][T18650] do_fast_syscall_32+0x6a/0xc0 [ 990.512322][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 990.602217][T18650] do_SYSENTER_32+0x73/0x90 [ 990.512322][T18675] do_recvmmsg+0xc2/0x22e0 [ 990.602217][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.512322][T18675] do_recvmmsg+0xc2/0x22e0 [ 990.602217][T18650] RIP: 0023:0xf7fd6549 [ 990.602217][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 990.921608][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 990.921608][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 990.921608][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 990.921608][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 990.921608][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 990.921608][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 990.921608][T18650] Uninit was stored to memory at: [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.921608][T18650] [ 990.921608][T18650] Uninit was stored to memory at: [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 991.066880][T18675] not chained 890000 origins [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 991.071522][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 991.072182][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] Call Trace: [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] dump_stack+0x21c/0x280 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 991.072182][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.072182][T18675] ? _copy_from_user+0x201/0x310 [ 990.921608][T18650] [ 991.072182][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.921608][T18650] Uninit was stored to memory at: [ 991.072182][T18675] __msan_chain_origin+0x57/0xa0 [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 991.072182][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 991.072182][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 991.072182][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 991.072182][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] ? kmsan_get_metadata+0x116/0x180 [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 991.072182][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.072182][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.921608][T18650] [ 991.072182][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.921608][T18650] Uninit was stored to memory at: [ 991.072182][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 991.072182][T18675] do_SYSENTER_32+0x73/0x90 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 991.072182][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 991.072182][T18675] RIP: 0023:0xf7f29549 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 991.072182][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 991.072182][T18675] Uninit was stored to memory at: [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.072182][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.921608][T18650] [ 991.072182][T18675] __msan_chain_origin+0x57/0xa0 [ 990.921608][T18650] Uninit was stored to memory at: [ 991.072182][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 991.072182][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 991.072182][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 991.072182][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 991.072182][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] do_SYSENTER_32+0x73/0x90 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 991.072182][T18675] Uninit was stored to memory at: [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.072182][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.921608][T18650] [ 991.072182][T18675] __msan_chain_origin+0x57/0xa0 [ 990.921608][T18650] Uninit was stored to memory at: [ 991.072182][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 991.072182][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 991.072182][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 991.072182][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 991.072182][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] do_SYSENTER_32+0x73/0x90 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 991.072182][T18675] Uninit was stored to memory at: [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.072182][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.921608][T18650] [ 991.072182][T18675] __msan_chain_origin+0x57/0xa0 [ 990.921608][T18650] Uninit was stored to memory at: [ 991.072182][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.921608][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 991.072182][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.921608][T18650] __msan_chain_origin+0x57/0xa0 [ 991.072182][T18675] do_recvmmsg+0xdc7/0x22e0 [ 990.921608][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 991.072182][T18675] __sys_recvmmsg+0x340/0x5f0 [ 990.921608][T18650] get_compat_msghdr+0x108/0x2b0 [ 991.072182][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 990.921608][T18650] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 990.921608][T18650] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] __do_fast_syscall_32+0x129/0x180 [ 990.921608][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] do_fast_syscall_32+0x6a/0xc0 [ 990.921608][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] do_SYSENTER_32+0x73/0x90 [ 990.921608][T18650] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 990.921608][T18650] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] [ 990.921608][T18650] do_SYSENTER_32+0x73/0x90 [ 991.072182][T18675] Uninit was stored to memory at: [ 990.921608][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.072182][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 990.921608][T18650] [ 991.072182][T18675] __msan_chain_origin+0x57/0xa0 [ 990.921608][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 991.072182][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 990.921608][T18650] do_recvmmsg+0xc2/0x22e0 [ 991.072182][T18675] get_compat_msghdr+0x108/0x2b0 [ 990.921608][T18650] do_recvmmsg+0xc2/0x22e0 [ 991.072182][T18675] do_recvmmsg+0xdc7/0x22e0 [ 991.072182][T18675] __sys_recvmmsg+0x340/0x5f0 [ 991.072182][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.072182][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 991.072182][T18675] __do_fast_syscall_32+0x129/0x180 [ 991.072182][T18675] do_fast_syscall_32+0x6a/0xc0 [ 991.072182][T18675] do_SYSENTER_32+0x73/0x90 [ 991.986711][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 991.989639][T18675] [ 991.989639][T18675] Uninit was stored to memory at: [ 991.989639][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 991.989639][T18675] __msan_chain_origin+0x57/0xa0 [ 991.989639][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 991.989639][T18675] get_compat_msghdr+0x108/0x2b0 [ 991.989639][T18675] do_recvmmsg+0xdc7/0x22e0 [ 991.989639][T18675] __sys_recvmmsg+0x340/0x5f0 [ 991.989639][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 991.989639][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.044115][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.044115][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.044115][T18675] do_SYSENTER_32+0x73/0x90 [ 992.044115][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.044115][T18675] [ 992.044115][T18675] Uninit was stored to memory at: [ 992.044115][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.044115][T18675] __msan_chain_origin+0x57/0xa0 [ 992.044115][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.044115][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.044115][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.044115][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.044115][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.044115][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.044115][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.044115][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.044115][T18675] do_SYSENTER_32+0x73/0x90 [ 992.044115][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.044115][T18675] [ 992.044115][T18675] Uninit was stored to memory at: [ 992.044115][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.044115][T18675] __msan_chain_origin+0x57/0xa0 [ 992.044115][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.044115][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.044115][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.044115][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.044115][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.044115][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.182524][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.182524][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.182524][T18675] do_SYSENTER_32+0x73/0x90 [ 992.182524][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.182524][T18675] [ 992.182524][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 992.182524][T18675] do_recvmmsg+0xc2/0x22e0 [ 992.182524][T18675] do_recvmmsg+0xc2/0x22e0 [ 992.516699][T18675] not chained 900000 origins [ 992.521313][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 992.522291][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 992.536121][T18675] Call Trace: [ 992.536121][T18675] dump_stack+0x21c/0x280 [ 992.536121][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 992.536121][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 992.536121][T18675] ? kmsan_get_metadata+0x116/0x180 [ 992.536121][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 992.536121][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 992.536121][T18675] ? _copy_from_user+0x201/0x310 [ 992.536121][T18675] ? kmsan_get_metadata+0x116/0x180 [ 992.536121][T18675] __msan_chain_origin+0x57/0xa0 [ 992.536121][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.536121][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.536121][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.536121][T18675] ? kmsan_get_metadata+0x116/0x180 [ 992.536121][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 992.536121][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 992.536121][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 992.536121][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.536121][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 992.536121][T18675] ? kmsan_get_metadata+0x116/0x180 [ 992.536121][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.536121][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.536121][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.536121][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.536121][T18675] do_SYSENTER_32+0x73/0x90 [ 992.536121][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.536121][T18675] RIP: 0023:0xf7f29549 [ 992.536121][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 992.536121][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 992.536121][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 992.536121][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 992.536121][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 992.536121][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 992.536121][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 992.536121][T18675] Uninit was stored to memory at: [ 992.536121][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.536121][T18675] __msan_chain_origin+0x57/0xa0 [ 992.536121][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.536121][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.536121][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.536121][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.536121][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.536121][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.536121][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.536121][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.536121][T18675] do_SYSENTER_32+0x73/0x90 [ 992.536121][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.536121][T18675] [ 992.536121][T18675] Uninit was stored to memory at: [ 992.536121][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.536121][T18675] __msan_chain_origin+0x57/0xa0 [ 992.536121][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.536121][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.536121][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.536121][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.536121][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.536121][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.536121][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.536121][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.536121][T18675] do_SYSENTER_32+0x73/0x90 [ 992.536121][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.536121][T18675] [ 992.536121][T18675] Uninit was stored to memory at: [ 992.536121][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.536121][T18675] __msan_chain_origin+0x57/0xa0 [ 992.536121][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.536121][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.536121][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.536121][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.536121][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.536121][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.536121][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.536121][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.536121][T18675] do_SYSENTER_32+0x73/0x90 [ 992.536121][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.536121][T18675] [ 992.536121][T18675] Uninit was stored to memory at: [ 992.536121][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.536121][T18675] __msan_chain_origin+0x57/0xa0 [ 992.536121][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.536121][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.982449][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.982449][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.982449][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.982449][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.982449][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.982449][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.982449][T18675] do_SYSENTER_32+0x73/0x90 [ 992.982449][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.982449][T18675] [ 992.982449][T18675] Uninit was stored to memory at: [ 992.982449][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.982449][T18675] __msan_chain_origin+0x57/0xa0 [ 992.982449][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.982449][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.982449][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.982449][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.982449][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.982449][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.982449][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.982449][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.982449][T18675] do_SYSENTER_32+0x73/0x90 [ 992.982449][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.982449][T18675] [ 992.982449][T18675] Uninit was stored to memory at: [ 992.982449][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.982449][T18675] __msan_chain_origin+0x57/0xa0 [ 992.982449][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.982449][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.982449][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.982449][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.982449][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.982449][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.982449][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.982449][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.982449][T18675] do_SYSENTER_32+0x73/0x90 [ 992.982449][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.982449][T18675] [ 992.982449][T18675] Uninit was stored to memory at: [ 992.982449][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 992.982449][T18675] __msan_chain_origin+0x57/0xa0 [ 992.982449][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 992.982449][T18675] get_compat_msghdr+0x108/0x2b0 [ 992.982449][T18675] do_recvmmsg+0xdc7/0x22e0 [ 992.982449][T18675] __sys_recvmmsg+0x340/0x5f0 [ 992.982449][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 992.982449][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 992.982449][T18675] __do_fast_syscall_32+0x129/0x180 [ 992.982449][T18675] do_fast_syscall_32+0x6a/0xc0 [ 992.982449][T18675] do_SYSENTER_32+0x73/0x90 [ 992.982449][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 992.982449][T18675] [ 992.982449][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 992.982449][T18675] do_recvmmsg+0xc2/0x22e0 [ 992.982449][T18675] do_recvmmsg+0xc2/0x22e0 [ 993.399918][T18650] not chained 910000 origins [ 993.402212][T18650] CPU: 0 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 993.402212][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 993.402212][T18650] Call Trace: [ 993.402212][T18650] dump_stack+0x21c/0x280 [ 993.402212][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 993.402212][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 993.402212][T18650] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 993.402212][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 993.402212][T18650] ? _copy_from_user+0x201/0x310 [ 993.402212][T18650] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 993.402212][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 993.402212][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 993.518836][T18675] not chained 920000 origins [ 993.402212][T18650] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.402212][T18650] RIP: 0023:0xf7fd6549 [ 993.402212][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 993.402212][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 993.402212][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 993.402212][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 993.402212][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 993.402212][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 993.402212][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 993.522181][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] Call Trace: [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] dump_stack+0x21c/0x280 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] ? _copy_from_user+0x201/0x310 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] [ 993.522181][T18675] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] ? kmsan_get_metadata+0x116/0x180 [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] __do_fast_syscall_32+0x129/0x180 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] do_fast_syscall_32+0x6a/0xc0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] do_SYSENTER_32+0x73/0x90 [ 993.402212][T18650] [ 993.522181][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] RIP: 0023:0xf7f29549 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] Uninit was stored to memory at: [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] [ 993.522181][T18675] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] __do_fast_syscall_32+0x129/0x180 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] do_fast_syscall_32+0x6a/0xc0 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] do_SYSENTER_32+0x73/0x90 [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] Uninit was stored to memory at: [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] [ 993.522181][T18675] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] __do_fast_syscall_32+0x129/0x180 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] do_fast_syscall_32+0x6a/0xc0 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] do_SYSENTER_32+0x73/0x90 [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] Uninit was stored to memory at: [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] [ 993.522181][T18675] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] __do_fast_syscall_32+0x129/0x180 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] do_fast_syscall_32+0x6a/0xc0 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] do_SYSENTER_32+0x73/0x90 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] Uninit was stored to memory at: [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] [ 993.522181][T18675] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] Uninit was stored to memory at: [ 993.522181][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 993.522181][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] __msan_chain_origin+0x57/0xa0 [ 993.522181][T18675] __do_fast_syscall_32+0x129/0x180 [ 993.402212][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 993.522181][T18675] do_fast_syscall_32+0x6a/0xc0 [ 993.402212][T18650] get_compat_msghdr+0x108/0x2b0 [ 993.522181][T18675] do_SYSENTER_32+0x73/0x90 [ 993.402212][T18650] do_recvmmsg+0xdc7/0x22e0 [ 993.522181][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.402212][T18650] __sys_recvmmsg+0x340/0x5f0 [ 993.522181][T18675] [ 993.402212][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.522181][T18675] Uninit was stored to memory at: [ 993.402212][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.522181][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 993.402212][T18650] __do_fast_syscall_32+0x129/0x180 [ 993.522181][T18675] __msan_chain_origin+0x57/0xa0 [ 993.402212][T18650] do_fast_syscall_32+0x6a/0xc0 [ 993.522181][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 993.402212][T18650] do_SYSENTER_32+0x73/0x90 [ 993.522181][T18675] get_compat_msghdr+0x108/0x2b0 [ 993.402212][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 993.522181][T18675] do_recvmmsg+0xdc7/0x22e0 [ 993.402212][T18650] [ 993.522181][T18675] __sys_recvmmsg+0x340/0x5f0 [ 993.402212][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 993.522181][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 993.402212][T18650] do_recvmmsg+0xc2/0x22e0 [ 993.522181][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 993.402212][T18650] do_recvmmsg+0xc2/0x22e0 [ 993.522181][T18675] __do_fast_syscall_32+0x129/0x180 [ 994.680953][T18675] do_fast_syscall_32+0x6a/0xc0 [ 994.680953][T18675] do_SYSENTER_32+0x73/0x90 [ 994.680953][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 994.680953][T18675] [ 994.680953][T18675] Uninit was stored to memory at: [ 994.680953][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 994.726468][T18675] __msan_chain_origin+0x57/0xa0 [ 994.726468][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 994.726468][T18675] get_compat_msghdr+0x108/0x2b0 [ 994.726468][T18675] do_recvmmsg+0xdc7/0x22e0 [ 994.726468][T18675] __sys_recvmmsg+0x340/0x5f0 [ 994.726468][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 994.726468][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 994.726468][T18675] __do_fast_syscall_32+0x129/0x180 [ 994.726468][T18675] do_fast_syscall_32+0x6a/0xc0 [ 994.726468][T18675] do_SYSENTER_32+0x73/0x90 [ 994.726468][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 994.726468][T18675] [ 994.726468][T18675] Uninit was stored to memory at: [ 994.726468][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 994.726468][T18675] __msan_chain_origin+0x57/0xa0 [ 994.726468][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 994.726468][T18675] get_compat_msghdr+0x108/0x2b0 [ 994.726468][T18675] do_recvmmsg+0xdc7/0x22e0 [ 994.726468][T18675] __sys_recvmmsg+0x340/0x5f0 [ 994.726468][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 994.726468][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 994.726468][T18675] __do_fast_syscall_32+0x129/0x180 [ 994.726468][T18675] do_fast_syscall_32+0x6a/0xc0 [ 994.726468][T18675] do_SYSENTER_32+0x73/0x90 [ 994.726468][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 994.726468][T18675] [ 994.726468][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 994.726468][T18675] do_recvmmsg+0xc2/0x22e0 [ 994.726468][T18675] do_recvmmsg+0xc2/0x22e0 [ 995.222066][T18650] not chained 930000 origins [ 995.222375][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 995.222375][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 995.222375][T18650] Call Trace: [ 995.222375][T18650] dump_stack+0x21c/0x280 [ 995.222375][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 995.222375][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 995.222375][T18650] ? kmsan_get_metadata+0x116/0x180 [ 995.222375][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 995.222375][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 995.222375][T18650] ? _copy_from_user+0x201/0x310 [ 995.222375][T18650] ? kmsan_get_metadata+0x116/0x180 [ 995.222375][T18650] __msan_chain_origin+0x57/0xa0 [ 995.222375][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.300959][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.300959][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.300959][T18650] ? kmsan_get_metadata+0x116/0x180 [ 995.300959][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 995.300959][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 995.300959][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 995.300959][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.300959][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 995.300959][T18650] ? kmsan_get_metadata+0x116/0x180 [ 995.300959][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.300959][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.300959][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.300959][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.300959][T18650] do_SYSENTER_32+0x73/0x90 [ 995.300959][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.300959][T18650] RIP: 0023:0xf7fd6549 [ 995.300959][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 995.300959][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 995.300959][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 995.300959][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 995.300959][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 995.300959][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 995.300959][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 995.300959][T18650] Uninit was stored to memory at: [ 995.300959][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.300959][T18650] __msan_chain_origin+0x57/0xa0 [ 995.300959][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.300959][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.300959][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.300959][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.300959][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.300959][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.300959][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.300959][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.300959][T18650] do_SYSENTER_32+0x73/0x90 [ 995.300959][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.300959][T18650] [ 995.300959][T18650] Uninit was stored to memory at: [ 995.300959][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.300959][T18650] __msan_chain_origin+0x57/0xa0 [ 995.300959][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.300959][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.300959][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.300959][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.300959][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.300959][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.300959][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.300959][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.300959][T18650] do_SYSENTER_32+0x73/0x90 [ 995.300959][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.300959][T18650] [ 995.300959][T18650] Uninit was stored to memory at: [ 995.300959][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.300959][T18650] __msan_chain_origin+0x57/0xa0 [ 995.300959][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.300959][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.300959][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.623494][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.623494][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.623494][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.623494][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.623494][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.623494][T18650] do_SYSENTER_32+0x73/0x90 [ 995.623494][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.623494][T18650] [ 995.623494][T18650] Uninit was stored to memory at: [ 995.623494][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.623494][T18650] __msan_chain_origin+0x57/0xa0 [ 995.623494][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.623494][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.623494][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.692294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.692294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.692294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.705903][T18675] not chained 940000 origins [ 995.692294][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.712202][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 995.692294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.712202][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 995.692294][T18650] do_SYSENTER_32+0x73/0x90 [ 995.712202][T18675] Call Trace: [ 995.692294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.712202][T18675] dump_stack+0x21c/0x280 [ 995.692294][T18650] [ 995.712202][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 995.692294][T18650] Uninit was stored to memory at: [ 995.712202][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 995.692294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.712202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 995.692294][T18650] __msan_chain_origin+0x57/0xa0 [ 995.712202][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 995.692294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.712202][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 995.692294][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.712202][T18675] ? _copy_from_user+0x201/0x310 [ 995.692294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.712202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 995.692294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.712202][T18675] __msan_chain_origin+0x57/0xa0 [ 995.692294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.712202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 995.692294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.712202][T18675] get_compat_msghdr+0x108/0x2b0 [ 995.692294][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.712202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 995.692294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.712202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 995.692294][T18650] do_SYSENTER_32+0x73/0x90 [ 995.712202][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 995.692294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.712202][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 995.692294][T18650] [ 995.712202][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 995.692294][T18650] Uninit was stored to memory at: [ 995.712202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 995.692294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.712202][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 995.692294][T18650] __msan_chain_origin+0x57/0xa0 [ 995.712202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 995.692294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.712202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.692294][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.712202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.692294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.712202][T18675] __do_fast_syscall_32+0x129/0x180 [ 995.692294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.712202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 995.692294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.712202][T18675] do_SYSENTER_32+0x73/0x90 [ 995.692294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.712202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.692294][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.712202][T18675] RIP: 0023:0xf7f29549 [ 995.692294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.712202][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 995.692294][T18650] do_SYSENTER_32+0x73/0x90 [ 995.712202][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 995.692294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.712202][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 995.692294][T18650] [ 995.712202][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 995.692294][T18650] Uninit was stored to memory at: [ 995.712202][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 995.692294][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 995.712202][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 995.692294][T18650] __msan_chain_origin+0x57/0xa0 [ 995.712202][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 995.692294][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 995.712202][T18675] Uninit was stored to memory at: [ 995.692294][T18650] get_compat_msghdr+0x108/0x2b0 [ 995.712202][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 995.692294][T18650] do_recvmmsg+0xdc7/0x22e0 [ 995.712202][T18675] __msan_chain_origin+0x57/0xa0 [ 995.692294][T18650] __sys_recvmmsg+0x340/0x5f0 [ 995.712202][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 995.692294][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.712202][T18675] get_compat_msghdr+0x108/0x2b0 [ 995.692294][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.712202][T18675] do_recvmmsg+0xdc7/0x22e0 [ 995.692294][T18650] __do_fast_syscall_32+0x129/0x180 [ 995.712202][T18675] __sys_recvmmsg+0x340/0x5f0 [ 995.692294][T18650] do_fast_syscall_32+0x6a/0xc0 [ 995.712202][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 995.692294][T18650] do_SYSENTER_32+0x73/0x90 [ 995.712202][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 995.692294][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.712202][T18675] __do_fast_syscall_32+0x129/0x180 [ 995.692294][T18650] [ 995.712202][T18675] do_fast_syscall_32+0x6a/0xc0 [ 995.692294][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 995.712202][T18675] do_SYSENTER_32+0x73/0x90 [ 995.692294][T18650] do_recvmmsg+0xc2/0x22e0 [ 995.712202][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 995.692294][T18650] do_recvmmsg+0xc2/0x22e0 [ 995.712202][T18675] [ 996.258279][T18675] Uninit was stored to memory at: [ 996.258279][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 996.258279][T18675] __msan_chain_origin+0x57/0xa0 [ 996.275187][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 996.275187][T18675] get_compat_msghdr+0x108/0x2b0 [ 996.282628][T18675] do_recvmmsg+0xdc7/0x22e0 [ 996.282628][T18675] __sys_recvmmsg+0x340/0x5f0 [ 996.282628][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.297762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.297762][T18675] __do_fast_syscall_32+0x129/0x180 [ 996.297762][T18675] do_fast_syscall_32+0x6a/0xc0 [ 996.297762][T18675] do_SYSENTER_32+0x73/0x90 [ 996.297762][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.297762][T18675] [ 996.297762][T18675] Uninit was stored to memory at: [ 996.297762][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 996.297762][T18675] __msan_chain_origin+0x57/0xa0 [ 996.297762][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 996.297762][T18675] get_compat_msghdr+0x108/0x2b0 [ 996.297762][T18675] do_recvmmsg+0xdc7/0x22e0 [ 996.297762][T18675] __sys_recvmmsg+0x340/0x5f0 [ 996.297762][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.297762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.297762][T18675] __do_fast_syscall_32+0x129/0x180 [ 996.297762][T18675] do_fast_syscall_32+0x6a/0xc0 [ 996.297762][T18675] do_SYSENTER_32+0x73/0x90 [ 996.297762][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.297762][T18675] [ 996.297762][T18675] Uninit was stored to memory at: [ 996.297762][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 996.297762][T18675] __msan_chain_origin+0x57/0xa0 [ 996.297762][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 996.297762][T18675] get_compat_msghdr+0x108/0x2b0 [ 996.297762][T18675] do_recvmmsg+0xdc7/0x22e0 [ 996.297762][T18675] __sys_recvmmsg+0x340/0x5f0 [ 996.297762][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.297762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.297762][T18675] __do_fast_syscall_32+0x129/0x180 [ 996.297762][T18675] do_fast_syscall_32+0x6a/0xc0 [ 996.456480][T18650] not chained 950000 origins [ 996.297762][T18675] do_SYSENTER_32+0x73/0x90 [ 996.462191][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 996.297762][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.462191][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 996.297762][T18675] [ 996.462191][T18650] Call Trace: [ 996.297762][T18675] Uninit was stored to memory at: [ 996.462191][T18650] dump_stack+0x21c/0x280 [ 996.297762][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 996.462191][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 996.297762][T18675] __msan_chain_origin+0x57/0xa0 [ 996.462191][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 996.297762][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 996.462191][T18650] ? kmsan_get_metadata+0x116/0x180 [ 996.297762][T18675] get_compat_msghdr+0x108/0x2b0 [ 996.462191][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 996.297762][T18675] do_recvmmsg+0xdc7/0x22e0 [ 996.462191][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 996.297762][T18675] __sys_recvmmsg+0x340/0x5f0 [ 996.462191][T18650] ? _copy_from_user+0x201/0x310 [ 996.297762][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.462191][T18650] ? kmsan_get_metadata+0x116/0x180 [ 996.297762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.462191][T18650] __msan_chain_origin+0x57/0xa0 [ 996.297762][T18675] __do_fast_syscall_32+0x129/0x180 [ 996.462191][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 996.297762][T18675] do_fast_syscall_32+0x6a/0xc0 [ 996.462191][T18650] get_compat_msghdr+0x108/0x2b0 [ 996.297762][T18675] do_SYSENTER_32+0x73/0x90 [ 996.462191][T18650] do_recvmmsg+0xdc7/0x22e0 [ 996.297762][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.462191][T18650] ? kmsan_get_metadata+0x116/0x180 [ 996.297762][T18675] [ 996.462191][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 996.297762][T18675] Uninit was stored to memory at: [ 996.462191][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 996.297762][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 996.462191][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 996.297762][T18675] __msan_chain_origin+0x57/0xa0 [ 996.462191][T18650] __sys_recvmmsg+0x340/0x5f0 [ 996.297762][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 996.462191][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 996.297762][T18675] get_compat_msghdr+0x108/0x2b0 [ 996.462191][T18650] ? kmsan_get_metadata+0x116/0x180 [ 996.297762][T18675] do_recvmmsg+0xdc7/0x22e0 [ 996.462191][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.297762][T18675] __sys_recvmmsg+0x340/0x5f0 [ 996.462191][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.297762][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.462191][T18650] __do_fast_syscall_32+0x129/0x180 [ 996.297762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.462191][T18650] do_fast_syscall_32+0x6a/0xc0 [ 996.297762][T18675] __do_fast_syscall_32+0x129/0x180 [ 996.462191][T18650] do_SYSENTER_32+0x73/0x90 [ 996.297762][T18675] do_fast_syscall_32+0x6a/0xc0 [ 996.462191][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.297762][T18675] do_SYSENTER_32+0x73/0x90 [ 996.462191][T18650] RIP: 0023:0xf7fd6549 [ 996.297762][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.462191][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 996.297762][T18675] [ 996.462191][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 996.297762][T18675] Uninit was stored to memory at: [ 996.462191][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 996.297762][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 996.462191][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 996.297762][T18675] __msan_chain_origin+0x57/0xa0 [ 996.462191][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 996.297762][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 996.462191][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 996.297762][T18675] get_compat_msghdr+0x108/0x2b0 [ 996.462191][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 996.297762][T18675] do_recvmmsg+0xdc7/0x22e0 [ 996.462191][T18650] Uninit was stored to memory at: [ 996.297762][T18675] __sys_recvmmsg+0x340/0x5f0 [ 996.462191][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 996.297762][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.462191][T18650] __msan_chain_origin+0x57/0xa0 [ 996.297762][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.462191][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 996.297762][T18675] __do_fast_syscall_32+0x129/0x180 [ 996.462191][T18650] get_compat_msghdr+0x108/0x2b0 [ 996.297762][T18675] do_fast_syscall_32+0x6a/0xc0 [ 996.462191][T18650] do_recvmmsg+0xdc7/0x22e0 [ 996.297762][T18675] do_SYSENTER_32+0x73/0x90 [ 996.462191][T18650] __sys_recvmmsg+0x340/0x5f0 [ 996.297762][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.462191][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.297762][T18675] [ 996.462191][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.297762][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 996.462191][T18650] __do_fast_syscall_32+0x129/0x180 [ 996.297762][T18675] do_recvmmsg+0xc2/0x22e0 [ 996.462191][T18650] do_fast_syscall_32+0x6a/0xc0 [ 996.297762][T18675] do_recvmmsg+0xc2/0x22e0 [ 996.462191][T18650] do_SYSENTER_32+0x73/0x90 [ 996.986920][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 996.991692][T18650] [ 996.991692][T18650] Uninit was stored to memory at: [ 996.991692][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 996.991692][T18650] __msan_chain_origin+0x57/0xa0 [ 996.991692][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 996.991692][T18650] get_compat_msghdr+0x108/0x2b0 [ 996.991692][T18650] do_recvmmsg+0xdc7/0x22e0 [ 996.991692][T18650] __sys_recvmmsg+0x340/0x5f0 [ 996.991692][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 996.991692][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 996.991692][T18650] __do_fast_syscall_32+0x129/0x180 [ 996.991692][T18650] do_fast_syscall_32+0x6a/0xc0 [ 996.991692][T18650] do_SYSENTER_32+0x73/0x90 [ 996.991692][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.066213][T18650] [ 997.066213][T18650] Uninit was stored to memory at: [ 997.066213][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.066213][T18650] __msan_chain_origin+0x57/0xa0 [ 997.066213][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.066213][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.066213][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.066213][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.066213][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.066213][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.066213][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.066213][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.066213][T18650] do_SYSENTER_32+0x73/0x90 [ 997.066213][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.066213][T18650] [ 997.066213][T18650] Uninit was stored to memory at: [ 997.066213][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.066213][T18650] __msan_chain_origin+0x57/0xa0 [ 997.066213][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.066213][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.066213][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.066213][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.066213][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.066213][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.066213][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.066213][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.066213][T18650] do_SYSENTER_32+0x73/0x90 [ 997.066213][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.066213][T18650] [ 997.066213][T18650] Uninit was stored to memory at: [ 997.066213][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.066213][T18650] __msan_chain_origin+0x57/0xa0 [ 997.066213][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.066213][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.066213][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.066213][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.066213][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.066213][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.066213][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.066213][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.066213][T18650] do_SYSENTER_32+0x73/0x90 [ 997.066213][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.066213][T18650] [ 997.066213][T18650] Uninit was stored to memory at: [ 997.066213][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.066213][T18650] __msan_chain_origin+0x57/0xa0 [ 997.066213][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.066213][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.066213][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.066213][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.066213][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.066213][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.066213][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.066213][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.066213][T18650] do_SYSENTER_32+0x73/0x90 [ 997.066213][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.066213][T18650] [ 997.066213][T18650] Uninit was stored to memory at: [ 997.066213][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.066213][T18650] __msan_chain_origin+0x57/0xa0 [ 997.066213][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.066213][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.066213][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.066213][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.066213][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.066213][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.066213][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.066213][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.066213][T18650] do_SYSENTER_32+0x73/0x90 [ 997.066213][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.066213][T18650] [ 997.066213][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 997.066213][T18650] do_recvmmsg+0xc2/0x22e0 [ 997.066213][T18650] do_recvmmsg+0xc2/0x22e0 [ 997.698748][T18650] not chained 960000 origins [ 997.702315][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 997.702315][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 997.702315][T18650] Call Trace: [ 997.702315][T18650] dump_stack+0x21c/0x280 [ 997.702315][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 997.702315][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 997.702315][T18650] ? kmsan_get_metadata+0x116/0x180 [ 997.702315][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 997.702315][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 997.702315][T18650] ? _copy_from_user+0x201/0x310 [ 997.758558][T18650] ? kmsan_get_metadata+0x116/0x180 [ 997.758558][T18650] __msan_chain_origin+0x57/0xa0 [ 997.772391][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.772391][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.772391][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.772391][T18650] ? kmsan_get_metadata+0x116/0x180 [ 997.772391][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 997.772391][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 997.772391][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 997.772391][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.772391][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 997.772391][T18650] ? kmsan_get_metadata+0x116/0x180 [ 997.772391][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.772391][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.772391][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.772391][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.842352][T18650] do_SYSENTER_32+0x73/0x90 [ 997.842352][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.842352][T18650] RIP: 0023:0xf7fd6549 [ 997.842352][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 997.842352][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 997.842352][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 997.842352][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 997.842352][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 997.842352][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 997.842352][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 997.842352][T18650] Uninit was stored to memory at: [ 997.842352][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.842352][T18650] __msan_chain_origin+0x57/0xa0 [ 997.842352][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.842352][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.842352][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.842352][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.842352][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.842352][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.842352][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.842352][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.842352][T18650] do_SYSENTER_32+0x73/0x90 [ 997.842352][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.842352][T18650] [ 997.842352][T18650] Uninit was stored to memory at: [ 997.842352][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.842352][T18650] __msan_chain_origin+0x57/0xa0 [ 997.842352][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.842352][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.842352][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.842352][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.842352][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.842352][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.842352][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.842352][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.842352][T18650] do_SYSENTER_32+0x73/0x90 [ 997.842352][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.842352][T18650] [ 997.842352][T18650] Uninit was stored to memory at: [ 997.842352][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.842352][T18650] __msan_chain_origin+0x57/0xa0 [ 997.842352][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.842352][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.842352][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.842352][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.842352][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.842352][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 997.842352][T18650] __do_fast_syscall_32+0x129/0x180 [ 997.842352][T18650] do_fast_syscall_32+0x6a/0xc0 [ 997.842352][T18650] do_SYSENTER_32+0x73/0x90 [ 997.842352][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 997.842352][T18650] [ 997.842352][T18650] Uninit was stored to memory at: [ 997.842352][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 997.842352][T18650] __msan_chain_origin+0x57/0xa0 [ 997.842352][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 997.842352][T18650] get_compat_msghdr+0x108/0x2b0 [ 997.842352][T18650] do_recvmmsg+0xdc7/0x22e0 [ 997.842352][T18650] __sys_recvmmsg+0x340/0x5f0 [ 997.842352][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 997.842352][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.185788][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.190458][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.190458][T18650] do_SYSENTER_32+0x73/0x90 [ 998.190458][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.190458][T18650] [ 998.190458][T18650] Uninit was stored to memory at: [ 998.190458][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 998.190458][T18650] __msan_chain_origin+0x57/0xa0 [ 998.190458][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.190458][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.190458][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.190458][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.190458][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.190458][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.190458][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.190458][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.190458][T18650] do_SYSENTER_32+0x73/0x90 [ 998.190458][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.190458][T18650] [ 998.190458][T18650] Uninit was stored to memory at: [ 998.190458][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 998.190458][T18650] __msan_chain_origin+0x57/0xa0 [ 998.190458][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.190458][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.190458][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.190458][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.190458][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.190458][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.190458][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.190458][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.190458][T18650] do_SYSENTER_32+0x73/0x90 [ 998.190458][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.190458][T18650] [ 998.190458][T18650] Uninit was stored to memory at: [ 998.190458][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 998.190458][T18650] __msan_chain_origin+0x57/0xa0 [ 998.190458][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.190458][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.190458][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.190458][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.190458][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.190458][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.190458][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.190458][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.190458][T18650] do_SYSENTER_32+0x73/0x90 [ 998.190458][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.190458][T18650] [ 998.190458][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 998.190458][T18650] do_recvmmsg+0xc2/0x22e0 [ 998.190458][T18650] do_recvmmsg+0xc2/0x22e0 [ 998.709144][T18650] not chained 970000 origins [ 998.712198][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 998.712198][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.712198][T18650] Call Trace: [ 998.712198][T18650] dump_stack+0x21c/0x280 [ 998.712198][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 998.712198][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 998.712198][T18650] ? kmsan_get_metadata+0x116/0x180 [ 998.712198][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 998.712198][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 998.712198][T18650] ? _copy_from_user+0x201/0x310 [ 998.712198][T18650] ? kmsan_get_metadata+0x116/0x180 [ 998.712198][T18650] __msan_chain_origin+0x57/0xa0 [ 998.782705][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.782705][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.782705][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.782705][T18650] ? kmsan_get_metadata+0x116/0x180 [ 998.782705][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 998.782705][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 998.782705][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 998.782705][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.782705][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 998.782705][T18650] ? kmsan_get_metadata+0x116/0x180 [ 998.782705][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.782705][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.782705][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.782705][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.782705][T18650] do_SYSENTER_32+0x73/0x90 [ 998.782705][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.782705][T18650] RIP: 0023:0xf7fd6549 [ 998.782705][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 998.782705][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 998.782705][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 998.782705][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 998.782705][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 998.782705][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 998.782705][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 998.782705][T18650] Uninit was stored to memory at: [ 998.782705][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 998.782705][T18650] __msan_chain_origin+0x57/0xa0 [ 998.782705][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.782705][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.782705][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.782705][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.782705][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.782705][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.982483][T18650] [ 998.982483][T18650] Uninit was stored to memory at: [ 998.982483][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 998.982483][T18650] __msan_chain_origin+0x57/0xa0 [ 998.982483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.982483][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.982483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.982483][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.982483][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.982483][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.982483][T18650] [ 998.982483][T18650] Uninit was stored to memory at: [ 998.982483][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 998.982483][T18650] __msan_chain_origin+0x57/0xa0 [ 998.982483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 998.982483][T18650] get_compat_msghdr+0x108/0x2b0 [ 998.982483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 998.982483][T18650] __sys_recvmmsg+0x340/0x5f0 [ 998.982483][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.982483][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.982483][T18650] [ 998.982483][T18650] Uninit was stored to memory at: [ 999.151596][T18675] not chained 980000 origins [ 998.982483][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 999.152205][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 998.982483][T18650] __msan_chain_origin+0x57/0xa0 [ 999.152205][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.982483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 999.152205][T18675] Call Trace: [ 998.982483][T18650] get_compat_msghdr+0x108/0x2b0 [ 999.152205][T18675] dump_stack+0x21c/0x280 [ 998.982483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 999.152205][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 998.982483][T18650] __sys_recvmmsg+0x340/0x5f0 [ 999.152205][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 998.982483][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.152205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 998.982483][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.152205][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 999.152205][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 999.152205][T18675] ? _copy_from_user+0x201/0x310 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 999.152205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.152205][T18675] __msan_chain_origin+0x57/0xa0 [ 998.982483][T18650] [ 999.152205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 998.982483][T18650] Uninit was stored to memory at: [ 999.152205][T18675] get_compat_msghdr+0x108/0x2b0 [ 998.982483][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 999.152205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 998.982483][T18650] __msan_chain_origin+0x57/0xa0 [ 999.152205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 998.982483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 999.152205][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 998.982483][T18650] get_compat_msghdr+0x108/0x2b0 [ 999.152205][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 998.982483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 999.152205][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 998.982483][T18650] __sys_recvmmsg+0x340/0x5f0 [ 999.152205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 998.982483][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.152205][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 998.982483][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.152205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 999.152205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 999.152205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 999.152205][T18675] __do_fast_syscall_32+0x129/0x180 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.152205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 998.982483][T18650] [ 999.152205][T18675] do_SYSENTER_32+0x73/0x90 [ 998.982483][T18650] Uninit was stored to memory at: [ 999.152205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.982483][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 999.152205][T18675] RIP: 0023:0xf7f29549 [ 998.982483][T18650] __msan_chain_origin+0x57/0xa0 [ 999.152205][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 998.982483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 999.152205][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 998.982483][T18650] get_compat_msghdr+0x108/0x2b0 [ 999.152205][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 998.982483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 999.152205][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 998.982483][T18650] __sys_recvmmsg+0x340/0x5f0 [ 999.152205][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 998.982483][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.152205][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 998.982483][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.152205][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 999.152205][T18675] Uninit was stored to memory at: [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 999.152205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 999.152205][T18675] __msan_chain_origin+0x57/0xa0 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.152205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 998.982483][T18650] [ 999.152205][T18675] get_compat_msghdr+0x108/0x2b0 [ 998.982483][T18650] Uninit was stored to memory at: [ 999.152205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 998.982483][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 999.152205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 998.982483][T18650] __msan_chain_origin+0x57/0xa0 [ 999.152205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 998.982483][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 999.152205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 998.982483][T18650] get_compat_msghdr+0x108/0x2b0 [ 999.152205][T18675] __do_fast_syscall_32+0x129/0x180 [ 998.982483][T18650] do_recvmmsg+0xdc7/0x22e0 [ 999.152205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 998.982483][T18650] __sys_recvmmsg+0x340/0x5f0 [ 999.152205][T18675] do_SYSENTER_32+0x73/0x90 [ 998.982483][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.152205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 998.982483][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.152205][T18675] [ 998.982483][T18650] __do_fast_syscall_32+0x129/0x180 [ 999.152205][T18675] Uninit was stored to memory at: [ 998.982483][T18650] do_fast_syscall_32+0x6a/0xc0 [ 999.152205][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 998.982483][T18650] do_SYSENTER_32+0x73/0x90 [ 999.152205][T18675] __msan_chain_origin+0x57/0xa0 [ 998.982483][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.152205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 998.982483][T18650] [ 999.152205][T18675] get_compat_msghdr+0x108/0x2b0 [ 998.982483][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 999.152205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 998.982483][T18650] do_recvmmsg+0xc2/0x22e0 [ 999.152205][T18675] __sys_recvmmsg+0x340/0x5f0 [ 998.982483][T18650] do_recvmmsg+0xc2/0x22e0 [ 999.152205][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.152205][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.152205][T18675] __do_fast_syscall_32+0x129/0x180 [ 999.152205][T18675] do_fast_syscall_32+0x6a/0xc0 [ 999.152205][T18675] do_SYSENTER_32+0x73/0x90 [ 999.152205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.152205][T18675] [ 999.152205][T18675] Uninit was stored to memory at: [ 999.818597][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 999.824489][T18675] __msan_chain_origin+0x57/0xa0 [ 999.824489][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 999.836359][T18675] get_compat_msghdr+0x108/0x2b0 [ 999.836359][T18675] do_recvmmsg+0xdc7/0x22e0 [ 999.836359][T18675] __sys_recvmmsg+0x340/0x5f0 [ 999.836359][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.836359][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.836359][T18675] __do_fast_syscall_32+0x129/0x180 [ 999.836359][T18675] do_fast_syscall_32+0x6a/0xc0 [ 999.836359][T18675] do_SYSENTER_32+0x73/0x90 [ 999.836359][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.836359][T18675] [ 999.836359][T18675] Uninit was stored to memory at: [ 999.836359][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 999.836359][T18675] __msan_chain_origin+0x57/0xa0 [ 999.836359][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 999.836359][T18675] get_compat_msghdr+0x108/0x2b0 [ 999.836359][T18675] do_recvmmsg+0xdc7/0x22e0 [ 999.836359][T18675] __sys_recvmmsg+0x340/0x5f0 [ 999.836359][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.836359][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.836359][T18675] __do_fast_syscall_32+0x129/0x180 [ 999.836359][T18675] do_fast_syscall_32+0x6a/0xc0 [ 999.836359][T18675] do_SYSENTER_32+0x73/0x90 [ 999.836359][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.836359][T18675] [ 999.836359][T18675] Uninit was stored to memory at: [ 999.836359][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 999.836359][T18675] __msan_chain_origin+0x57/0xa0 [ 999.971688][T18650] not chained 990000 origins [ 999.836359][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 999.972182][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 999.836359][T18675] get_compat_msghdr+0x108/0x2b0 [ 999.972182][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 999.836359][T18675] do_recvmmsg+0xdc7/0x22e0 [ 999.972182][T18650] Call Trace: [ 999.836359][T18675] __sys_recvmmsg+0x340/0x5f0 [ 999.972182][T18650] dump_stack+0x21c/0x280 [ 999.836359][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.972182][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 999.836359][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.972182][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 999.836359][T18675] __do_fast_syscall_32+0x129/0x180 [ 999.972182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 999.836359][T18675] do_fast_syscall_32+0x6a/0xc0 [ 999.972182][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 999.836359][T18675] do_SYSENTER_32+0x73/0x90 [ 999.972182][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 999.836359][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.972182][T18650] ? _copy_from_user+0x201/0x310 [ 999.836359][T18675] [ 999.972182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 999.836359][T18675] Uninit was stored to memory at: [ 999.972182][T18650] __msan_chain_origin+0x57/0xa0 [ 999.836359][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 999.972182][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 999.836359][T18675] __msan_chain_origin+0x57/0xa0 [ 999.972182][T18650] get_compat_msghdr+0x108/0x2b0 [ 999.836359][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 999.972182][T18650] do_recvmmsg+0xdc7/0x22e0 [ 999.836359][T18675] get_compat_msghdr+0x108/0x2b0 [ 999.972182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 999.836359][T18675] do_recvmmsg+0xdc7/0x22e0 [ 999.972182][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 999.836359][T18675] __sys_recvmmsg+0x340/0x5f0 [ 999.972182][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 999.836359][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.972182][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 999.836359][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.972182][T18650] __sys_recvmmsg+0x340/0x5f0 [ 999.836359][T18675] __do_fast_syscall_32+0x129/0x180 [ 999.972182][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 999.836359][T18675] do_fast_syscall_32+0x6a/0xc0 [ 999.972182][T18650] ? kmsan_get_metadata+0x116/0x180 [ 999.836359][T18675] do_SYSENTER_32+0x73/0x90 [ 999.972182][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.836359][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.972182][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.836359][T18675] [ 999.972182][T18650] __do_fast_syscall_32+0x129/0x180 [ 999.836359][T18675] Uninit was stored to memory at: [ 999.972182][T18650] do_fast_syscall_32+0x6a/0xc0 [ 999.836359][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 999.972182][T18650] do_SYSENTER_32+0x73/0x90 [ 999.836359][T18675] __msan_chain_origin+0x57/0xa0 [ 999.972182][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.836359][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 999.972182][T18650] RIP: 0023:0xf7fd6549 [ 999.836359][T18675] get_compat_msghdr+0x108/0x2b0 [ 999.972182][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 999.836359][T18675] do_recvmmsg+0xdc7/0x22e0 [ 999.972182][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 999.836359][T18675] __sys_recvmmsg+0x340/0x5f0 [ 999.972182][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 999.836359][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 999.972182][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 999.836359][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 999.972182][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 999.836359][T18675] __do_fast_syscall_32+0x129/0x180 [ 999.972182][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 999.836359][T18675] do_fast_syscall_32+0x6a/0xc0 [ 999.972182][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 999.836359][T18675] do_SYSENTER_32+0x73/0x90 [ 999.972182][T18650] Uninit was stored to memory at: [ 999.836359][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 999.972182][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 999.836359][T18675] [ 999.972182][T18650] __msan_chain_origin+0x57/0xa0 [ 999.836359][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 999.972182][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 999.836359][T18675] do_recvmmsg+0xc2/0x22e0 [ 999.972182][T18650] get_compat_msghdr+0x108/0x2b0 [ 999.836359][T18675] do_recvmmsg+0xc2/0x22e0 [ 999.972182][T18650] do_recvmmsg+0xdc7/0x22e0 [ 999.972182][T18650] __sys_recvmmsg+0x340/0x5f0 [ 999.972182][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.457142][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.457142][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.457142][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.457142][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.457142][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.457142][T18650] [ 1000.457142][T18650] Uninit was stored to memory at: [ 1000.457142][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1000.457142][T18650] __msan_chain_origin+0x57/0xa0 [ 1000.457142][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1000.457142][T18650] get_compat_msghdr+0x108/0x2b0 [ 1000.512517][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1000.512517][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1000.512517][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.528896][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.528896][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.528896][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.528896][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.528896][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.528896][T18650] [ 1000.528896][T18650] Uninit was stored to memory at: [ 1000.528896][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1000.528896][T18650] __msan_chain_origin+0x57/0xa0 [ 1000.528896][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1000.528896][T18650] get_compat_msghdr+0x108/0x2b0 [ 1000.528896][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1000.528896][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1000.528896][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.528896][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.528896][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.528896][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.528896][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.528896][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.528896][T18650] [ 1000.528896][T18650] Uninit was stored to memory at: [ 1000.528896][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1000.528896][T18650] __msan_chain_origin+0x57/0xa0 [ 1000.528896][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1000.528896][T18650] get_compat_msghdr+0x108/0x2b0 [ 1000.652830][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1000.652830][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1000.652830][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.652830][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.652830][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.652830][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.652830][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.652830][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.652830][T18650] [ 1000.652830][T18650] Uninit was stored to memory at: [ 1000.652830][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1000.652830][T18650] __msan_chain_origin+0x57/0xa0 [ 1000.652830][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1000.652830][T18650] get_compat_msghdr+0x108/0x2b0 [ 1000.652830][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1000.652830][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1000.652830][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.652830][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.652830][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.652830][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.652830][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.652830][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.652830][T18650] [ 1000.652830][T18650] Uninit was stored to memory at: [ 1000.652830][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1000.652830][T18650] __msan_chain_origin+0x57/0xa0 [ 1000.652830][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1000.652830][T18650] get_compat_msghdr+0x108/0x2b0 [ 1000.652830][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1000.652830][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1000.652830][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.652830][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.652830][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.822332][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.822332][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.822332][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.822332][T18650] [ 1000.822332][T18650] Uninit was stored to memory at: [ 1000.822332][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1000.822332][T18650] __msan_chain_origin+0x57/0xa0 [ 1000.822332][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1000.822332][T18650] get_compat_msghdr+0x108/0x2b0 [ 1000.822332][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1000.822332][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1000.822332][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1000.822332][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1000.822332][T18650] __do_fast_syscall_32+0x129/0x180 [ 1000.892330][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1000.892330][T18650] do_SYSENTER_32+0x73/0x90 [ 1000.892330][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1000.892330][T18650] [ 1000.892330][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 1000.892330][T18650] do_recvmmsg+0xc2/0x22e0 [ 1000.892330][T18650] do_recvmmsg+0xc2/0x22e0 [ 1001.148413][T18650] not chained 1000000 origins [ 1001.152199][T18650] CPU: 1 PID: 18650 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0 [ 1001.152199][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1001.152199][T18650] Call Trace: [ 1001.152199][T18650] dump_stack+0x21c/0x280 [ 1001.152199][T18650] kmsan_internal_chain_origin+0x6f/0x130 [ 1001.152199][T18650] ? do_user_addr_fault+0x1045/0x16d0 [ 1001.152199][T18650] ? kmsan_get_metadata+0x116/0x180 [ 1001.152199][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 1001.152199][T18650] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1001.202419][T18650] ? _copy_from_user+0x201/0x310 [ 1001.202419][T18650] ? kmsan_get_metadata+0x116/0x180 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] ? kmsan_get_metadata+0x116/0x180 [ 1001.202419][T18650] ? kmsan_internal_set_origin+0x85/0xc0 [ 1001.202419][T18650] ? __msan_poison_alloca+0xe9/0x110 [ 1001.202419][T18650] ? __sys_recvmmsg+0xb5/0x5f0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1001.202419][T18650] ? kmsan_get_metadata+0x116/0x180 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] RIP: 0023:0xf7fd6549 [ 1001.202419][T18650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1001.202419][T18650] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1001.202419][T18650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1001.202419][T18650] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1001.202419][T18650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1001.202419][T18650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1001.202419][T18650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.202419][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.202419][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.202419][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.202419][T18650] [ 1001.202419][T18650] Uninit was stored to memory at: [ 1001.202419][T18650] kmsan_internal_chain_origin+0xad/0x130 [ 1001.202419][T18650] __msan_chain_origin+0x57/0xa0 [ 1001.202419][T18650] __get_compat_msghdr+0x6db/0x9d0 [ 1001.202419][T18650] get_compat_msghdr+0x108/0x2b0 [ 1001.202419][T18650] do_recvmmsg+0xdc7/0x22e0 [ 1001.202419][T18650] __sys_recvmmsg+0x340/0x5f0 [ 1001.202419][T18650] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1001.202419][T18650] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1001.202419][T18650] __do_fast_syscall_32+0x129/0x180 [ 1001.854921][T18650] do_fast_syscall_32+0x6a/0xc0 [ 1001.854921][T18650] do_SYSENTER_32+0x73/0x90 [ 1001.854921][T18650] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1001.854921][T18650] [ 1001.854921][T18650] Local variable ----msg_sys@do_recvmmsg created at: [ 1001.854921][T18650] do_recvmmsg+0xc2/0x22e0 [ 1001.854921][T18650] do_recvmmsg+0xc2/0x22e0 [ 1002.081239][T18675] not chained 1010000 origins [ 1002.082205][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1002.082205][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.082205][T18675] Call Trace: [ 1002.082205][T18675] dump_stack+0x21c/0x280 [ 1002.082205][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1002.082205][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 1002.082205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1002.082205][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1002.082205][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1002.082205][T18675] ? _copy_from_user+0x201/0x310 [ 1002.082205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1002.082205][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.082205][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.082205][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.082205][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.082205][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1002.172351][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1002.172351][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1002.172351][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1002.172351][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.172351][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1002.172351][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1002.172351][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.172351][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.172351][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] RIP: 0023:0xf7f29549 [ 1002.221509][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1002.221509][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1002.221509][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1002.221509][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1002.221509][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1002.221509][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1002.221509][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Uninit was stored to memory at: [ 1002.221509][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1002.221509][T18675] __msan_chain_origin+0x57/0xa0 [ 1002.221509][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1002.221509][T18675] get_compat_msghdr+0x108/0x2b0 [ 1002.221509][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1002.221509][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1002.221509][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1002.221509][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1002.221509][T18675] __do_fast_syscall_32+0x129/0x180 [ 1002.221509][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1002.221509][T18675] do_SYSENTER_32+0x73/0x90 [ 1002.221509][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1002.221509][T18675] [ 1002.221509][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1002.221509][T18675] do_recvmmsg+0xc2/0x22e0 [ 1002.221509][T18675] do_recvmmsg+0xc2/0x22e0 [ 1003.159203][T18675] not chained 1020000 origins [ 1003.162253][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1003.162253][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1003.162253][T18675] Call Trace: [ 1003.162253][T18675] dump_stack+0x21c/0x280 [ 1003.185977][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1003.185977][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 1003.185977][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1003.185977][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1003.185977][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1003.185977][T18675] ? _copy_from_user+0x201/0x310 [ 1003.185977][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1003.185977][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.185977][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.185977][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.185977][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.185977][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1003.185977][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1003.185977][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1003.185977][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1003.185977][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.185977][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1003.185977][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1003.185977][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.185977][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.185977][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.185977][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.185977][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.185977][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.185977][T18675] RIP: 0023:0xf7f29549 [ 1003.185977][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1003.185977][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1003.343256][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1003.352499][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1003.365308][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1003.365308][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1003.365308][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1003.365308][T18675] Uninit was stored to memory at: [ 1003.392622][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.392622][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.392622][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.392622][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.392622][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.392622][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.392622][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.392622][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.392622][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.392622][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.392622][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.392622][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.392622][T18675] [ 1003.392622][T18675] Uninit was stored to memory at: [ 1003.392622][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.392622][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.392622][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.479228][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.479228][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.479228][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.479228][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.479228][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.479228][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.479228][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.479228][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.479228][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.479228][T18675] [ 1003.479228][T18675] Uninit was stored to memory at: [ 1003.479228][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.479228][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.479228][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.479228][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.479228][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.479228][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.479228][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.479228][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.479228][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.479228][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.479228][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.479228][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.479228][T18675] [ 1003.479228][T18675] Uninit was stored to memory at: [ 1003.479228][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.479228][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.479228][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.479228][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.479228][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.479228][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.479228][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.479228][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.479228][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.479228][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.479228][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.479228][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.479228][T18675] [ 1003.479228][T18675] Uninit was stored to memory at: [ 1003.479228][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.479228][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.479228][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.479228][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.479228][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.479228][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.479228][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.479228][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.479228][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.479228][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.479228][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.479228][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.479228][T18675] [ 1003.479228][T18675] Uninit was stored to memory at: [ 1003.479228][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.479228][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.479228][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.479228][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.479228][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.479228][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.479228][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.479228][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.479228][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.479228][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.479228][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.479228][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.479228][T18675] [ 1003.479228][T18675] Uninit was stored to memory at: [ 1003.479228][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1003.479228][T18675] __msan_chain_origin+0x57/0xa0 [ 1003.479228][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1003.479228][T18675] get_compat_msghdr+0x108/0x2b0 [ 1003.479228][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1003.479228][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1003.479228][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1003.479228][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1003.479228][T18675] __do_fast_syscall_32+0x129/0x180 [ 1003.479228][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1003.479228][T18675] do_SYSENTER_32+0x73/0x90 [ 1003.479228][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1003.479228][T18675] [ 1003.479228][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1003.479228][T18675] do_recvmmsg+0xc2/0x22e0 [ 1003.479228][T18675] do_recvmmsg+0xc2/0x22e0 10:53:12 executing program 5: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)) 10:53:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$CHAR_RAW_FRASET(r0, 0x5450, 0x0) 10:53:12 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) dup3(r0, r1, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) 10:53:12 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x10450, 0x0) r0 = creat(&(0x7f0000000000)='./file0/bus\x00', 0x6857b21ff1155d94) pwritev(r0, &(0x7f00000013c0)=[{&(0x7f0000000180)="04", 0x1}], 0x1, 0x0, 0x0) [ 1004.402061][T18675] not chained 1030000 origins [ 1004.402244][T18675] CPU: 0 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1004.402244][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.402244][T18675] Call Trace: [ 1004.402244][T18675] dump_stack+0x21c/0x280 [ 1004.402244][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1004.402244][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 1004.402244][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1004.402244][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1004.402244][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1004.402244][T18675] ? _copy_from_user+0x201/0x310 [ 1004.463887][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1004.463887][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1004.463887][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1004.463887][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1004.463887][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] RIP: 0023:0xf7f29549 [ 1004.463887][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1004.463887][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1004.463887][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1004.463887][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1004.463887][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1004.463887][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1004.463887][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Uninit was stored to memory at: [ 1004.463887][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1004.463887][T18675] __msan_chain_origin+0x57/0xa0 [ 1004.463887][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1004.463887][T18675] get_compat_msghdr+0x108/0x2b0 [ 1004.463887][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1004.463887][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1004.463887][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1004.463887][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1004.463887][T18675] __do_fast_syscall_32+0x129/0x180 [ 1004.463887][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1004.463887][T18675] do_SYSENTER_32+0x73/0x90 [ 1004.463887][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1004.463887][T18675] [ 1004.463887][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1004.463887][T18675] do_recvmmsg+0xc2/0x22e0 [ 1004.463887][T18675] do_recvmmsg+0xc2/0x22e0 [ 1005.186024][T15950] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.486244][T15950] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.786669][T15950] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1006.107985][T15950] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1006.485918][T15950] tipc: TX() has been purged, node left! [ 1008.134348][T18675] not chained 1040000 origins [ 1008.139052][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1008.142198][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1008.142198][T18675] Call Trace: [ 1008.142198][T18675] dump_stack+0x21c/0x280 [ 1008.163872][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1008.165889][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1008.176159][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1008.176159][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1008.182477][T18675] ? _copy_from_user+0x201/0x310 [ 1008.182477][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1008.182477][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.182477][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.182477][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.182477][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.182477][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1008.182477][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1008.182477][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1008.182477][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1008.182477][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.182477][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1008.182477][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1008.252288][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.252288][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.252288][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.252288][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.252288][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.252288][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.252288][T18675] RIP: 0023:0xf7f29549 [ 1008.252288][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1008.252288][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1008.252288][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1008.322373][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1008.322373][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1008.322373][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1008.322373][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1008.322373][T18675] Uninit was stored to memory at: [ 1008.322373][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.322373][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.322373][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.322373][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.322373][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.322373][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.392376][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.392376][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.392376][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.392376][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.392376][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.392376][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.392376][T18675] [ 1008.392376][T18675] Uninit was stored to memory at: [ 1008.392376][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.392376][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.392376][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.392376][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.392376][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.392376][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.392376][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.392376][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.392376][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.392376][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.392376][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.392376][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.492285][T18675] [ 1008.492285][T18675] Uninit was stored to memory at: [ 1008.492285][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.492285][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.492285][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.492285][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.492285][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.492285][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.492285][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.492285][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.492285][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.492285][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.492285][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.562338][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.562338][T18675] [ 1008.562338][T18675] Uninit was stored to memory at: [ 1008.562338][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.562338][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.562338][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.562338][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.562338][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.562338][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.562338][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.562338][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.562338][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.562338][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.562338][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.632333][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.632333][T18675] [ 1008.632333][T18675] Uninit was stored to memory at: [ 1008.632333][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.632333][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.632333][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.632333][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.632333][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.632333][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.632333][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.632333][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.632333][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.632333][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.632333][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.702331][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.702331][T18675] [ 1008.702331][T18675] Uninit was stored to memory at: [ 1008.702331][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.702331][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.702331][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.702331][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.702331][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.702331][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.702331][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.702331][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.702331][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.702331][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.702331][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.772287][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.772287][T18675] [ 1008.772287][T18675] Uninit was stored to memory at: [ 1008.772287][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1008.772287][T18675] __msan_chain_origin+0x57/0xa0 [ 1008.772287][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1008.772287][T18675] get_compat_msghdr+0x108/0x2b0 [ 1008.772287][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1008.772287][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1008.772287][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1008.772287][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1008.772287][T18675] __do_fast_syscall_32+0x129/0x180 [ 1008.772287][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1008.772287][T18675] do_SYSENTER_32+0x73/0x90 [ 1008.842361][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1008.842361][T18675] [ 1008.842361][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1008.842361][T18675] do_recvmmsg+0xc2/0x22e0 [ 1008.842361][T18675] do_recvmmsg+0xc2/0x22e0 [ 1009.724377][T18675] not chained 1050000 origins [ 1009.729072][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1009.732198][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.732198][T18675] Call Trace: [ 1009.732198][T18675] dump_stack+0x21c/0x280 [ 1009.732198][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1009.732198][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 1009.732198][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1009.732198][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1009.732198][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1009.732198][T18675] ? _copy_from_user+0x201/0x310 [ 1009.732198][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1009.732198][T18675] __msan_chain_origin+0x57/0xa0 [ 1009.732198][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1009.732198][T18675] get_compat_msghdr+0x108/0x2b0 [ 1009.732198][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1009.732198][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1009.732198][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1009.732198][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1009.732198][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1009.732198][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1009.732198][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1009.732198][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1009.732198][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1009.732198][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1009.732198][T18675] __do_fast_syscall_32+0x129/0x180 [ 1009.862471][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1009.862471][T18675] do_SYSENTER_32+0x73/0x90 [ 1009.862471][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1009.862471][T18675] RIP: 0023:0xf7f29549 [ 1009.862471][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1009.862471][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1009.862471][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1009.862471][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1009.862471][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1009.862471][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1009.862471][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1009.862471][T18675] Uninit was stored to memory at: [ 1009.862471][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1009.862471][T18675] __msan_chain_origin+0x57/0xa0 [ 1009.862471][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1009.862471][T18675] get_compat_msghdr+0x108/0x2b0 [ 1009.862471][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1009.862471][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1009.862471][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1009.862471][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1009.862471][T18675] __do_fast_syscall_32+0x129/0x180 [ 1009.862471][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1009.862471][T18675] do_SYSENTER_32+0x73/0x90 [ 1009.862471][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.022589][T18675] [ 1010.023204][T18675] Uninit was stored to memory at: [ 1010.023204][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1010.035378][T18675] __msan_chain_origin+0x57/0xa0 [ 1010.035378][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1010.042321][T18675] get_compat_msghdr+0x108/0x2b0 [ 1010.047866][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1010.052428][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1010.057135][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1010.062468][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1010.072394][T18675] __do_fast_syscall_32+0x129/0x180 [ 1010.075322][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1010.082313][T18675] do_SYSENTER_32+0x73/0x90 [ 1010.082313][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.092419][T18675] [ 1010.095390][T18675] Uninit was stored to memory at: [ 1010.095390][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1010.103490][T18675] __msan_chain_origin+0x57/0xa0 [ 1010.103490][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1010.112415][T18675] get_compat_msghdr+0x108/0x2b0 [ 1010.117105][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1010.122455][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1010.122455][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1010.135262][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1010.142307][T18675] __do_fast_syscall_32+0x129/0x180 [ 1010.142307][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1010.152414][T18675] do_SYSENTER_32+0x73/0x90 [ 1010.155365][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.164186][T18675] [ 1010.164186][T18675] Uninit was stored to memory at: [ 1010.164186][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1010.175484][T18675] __msan_chain_origin+0x57/0xa0 [ 1010.175484][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1010.182471][T18675] get_compat_msghdr+0x108/0x2b0 [ 1010.182471][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1010.195939][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1010.195939][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1010.202459][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1010.212435][T18675] __do_fast_syscall_32+0x129/0x180 [ 1010.215435][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1010.222324][T18675] do_SYSENTER_32+0x73/0x90 [ 1010.224205][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.232397][T18675] [ 1010.235295][T18675] Uninit was stored to memory at: [ 1010.235295][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1010.242448][T18675] __msan_chain_origin+0x57/0xa0 [ 1010.242448][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1010.255942][T18675] get_compat_msghdr+0x108/0x2b0 [ 1010.262449][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1010.262449][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1010.262449][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1010.277307][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1010.282323][T18675] __do_fast_syscall_32+0x129/0x180 [ 1010.282323][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1010.292405][T18675] do_SYSENTER_32+0x73/0x90 [ 1010.295341][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.302471][T18675] [ 1010.302471][T18675] Uninit was stored to memory at: [ 1010.302471][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1010.315384][T18675] __msan_chain_origin+0x57/0xa0 [ 1010.322308][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1010.322308][T18675] get_compat_msghdr+0x108/0x2b0 [ 1010.332427][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1010.337146][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1010.337146][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1010.343057][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1010.352423][T18675] __do_fast_syscall_32+0x129/0x180 [ 1010.357599][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1010.362472][T18675] do_SYSENTER_32+0x73/0x90 [ 1010.362472][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.372381][T18675] [ 1010.375268][T18675] Uninit was stored to memory at: [ 1010.382342][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1010.384247][T18675] __msan_chain_origin+0x57/0xa0 [ 1010.392418][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1010.395716][T18675] get_compat_msghdr+0x108/0x2b0 [ 1010.402325][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1010.402325][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1010.412435][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1010.415991][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1010.422432][T18675] __do_fast_syscall_32+0x129/0x180 [ 1010.426774][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1010.432387][T18675] do_SYSENTER_32+0x73/0x90 [ 1010.435287][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1010.444206][T18675] [ 1010.444206][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1010.452431][T18675] do_recvmmsg+0xc2/0x22e0 [ 1010.457815][T18675] do_recvmmsg+0xc2/0x22e0 [ 1010.832183][T18675] not chained 1060000 origins [ 1011.008349][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1011.008349][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1011.018202][T18675] Call Trace: [ 1011.018202][T18675] dump_stack+0x21c/0x280 [ 1011.018202][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1011.018202][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 1011.018202][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1011.018202][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1011.018202][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1011.062498][T18675] ? _copy_from_user+0x201/0x310 [ 1011.062498][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1011.062498][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1011.062498][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1011.062498][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1011.062498][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] RIP: 0023:0xf7f29549 [ 1011.062498][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1011.062498][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1011.062498][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1011.062498][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1011.062498][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1011.062498][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1011.062498][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Uninit was stored to memory at: [ 1011.062498][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1011.062498][T18675] __msan_chain_origin+0x57/0xa0 [ 1011.062498][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1011.062498][T18675] get_compat_msghdr+0x108/0x2b0 [ 1011.062498][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1011.062498][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1011.062498][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1011.062498][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1011.062498][T18675] __do_fast_syscall_32+0x129/0x180 [ 1011.062498][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1011.062498][T18675] do_SYSENTER_32+0x73/0x90 [ 1011.062498][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1011.062498][T18675] [ 1011.062498][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1011.062498][T18675] do_recvmmsg+0xc2/0x22e0 [ 1011.062498][T18675] do_recvmmsg+0xc2/0x22e0 [ 1012.074030][T18675] not chained 1070000 origins [ 1012.078756][T18675] CPU: 1 PID: 18675 Comm: syz-executor.1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1012.082523][T18675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1012.082523][T18675] Call Trace: [ 1012.082523][T18675] dump_stack+0x21c/0x280 [ 1012.082523][T18675] kmsan_internal_chain_origin+0x6f/0x130 [ 1012.082523][T18675] ? do_user_addr_fault+0x1045/0x16d0 [ 1012.082523][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1012.082523][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1012.082523][T18675] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 1012.082523][T18675] ? _copy_from_user+0x201/0x310 [ 1012.082523][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1012.082523][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.082523][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.082523][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.082523][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.082523][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1012.082523][T18675] ? kmsan_internal_set_origin+0x85/0xc0 [ 1012.082523][T18675] ? __msan_poison_alloca+0xe9/0x110 [ 1012.082523][T18675] ? __sys_recvmmsg+0xb5/0x5f0 [ 1012.082523][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.082523][T18675] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 1012.082523][T18675] ? kmsan_get_metadata+0x116/0x180 [ 1012.082523][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.082523][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.082523][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.082523][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.082523][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.082523][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.082523][T18675] RIP: 0023:0xf7f29549 [ 1012.082523][T18675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1012.252362][T18675] RSP: 002b:00000000f55020cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1012.252362][T18675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0 [ 1012.252362][T18675] RDX: 00000000040003a0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1012.252362][T18675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1012.252362][T18675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1012.252362][T18675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1012.252362][T18675] Uninit was stored to memory at: [ 1012.252362][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.252362][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.252362][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.322397][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.322397][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.322397][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.322397][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.322397][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.322397][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.322397][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.322397][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.322397][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.322397][T18675] [ 1012.322397][T18675] Uninit was stored to memory at: [ 1012.322397][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.322397][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.322397][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.322397][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.322397][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.322397][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.322397][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.322397][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.322397][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.322397][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.322397][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.322397][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.322397][T18675] [ 1012.322397][T18675] Uninit was stored to memory at: [ 1012.322397][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.322397][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.322397][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.322397][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.322397][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.322397][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.322397][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.322397][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.322397][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.322397][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.322397][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.322397][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.322397][T18675] [ 1012.322397][T18675] Uninit was stored to memory at: [ 1012.322397][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.322397][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.322397][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.322397][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.322397][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.322397][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.322397][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.322397][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.322397][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.322397][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.569402][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.569402][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.569402][T18675] [ 1012.569402][T18675] Uninit was stored to memory at: [ 1012.569402][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.569402][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.569402][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.569402][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.569402][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.569402][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.569402][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.569402][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.569402][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.569402][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.569402][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.569402][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.569402][T18675] [ 1012.569402][T18675] Uninit was stored to memory at: [ 1012.569402][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.569402][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.569402][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.569402][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.569402][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.569402][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.569402][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.569402][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.569402][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.569402][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.569402][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.569402][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.569402][T18675] [ 1012.569402][T18675] Uninit was stored to memory at: [ 1012.569402][T18675] kmsan_internal_chain_origin+0xad/0x130 [ 1012.569402][T18675] __msan_chain_origin+0x57/0xa0 [ 1012.569402][T18675] __get_compat_msghdr+0x6db/0x9d0 [ 1012.569402][T18675] get_compat_msghdr+0x108/0x2b0 [ 1012.569402][T18675] do_recvmmsg+0xdc7/0x22e0 [ 1012.569402][T18675] __sys_recvmmsg+0x340/0x5f0 [ 1012.569402][T18675] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 1012.569402][T18675] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 1012.569402][T18675] __do_fast_syscall_32+0x129/0x180 [ 1012.569402][T18675] do_fast_syscall_32+0x6a/0xc0 [ 1012.569402][T18675] do_SYSENTER_32+0x73/0x90 [ 1012.569402][T18675] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 1012.569402][T18675] [ 1012.569402][T18675] Local variable ----msg_sys@do_recvmmsg created at: [ 1012.569402][T18675] do_recvmmsg+0xc2/0x22e0 [ 1012.569402][T18675] do_recvmmsg+0xc2/0x22e0 [ 1012.901110][T15950] device hsr_slave_0 left promiscuous mode [ 1012.925582][T15950] device hsr_slave_1 left promiscuous mode [ 1012.943741][T15950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1012.951341][T15950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1012.973443][T15950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1012.981001][T15950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1012.993565][T15950] device bridge_slave_1 left promiscuous mode [ 1013.000280][T15950] bridge0: port 2(bridge_slave_1) entered disabled state [ 1013.012117][T15950] device bridge_slave_0 left promiscuous mode [ 1013.021596][T15950] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.077792][T15950] device veth1_macvtap left promiscuous mode [ 1013.084013][T15950] device veth0_macvtap left promiscuous mode [ 1013.090137][T15950] device veth1_vlan left promiscuous mode [ 1013.096173][T15950] device veth0_vlan left promiscuous mode [ 1016.247220][T15950] team0 (unregistering): Port device team_slave_1 removed [ 1016.262004][T15950] team0 (unregistering): Port device team_slave_0 removed [ 1016.287270][T15950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1016.309190][T15950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1016.380686][T15950] bond0 (unregistering): Released all slaves [ 1016.518819][T18784] IPVS: ftp: loaded support on port[0] = 21 10:53:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={0x0}}, 0x8050) 10:53:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r2, 0x1000000000016) 10:53:25 executing program 0: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_DEV_INFO(r2, 0x5450, 0x0) 10:53:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000600)='/dev/urandom\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={0x0}}, 0x0) 10:53:25 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$SOCK_DESTROY(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) [ 1016.632467][T10061] Bluetooth: hci1: command 0x0409 tx timeout [ 1016.974903][T18784] chnl_net:caif_netlink_parms(): no params data found 10:53:26 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) exit(0x0) write$binfmt_script(r0, 0x0, 0x0) 10:53:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x4044040) 10:53:26 executing program 4: r0 = eventfd2(0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) [ 1017.641416][T18784] bridge0: port 1(bridge_slave_0) entered blocking state [ 1017.648975][T18784] bridge0: port 1(bridge_slave_0) entered disabled state [ 1017.658949][T18784] device bridge_slave_0 entered promiscuous mode [ 1017.799934][T18784] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.807456][T18784] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.817319][T18784] device bridge_slave_1 entered promiscuous mode [ 1018.073092][T18784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1018.154822][T18784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1018.356918][T18784] team0: Port device team_slave_0 added [ 1018.415587][T18784] team0: Port device team_slave_1 added [ 1018.563160][T18784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1018.570233][T18784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1018.596415][T18784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1018.662628][T10061] Bluetooth: hci1: command 0x041b tx timeout [ 1018.702479][T18784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1018.709547][T18784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1018.735745][T18784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1018.839953][T18784] device hsr_slave_0 entered promiscuous mode [ 1018.862489][T18784] device hsr_slave_1 entered promiscuous mode [ 1018.870723][T18784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1018.879379][T18784] Cannot create hsr debugfs directory [ 1019.878748][T15950] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1020.144741][T15950] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1020.326219][T15950] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1020.430369][T15950] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1020.478475][T18784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1020.517626][T10061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1020.526672][T10061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1020.549620][T18784] 8021q: adding VLAN 0 to HW filter on device team0 [ 1020.640950][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1020.650830][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1020.660335][T15189] bridge0: port 1(bridge_slave_0) entered blocking state [ 1020.667769][T15189] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1020.744850][T10061] Bluetooth: hci1: command 0x040f tx timeout [ 1020.777601][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1020.786877][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1020.796885][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1020.809496][T15189] bridge0: port 2(bridge_slave_1) entered blocking state [ 1020.816850][T15189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1020.826127][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1020.837107][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1020.848101][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1020.858356][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1020.952526][T18784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1020.963164][T18784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1021.616118][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1021.628142][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1021.638650][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1021.649078][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1021.658900][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1021.669340][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1021.678987][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1021.688618][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1021.696470][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1021.768044][T18784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1021.834339][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1021.881912][T15950] tipc: TX() has been purged, node left! [ 1022.532101][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1022.543586][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1022.628457][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1022.637513][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1022.658477][T18784] device veth0_vlan entered promiscuous mode [ 1022.683546][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1022.692035][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1022.773697][T18784] device veth1_vlan entered promiscuous mode [ 1022.835499][ T8470] Bluetooth: hci1: command 0x0419 tx timeout [ 1022.885064][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1022.894119][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1022.915066][T18784] device veth0_macvtap entered promiscuous mode [ 1022.987327][T18784] device veth1_macvtap entered promiscuous mode [ 1023.079247][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1023.089941][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.100338][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1023.111370][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.121446][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1023.132683][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.142755][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1023.153394][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.163470][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1023.174101][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.186622][T18784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1023.195134][T16956] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1023.204714][T16956] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1023.214231][T16956] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1023.224291][T16956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1023.298440][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1023.309055][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.319309][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1023.330045][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.340517][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1023.351213][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.362633][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1023.373726][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.386345][T18784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1023.396995][T18784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.409310][T18784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1023.421683][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1023.431784][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1024.059277][T19070] IPVS: ftp: loaded support on port[0] = 21 [ 1024.134472][T15950] device hsr_slave_0 left promiscuous mode [ 1024.145832][T15950] device hsr_slave_1 left promiscuous mode [ 1024.170874][T15950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1024.180445][T15950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1024.201783][T15950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1024.209732][T15950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1024.249168][T15950] device bridge_slave_1 left promiscuous mode [ 1024.256233][T15950] bridge0: port 2(bridge_slave_1) entered disabled state [ 1024.285861][T15950] device bridge_slave_0 left promiscuous mode [ 1024.293098][T15950] bridge0: port 1(bridge_slave_0) entered disabled state [ 1024.321104][T15950] device veth1_macvtap left promiscuous mode [ 1024.327684][T15950] device veth0_macvtap left promiscuous mode [ 1024.334072][T15950] device veth1_vlan left promiscuous mode [ 1024.339916][T15950] device veth0_vlan left promiscuous mode [ 1025.706871][T10061] Bluetooth: hci5: command 0x0409 tx timeout [ 1026.300539][T15950] team0 (unregistering): Port device team_slave_1 removed [ 1026.319957][T15950] team0 (unregistering): Port device team_slave_0 removed [ 1026.341483][T15950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1026.366325][T15950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1026.442072][T15950] bond0 (unregistering): Released all slaves [ 1026.516850][T18719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1026.524922][T18719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1026.622916][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1026.731632][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1026.741145][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1026.750376][T16956] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1027.059221][T19070] chnl_net:caif_netlink_parms(): no params data found 10:53:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) r1 = dup2(r0, r0) connect$netlink(r1, &(0x7f0000000280)=@unspec, 0x2) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:53:35 executing program 0: r0 = open(&(0x7f0000001080)='./file0\x00', 0x40040, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x5451, 0x0) 10:53:35 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4) 10:53:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000200)={'syz_tun\x00', {0x2, 0x0, @multicast1}}) [ 1027.426075][T19070] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.433544][T19070] bridge0: port 1(bridge_slave_0) entered disabled state [ 1027.444178][T19070] device bridge_slave_0 entered promiscuous mode [ 1027.651540][T19070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.661315][T19070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.671221][T19070] device bridge_slave_1 entered promiscuous mode [ 1027.782721][ T8470] Bluetooth: hci5: command 0x041b tx timeout [ 1027.916263][T19070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1027.951378][T19070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1028.029685][T19070] team0: Port device team_slave_0 added [ 1028.051567][T19070] team0: Port device team_slave_1 added [ 1028.128250][T19070] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1028.135559][T19070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1028.161870][T19070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1028.239452][T19070] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1028.246922][T19070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1028.273160][T19070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1028.400268][T19070] device hsr_slave_0 entered promiscuous mode [ 1028.412690][T19070] device hsr_slave_1 entered promiscuous mode [ 1028.453880][T19070] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1028.461505][T19070] Cannot create hsr debugfs directory [ 1029.070970][T19070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1029.100648][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1029.109300][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1029.130805][T19070] 8021q: adding VLAN 0 to HW filter on device team0 [ 1029.154435][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1029.164632][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1029.174256][ T8481] bridge0: port 1(bridge_slave_0) entered blocking state [ 1029.181512][ T8481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1029.222874][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1029.231584][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1029.242046][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1029.251725][ T8481] bridge0: port 2(bridge_slave_1) entered blocking state [ 1029.259152][ T8481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1029.268262][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1029.279631][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1029.294952][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1029.307584][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1029.346554][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1029.355568][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1029.366287][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1029.376393][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1029.386665][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1029.396390][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1029.406170][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1029.424666][T19070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1029.457631][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1029.465711][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1029.492664][T19070] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1029.612001][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1029.622801][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1029.666835][T10061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1029.677045][T10061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1029.696804][T19070] device veth0_vlan entered promiscuous mode [ 1029.709698][T10061] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1029.719440][T10061] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1029.749399][T19070] device veth1_vlan entered promiscuous mode [ 1029.796276][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1029.805229][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1029.814971][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1029.825220][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1029.843745][T19070] device veth0_macvtap entered promiscuous mode [ 1029.863660][T19070] device veth1_macvtap entered promiscuous mode [ 1029.871758][ T8470] Bluetooth: hci5: command 0x040f tx timeout [ 1029.903606][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1029.916154][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.927870][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1029.938770][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.948850][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1029.959500][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.969551][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1029.980215][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1029.990268][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1030.000920][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.014805][T19070] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1030.026622][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1030.035507][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1030.045257][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1030.055447][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1030.073122][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1030.084060][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.094111][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1030.104678][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.114725][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1030.125338][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.135409][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1030.146093][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.156250][T19070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1030.166877][T19070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.179594][T19070] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1030.196657][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1030.207049][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1030.497187][T18719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1030.506367][T18719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1030.514518][T15189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1030.590541][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1030.598964][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1030.607975][ T8470] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 10:53:39 executing program 1: r0 = socket(0x1, 0x2, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:53:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(0x0, 0x1000000000016) 10:53:39 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000300), 0x8) close(r0) creat(&(0x7f0000000100)='./file1\x00', 0x0) write$P9_RLINK(r0, 0x0, 0x0) 10:53:39 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:53:39 executing program 4: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x402, 0x0) write$P9_RREAD(r0, 0x0, 0x0) 10:53:39 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)) 10:53:40 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={0x0}}, 0x20000041) 10:53:40 executing program 5: r0 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x5450, 0x0) 10:53:40 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) write$P9_RVERSION(r0, 0x0, 0x0) 10:53:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) connect$packet(r0, 0x0, 0x0) 10:53:40 executing program 1: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x541b, &(0x7f0000000040)='batadv_slave_0\x00') 10:53:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(0x0, 0x1000000000016) [ 1031.946063][ T8470] Bluetooth: hci5: command 0x0419 tx timeout 10:53:40 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) close(r0) inotify_init() tkill(r2, 0x1000000000016) 10:53:40 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet6_SIOCADDRT(r0, 0x5450, 0x0) 10:53:40 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, 0x0) 10:53:41 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$LOOP_GET_STATUS64(r0, 0x5421, &(0x7f0000000140)) 10:53:41 executing program 3: sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) 10:53:41 executing program 5: setrlimit(0x7, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x0, 0x0) 10:53:41 executing program 4: r0 = socket(0x11, 0x3, 0x0) sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:53:41 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:53:42 executing program 5: r0 = open(&(0x7f0000000040)='./file0\x00', 0x1536e2, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x5451, 0x0) 10:53:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(0x0, 0x1000000000016) 10:53:42 executing program 4: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) dup2(r1, r0) write$P9_ROPEN(r0, 0x0, 0x0) 10:53:42 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000002580), 0x132058) r2 = dup2(r1, r0) socket(0x0, 0x0, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x240089d5) 10:53:42 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RWRITE(r0, 0x0, 0x0) 10:53:43 executing program 4: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) 10:53:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) write$cgroup_freezer_state(r1, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000002c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x2, 0x0) tkill(r2, 0x1000000000016) 10:53:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_ADD_TX_TS(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x4000) sendmsg$NL80211_CMD_RADAR_DETECT(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) shutdown(r1, 0x0) 10:53:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r0, &(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000600)=0x80) getsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) 10:53:47 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) dup2(r0, r0) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:47 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}}, 0xc0) 10:53:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x4008004) 10:53:48 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) r2 = gettid() tkill(r2, 0x1000000000016) 10:53:48 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x20000000000003, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) 10:53:48 executing program 4: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) inotify_init() 10:53:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:48 executing program 1: mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x1) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 10:53:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}}, 0x40d1) 10:53:48 executing program 3: r0 = socket(0x2, 0xa, 0x0) getsockopt$sock_int(r0, 0x1, 0x1e, 0x0, &(0x7f0000000080)) 10:53:48 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r2, 0xf507, 0x0) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:53:48 executing program 5: r0 = socket(0x2, 0x1, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4044000) 10:53:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x5421, &(0x7f0000000000)={'veth0_to_bond\x00', {0x2, 0x0, @broadcast}}) 10:53:49 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:53:49 executing program 2: sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r0 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xb) tkill(r0, 0x1000000000016) 10:53:49 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) r3 = dup(r0) sendmsg$NL80211_CMD_PROBE_CLIENT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:53:50 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) close(r0) syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:53:50 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, 0x0, 0x0) 10:53:50 executing program 3: r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x8040, 0x0) read$char_usb(r0, 0x0, 0x1b) 10:53:50 executing program 2: sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r0 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xb) tkill(r0, 0x1000000000016) 10:53:50 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:53:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SIOCSIFHWADDR(r0, 0x8953, &(0x7f0000000140)={'batadv_slave_1\x00', @dev}) 10:53:51 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) r2 = dup2(r0, r1) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) dup2(r2, r3) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:53:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r0, &(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000600)=0x80) getsockname(r1, 0x0, 0x0) 10:53:51 executing program 3: r0 = socket$inet(0x2, 0x3, 0x1) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000040)={'ah\x00'}, &(0x7f00000000c0)=0xfffffffffffffc60) 10:53:51 executing program 2: sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r0 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xb) tkill(r0, 0x1000000000016) 10:53:51 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x98}}, 0x0) 10:53:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000), 0x4) 10:53:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x40, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) 10:53:51 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) dup2(r0, r1) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000280)) 10:53:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:52 executing program 5: openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x52000040) 10:53:52 executing program 1: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:53:52 executing program 0: chroot(&(0x7f00000001c0)='.\x00') syz_open_dev$tty20(0xc, 0x4, 0x0) 10:53:52 executing program 3: r0 = socket(0xa, 0x3, 0xffff) ioctl$EVIOCGABS20(r0, 0x80184560, 0x0) 10:53:52 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x5608, 0x0) 10:53:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:52 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$P9_RLOPEN(r0, 0x0, 0x0) 10:53:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000002c0)) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x541b, &(0x7f0000000140)={@ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, @empty, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}) tkill(r2, 0x1000000000016) 10:53:52 executing program 1: r0 = open(&(0x7f0000000080)='./file0\x00', 0x113460, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:53:53 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$KDGKBMETA(r1, 0x4b62, 0x0) 10:53:53 executing program 4: r0 = socket(0x1, 0x5, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:53:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:53 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) write$P9_RXATTRCREATE(r2, 0x0, 0x0) 10:53:53 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) write$apparmor_exec(r0, 0x0, 0x0) 10:53:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4014) 10:53:53 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0x5450, 0x0) [ 1045.102525][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:53:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:54 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0x80, &(0x7f0000000140)=@abs, 0x6e) 10:53:54 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x5451, 0x0) 10:53:54 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$TUNGETSNDBUF(r0, 0x5411, &(0x7f00000000c0)) 10:53:54 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x3, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) 10:53:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0xf14627ab0f753c1e) 10:53:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:54 executing program 0: timer_create(0x0, &(0x7f0000000240)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000180)={0x0, r2/1000+30000}, 0x10) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r3 = dup(r1) sendmsg$IPVS_CMD_SET_SERVICE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:53:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_netprio_ifpriomap(r0, 0x0, 0x0) 10:53:55 executing program 1: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self\x00', 0x0, 0x0) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:53:55 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x5450, 0x0) 10:53:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010080, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) write$P9_RUNLINKAT(r1, 0x0, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) r2 = gettid() tkill(r2, 0x14) 10:53:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:55 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r1, &(0x7f0000000300)={0x2, 0x4e22, @remote}, 0x10) getpeername(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000100)=0xd) dup3(r1, r2, 0x0) r3 = dup2(r2, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x129f0817) connect$unix(r3, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:53:55 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) shutdown(r0, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x5452, &(0x7f0000000040)={'tunl0\x00', {0x2, 0x0, @broadcast}}) 10:53:55 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890c, &(0x7f0000000180)={0x0, {0x2, 0x0, @empty=0x4c00}, {0x2, 0x0, @loopback}, {0x2, 0x0, @empty}, 0x96}) 10:53:55 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:53:56 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGETD(r0, 0x4b60, 0x0) 10:53:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:56 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x10e, 0x5, 0x0, 0x0) 10:53:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x2) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:53:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f00000000c0)='./file1\x00', 0x42, 0x0) dup2(r0, r1) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x16, 0x0, &(0x7f00000004c0)) 10:53:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:57 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "217cc70ba66151bbdf07bc5a2eb62ea322251b"}) 10:53:57 executing program 5: msgget$private(0x0, 0x102) 10:53:57 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00') ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000000)) 10:53:58 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockname(r0, &(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f0000000340)=0x80) r2 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r2, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000000080)=0x80) dup2(r0, r1) getsockopt$SO_COOKIE(r3, 0x1, 0x2b, 0x0, &(0x7f0000000080)) 10:53:58 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000880)) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:53:58 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0) close(r0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = dup(r0) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000200)) 10:53:58 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:53:58 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGRS485(r0, 0x542e, 0x0) 10:53:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:58 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x5) r1 = dup(r0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0x100000289) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12}, &(0x7f0000000340)) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) 10:53:58 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$inet6_int(r1, 0x29, 0x46, 0x0, &(0x7f0000000080)) 10:53:58 executing program 1: r0 = inotify_init() close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:53:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup2(r0, r1) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:53:59 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) getsockname$packet(r0, 0x0, &(0x7f00000005c0)) 10:53:59 executing program 0: r0 = socket(0x2, 0x3, 0x81) getsockopt$inet_mreqn(r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)) 10:53:59 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockname$unix(r0, 0x0, &(0x7f0000000380)) 10:53:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(r1, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)={0x0}}, 0x0) 10:53:59 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) close(r0) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040), 0x4) 10:53:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:53:59 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:54:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000001980)={0x5, 0x0, 0x0, 0x0, 0x6198}) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) close(r0) r2 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) recvmmsg(r2, &(0x7f0000001940), 0x173, 0x0, 0x0) r3 = gettid() tkill(r3, 0x1000000000016) 10:54:00 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup3(r0, r1, 0x0) setsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, 0x0) 10:54:00 executing program 1: pipe(&(0x7f0000006080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, 0x0) 10:54:00 executing program 3: clock_getres(0x4, &(0x7f0000000380)) 10:54:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:00 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x14, &(0x7f00000059c0)={{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) 10:54:01 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x200000000001, 0x0) bind$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r2 = dup3(r1, r0, 0x0) r3 = accept4$packet(r2, 0x0, 0x0, 0x0) fchown(r3, 0x0, 0x0) 10:54:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$EVIOCGUNIQ(r1, 0x5450, 0x0) 10:54:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:01 executing program 3: r0 = creat(&(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x29, 0x6, 0x0, 0x0) 10:54:01 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f00000052c0), 0x0, 0x20000010) 10:54:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x1a, 0x0, &(0x7f0000000000)) 10:54:01 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x40441) write$char_usb(r0, 0x0, 0x0) 10:54:01 executing program 1: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcsa\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 10:54:01 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={0x0}}, 0x4) 10:54:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x20004000) 10:54:03 executing program 1: r0 = memfd_create(&(0x7f0000000000)='wlan0(\x00', 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:54:03 executing program 4: sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) 10:54:03 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f00000003c0)=0x80400100000001, 0x4) connect$inet6(r1, 0x0, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x29, &(0x7f0000000300)={{{@in6=@dev={0xfe, 0x80, [], 0x22}, @in6=@loopback}}, {{@in=@remote}, 0x0, @in=@dev}}, 0xe8) ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000080)={@local, 0x45}) 10:54:04 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff}) fcntl$lock(r0, 0x407, &(0x7f0000000200)) 10:54:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}}, 0x0) 10:54:04 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$IP_SET_OP_GET_BYINDEX(r1, 0x1, 0xe, 0x0, &(0x7f00000003c0)) 10:54:04 executing program 1: rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffffffffffffd]}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000000040)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20842, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x12) 10:54:04 executing program 3: msgget$private(0x0, 0x446) 10:54:04 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x2102, 0x0) write$cgroup_type(r0, 0x0, 0x0) [ 1055.939537][T19795] sock: process `syz-executor.4' is using obsolete getsockopt SO_BSDCOMPAT 10:54:05 executing program 3: sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0) 10:54:05 executing program 4: mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000004, 0x18132, 0xffffffffffffff9c, 0x0) 10:54:05 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$F_GET_FILE_RW_HINT(r0, 0x402, 0x0) 10:54:05 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = accept4$packet(r0, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write$P9_RLCREATE(r1, 0x0, 0x0) 10:54:05 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f0000007340)={0x0, 0x0, &(0x7f0000007300)={0x0}}, 0x4040) 10:54:05 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) sendto$unix(r2, 0x0, 0x0, 0x20000844, &(0x7f00000000c0)=@abs, 0x6e) 10:54:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:07 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000f00), 0x492492492492662, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x40) 10:54:07 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) faccessat(r0, &(0x7f0000000180)='/', 0x0) 10:54:07 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$EVIOCRMFF(r0, 0x2, &(0x7f0000000100)) 10:54:07 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x81) ioctl$BLKZEROOUT(r0, 0x127f, 0x0) 10:54:07 executing program 4: semget(0x0, 0x3, 0x297) 10:54:08 executing program 4: r0 = socket$nl_crypto(0x10, 0x3, 0x15) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={0x0}}, 0x0) 10:54:08 executing program 0: r0 = socket(0x11, 0xa, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xd1, &(0x7f0000000180)={0x0}}, 0x0) 10:54:08 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, &(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000001c0)=0x80) dup2(r0, r1) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:54:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xf) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:54:08 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12}, &(0x7f0000044000)) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x40100c000000013) 10:54:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) fcntl$setsig(r0, 0xa, 0x0) 10:54:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8901, &(0x7f00000002c0)={0x2, 'bridge_slave_0\x00'}) 10:54:11 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$TCSETXW(r0, 0x5435, 0x0) 10:54:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_group_source_req(r1, 0x29, 0x17, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 10:54:11 executing program 0: openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='cpu.weight\x00', 0x2, 0x0) 10:54:11 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000080)) 10:54:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r1, r0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:54:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x24000004) 10:54:11 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) dup2(r0, r1) ioctl$TCSBRKP(r1, 0x5425, 0x0) 10:54:11 executing program 4: r0 = socket(0x11, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000200)={'syz_tun\x00', {0x2, 0x0, @private}}) 10:54:11 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:54:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:54:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) write$cgroup_devices(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r3, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000080)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @local}, 0x14) r5 = gettid() tkill(r5, 0x1000000000015) 10:54:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x0) dup2(r0, r1) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x13, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x5, 0x0, [0x0, 0x200002c0, 0x20000584, 0x200005b4], 0x0, 0x0, 0x0}, 0x1be) 10:54:14 executing program 3: r0 = socket(0x2, 0xa, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) 10:54:14 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup3(r0, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x8040, 0x0) dup3(r1, r2, 0x0) ioctl$CHAR_RAW_IOMIN(r2, 0x1278, &(0x7f0000000100)) 10:54:14 executing program 1: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:54:15 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x21d, 0xffb6) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="96", 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffe1) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}}, 0x0) 10:54:15 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcsa\x00', 0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:54:15 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) ioctl$VT_SETMODE(r1, 0x4b60, 0x0) 10:54:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) dup3(r0, r1, 0x0) getsockopt$inet_mreq(r1, 0x0, 0x20, 0x0, &(0x7f00000002c0)) 10:54:15 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) 10:54:15 executing program 1: r0 = socket$nl_crypto(0x10, 0x3, 0x15) writev(r0, 0x0, 0x0) 10:54:18 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010080, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@pppol2tp, 0x80, 0x0, 0x0, 0x0, 0xff43}, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) 10:54:18 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup2(r1, r0) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x4040000) 10:54:18 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) ioctl$GIO_UNISCRNMAP(r0, 0x5451, 0x0) 10:54:18 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) 10:54:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) dup3(r0, r1, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000180), 0x4) 10:54:18 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = dup(r0) ioctl$BLKRRPART(r1, 0x125f, 0x0) 10:54:18 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$TIOCSETD(r0, 0x5452, &(0x7f00000000c0)) 10:54:18 executing program 4: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGABS3F(r0, 0x8018457f, 0x0) 10:54:18 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f00000007c0)='/dev/vcsa#\x00', 0x0, 0x0) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, 0x0, 0x0) 10:54:19 executing program 0: r0 = eventfd2(0x0, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r0, 0x0, 0x4, 0x0, &(0x7f0000000100)) 10:54:19 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x47, &(0x7f0000000140)={0x0}}, 0x0) shutdown(r0, 0x0) 10:54:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:21 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x40, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:54:21 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) dup3(r0, r1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1a, &(0x7f00000000c0)={@ipv4={[], [], @empty}}, 0x20) 10:54:21 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000000)={0x8, 'sit0\x00', {'veth0_to_bridge\x00'}}) 10:54:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x29, 0x14, 0x0, 0x300) 10:54:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) dup2(r0, r1) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x5452, &(0x7f00000000c0)={'team0\x00'}) 10:54:21 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000001d80)={0xffffffffffffffff}) dup2(r1, r0) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:54:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x8000) 10:54:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0}}, 0x0) 10:54:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcs\x00', 0x0, 0x0) dup2(r0, r1) ioctl$PIO_FONTX(r1, 0x541b, &(0x7f00000000c0)={0x0, 0x0, 0x0}) 10:54:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:54:22 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) recvmmsg(r0, &(0x7f0000001940), 0x173, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) recvmsg(r0, &(0x7f0000004000)={0x0, 0x0, 0x0}, 0x0) 10:54:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f0000000300)={0x2, 0x4e23, @remote}, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000740)={0x0}}, 0x0) 10:54:25 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:54:25 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$FS_IOC_GETFSMAP(r0, 0x5451, 0x0) 10:54:25 executing program 4: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0x4020940d, 0x0) 10:54:25 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) 10:54:25 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) dup2(r1, r0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x22, 0x0, &(0x7f0000000780)) 10:54:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000200)={'sit0\x00', {0x2, 0x0, @dev}}) 10:54:25 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f00000001c0)={0x0, 0xfffffffffffffd14, &(0x7f0000000080)={0x0}}, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:54:25 executing program 4: sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x6, 0x98000) 10:54:25 executing program 0: sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x2e135eaea7c8d3fc) 10:54:26 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f00000010c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r1, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f0000000080)=0x80) dup3(r3, r4, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:54:28 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:28 executing program 1: sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) 10:54:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r2 = dup2(r0, r0) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) setsockopt$sock_int(r3, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14) tkill(r1, 0x1000000000016) 10:54:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x0, 0x0, &(0x7f0000000180)) 10:54:28 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x101006) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, 0x0) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:54:28 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x4044040) 10:54:28 executing program 3: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\x18\x90}\xe1 E3\xe1?\xd7\xe6\xfcc\xf0X.\xe1\xa6}`\xa4\x1f*\x9bD\xf7ccWxJ\xf3\xb9kWC\xf8\xba\xfc\r&k7\xf0\x89B\xa5\xed\x1a', 0x0) r2 = dup(r1) r3 = dup3(r2, r0, 0x0) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x5452, &(0x7f0000000b80)) 10:54:28 executing program 4: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x4840) 10:54:28 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:54:28 executing program 5: capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={0x0}}, 0x0) 10:54:29 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x5451, 0x0) 10:54:29 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x800454cf, &(0x7f0000000200)={'sit0\x00', 0x0}) 10:54:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, 0x0, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:31 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:54:31 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x0) 10:54:31 executing program 3: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) dup3(r0, r2, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:54:31 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) getpeername$inet(r0, 0x0, &(0x7f0000000280)) 10:54:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000380)=0x404100000001, 0xfe3f) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132441) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:54:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ttyS3\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:54:32 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RSYMLINK(r0, 0x0, 0x0) 10:54:32 executing program 0: r0 = socket$inet(0x2, 0x3, 0x7) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0x8953, 0x74a000) 10:54:32 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) getpeername$inet(r0, 0x0, &(0x7f0000000280)) 10:54:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x1, &(0x7f0000000340), 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCDELRT(r1, 0x890c, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000040)={0x0, 'syz_tun\x00', {}, 0x5}) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000)=@gcm_256={{0x304}, "0dd054683094d892", "8705c7306fb1ab499571c2e9148fd08c5d4888b58b4829ef7123def78a8da9a5", "20088626", "a3d73d0f17959951"}, 0x38) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCDELRT(r2, 0x890c, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) 10:54:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_OCB(r0, 0x0, 0x0) 10:54:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, 0x0, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:33 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000040)={'sit0\x00', @ifru_hwaddr=@remote}) 10:54:33 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000b80)='/dev/hwrng\x00', 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = dup3(r1, r0, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:54:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendto(r0, &(0x7f0000000080)="40322639b817a3cf748aeb378e81cd4ec3b88626acbf66aca0700a795073ad1c018f97e185fdde88000088f511fe77dc22db54d669a9ec1614525d4a8a818d184b51ffae577640314fd354f2c816ec06537a8ea7b353f19213947d4b1f19b0fc7a39b8a25a7e6427275759c8056a4332f8d946c2ee3e37ec3f49dcd4e4a7b3c3d1383edca08a553a311358b677700817c2ee4c1fc04d7971a2ce36428100", 0x9e, 0x20000000, 0x0, 0x3) 10:54:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000b80)=0x80) dup3(r0, r1, 0x0) getsockname$inet(r1, 0x0, &(0x7f00000000c0)) 10:54:33 executing program 5: r0 = socket$inet(0x2, 0x3, 0x19) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000200)={@multicast2, @local}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000080)={@multicast2, @local}, 0xc) 10:54:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000000)) 10:54:33 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000240)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x20000000) 10:54:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:54:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x50) 10:54:34 executing program 5: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x5451, 0x0) 10:54:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) dup3(r0, r1, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000080), 0x4) 10:54:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, 0x0, 0x0) close(r0) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:36 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, 0x0) 10:54:36 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101440, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = socket(0x1, 0x5, 0x0) dup3(r1, r0, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x5452, &(0x7f00000000c0)) 10:54:36 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) dup3(r1, r0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) write$binfmt_elf64(r0, &(0x7f0000001140)=ANY=[], 0x6c1) r2 = dup(r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) 10:54:36 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, 0x0) 10:54:36 executing program 1: r0 = timerfd_create(0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup3(r1, r0, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x5452, &(0x7f0000000080)={'veth1_macvtap\x00', {0x2, 0x0, @multicast1}}) 10:54:37 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup2(r0, r1) getsockopt$inet_tcp_int(r1, 0x6, 0xc, 0x0, &(0x7f00000012c0)) 10:54:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) close(r0) pipe2(&(0x7f0000000000), 0x0) tkill(r2, 0x1000000000016) 10:54:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000005c0)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000100), 0x1b5, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = accept4$packet(r0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:54:37 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x36, 0x0, 0x0) [ 1088.816629][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1088.917723][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:54:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:54:37 executing program 1: r0 = inotify_init1(0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:54:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:42 executing program 0: r0 = eventfd2(0x0, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000040)) 10:54:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 10:54:42 executing program 4: r0 = socket(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0xb, 0x0, &(0x7f0000000140)) 10:54:42 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x181282) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$TIOCGSERIAL(r2, 0x541e, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:54:42 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x401, 0x0) write$binfmt_elf64(r0, 0x0, 0x0) 10:54:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:43 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x5452, &(0x7f0000000080)) 10:54:43 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) 10:54:43 executing program 4: pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x2, &(0x7f0000000000)={'gretap0\x00', @remote}) 10:54:43 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:54:43 executing program 5: pipe2$9p(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyS3\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r0, r1) ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000180)={0x3, 0x4, 0xc290, 0x1fffc000, 0x7, "f5671c4287a9b884276063de01b5a9d5b8bf21", 0x7b}) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000840)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:54:43 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000100)={'TPROXY\x00'}, &(0x7f00000001c0)=0xfffffffffffffeaf) 10:54:43 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$sock_inet_SIOCRTMSG(r1, 0x5450, 0x0) 10:54:43 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:54:43 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xb) tkill(r1, 0x1000000000016) 10:54:43 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$unix(r0, &(0x7f0000002180), 0x0, 0x4008840) 10:54:44 executing program 5: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r0, &(0x7f0000000080), 0x0, 0x10, 0x0, 0x0) 10:54:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x10) 10:54:44 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x2, &(0x7f0000000180)={@local}) 10:54:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = dup3(r0, r1, 0x0) r3 = dup3(r0, r2, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:54:44 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x40, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x541b, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) 10:54:44 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_GET(r0, 0x0, 0x0) 10:54:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) close(r1) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f00000000c0)) 10:54:45 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) 10:54:45 executing program 3: openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x101042, 0x180) 10:54:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(r1, 0x1000000000016) 10:54:45 executing program 5: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x40, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:54:45 executing program 4: r0 = socket$unix(0x1, 0x20000000001, 0x0) bind$unix(r0, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = accept4$inet(r1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x20000000001, 0x0) connect$unix(r3, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x2, &(0x7f0000000000)={0x3, 'bond_slave_0\x00'}) 10:54:45 executing program 0: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) dup3(r0, r2, 0x0) socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r3, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:54:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x2) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:54:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000140)) 10:54:46 executing program 5: r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x80440, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000005280)) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:54:46 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(0x0, 0x1000000000016) 10:54:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40000) 10:54:46 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x14, 0x0, 0x0) 10:54:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x0) dup2(r0, r1) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x2, 0x0, &(0x7f0000000040)) 10:54:46 executing program 0: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0x5450, 0x0) 10:54:46 executing program 5: r0 = socket(0xa, 0x3, 0x1f) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x19, &(0x7f0000000100)={0x0}}, 0x0) 10:54:47 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000000)={'broute\x00'}, &(0x7f00000000c0)=0xfffffea8) 10:54:47 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(&(0x7f0000000140)='./file0\x00', 0x30142, 0x0) dup3(r0, r1, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8901, &(0x7f0000000000)={0x3, 'bond_slave_1\x00'}) 10:54:47 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$FS_IOC_SETFLAGS(r0, 0x5451, 0x0) 10:54:47 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x8940, 0x0) 10:54:47 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup2(r0, r1) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:54:47 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r0, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000180)) 10:54:47 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(0x0, 0x1000000000016) 10:54:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000780)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000100), 0x1b5, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = accept4$packet(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:54:48 executing program 3: r0 = inotify_init1(0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000000)) 10:54:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0, 0x0, 0x0, 0x190}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:54:48 executing program 5: r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:54:48 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x0) [ 1099.726029][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1099.796993][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:54:48 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x64050800, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r2 = dup2(r1, r1) sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) close(r2) socket$inet6(0xa, 0x3, 0x4000009) tkill(r0, 0x1000000000016) 10:54:48 executing program 5: socketpair(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) dup3(r0, r1, 0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:54:48 executing program 1: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RRENAMEAT(r0, &(0x7f0000000040)={0x7}, 0xffffff71) write$P9_RFSYNC(r0, &(0x7f0000000080)={0x7}, 0x7) 10:54:49 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:54:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(0x0, 0x1000000000016) 10:54:49 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write$P9_RAUTH(r2, 0x0, 0x0) 10:54:49 executing program 5: r0 = timerfd_create(0x0, 0x0) dup(0xffffffffffffffff) ioctl$BTRFS_IOC_SYNC(r0, 0x5450, 0x0) 10:54:49 executing program 3: r0 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x11}}}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/ipv6_route\x00') sendfile(r0, r1, 0x0, 0x87ffb) 10:54:49 executing program 1: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) close(r0) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) getpeername$packet(r0, 0x0, &(0x7f0000001540)) 10:54:49 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x42, 0x0) r0 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) 10:54:50 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSPGRP(r1, 0x5410, 0x0) 10:54:50 executing program 5: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) recvmsg(r1, &(0x7f0000000840)={&(0x7f0000000980)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x80, 0x0}, 0x0) dup2(r0, r2) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) [ 1101.448163][ T31] audit: type=1804 audit(1604832890.210:10): pid=20456 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir487027689/syzkaller.aQAQGw/728/file0" dev="sda1" ino=16370 res=1 errno=0 [ 1101.616542][ T31] audit: type=1804 audit(1604832890.280:11): pid=20456 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir487027689/syzkaller.aQAQGw/728/file0" dev="sda1" ino=16370 res=1 errno=0 10:54:50 executing program 1: sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, 0x0) 10:54:50 executing program 3: sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x4001) 10:54:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(r1, 0x0) 10:54:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x8000) 10:54:50 executing program 5: r0 = timerfd_create(0x0, 0x0) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$FS_IOC_GETFSLABEL(r0, 0x5411, &(0x7f0000000400)) 10:54:51 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) dup3(r1, r0, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:54:51 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r0, r1, 0x0) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "0ff9a4fffb374d6f"}) 10:54:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffff96}}, 0x0) 10:54:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(r1, 0x0) 10:54:52 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x10450, 0x0) r0 = creat(&(0x7f0000000000)='./file0/bus\x00', 0x6857b21ff1155d94) write$P9_RVERSION(r0, &(0x7f0000000140)={0x13, 0x65, 0xffff, 0x0, 0x6, '9P2000'}, 0x13) 10:54:56 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x88000, 0x0) 10:54:56 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x2000040) 10:54:56 executing program 0: r0 = epoll_create1(0x0) ioctl$EVIOCGMTSLOTS(r0, 0x5421, &(0x7f0000000000)=""/174) 10:54:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24014091, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) tkill(r1, 0x0) 10:54:56 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NLBL_UNLABEL_C_ACCEPT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) recvfrom$unix(r1, 0x0, 0x0, 0x2100, 0x0, 0x0) 10:54:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0x1c, &(0x7f0000000000), 0x1000001ab) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:54:57 executing program 0: pipe(&(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$loop(&(0x7f00000012c0)='/dev/loop#\x00', 0x0, 0x0) dup2(r1, r0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000300)) 10:54:57 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x40) 10:54:57 executing program 4: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) utimensat(r0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) 10:54:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x20040044) 10:54:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) close(r0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000280), 0x4) 10:54:57 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "1a00009646ff26caffffff0000c1fffffff300"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r2, 0x89f9, 0x0) 10:54:58 executing program 0: r0 = socket$inet(0x2, 0x2000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r0, &(0x7f0000000200)='\x00', 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0xfffffffffffffe9b, 0x2000, 0x0, 0x85) sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:54:58 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) epoll_create(0x4) tkill(r2, 0x1000000000016) 10:54:58 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) fstat(r1, &(0x7f0000000000)) 10:54:58 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='attr/fscreate\x00') ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5451, 0x0) 10:54:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_RADAR_DETECT(r0, 0x0, 0x0) 10:54:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x1) 10:54:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) setsockopt$inet_mreq(r1, 0x0, 0x12, 0x0, 0x0) 10:54:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup3(r0, r1, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:54:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0xd0) 10:54:59 executing program 1: r0 = eventfd(0x0) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet_mreq(r0, 0x0, 0x20, 0x0, &(0x7f0000002540)) 10:54:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x20000000) 10:55:00 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:55:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = epoll_create1(0x0) dup2(r0, r1) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, 0x0, 0x0) 10:55:00 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000001580)='/proc/self/attr/current\x00', 0x2, 0x0) dup2(r0, r1) write$evdev(r1, 0x0, 0x0) 10:55:00 executing program 4: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00') close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$packet(r0, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="d6e754733622"}, 0x14) 10:55:00 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000000), 0x4) 10:55:00 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:00 executing program 1: syz_open_dev$tty20(0xc, 0x4, 0x0) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454ca, 0x400000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454ca, 0x400000) 10:55:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) dup2(r0, r1) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x21, 0x0, &(0x7f0000000100)) 10:55:00 executing program 0: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self\x00', 0x0, 0x0) io_setup(0x22df, &(0x7f0000000000)) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x5451, 0x0) 10:55:00 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) write$P9_RFLUSH(r1, 0x0, 0x0) 10:55:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f0000044000)) r2 = dup2(r0, r0) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$nl_crypto(0x10, 0x3, 0x15) tkill(r1, 0x1000000000016) 10:55:00 executing program 5: r0 = memfd_create(&(0x7f00000000c0)='selinux,\x00', 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, 0x0, 0x0) 10:55:01 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000ac0)={0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:55:01 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r0, r1, 0x0) ioctl$TIOCL_SELLOADLUT(r1, 0x560d, &(0x7f0000000240)={0xb}) 10:55:01 executing program 4: socketpair(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) 10:55:01 executing program 0: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) write$P9_RSTAT(r0, 0x0, 0x0) 10:55:01 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x6, 0x0, &(0x7f0000000040)) 10:55:01 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001240)='/dev/autofs\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000240), 0x4) 10:55:01 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x8907, 0x0) 10:55:01 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) r3 = dup(r0) write$P9_RREADDIR(r3, 0x0, 0x0) 10:55:02 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCDELDLCI(r1, 0x8981, 0x0) 10:55:02 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x5421, 0x400000) 10:55:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x540d, 0x0) write$binfmt_script(r1, 0x0, 0x0) 10:55:02 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0x5451, 0x0) 10:55:02 executing program 5: socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = dup3(r0, r1, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:55:02 executing program 2: futex(&(0x7f0000000000), 0x3, 0x0, &(0x7f0000000040), &(0x7f0000000080), 0x0) 10:55:02 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={0x0}}, 0x4000085) 10:55:02 executing program 3: pipe(&(0x7f00000004c0)={0xffffffffffffffff}) setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0) 10:55:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x880) 10:55:03 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x0, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) r1 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000100)={0x0, @rand_addr, @initdev}, &(0x7f0000000080)=0xc) sendmmsg(r0, &(0x7f0000007500)=[{{&(0x7f0000000080)=@xdp={0x2c, 0x0, r2}, 0x80, 0x0}}], 0x1, 0x0) 10:55:03 executing program 2: sched_setscheduler(0x0, 0x5, &(0x7f0000000080)) syz_open_procfs(0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) 10:55:03 executing program 4: r0 = socket(0x11, 0x3, 0x0) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:04 executing program 0: r0 = creat(&(0x7f0000001900)='./file0\x00', 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:04 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80004508, 0x0) 10:55:04 executing program 1: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:55:04 executing program 5: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) write$P9_RMKNOD(r0, 0x0, 0x0) 10:55:04 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x40, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000140)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000001200)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={0x0}}, 0x20003004) 10:55:04 executing program 1: openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x140, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x829c0, 0x0) 10:55:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:55:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x0, 0x0) 10:55:04 executing program 0: r0 = eventfd(0x0) write(r0, &(0x7f0000000000)="abbefe935e3d03ef", 0x8) r1 = gettid() timer_create(0x0, &(0x7f0000000780)={0x0, 0x12}, &(0x7f00009b1ffc)) write$P9_RXATTRWALK(r0, &(0x7f0000000040)={0xf, 0x1f, 0x0, 0x6472}, 0xf) close(r0) socket$packet(0x11, 0x2, 0x300) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r1, 0x13) 10:55:05 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00') close(r0) socket$nl_generic(0x10, 0x3, 0x10) getsockname$netlink(r0, 0x0, &(0x7f0000000280)) 10:55:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$inet6(r0, &(0x7f0000000080), 0x1c) r2 = dup2(r0, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x20000000) 10:55:05 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendto$unix(r0, &(0x7f0000000000), 0x0, 0xc880, 0x0, 0x0) 10:55:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x20000440) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000500)) 10:55:05 executing program 5: r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x29, 0x4, 0x0, 0x300) 10:55:05 executing program 0: semget$private(0x0, 0x9, 0x4c0) 10:55:05 executing program 4: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000006a40)={0x0, 0x0, &(0x7f0000006a00)={0x0}}, 0x0) 10:55:06 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) sendmmsg$inet(r0, &(0x7f0000004200)=[{{&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000008340)=ANY=[], 0x1f0}}], 0x1, 0x20008055) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={0x0}}, 0x20000081) 10:55:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='attr/exec\x00') dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_PROBE_CLIENT(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:06 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f00000000c0), 0x4) 10:55:07 executing program 4: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) open$dir(&(0x7f0000000000)='./file0\x00', 0x111cc1, 0x0) 10:55:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r2 = dup2(r1, r1) sendmsg$NL80211_CMD_START_P2P_DEVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = gettid() tkill(r3, 0x1000000000016) 10:55:07 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) write$nbd(r0, 0x0, 0x0) 10:55:07 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0x3f, 0x0) ioctl$TCGETA(r0, 0x5421, &(0x7f00000001c0)) 10:55:07 executing program 0: capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000080)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={0x0}}, 0x0) 10:55:08 executing program 1: pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close(r0) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000006c0)) 10:55:08 executing program 4: r0 = socket$inet(0x2, 0x4020000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x50}}, 0x0) 10:55:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r2 = ioctl$TIOCGPTPEER(r1, 0x540d, 0x0) dup2(r0, r2) ioctl$FS_IOC_GETFSLABEL(r2, 0x5411, &(0x7f0000000140)) 10:55:08 executing program 5: symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0/file0\x00') 10:55:08 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() sendmsg$NL80211_CMD_SET_WIPHY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14) tkill(r2, 0x1000000000016) 10:55:08 executing program 0: sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, 0x0, 0x8984f9da9d595057) 10:55:08 executing program 4: mkdirat$cgroup(0xffffffffffffff9c, &(0x7f0000000000)='syz0\x00', 0x1ff) r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}}, 0x0) 10:55:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x2) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:08 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_CMD_SHOW_STATS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r2 = dup3(r0, r1, 0x0) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:08 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) 10:55:08 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_GET_SURVEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:09 executing program 4: r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:55:09 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}], 0xffffff79) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) 10:55:09 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) 10:55:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 10:55:09 executing program 2: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$TCFLSH(r0, 0x540b, 0x0) 10:55:09 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:10 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x20004094) 10:55:10 executing program 5: r0 = socket$inet(0x2, 0x3, 0x200) ioctl$BTRFS_IOC_BALANCE(r0, 0x5450, 0x0) 10:55:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000b80)='/dev/hwrng\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:55:10 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000000140)=""/150) 10:55:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername$packet(r0, 0x0, &(0x7f0000000600)) 10:55:10 executing program 4: socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x2) r0 = socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) dup2(r0, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x24, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CRIT_PROT_ID={0x6}]}, 0x24}}, 0x0) 10:55:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_buf(r0, 0x29, 0x6, 0x0, 0x600000000) 10:55:15 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}], 0xffffff79) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) 10:55:15 executing program 3: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:55:15 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$F2FS_IOC_RESIZE_FS(r0, 0x5452, &(0x7f0000000b80)) 10:55:15 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x40, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={0x0}}, 0x0) 10:55:15 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0xd8) 10:55:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:55:15 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x1ff, 0x0) ioctl$TUNSETSNDBUF(r0, 0x5452, &(0x7f0000000080)) 10:55:15 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) sendto$unix(r2, 0x0, 0x0, 0x24040011, &(0x7f0000000580)=@abs={0x1}, 0x6e) 10:55:15 executing program 1: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:55:15 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @loopback}, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r1) r2 = socket(0x100000000011, 0x2, 0x0) bind(r2, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, 0x0, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={0x0, 0x1, 0x6, @dev}, 0x10) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2a, &(0x7f00000003c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x90) 10:55:15 executing program 4: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/attr/current\x00', 0x2, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x402, 0x0) 10:55:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) dup2(r0, r1) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x4, 0x0, 0x0) 10:55:20 executing program 0: r0 = socket(0x2, 0xa, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={0x0, @l2tp={0x2, 0x0, @loopback}, @in={0x2, 0x0, @dev}, @can}) 10:55:20 executing program 1: r0 = epoll_create(0x7) fchown(r0, 0xffffffffffffffff, 0x0) 10:55:20 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x61) read(r0, &(0x7f00000000c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_open_pts(r0, 0x0) ioctl$RNDGETENTCNT(r1, 0x80045200, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f00000001c0)) 10:55:20 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={0x0}}, 0x0) 10:55:20 executing program 5: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = dup(r0) r2 = gettid() ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000340)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x40100c000000013) 10:55:20 executing program 3: pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000240)) 10:55:21 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={0x0}}, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x2) tkill(r2, 0x1000000000016) 10:55:21 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x11, 0x0, &(0x7f0000001480)) 10:55:21 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) 10:55:21 executing program 3: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) write$nbd(r0, 0x0, 0x0) 10:55:21 executing program 0: capset(&(0x7f00002d0ff8)={0x20080522}, &(0x7f0000000000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x29, 0x22, 0x0, 0x4a) 10:55:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x20000000) 10:55:21 executing program 2: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001a00), 0x8, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000040)) 10:55:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = eventfd2(0x0, 0x0) dup2(r0, r1) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000140)) 10:55:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup2(r2, r1) dup3(r0, r3, 0x0) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0) 10:55:22 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:55:26 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x10, &(0x7f0000000000), &(0x7f0000000040)=0xffffffffffffff99) 10:55:26 executing program 1: r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$packet_int(r0, 0x29, 0x10, 0x0, 0x2c) 10:55:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) r2 = dup2(r0, r1) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x90) 10:55:26 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x5452, &(0x7f0000000140)={0x0, 0x0, 0x0, {}, {}, @cond}) 10:55:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x400c050) 10:55:26 executing program 2: sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0xc) 10:55:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x3c}}, 0x8000) 10:55:26 executing program 3: r0 = socket$inet(0xa, 0x801, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@local}, 0x14) 10:55:26 executing program 0: r0 = socket(0x11, 0x3, 0x0) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:55:26 executing program 1: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vcsa\x00', 0x0, 0x0) ioctl$TCSETX(r0, 0x5433, 0x0) 10:55:27 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x321, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) connect$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) 10:55:27 executing program 4: faccessat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) 10:55:27 executing program 0: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:55:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={0x0}}, 0x20004000) 10:55:27 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x5411, &(0x7f0000000000)={0x2, 'ip6gretap0\x00'}) 10:55:27 executing program 5: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_STATUS(r0, 0x0, 0x0) 10:55:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0xc9e10) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x29, 0x6, 0x0, 0xfdf3) 10:55:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) setsockopt$sock_void(r1, 0x1, 0x19, 0x0, 0x0) 10:55:29 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x5451, 0x0) 10:55:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x1d}, &(0x7f0000000080)=0x20) 10:55:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$TIOCL_SELLOADLUT(r1, 0x540a, 0x0) 10:55:29 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={0x0}}, 0x844) 10:55:29 executing program 0: r0 = epoll_create(0x7) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0) close(r1) socket$inet6_tcp(0xa, 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)) 10:55:30 executing program 3: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/ptmx\x00', 0x0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000)) 10:55:30 executing program 0: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) dup3(r0, r2, 0x0) socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r3, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:30 executing program 4: sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0xff02d4168325552f) 10:55:30 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) recvmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, 0x0}}], 0x0, 0x0, 0x0) dup2(r0, r1) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0xc, 0x0, 0x0) 10:55:30 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) [ 1141.704155][ T8470] Bluetooth: hci1: command 0x0406 tx timeout 10:55:31 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x321, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000001040)="c3", 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/199, 0xc7}], 0x1}}], 0x40003a0, 0x0, 0x0) tkill(r1, 0x14) r2 = fcntl$dupfd(r0, 0x0, r0) sendmsg$unix(r2, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0) 10:55:31 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:55:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000380)=0x404100000001, 0xfe3f) r1 = socket(0x2, 0x80001, 0x0) r2 = dup2(r0, r1) connect$unix(r2, &(0x7f00000000c0)=@abs, 0x6e) sendmsg$NL80211_CMD_NOTIFY_RADAR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:55:31 executing program 4: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) r1 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$KDADDIO(r2, 0x540b, 0x0) 10:55:31 executing program 5: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 10:55:31 executing program 0: r0 = open(&(0x7f0000000080)='./file0\x00', 0x113460, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:55:31 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) r3 = dup2(r2, r0) ioctl$KDGETKEYCODE(r3, 0x4b4c, 0x0) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:55:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = epoll_create(0x5) r2 = dup3(r0, r1, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$PIO_SCRNMAP(r2, 0x4b41, 0x0) 10:55:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x13, &(0x7f0000000000)={0x0, @rand_addr, 0x0, 0x0, 'ovf\x00'}, 0x2c) 10:55:32 executing program 5: socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) dup2(r0, r1) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:55:32 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) vmsplice(r0, 0x0, 0x0, 0x0) 10:55:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup2(r0, r0) write$binfmt_misc(r1, 0x0, 0x0) 10:55:33 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2}, 0x1c) listen(r1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) r2 = accept4$inet6(r1, 0x0, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:55:33 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:55:33 executing program 0: r0 = socket(0x2, 0x1, 0x0) sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0xe000) 10:55:33 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) [ 1144.709107][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. 10:55:33 executing program 2: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12}, &(0x7f0000000340)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000180)={0x0, r2/1000+30000}, 0x10) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r3 = dup(r1) sendmsg$TIPC_NL_LINK_RESET_STATS(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:55:33 executing program 5: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x2, &(0x7f00000000c0)) 10:55:33 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x5452, 0x400000) 10:55:34 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = dup3(r1, r0, 0x0) r3 = accept4$inet6(r2, 0x0, 0x0, 0x0) recvfrom$inet6(r3, 0x0, 0xfffffffffffffefa, 0x0, 0x0, 0x0) 10:55:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) dup2(r1, r0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "628c4a852bf0dda7563887aeb9fbab606f43ce"}) 10:55:34 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind(r0, &(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x80) 10:55:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TCSETX(r1, 0x5409, 0x0) 10:55:34 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x14, 0x0, 0x0) 10:55:34 executing program 3: r0 = epoll_create1(0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0) 10:55:34 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = dup3(r1, r0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) write$P9_RAUTH(r2, &(0x7f00000000c0)={0x14}, 0x14) sendto$inet(r1, &(0x7f00000002c0)="e695d7fd4428d67b8690c2809788d0d23de6ca8507f6dbda1a026d4cf74251dd5957592035f1d9310d12561f8368b816326835c4f4fc291e27a69cf4118ff3fdcc8d00d402c20870dec639ef07b451581c84f08d35ac0bcd7b6e851c68b0be42e8035c03309c445bb36d15d5a9f1162356c290e5633de0516003163aa2ab2c8106218b30d5a82afc81a83162a2356102205743ccdaee72e43c723f4aa07f66e45b4e834eb97fd8bcdb10edaa2dbb4e51f6b5ce32f8f1ef51476ffddc43b26cb723f9c62c45fea8e99b554a7c97edeedf1a0ef50079d6e6f18536931b9182b0b6248bc24b2491701015e71ec414e2ddc0bc226344e06cc0d386e9706661fc22574b4f295f07337bd2af8df4450c7325298de6bbbb660f6847d12a4070a5fc472a499bf82da42302bfcbc37ad4be47d21e1bd0ee7758f0cb859ba3c16c138fbe3d978bcc253ec3a0e14d45378c12d260cfdb955d6d7122ec4b03ea53c9bd5aed7ed32cbcea8063706aa391daf5e7a5a1e095309b9e65c8418f4ebfbda48d137baf185c75579457ca2bec93725813c88135d9d35708ed4aeea4d563fd2eb910b2b35a91182ff9a807a83642471822593e14eb1b36b1b3402d3d7f94749270155431e9fe7481aea2013b6816ae1ad4b95c7a7eea6e57c68d9ca3e83c5c5f1e8e2f79135f1c61479cefb3b9687ee3ed58a8e3dfecc29a977b152139aeb2804486f6c6273e467e7b824bfac50fc38025ce36713821f9231963ee5ffcf077b8dbe200cfc3bf9c23a4cdb51644f315c1be4f961ccff54e9bfc7804fee9c6cc042380bfd4959394cc1cce0590705c23d9e40fa1b3c7d67672a852da203174d965da5a7fda8407a4fff9d14be977607e6cf5f854f19923e70df4f6bfe8768028f0cbb6e333ff17d173a7bfc91bbf2715b199feb0bc92c4ccd12496ee1ef066ded3dbf5f3ffb968ace935b4ea363d544210c286a776a7c4aa5d1fb410435ddac4ef28ff86ebfe230022cbbf8ff3613f7f5050c5013b629c091b4400f18a1e4c1a9eff95809150d0572bf64fb9802c25f9b249e0aceb0431623a7b197037f1322758df3c93d7ed7cf5703e706bd4936ac3eb06329286596bfe4d3e21c24c8ab4466c0ea6cac11addb8bf16f98abf3b4dd70fa7446e06bba89240732c6d881ae5078be1e600407cf7f9d77438dda28c7ae1c385d50667ec03f1357da5232489d572eeebbc91a063ebcb1930536c90f15bb5490bd6a2aa241f00d1a41dd40ab53b9b532b3ccb720c69115e66e5c144841a4295035b7421ca8ae4f6b16b60ab68045fa1c46c5e809828e624966a992454d9cf2f38f76728880c4ec4713055e8ebd86049c3e7f59f921c98687c3b7b35045b9957b6228abae0f5b1d7641947361436f412098eee955f814949580f4733ebe1e987259f5762b76e6d11d5a31fc1d61f6814eebb47adb785a7bac9f591c4c1ebf1771fe171a63ca918ddbfbf8f0d0444d95614ccbd6535c611a58b9cd543d57af91907b2e93d78a3f63855aeec52e5a76a2cd8ee428ec2c89887cf67dcc767ba3d7853f683d8679b3d61e8540b78a00dfc144ee19383217a4c2bc9cebc61642387eebdfe0882d4e57176075b6dbe7a1a6e9bcd1c21d2f37b079f77abfc9f08a0fddd7b35eb52b5e13e1b7913fc28e8a000569f0345a72a1196a70d3b426390f7f1643d8c67b4aefb4094021111667977e51e68b6829cb5583c25314c58c1acf3e6553f82d06c20ba0d631f606e7a4dd5ce4116803e49e1f5a64bd514d6dafae00718a8f7acdffb3d54253e4c0f009b97cb1f3b10d695b7f97e2f987c1ac686817d87c8feffa5887b75d0b950e18fe8c10ebc36aed4d3e6bcfa68a3c0fbf2a90e5f1d560656dbb24f65103a0b2d26142ca6f069c132156372563f190299f08448e1e646482533c1ea2177c4623fc9445d2b7ce8becb17422b8743947bdb65e39e5b3b35102e1e3867e75ad29390d63e1ce29ee848bd43d0abf419ba766128670c5ae1c83aa53bb7fa06e98577eb78970177711659d777cd96a4c4f17f7be82bd9d57efcc228cf7c9d00cf639fdca54f5b1022b7a91c591063454c6ba4bb35867a48893b3cc038d750ac6762fcbe652bbe524c3b01c75487625011be9382380531cc7fac762ca74e40976bb834956e021c1b4a5f2b315b20bee2e6c02a36b86064af64e7327697c105269fe6ca406fbe9e91c121e4f20b3585e5eb8118c5dec168b5c897935e82eaf60f289e2169ab459bb65dfb98be20813f1808fdb3cb90c124ea83d0832be338c37010ed5dd0a18df6dcb969a5eb6c552700b535d44a5d5a6507c05b0846032388e0a9bc5e7c1bb231f47008f37663e5490d72f6a8d765503836ea50d18636e7c7e34ac7", 0x695, 0x0, 0x0, 0x0) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18}, 0x18) write$P9_RLCREATE(r2, &(0x7f0000000040)={0x18}, 0x18) 10:55:34 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$KDFONTOP_SET(r2, 0x4b72, 0x0) 10:55:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) dup2(r0, r1) setsockopt$inet_udp_int(r1, 0x11, 0xb, &(0x7f0000000080), 0x4) 10:55:35 executing program 4: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$CHAR_RAW_RAGET(r1, 0x1263, &(0x7f0000000000)) 10:55:35 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x26e1, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000280)) 10:55:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x20040000) [ 1146.822581][ T8481] Bluetooth: hci5: command 0x0406 tx timeout 10:55:35 executing program 4: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg(r0, &(0x7f0000005cc0)={0x0, 0x0, 0x0}, 0x0) 10:55:35 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) write$P9_RSTATFS(r0, 0x0, 0x0) 10:55:35 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, 0x0) 10:55:36 executing program 1: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5421, 0x400000) 10:55:36 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 10:55:36 executing program 4: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001800)) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:55:37 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) getsockopt$sock_linger(r1, 0x1, 0xd, 0x0, &(0x7f0000000180)) 10:55:37 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000580)='/dev/full\x00', 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:55:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:37 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:55:37 executing program 4: r0 = memfd_create(&(0x7f0000000000)='/dev/full\x00', 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:55:37 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0) 10:55:37 executing program 3: sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) 10:55:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, 0x0) 10:55:37 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r1, r0, 0x0) getsockopt$inet_mreqsrc(r0, 0x0, 0x3, 0x0, &(0x7f0000000080)) 10:55:37 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) fcntl$setstatus(r1, 0x4, 0x2000) 10:55:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x538) connect$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340)='/dev/hwrng\x00', 0x0, 0x0) r2 = dup2(r0, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={0x0}}, 0x24000000) 10:55:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r0, r1, 0x0) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "476953cc6a1b000400"}) 10:55:38 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000000)) 10:55:39 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$FS_IOC_FIEMAP(r0, 0x5451, 0x0) 10:55:39 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) ioctl$EVIOCGABS0(r0, 0x5450, 0x0) 10:55:39 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:55:39 executing program 1: socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) dup3(r1, r0, 0x0) getsockopt$inet6_udp_int(r0, 0x11, 0xa, 0x0, &(0x7f00000000c0)) 10:55:39 executing program 5: r0 = socket(0x1, 0x5, 0x0) ioctl$CHAR_RAW_ZEROOUT(r0, 0x127f, 0x0) 10:55:40 executing program 3: r0 = socket(0x10, 0x2, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0, 0x0, 0x0, 0x190}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) flock(r1, 0x8) 10:55:40 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000280), 0x3d6, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) r2 = accept4$inet6(r0, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:55:40 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 10:55:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000044, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = accept4$inet(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x24}}, 0x0) 10:55:40 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockname$netlink(r0, 0x0, &(0x7f00000000c0)) [ 1151.487998][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1151.538125][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:55:40 executing program 5: symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') mknod$loop(&(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0) 10:55:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000a80), 0x8, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) dup3(r2, r1, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:55:40 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = dup2(r2, r1) r4 = fcntl$dupfd(r3, 0x0, r0) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$TCSETXW(r4, 0x5435, 0x0) 10:55:40 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmmsg$unix(r2, &(0x7f0000002ec0)=[{&(0x7f0000000000)=@abs, 0x6e, 0x0}], 0x1, 0x0) close(r0) socket$unix(0x1, 0x20000000001, 0x0) tkill(r1, 0x1000000000016) 10:55:40 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) close(r1) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r2, 0x0) accept4$unix(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 10:55:40 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCL_PASTESEL(r1, 0x541c, 0x0) 10:55:41 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(r0, &(0x7f0000000140), 0x0, 0x0, 0x0, 0xfffffffffffffef0) 10:55:41 executing program 5: r0 = socket(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000001ec0)={&(0x7f00000015c0), 0xc, &(0x7f0000001e80)={0x0, 0x880}}, 0x2004e801) connect$packet(r0, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) connect$unix(r0, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e) 10:55:41 executing program 3: capset(&(0x7f0000000cc0)={0x20071026}, &(0x7f0000000d00)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={0x0}}, 0x0) 10:55:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_open_dev$vcsn(&(0x7f00000007c0)='/dev/vcs#\x00', 0x0, 0x0) r2 = dup2(r0, r1) sendmsg$TIPC_NL_NODE_GET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x4000080) 10:55:41 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000140), 0x1c) write$cgroup_subtree(r0, &(0x7f0000000180)={[{0x0, 'rdma'}]}, 0x6) [ 1153.101463][T21256] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure 10:55:42 executing program 3: r0 = socket(0x1, 0x5, 0x0) sendmsg$NL80211_CMD_LEAVE_OCB(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:55:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB='P'], 0x350}}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) tkill(r2, 0x1000000000014) 10:55:42 executing program 5: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000180)={0x0, r2/1000+30000}, 0x10) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r3 = dup(r1) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:55:43 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) write$P9_RSYMLINK(r0, &(0x7f0000000740)={0x14}, 0x14) 10:55:43 executing program 0: r0 = creat(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000080)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000100), 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0xf399b) setsockopt$inet6_tcp_buf(r2, 0x6, 0x19, &(0x7f0000000140)="734ee632", 0x4) 10:55:43 executing program 4: sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) 10:55:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010002, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r2 = dup2(r0, r0) write$P9_RLERRORu(r2, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$nl_crypto(0x10, 0x3, 0x15) tkill(r1, 0x1000000000016) 10:55:43 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x0) ioctl$TUNSETTXFILTER(r0, 0x5451, 0x0) 10:55:43 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendto$unix(r0, &(0x7f0000000040), 0x0, 0x824, 0x0, 0x0) 10:55:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, "1a0000e2ffff0acaffffff0000e1fffffff300"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$EVIOCGPROP(r2, 0x80404509, 0x0) 10:55:43 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$TIOCSTI(r1, 0x5425, 0x0) 10:55:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:55:43 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) dup3(r0, r2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r3, 0x0, 0x0) sendmsg$NL80211_CMD_LEAVE_MESH(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x800) 10:55:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) tkill(r2, 0x1000000000016) 10:55:44 executing program 1: r0 = timerfd_create(0x0, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:55:44 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:44 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$unix(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000500)={{0x0}, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff}) tkill(r1, 0x16) 10:55:45 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_open_dev$vcsa(&(0x7f0000000880)='/dev/vcsa#\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:55:45 executing program 3: r0 = eventfd2(0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:45 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0x5450, 0x0) 10:55:45 executing program 1: r0 = socket$nl_crypto(0x10, 0x3, 0x15) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) 10:55:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xc, &(0x7f0000000000)={@in, 0x0, 0x0, 0x0, 0x0, "a64fa31e6f47336673f87280544b587ed299a973b9d853931a18e8b08fa413abf2a6518204ce0bb0a63d6a17b4f930d21d300730ab8054305355309fb77f8eec236635dfdbf8cb9867490a8de67777d4"}, 0xd8) 10:55:45 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:55:45 executing program 5: r0 = socket(0xa, 0x1, 0x0) sendmsg$inet6(r0, &(0x7f0000002a40)={&(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c, 0x0}, 0x20000068) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) shutdown(r0, 0x0) 10:55:45 executing program 3: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x0, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "9c915b123e353834f4f7a8fe4f823bb4b25773"}) 10:55:46 executing program 4: r0 = syz_open_dev$vcsa(&(0x7f0000001500)='/dev/vcsa#\x00', 0x3, 0x0) r1 = inotify_init1(0x0) dup2(r0, r1) pread64(r1, 0x0, 0x0, 0x0) 10:55:46 executing program 2: socketpair(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:46 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) dup2(r0, r1) getsockopt$inet_tcp_buf(r1, 0x6, 0xb, 0x0, &(0x7f0000000080)) 10:55:46 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)) 10:55:46 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x11, 0x0, 0x0) 10:55:46 executing program 3: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) 10:55:46 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ifreq(r0, 0x8940, 0x0) 10:55:48 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f000000d580)={0x0, 0x0, &(0x7f000000d540)={0x0}}, 0x0) 10:55:48 executing program 0: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x5460, &(0x7f00000004c0)={0x0, 0x252a, 0x925}) 10:55:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r0, 0x0, &(0x7f0000000080)) 10:55:48 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') fstat(r0, &(0x7f00000016c0)) r1 = gettid() r2 = syz_open_procfs(r1, &(0x7f0000000080)='stat\x00') exit(0x0) preadv(r2, &(0x7f0000000500), 0x37d, 0x0, 0x0) 10:55:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r0, &(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000600)=0x80) getpeername(r1, 0x0, 0x0) 10:55:49 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x5452, &(0x7f00000001c0)) 10:55:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/user\x00') dup2(r0, r1) getpeername$packet(r1, 0x0, &(0x7f0000009980)) 10:55:49 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, 0x0) 10:55:49 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x41000020}, 0xc, 0x0}, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x14, 0x0, 0x1030) 10:55:49 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x5450, 0x0) 10:55:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, 0x0, 0x0) 10:55:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_WOWLAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0xffffff7f}, 0x0) 10:55:53 executing program 4: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:53 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:55:53 executing program 5: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$FICLONERANGE(r0, 0x5450, 0x0) 10:55:53 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x5450, 0x0) 10:55:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000002c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) write$P9_RUNLINKAT(r1, 0x0, 0x0) close(r0) syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00') tkill(r2, 0x1000000000016) 10:55:53 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x8940, 0x0) 10:55:54 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:55:54 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5450, 0x0) 10:55:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$sock(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x20000000) 10:55:54 executing program 4: r0 = eventfd(0x0) close(r0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000000), 0x4) 10:55:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$TIOCSERGETLSR(r4, 0x5459, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:55:54 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, 0x0, 0x0) 10:55:54 executing program 1: r0 = eventfd(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000000)) 10:55:54 executing program 3: openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) fadvise64(r0, 0x0, 0x0, 0x0) 10:55:55 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x24004004) 10:55:55 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[], 0x24}}, 0x40080) 10:55:55 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000001680)='/dev/full\x00', 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000240)) 10:55:55 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x5452, 0x5078f7) 10:55:55 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[], 0x70}}, 0x0) 10:55:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_ADD_TX_TS(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x20008080) 10:55:55 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r1 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000005940)={0x0, 0x0, &(0x7f0000005900)={0x0}}, 0x0) close(r0) r2 = gettid() socket$packet(0x11, 0x2, 0x300) tkill(r2, 0x1000000000016) 10:55:55 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) dup3(r0, r1, 0x0) ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000080)) 10:55:56 executing program 1: sched_setscheduler(0x0, 0x5, &(0x7f0000001c00)) execve(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioprio_get$pid(0x2, 0x0) 10:55:56 executing program 3: creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x5451, 0x0) 10:55:56 executing program 0: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000000), 0x4) 10:55:56 executing program 5: mknod(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000040)='./file0\x00', 0x0, 0x1840, 0x0) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', 0x0, 0xa134e0, &(0x7f0000000180)='\x00') 10:55:56 executing program 4: r0 = socket(0x2, 0x1, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0xc880) [ 1167.840070][ T31] audit: type=1804 audit(1604832956.609:12): pid=21506 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir205131275/syzkaller.U5vyPG/726/file0" dev="sda1" ino=15846 res=1 errno=0 [ 1167.951448][ T31] audit: type=1804 audit(1604832956.669:13): pid=21506 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir205131275/syzkaller.U5vyPG/726/file0" dev="sda1" ino=15846 res=1 errno=0 10:55:56 executing program 3: r0 = socket(0x2, 0xa, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:56 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140), 0x4) 10:55:57 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = ioctl$TUNGETDEVNETNS(r0, 0x5450, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000002940)=0x5e) close(r3) socket(0x11, 0x800000003, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000100)) 10:55:57 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) dup3(r0, r1, 0x0) sendto(r1, 0x0, 0x0, 0x20008804, 0x0, 0x0) 10:55:57 executing program 4: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x46, 0x0, 0x0) 10:55:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x13, &(0x7f0000000000)={'raw\x00', 0x2, [{}, {}]}, 0x48) 10:55:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x1, 0x0) dup2(r0, r1) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:58 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) ioctl$sock_netdev_private(r0, 0x2, &(0x7f0000000340)) 10:55:58 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:55:58 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcsa\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup2(r1, r0) ioctl$TUNGETSNDBUF(r0, 0x5411, &(0x7f0000000080)) 10:55:58 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:58 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0xc, 0x0, &(0x7f00000019c0)) 10:55:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vcsn(&(0x7f00000007c0)='/dev/vcs#\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x24000000) 10:55:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) dup2(r0, r1) ioctl$TCXONC(r1, 0x540a, 0x0) 10:55:58 executing program 0: r0 = inotify_init1(0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={0x0}}, 0x0) 10:55:58 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:58 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x26000000) 10:55:58 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x5450, 0x0) 10:55:58 executing program 5: r0 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) close(r0) socket(0x10, 0x3, 0x0) sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:55:59 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) r1 = dup2(r0, r0) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmsg$NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:59 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x88000) 10:55:59 executing program 3: socketpair(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x0) 10:55:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x8000) 10:55:59 executing program 1: sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x791535c59b674ea9) 10:55:59 executing program 5: r0 = creat(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200800000000013, &(0x7f0000000280)=0x400100000001, 0x2c1) connect$inet6(r1, &(0x7f00000000c0), 0x1a) r2 = dup2(r0, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f0000003fc0)={&(0x7f0000000000), 0xc, &(0x7f0000003f80)={0x0}}, 0x20000000) 10:55:59 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:55:59 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x6000}, 0x0) 10:56:00 executing program 4: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={0x0}}, 0x0) 10:56:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) dup3(r0, r1, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, 0x0, 0x0) 10:56:00 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4000084) 10:56:00 executing program 3: r0 = open(&(0x7f0000000040)='./file0\x00', 0x1536e2, 0x0) write$P9_RFSYNC(r0, 0x0, 0x0) 10:56:00 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x6c86b43435f2e9, &(0x7f00000000c0)={0xa, 0x4e66, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0xffffff12, 0x4404c010, 0x0, 0x1a) 10:56:00 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x400c880) 10:56:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup2(r1, r1) close(r0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4) dup3(r4, r3, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) write$binfmt_elf64(r3, &(0x7f0000001140)=ANY=[], 0x6c1) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 10:56:00 executing program 0: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x2, &(0x7f0000000140)) 10:56:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) write$9p(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) close(r0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='comm\x00') exit(0x0) r2 = gettid() tkill(r2, 0x1000000000016) 10:56:01 executing program 3: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x31, &(0x7f0000000200)={0x0, {{0x2, 0x0, @multicast1}}}, 0x90) 10:56:01 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000200)=0x80) dup3(r0, r1, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0xb, 0x0, 0x0) 10:56:01 executing program 4: msgrcv(0x0, &(0x7f0000000140)=ANY=[], 0x0, 0x1, 0x1000) msgsnd(0x0, 0x0, 0x0, 0x0) 10:56:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) sendto$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:56:01 executing program 0: mknod(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) 10:56:02 executing program 3: socket$inet_udp(0x2c, 0x2, 0x0) 10:56:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x5450, 0x0) 10:56:02 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) fadvise64(r0, 0x0, 0x0, 0x0) 10:56:02 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000000)=""/48) ioctl$TIOCSCTTY(r0, 0x5608, 0xfffffffffffffff6) 10:56:02 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000004c0)={'macvtap0\x00'}) 10:56:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:56:02 executing program 5: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000640)='/proc/thread-self\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:56:02 executing program 4: r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x0) ioctl$TIOCNOTTY(r0, 0x5451) 10:56:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x4) tkill(r2, 0x1000000000015) 10:56:03 executing program 0: r0 = timerfd_create(0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendmsg$TIPC_NL_KEY_FLUSH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) 10:56:03 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='cmdline\x00') close(r0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) 10:56:03 executing program 5: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup3(r1, r0, 0x0) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000001880)) 10:56:03 executing program 3: r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x24000000) 10:56:03 executing program 4: r0 = open$dir(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup(r0, &(0x7f0000000240)='syz0\x00', 0x1ff) 10:56:03 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x5452, &(0x7f0000000040)) 10:56:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) memfd_create(&(0x7f0000000340)='-,\x00', 0x0) ftruncate(r0, 0x0) 10:56:03 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xf) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) 10:56:03 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000100)={"0c99c4144973ac0792a6b3dd5162a873"}) 10:56:03 executing program 3: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) dup3(r0, r1, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:56:04 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:56:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000008580)=[{{&(0x7f00000077c0)={0x2, 0x4e23, @dev}, 0x10, 0x0}}], 0x1, 0x0) 10:56:04 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setsig(r0, 0xa, 0x0) 10:56:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) 10:56:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x8000) 10:56:04 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = dup2(r1, r0) ioctl$TCSETSF2(r2, 0x402c542d, 0x0) 10:56:05 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_opts(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0xfffffffffffffedb) 10:56:05 executing program 2: r0 = socket(0x11, 0x3, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfffffeeb}}, 0x0) 10:56:05 executing program 5: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) 10:56:05 executing program 1: r0 = inotify_init1(0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$LOOP_SET_FD(r2, 0x5450, r0) 10:56:05 executing program 3: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x5452, &(0x7f0000000040)) 10:56:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000) 10:56:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "1a00000acaffffe00000f69c61fc3ba186a200"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000080)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, 0x0, 0x0) 10:56:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xf) write$cgroup_netprio_ifpriomap(r0, 0x0, 0x0) 10:56:06 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={0x0}}, 0x0) 10:56:06 executing program 3: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') close(r0) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f00000002c0)) 10:56:06 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/loop-control\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r1, r0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000006c0), 0x10) 10:56:06 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x21, &(0x7f0000000080)={0x0, @multicast2, 0x0, 0x0, 'ovf\x00'}, 0x2c) 10:56:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:56:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x80) 10:56:06 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='sysfs\x00', 0x3, 0x0) chroot(&(0x7f0000000200)='./file0\x00') openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x40, 0x0) 10:56:06 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010080, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12}, &(0x7f0000000040)) sendmsg$NLBL_UNLABEL_C_STATICLIST(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000), 0x1c) write$P9_RCLUNK(r2, 0x0, 0x0) r3 = gettid() tkill(r3, 0x1000000000016) 10:56:07 executing program 4: sched_setscheduler(0x0, 0x5, &(0x7f0000000080)) syz_open_procfs(0x0, 0x0) ioctl$CHAR_RAW_ROSET(0xffffffffffffffff, 0x125d, 0x0) 10:56:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}}, 0x0) 10:56:08 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:56:08 executing program 1: r0 = socket$inet(0x2, 0x803, 0x1) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000ec0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) 10:56:08 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:56:08 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) 10:56:08 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) close(r0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000680)) 10:56:08 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000640)='/proc/self/attr/current\x00', 0x2, 0x0) dup3(r0, r1, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x1, 0x4) 10:56:08 executing program 0: r0 = gettid() r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x5409, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 10:56:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$ETHTOOL_MSG_WOL_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) close(r1) socket$inet6(0xa, 0x2, 0x0) tkill(r2, 0x1000000000014) 10:56:08 executing program 5: r0 = socket(0x2, 0x803, 0xd2) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:08 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, 0x0) 10:56:08 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:56:09 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000280), 0xa5, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = accept4$inet(r0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:09 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) 10:56:09 executing program 3: r0 = socket(0x1, 0x5, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) 10:56:09 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) dup3(r0, r1, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:09 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x5452, &(0x7f00000000c0)={0x1, 'vcan0\x00'}) 10:56:09 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$TIOCGPTPEER(r0, 0x8912, 0x74a000) [ 1180.791417][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:56:09 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:10 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, 0x0) tkill(r2, 0x8001004000000016) 10:56:10 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) write$P9_RLOCK(r0, 0x0, 0x0) 10:56:10 executing program 2: socket(0x1, 0x0, 0x3ff) 10:56:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) write$binfmt_aout(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) r2 = socket(0xa, 0x3, 0x1f) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r3 = gettid() tkill(r3, 0x1000000000016) 10:56:10 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:56:10 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, 0x0) 10:56:10 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10, 0x0}, 0x20008004) sendmsg$NL80211_CMD_SET_WDS_PEER(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8}, 0x0) 10:56:11 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:56:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r1) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000050c0)) 10:56:11 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$VT_WAITACTIVE(r1, 0x5607) [ 1182.486026][T21841] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 10:56:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 10:56:11 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpu.stat\x00', 0x26e1, 0x0) close(r0) syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:16 executing program 3: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000001100)='/dev/urandom\x00', 0x0, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:56:16 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/11, 0x7103) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = dup(r0) ioctl$NS_GET_OWNER_UID(r1, 0xb704, 0x0) 10:56:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:56:16 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x21, 0x0, &(0x7f0000000700)) 10:56:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0xc040014) 10:56:16 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x321, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) sendto$inet(r0, &(0x7f00000002c0)='G', 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000003c0)) r1 = dup(r0) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/199, 0xc7}], 0x1}}], 0x40003a0, 0x0, 0x0) tkill(r2, 0x14) read(r1, &(0x7f00000001c0)=""/159, 0x9f) 10:56:16 executing program 5: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x2, 0x0) dup2(r0, r1) ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000000)) 10:56:16 executing program 0: mkdirat$cgroup(0xffffffffffffff9c, &(0x7f0000000000)='syz0\x00', 0x1ff) r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) write$P9_RVERSION(r0, 0x0, 0x0) 10:56:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x5451, 0x0) 10:56:16 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) tkill(r1, 0x1000000000016) 10:56:16 executing program 3: r0 = epoll_create1(0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:56:17 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x29d1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0xe, 0x0, &(0x7f00000000c0)) 10:56:17 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000a80)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x108) 10:56:17 executing program 0: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r3 = dup2(r0, r1) sendmmsg$inet(r3, &(0x7f0000009e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 10:56:17 executing program 4: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x5451, 0x0) 10:56:17 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) [ 1188.696568][T21905] sock: process `syz-executor.1' is using obsolete getsockopt SO_BSDCOMPAT 10:56:17 executing program 2: sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x0) 10:56:17 executing program 1: open$dir(&(0x7f0000000000)='./file0\x00', 0x20540, 0x0) 10:56:17 executing program 0: sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) syz_open_procfs$namespace(0x0, 0x0) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040), 0xc, 0x0}, 0x0) 10:56:17 executing program 5: openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x80180, 0x0) 10:56:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup2(r0, r0) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={0x0}}, 0x0) 10:56:18 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x103002) write$P9_RLINK(r0, 0x0, 0x0) 10:56:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:56:18 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8901, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}) 10:56:18 executing program 5: socketpair(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r0, &(0x7f00000004c0)='4', 0x0, 0x8c094, &(0x7f00000014c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0) 10:56:18 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={0x0}}, 0x0) 10:56:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCSABS0(r0, 0x401845c0, 0x0) 10:56:18 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)) 10:56:19 executing program 1: connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xffdfb939}, 0x1b) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r1 = dup2(r0, r0) sendmsg$ETHTOOL_MSG_EEE_SET(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 10:56:19 executing program 5: r0 = eventfd(0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000), 0x4) 10:56:19 executing program 0: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$FIOCLEX(r0, 0x5451) 10:56:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) 10:56:19 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000000040)=ANY=[], 0x12d4}}, 0x20040040) 10:56:19 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, 0x0) 10:56:19 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSPGRP(r0, 0x8941, 0x0) 10:56:19 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x4, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x5450, 0x0) 10:56:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x12, 0x0, &(0x7f0000000080)) 10:56:20 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:56:20 executing program 2: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:20 executing program 3: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 10:56:20 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, "1a0000e2ffff0acaffffff0000e1fffffff300"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, 0x0) 10:56:20 executing program 0: r0 = inotify_init() r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:20 executing program 1: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000040)) 10:56:20 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/autofs\x00', 0x0, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup2(r1, r0) sendmmsg$unix(r0, 0x0, 0x0, 0x0) 10:56:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:56:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x24}}, 0x24000004) 10:56:21 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) 10:56:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000044, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={0x0}}, 0x0) 10:56:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)) 10:56:21 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0) close(r0) socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}}, 0x0) 10:56:21 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000002c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = accept4$inet(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x60) fadvise64(r2, 0x0, 0x0, 0x0) 10:56:21 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f000000b100)={0x2, 0x0, @dev}, 0x10) [ 1193.185180][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1193.265354][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:56:22 executing program 4: socketpair(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) r3 = dup2(r2, r1) write$P9_RLOPEN(r3, 0x0, 0x0) 10:56:22 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) ioctl$BLKSECDISCARD(r0, 0x5451, 0x0) 10:56:22 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={0x0}}, 0x0) 10:56:22 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcsa\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0) 10:56:22 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r1, r0) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000040)) 10:56:22 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001240)='/dev/autofs\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) dup2(r1, r0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8901, &(0x7f0000000140)={'sit0\x00', 0x0}) 10:56:23 executing program 5: socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = creat(&(0x7f0000001900)='./file0\x00', 0x0) dup3(r0, r1, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={0x0}}, 0x0) 10:56:23 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000005d00)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r0, 0x0, 0x0) 10:56:23 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20842, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5451, 0x0) 10:56:23 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000380)={0x0, 0x12}, &(0x7f0000000200)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r2 = dup2(r1, r1) sendto$packet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) close(r1) tkill(r0, 0x1000000000015) socket$inet6(0x10, 0x3, 0x0) 10:56:23 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r1, r0, 0x0) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x20008040) 10:56:23 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:56:23 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4000000) 10:56:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:56:23 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/152) 10:56:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x321, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000001040)="c3", 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/199, 0xc7}], 0x1}}], 0x40003a0, 0x0, 0x0) tkill(r1, 0x14) r2 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0) 10:56:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x78}}, 0x20040001) 10:56:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000080)=0xfef8) r2 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r2, r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) getpeername(r3, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000080)=0xfef8) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:56:24 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8983, &(0x7f0000000640)={0x6, 'wg2\x00'}) 10:56:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$CHAR_RAW_GETSIZE64(r0, 0x8981, 0x0) 10:56:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, 0x0, &(0x7f00000000c0)) 10:56:24 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_adj\x00') pwrite64(r0, &(0x7f0000000000)='5', 0x1, 0x0) 10:56:24 executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$SOCK_DESTROY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:56:25 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0x5450, 0x0) [ 1196.377447][T22086] syz-executor.3 (22086): /proc/22082/oom_adj is deprecated, please use /proc/22082/oom_score_adj instead. 10:56:25 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) tkill(r2, 0x1000000000016) 10:56:25 executing program 4: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) write$P9_RREMOVE(r0, 0x0, 0x0) 10:56:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x1a, 0x0, &(0x7f0000006500)) 10:56:25 executing program 3: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup2(r0, r1) write$cgroup_int(r1, 0x0, 0x0) 10:56:25 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x6, 0x11, 0x0, &(0x7f00000004c0)) 10:56:25 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) r2 = gettid() timer_create(0x0, &(0x7f0000000280)={0x0, 0x12}, &(0x7f0000044000)) r3 = dup(r1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={0x0}}, 0x0) tkill(r2, 0x1000000000016) 10:56:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x0, 0x0, 0x0, 0x0, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8}}]}, 0xffffff9a}}, 0x0) 10:56:26 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x5451, 0x0) 10:56:26 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:56:26 executing program 3: r0 = socket$inet(0x2, 0xa, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f00000005c0)={&(0x7f0000000080), 0x2000008c, &(0x7f0000000580)={0x0}}, 0x0) 10:56:26 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x5451, 0x0) 10:56:26 executing program 1: r0 = socket$inet(0x2, 0x3, 0x4) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) 10:56:26 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:27 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:56:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:56:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = open(&(0x7f0000001080)='./file0\x00', 0x40040, 0x0) dup3(r0, r1, 0x0) setsockopt$sock_cred(r1, 0x1, 0x28, &(0x7f00000000c0), 0xc) 10:56:27 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x20008090) 10:56:27 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) 10:56:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) dup2(r0, r1) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0xd, 0x0, &(0x7f0000000040)) 10:56:27 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_open_pts(r0, 0x0) r2 = dup2(r1, r0) getrandom(&(0x7f00000010c0)=""/4098, 0x1002, 0x0) ioctl$BLKREPORTZONE(r2, 0xc0101282, 0x0) 10:56:27 executing program 3: openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) close(r0) socket$unix(0x1, 0x800000000002, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f00000000c0)) 10:56:27 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$TUNSETIFINDEX(r0, 0x400454da, 0x0) 10:56:28 executing program 2: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 10:56:28 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4048080) 10:56:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x4080) 10:56:28 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000001c0), 0x4) 10:56:28 executing program 3: setrlimit(0x7, &(0x7f0000000000)) socket(0x11, 0xa, 0x0) 10:56:28 executing program 1: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000000c0), 0x4) 10:56:28 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x5450, 0x0) 10:56:28 executing program 4: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5451, 0x0) 10:56:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup3(r0, r1, 0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 10:56:28 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x5451, 0x0) 10:56:29 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:56:29 executing program 1: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcsa\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup2(r1, r0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0) 10:56:29 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) 10:56:29 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:29 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfffffd18}}, 0x0) 10:56:29 executing program 0: r0 = socket$inet(0x2, 0x3, 0x3) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) dup2(r1, r0) pwritev(r0, 0x0, 0x0, 0x0, 0x0) 10:56:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0xf) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) 10:56:30 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, &(0x7f0000000040)) 10:56:30 executing program 4: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x20000020000008, 0x0) ioctl$SIOCGIFHWADDR(r0, 0x5421, &(0x7f0000000100)) 10:56:30 executing program 2: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) ioctl$FIOCLEX(r0, 0x5451) 10:56:30 executing program 5: r0 = epoll_create(0x3ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:30 executing program 0: r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) shmat(r0, &(0x7f0000ff9000/0x4000)=nil, 0x5000) 10:56:30 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) r1 = dup(r0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) 10:56:30 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socket$inet(0x10, 0x2, 0x0) write$P9_RSTAT(r0, 0x0, 0x0) 10:56:30 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) write$apparmor_current(r2, 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) tkill(r1, 0x1000000000016) 10:56:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) syncfs(r0) 10:56:30 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:56:30 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x5409, 0x0) 10:56:31 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:56:31 executing program 2: r0 = eventfd(0x0) write(r0, &(0x7f0000000000)="abbefe935e3d03ef", 0x8) r1 = gettid() timer_create(0x0, &(0x7f0000000780)={0x0, 0x12}, &(0x7f00009b1ffc)) write$P9_RXATTRWALK(r0, &(0x7f0000000040)={0xf, 0x1f, 0x0, 0x6472}, 0xf) close(r0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x20402, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r1, 0x13) 10:56:31 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000002940)=0x5e) close(r1) socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:56:31 executing program 4: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r2 = dup(r0) sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:56:31 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0}}, 0x0) 10:56:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000000)=0x80) dup2(r0, r1) sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:56:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendto(r0, &(0x7f00000000c0)='O', 0x1, 0x4814, 0x0, 0x0) 10:56:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) io_setup(0x6, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) io_cancel(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x5, r3, &(0x7f0000000440)="447c7d0006f6485835ff656bb6f0bc9854d13c9f59b564d3d224e497861d39953c55d91ce20a5139b0adb57b6c1932d326365512c9b000d73c82619ca65eb4940207fffa59d8876c461d8c46a0cc4c83fc34a2f84f99744b133fff3be542f4c3a4a9d62fc40b23826f166e4c5dc94b6939f2576ae222d9b9444d74584d144826f07874b9cd46134cf8dd2ead58de5d44c7723acaaff9175aac63d1f45a9afe630c2fa9bfd08276c66149d11652a408cc10d0ec418c38bea37233befb4f1decdeb990beacdd74e458fd7b2bb16d8e85c0023f3220fd28511730b4a9b04e2cc2ff67a8a15d8af700d5ea0d8b7d332f1443a5d632", 0xf3, 0x2, 0x0, 0x3}, &(0x7f0000000180)) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') r4 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mknodat(r4, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0xc080661a, &(0x7f0000000300)={{0x1, 0x0, @identifier="e4df5ee5e1350931189035a7cbbb89f7"}}) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000006) open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="a0008550", @ANYRESHEX, @ANYRES32], 0x3}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000000) 10:56:32 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$KDSKBSENT(r2, 0x5608, 0x0) 10:56:32 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$KDGETKEYCODE(r0, 0x4b4c, 0x0) 10:56:32 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x541b, &(0x7f0000000040)={'wlan0\x00'}) 10:56:32 executing program 0: pipe2(&(0x7f0000001980)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$TIOCGISO7816(r0, 0x80285442, 0x0) 10:56:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) shutdown(r0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x5451, 0x0) 10:56:32 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000140)={'sit0\x00', 0x0}) 10:56:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup3(r0, r1, 0x0) sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:33 executing program 5: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r0, 0x5450, 0x0) 10:56:33 executing program 0: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x5452, &(0x7f0000000040)) 10:56:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x200100c1, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f00000073c0)={0x0, 0x0, &(0x7f0000007380)={0x0}}, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) r2 = gettid() tkill(r2, 0x1000000000016) 10:56:33 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcs\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x1a, 0x0, &(0x7f0000000000)) 10:56:33 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x8682) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:56:33 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x8005) 10:56:34 executing program 2: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) dup3(r0, r2, 0x0) getsockopt$SO_COOKIE(r2, 0x1, 0xc, 0x0, &(0x7f00000000c0)) 10:56:34 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000014c0)={0xffffffffffffffff}) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r0, r1) sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:56:34 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4$packet(r1, 0x0, 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000140)) 10:56:34 executing program 5: r0 = socket$nl_generic(0x2, 0x2, 0x88) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={&(0x7f0000000080), 0x57, &(0x7f0000000040)={&(0x7f00000000c0)={0xfffffffffffffd9c, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS]}, @ETHTOOL_A_STRSET_COUNTS_ONLY]}}}, 0x0) 10:56:34 executing program 1: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$F2FS_IOC_GET_FEATURES(r0, 0x2, &(0x7f0000000080)) 10:56:34 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) connect$netlink(r0, &(0x7f0000000080), 0xc) 10:56:34 executing program 0: socketpair(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={0x0}}, 0x0) 10:56:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:56:34 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0) 10:56:34 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:34 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x17, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:35 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000200)={0xffffffffffffffff}) socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r2, 0x0, 0x0) dup3(r2, r4, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:35 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)='sysfs\x00', 0x83, 0x0) chroot(&(0x7f0000000200)='./file0\x00') openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0xb18c69a6b490dcd4, 0x0) 10:56:35 executing program 3: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002640)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) 10:56:35 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0, 0xffffff11}}, 0x0) 10:56:35 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x0, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @broadcast}, 0x10) 10:56:36 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000001b40)={&(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10, 0x0}, 0x2004c8c5) sendmmsg$sock(r0, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x20000040, &(0x7f0000000080)=@phonet, 0x80) 10:56:36 executing program 0: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000800)) 10:56:36 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4(r1, 0x0, 0x0, 0x0) ioctl$int_out(r2, 0x2, &(0x7f0000000100)) 10:56:36 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) sendmsg$inet(r0, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) 10:56:36 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCPKT(r0, 0x5420, 0x0) 10:56:36 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='cgroup.controllers\x00', 0x26e1, 0x0) fchown(r0, 0x0, 0x0) 10:56:36 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x5451, 0x0) 10:56:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000080)=0xfef8) ioctl$EVIOCSREP(r1, 0x5450, 0x0) 10:56:37 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) dup3(r0, r1, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x14, 0x0, 0x0) 10:56:37 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4$inet(r0, 0x0, 0x0, 0x0) r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self\x00', 0x0, 0x0) r4 = dup3(r2, r3, 0x0) dup2(r4, r2) 10:56:37 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe2(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup2(r0, r1) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:37 executing program 0: r0 = socket(0x2, 0x1, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4010) 10:56:37 executing program 2: r0 = socket(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000100)={'tunl0\x00', {0x2, 0x0, @multicast2}}) 10:56:37 executing program 1: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000380)='/dev/urandom\x00', 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0) 10:56:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = inotify_init1(0x0) dup3(r0, r1, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:37 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x5452, &(0x7f0000000040)) 10:56:37 executing program 4: r0 = socket$inet(0x2, 0xa, 0x0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000040)={&(0x7f0000000000), 0x19, &(0x7f0000000100)={0x0}}, 0x0) 10:56:38 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:56:38 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x80) 10:56:38 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='uid_map\x00') close(r0) socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, 0x0, &(0x7f0000003200)) 10:56:38 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x5452, &(0x7f0000000300)={'gre0\x00', 0x0}) 10:56:38 executing program 4: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000880)='/dev/ttyS3\x00', 0x2, 0x0) write$eventfd(r0, 0x0, 0x0) 10:56:38 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000a00)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$lock(r2, 0x7, &(0x7f0000000040)) 10:56:38 executing program 0: r0 = memfd_create(&(0x7f0000000480)='}\x00', 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2, 0x0) sendfile(r1, r0, 0x0, 0x0) 10:56:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 10:56:39 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000005cc0)={0x0, 0x0, 0x0}, 0x0) 10:56:39 executing program 5: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:39 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xffffffffffffff56}}, 0x0) 10:56:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) tkill(r2, 0x1000000000016) 10:56:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, "4a722cf5c34b4246ea7a610cd1be48bffff314"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$GIO_SCRNMAP(r2, 0x4b40, 0x0) 10:56:39 executing program 4: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000640)='/proc/thread-self\x00', 0x0, 0x0) close(r0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000b00)) 10:56:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptmx\x00', 0x0, 0x0) close(r0) openat$dir(0xffffffffffffff9c, &(0x7f0000000d80)='./file0\x00', 0xa00c0, 0x0) fdatasync(r0) 10:56:39 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x6, 0x0, 0x0) 10:56:40 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:56:40 executing program 3: r0 = socket$nl_crypto(0x10, 0x3, 0x15) fchownat(r0, &(0x7f0000002840)='\x00', 0xffffffffffffffff, 0x0, 0x1000) 10:56:40 executing program 0: sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, 0x0, 0x20c58f9ed121e202) 10:56:40 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0xa201, 0x0) writev(r0, 0x0, 0x0) 10:56:40 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x20000054) 10:56:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_mtu(r0, 0x29, 0x17, 0x0, &(0x7f0000000100)) 10:56:40 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000002440)='/dev/vcs\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:41 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:56:41 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:56:41 executing program 1: r0 = socket(0x10, 0x2, 0x2) write$nbd(r0, 0x0, 0x0) 10:56:41 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x0, 0x0, 0x0, {}, ["", "", ""]}, 0xfffffffffffffe68}}, 0x0) 10:56:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000000)=0x80) dup2(r0, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername(r2, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000100)=0x80) sendmsg$NL80211_CMD_SET_PMKSA(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:41 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BLKFRASET(r0, 0x5451, 0x0) 10:56:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x8923, &(0x7f0000000180)={'sit0\x00', {0x2, 0x0, @dev}}) 10:56:41 executing program 1: r0 = socket$nl_generic(0x2, 0x2, 0x88) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000005c0)={&(0x7f0000000440), 0x336, &(0x7f0000000580)={&(0x7f00000004c0)={0xac, 0x0, 0x0, 0x0, 0x0, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES, @NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_CLIENT_FLAGS={0x8}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_TIMEOUT, @NBD_ATTR_SOCKETS={0x2c}, @NBD_ATTR_SIZE_BYTES={0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_TIMEOUT={0xc}]}, 0xac}}, 0x0) 10:56:41 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() sendmsg$NL80211_CMD_DEL_PMK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) tkill(r2, 0x1000000000016) 10:56:41 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x5451, 0x0) 10:56:42 executing program 5: r0 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup2(r1, r0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x5452, &(0x7f00000000c0)={'syztnl2\x00', 0x0}) 10:56:43 executing program 2: r0 = socket(0x10, 0x2, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_ADD_TX_TS(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:56:43 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x1fc, 0x0, 0x0, 0x0, 0x0, {}, [@NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0x1bc, 0x22, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}]}, {0x54, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xfffffffffffffce5}}, 0x0) 10:56:43 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control\x00', 0x0, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)) 10:56:44 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = gettid() ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x8001004000000016) 10:56:44 executing program 4: capset(&(0x7f0000000140)={0x20080522}, &(0x7f0000000180)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={0x0}}, 0x0) 10:56:44 executing program 2: r0 = epoll_create1(0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000080)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) write$char_usb(r0, 0x0, 0x0) 10:56:44 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000500)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:56:44 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}], 0xffffff79) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:56:44 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={0x0}, 0x1, 0x0, 0x5a28}, 0x0) 10:56:44 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x349, 0x20010080, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RLINK(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket(0x2, 0x2, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) 10:56:44 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={0x0}}, 0x840) 10:56:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000380)=0x404100000001, 0xfe3f) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132441) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x1f}, 0x1c) 10:56:45 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) dup2(r1, r0) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000200)) 10:56:45 executing program 4: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0) ioctl$BLKROSET(r0, 0x5450, 0x0) 10:56:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$nl_crypto(0x10, 0x3, 0x15) getpeername$packet(r0, 0x0, &(0x7f0000000080)) 10:56:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f0000004000)={0x0, 0x0, &(0x7f0000003fc0)={0x0}}, 0x8040) 10:56:53 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) write$P9_RCREATE(r0, 0x0, 0x0) 10:56:53 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_COPY(r0, 0x5450, 0x0) 10:56:53 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x2) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) dup3(r1, r0, 0x0) write$cgroup_type(r0, 0x0, 0x0) 10:56:53 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) setsockopt$inet_buf(r1, 0x0, 0x24, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000000)={0x3, 'vcan0\x00'}) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:56:53 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r0, 0x0, &(0x7f0000000240)) 10:56:53 executing program 2: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x90}}, 0x0) 10:56:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @loopback}, 0xc) 10:56:53 executing program 1: r0 = inotify_init1(0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) connect$unix(r0, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e) 10:56:53 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x4a0c3, 0x0) 10:56:53 executing program 4: process_vm_readv(0x0, &(0x7f0000000200), 0x0, &(0x7f0000000380)=[{0x0}], 0x1, 0x0) 10:56:54 executing program 3: r0 = socket$nl_crypto(0x10, 0x3, 0x15) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup2(r1, r0) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$TIOCMGET(r2, 0x5415, 0x0) 10:56:54 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet6(r0, &(0x7f00000006c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 10:56:54 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$evdev(r0, 0x0, 0x0) 10:56:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, 0x0, 0x2fc) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r3 = dup2(r2, r1) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r3, 0x89f5, &(0x7f0000000080)={'syztnl2\x00', 0x0}) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:56:54 executing program 1: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 10:56:54 executing program 4: setrlimit(0x3, &(0x7f0000000080)) 10:56:55 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'ip6tnl0\x00', 0x0}) 10:56:55 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffee7}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:56:55 executing program 0: timer_create(0x0, &(0x7f0000000340)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r2 = dup(r0) recvmmsg(r0, &(0x7f0000003c00)=[{{0x0, 0x0, &(0x7f0000003b00), 0x0, &(0x7f0000000180)=""/106, 0x6a}}], 0x400000000000116, 0x0, &(0x7f0000000040)={0x77359400}) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:55 executing program 4: r0 = inotify_init1(0x0) close(r0) socket$unix(0x1, 0x800000000002, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000000c0)=@buf) 10:56:56 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r0, 0x5452, &(0x7f00000000c0)) 10:56:56 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x5, 0x0, 0x2) 10:56:57 executing program 3: r0 = inotify_init1(0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r0) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, 0x0, &(0x7f0000002200)) 10:56:57 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x8682) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = dup(r0) ioctl$CHAR_RAW_REPORTZONE(r1, 0xc0101282, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:56:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x5451, 0x0) 10:56:57 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername(r0, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000080)=0x102b1) r2 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r2, r1) sendmsg$TIPC_NL_SOCK_GET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:56:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() write$P9_RLOCK(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r1) socket$unix(0x1, 0x1, 0x0) tkill(r2, 0x1000000000016) 10:56:57 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() recvfrom$inet(r1, &(0x7f00000004c0)=""/216, 0xd8, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) tkill(r2, 0x1000000000016) 10:56:57 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) ioctl$TCGETA(r0, 0x5421, &(0x7f00000000c0)) 10:56:57 executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000040)) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000100)={0x0, {0x2, 0x0, @broadcast}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e20, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='veth1_to_team\x00', 0x9, 0x9, 0x3}) sched_setscheduler(0x0, 0x5, &(0x7f0000000080)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETSNDBUF(r2, 0x5452, &(0x7f0000000080)) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000001) fcntl$dupfd(r2, 0x0, r3) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0) 10:56:58 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) syncfs(r0) 10:56:58 executing program 3: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) write$P9_RWSTAT(r0, 0x0, 0x0) 10:56:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)=0x0) sched_setscheduler(r1, 0x5, &(0x7f00000000c0)) 10:56:58 executing program 4: pipe2(&(0x7f0000000040), 0x4800) 10:56:58 executing program 0: r0 = open(&(0x7f00000005c0)='.\x00', 0x0, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000001c0)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) r4 = dup(r0) sendmsg$NL80211_CMD_DEL_PMK(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:56:58 executing program 4: socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_DEL_MPATH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) r2 = dup2(r1, r0) write$eventfd(r2, 0x0, 0x0) 10:56:58 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r0, &(0x7f00000001c0), 0x0, 0x26000010, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) 10:56:58 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[], 0x54}}, 0x10004914) 10:56:59 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x41, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r1, r0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x6, 0x0, 0x0) 10:56:59 executing program 0: openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0xa080, 0x0) 10:56:59 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:00 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:57:00 executing program 5: r0 = socket(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:57:00 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={0x0}}, 0x20000004) 10:57:00 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup3(r1, r0, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r2, 0x5452, 0x400ffe) 10:57:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x24000980) 10:57:00 executing program 4: pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$HDIO_GETGEO(r0, 0x5451, 0x0) 10:57:00 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvfrom$unix(r1, &(0x7f0000000200), 0x0, 0x20040, 0x0, 0x0) 10:57:00 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x40000) 10:57:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r2 = ioctl$TIOCGPTPEER(r1, 0x540d, 0x0) dup2(r0, r2) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r4 = ioctl$TIOCGPTPEER(r3, 0x540d, 0x0) ioctl$TIOCGETD(r4, 0x5424, &(0x7f0000000000)) 10:57:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "1a00009646ff26caffffff0000c1fffffff300"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$TCSETS(r2, 0x5402, 0x0) 10:57:00 executing program 5: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self\x00', 0x0, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000000c0)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) write$P9_RWRITE(r0, 0x0, 0x0) 10:57:00 executing program 3: r0 = socket(0x11, 0xa, 0x0) r1 = dup2(r0, r0) write$P9_RVERSION(r1, 0x0, 0x0) 10:57:01 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000000c0)={@remote, @empty}, 0xc) 10:57:01 executing program 1: r0 = eventfd2(0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000003980)={0x0, 0x0, &(0x7f0000003940)={0x0}}, 0x0) 10:57:01 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x12, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 10:57:01 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r2, r1, 0x0) r3 = dup3(r1, r0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x2, 0x0, &(0x7f0000000280)) 10:57:01 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x2a, 0x0, &(0x7f0000000080)) 10:57:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) read(r0, &(0x7f0000000180)=""/61, 0xe) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x61) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = syz_open_pts(r0, 0x0) fcntl$setstatus(r0, 0x4, 0xc00) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCSETA(r2, 0x5406, &(0x7f0000000140)) 10:57:01 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'sit0\x00', &(0x7f0000000500)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private2}}) 10:57:02 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r2 = ioctl$TIOCGPTPEER(r1, 0x540d, 0x0) dup2(r0, r2) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r4 = ioctl$TIOCGPTPEER(r3, 0x540d, 0x0) ioctl$TIOCMBIS(r4, 0x5425, 0x0) 10:57:02 executing program 1: r0 = socket$unix(0x1, 0x3, 0x0) connect$netlink(r0, &(0x7f0000003200)=@unspec, 0xc) 10:57:02 executing program 4: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) futex$FUTEX_WAIT_MULTIPLE(&(0x7f0000000000), 0x6, 0x10000000000001be, 0x0, 0x0, 0x0) 10:57:02 executing program 5: r0 = memfd_create(&(0x7f0000000240)='2\xf6\xa1\xce', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000040), 0x4) 10:57:02 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x0, 0x2002) write$P9_RWSTAT(r0, 0x0, 0x0) 10:57:02 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) recvmmsg(r0, &(0x7f0000001940), 0x173, 0x0, 0x0) r1 = dup(r0) r2 = gettid() timer_create(0x0, &(0x7f0000000300)={0x0, 0x12}, &(0x7f0000000340)) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x401004000000016) 10:57:02 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, 0x0) 10:57:02 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r2 = accept4(r1, 0x0, 0x0, 0x0) getsockopt$sock_timeval(r2, 0x1, 0x14, 0x0, &(0x7f0000000040)) 10:57:03 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCEXCL(r0, 0x540c) 10:57:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r0, r1, 0x0) sendmsg$NET_DM_CMD_STOP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:03 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='sysfs\x00', 0x3, 0x0) chroot(&(0x7f0000000200)='./file0\x00') openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x4040, 0x0) 10:57:03 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = fcntl$getown(r0, 0x9) sched_getattr(r1, &(0x7f00000004c0)={0x38}, 0x38, 0x0) 10:57:03 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0) dup2(r0, r1) getsockopt$bt_hci(r1, 0x0, 0x3, 0x0, &(0x7f00000000c0)) 10:57:03 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$TIOCNXCL(r0, 0x540d) 10:57:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4c000) 10:57:04 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) close(r0) creat(&(0x7f0000002140)='./file0\x00', 0x0) pwritev(r0, 0x0, 0x0, 0x0, 0x0) 10:57:04 executing program 5: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) write$binfmt_misc(r0, 0x0, 0x0) 10:57:04 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000200)=@gcm_256={{}, "d063700a52cca7c8", "80843922234fce7b4c434ff0a21e2208d21409ba4ed89657be8a0abbf368e44f", "391d61ab", "10dae7f1bf545d94"}, 0x38) 10:57:04 executing program 2: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x41, 0x0) fcntl$getown(r0, 0x9) 10:57:04 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$EVIOCGKEYCODE(r0, 0x5421, &(0x7f0000000000)=""/100) 10:57:04 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8904, &(0x7f0000000100)) 10:57:04 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0x232) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptmx\x00', 0x0, 0x0) readv(r3, &(0x7f0000000640)=[{&(0x7f00000000c0)=""/53, 0x35}], 0x1) ioctl$IOC_PR_REGISTER(r1, 0x401870c8, 0x0) tkill(r2, 0x1000000000015) 10:57:04 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3f) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RVERSION(r1, 0x0, 0x0) 10:57:05 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = gettid() openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x0, 0x0) tkill(r2, 0x1000000000016) 10:57:05 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000}, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) 10:57:05 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) 10:57:05 executing program 1: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:05 executing program 3: r0 = socket(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000084, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x24008040) 10:57:05 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000500)='/dev/loop-control\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:57:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r0) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0xe, 0x0, &(0x7f00000000c0)) 10:57:06 executing program 5: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESTART(r0, 0x4c01, 0x0) pipe2(&(0x7f0000000080), 0x0) r1 = socket(0x1, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x6, 0x11, &(0x7f0000000100)={{{@in6=@loopback, @in6=@dev}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) 10:57:06 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f00000000c0)='L', 0x1, 0x20000000, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r2 = accept4$inet6(r0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:57:06 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_opts(r0, 0x29, 0x30, &(0x7f0000000480)=""/233, &(0x7f0000000080)=0xfffffffffffffee5) 10:57:06 executing program 2: r0 = timerfd_create(0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:57:06 executing program 1: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x80) [ 1237.970456][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:57:06 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcs\x00', 0x0, 0x0) ioctl$BLKPBSZGET(r0, 0x5450, 0x0) 10:57:06 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000140), 0x1c) sendmsg$netlink(r0, &(0x7f0000003240)={0x0, 0x0, 0x0}, 0x0) 10:57:07 executing program 4: r0 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x6, 0x0) ioctl$BLKTRACESTART(r0, 0x5450, 0x0) 10:57:07 executing program 3: lchown(0x0, 0x0, 0xee00) 10:57:07 executing program 2: sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) lchown(0x0, 0x0, 0x0) 10:57:07 executing program 0: msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1) 10:57:07 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000080)={{0x2, 0x0, @remote}, {0x0, @random="6a8f28d10612"}, 0x28, {0x2, 0x0, @dev}}) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:57:07 executing program 5: r0 = socket(0x1, 0x5, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0) 10:57:07 executing program 4: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x40, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:57:07 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x5411, &(0x7f0000000000)={'gretap0\x00', 0x0}) 10:57:08 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close(r0) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000080)=""/245) 10:57:08 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:08 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x20040, 0x0) dup2(r0, r1) ioctl$PIO_UNIMAP(r1, 0x5452, &(0x7f0000000080)={0x57, 0x0}) 10:57:08 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) close(r0) socket$nl_crypto(0x10, 0x3, 0x15) tkill(r2, 0x1000000000016) 10:57:09 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x103542, 0x0) write$P9_RRENAMEAT(r0, 0x0, 0x0) 10:57:09 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x5450, 0x0) 10:57:09 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0) 10:57:09 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) 10:57:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0xf, &(0x7f0000000200)={'filter\x00', 0x4}, 0x68) 10:57:09 executing program 0: process_vm_readv(0xffffffffffffffff, &(0x7f00000001c0), 0x0, &(0x7f0000000400), 0x0, 0x0) 10:57:09 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) ioctl$CHAR_RAW_PG(r0, 0x5421, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0}) 10:57:10 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_crypto(0x10, 0x3, 0x15) dup3(r0, r1, 0x0) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:57:10 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/icmp6\x00') r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x17, 0x0, 0x0) 10:57:10 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TUNSETIFINDEX(r1, 0x400454da, 0x0) 10:57:10 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) dup3(r0, r1, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0xd, 0x0, 0x0) 10:57:10 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 10:57:10 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$CHAR_RAW_RAGET(r2, 0x1263, 0x0) 10:57:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x14, 0x0, 0x0) 10:57:11 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x2, &(0x7f0000000080)={0x3, 'vcan0\x00'}) 10:57:11 executing program 1: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup2(r1, r0) getsockopt$inet_opts(r0, 0x0, 0xd, 0x0, &(0x7f00000000c0)) 10:57:11 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x6, 0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) 10:57:11 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) socket$unix(0x1, 0x5, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, &(0x7f0000000800)) 10:57:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) dup2(r1, r0) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f00000001c0)) 10:57:12 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='gid_map\x00') write$P9_RLCREATE(r0, 0x0, 0x0) 10:57:12 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:57:12 executing program 1: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x5450, 0x0) 10:57:12 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_mreq(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)) 10:57:12 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) dup3(r1, r0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[], 0x6c1) r2 = dup(r0) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4488}}, 0x0) 10:57:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8902, &(0x7f0000000000)={'wlan0\x00'}) 10:57:16 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000000)='k', 0x1, 0x0, 0x0, 0x0) recvfrom(r1, 0x0, 0x0, 0x2000, 0x0, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x34}}, 0x0) 10:57:16 executing program 3: r0 = socket(0x11, 0x3, 0x0) write$P9_RSETATTR(r0, 0x0, 0x0) 10:57:16 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(r0, 0x5450, 0x0) 10:57:16 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000000)={0x0, 0x0, 0x0}) 10:57:16 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0xe, 0x0, &(0x7f00000000c0)) [ 1248.275222][T23065] sock: process `syz-executor.5' is using obsolete getsockopt SO_BSDCOMPAT 10:57:17 executing program 2: r0 = socket(0xa, 0x80801, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x4, 0x0, &(0x7f0000000000)) 10:57:17 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001240)='/dev/autofs\x00', 0x0, 0x0) ioctl$CHAR_RAW_ALIGNOFF(r0, 0x5450, 0x0) 10:57:17 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) 10:57:17 executing program 5: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000001100)='/dev/urandom\x00', 0x0, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={0x0}}, 0x0) 10:57:17 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x5451, 0x0) 10:57:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400c000, &(0x7f0000000300)={0x2, 0x4e20}, 0x10) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) [ 1249.157221][T23086] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 10:57:18 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f0000001280)=ANY=[], 0xffffffe8) r1 = dup(r0) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x8001004000000016) 10:57:18 executing program 1: sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) 10:57:18 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:57:18 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup3(r0, r1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x22, 0x0, &(0x7f0000000040)) 10:57:18 executing program 3: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self\x00', 0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[], 0x44}}, 0x0) 10:57:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000001080)='/dev/null\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x4048010) 10:57:18 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00') close(r0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f00000000c0)=0x1d, 0x4) 10:57:18 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001800)) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:57:18 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x5452, &(0x7f0000000080)={'team0\x00'}) 10:57:19 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, 0x0) 10:57:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x2) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:19 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = dup(r0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x1a, 0x0, &(0x7f0000000080)) 10:57:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:24 executing program 3: r0 = inotify_init() close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:57:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000044, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) r2 = accept4$inet(r0, 0x0, 0x0, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:57:24 executing program 5: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:57:24 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x2d3) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000200)="96", 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x2000, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:24 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x61e5654f7e8321f5, 0xc6) [ 1255.489580][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:57:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}}, 0x0) 10:57:24 executing program 3: sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) syz_open_procfs$namespace(0x0, 0x0) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) 10:57:24 executing program 5: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:24 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, 0x0) 10:57:24 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000180)={&(0x7f0000000000), 0x2a, &(0x7f0000000040)={0x0, 0x2c}}, 0x0) 10:57:24 executing program 2: r0 = eventfd(0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:25 executing program 5: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r1 = epoll_create1(0x0) dup2(r1, r0) epoll_pwait(r0, &(0x7f0000000700)=[{}], 0x1, 0x0, 0x0, 0x0) 10:57:25 executing program 1: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001340)='/dev/ttyS3\x00', 0x141641, 0x0) write$nbd(r0, 0x0, 0x0) 10:57:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x5411, &(0x7f0000000000)) 10:57:25 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "1a0000e2ffff0acaffffff0000e1ffffff0200"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x1) 10:57:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, "1a0000e2ffff0acaffffff0000e1ffffff0200"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0) 10:57:25 executing program 5: mknod(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000040)='./file0\x00', 0x0, 0x1840, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', 0x0, 0x9114a0, &(0x7f0000000140)='\r`\xa7\xf8{,\xc4\x9c\xe3\x92\xcd\tMS\xb8\xc4Xi_\xe8,\'*l\xde\x82\xc8\xcah\xe0\xa5\x9a\x88\x02\xf7\xcf\x846\x8e\xcft\xe4\xe1\xec\a -\xf0r\xfb\xc7\xdch:\xcf\xd72\xb1\xf8\xc0*\x18\xbd.Q\xbdG\xbfW\xd2\xef.\x92\x05\xd5\x01\x04\xcd,e:\xdd\x9e\xf7\v\xef<$&S\x04\xb7\xe6\x88\x9e\x91e\xb4f\xff\xe2\x00\xb6O5\xb1]+\x8a\xb8P\xff\x18\x85u\xe4a?l\xd70\x01\xa2._\xd4\x1c\xf4\x93$\x88eq\xb0\x06\x00\x00\x00\xc9\xdf\xc6pD\xdb\x14\v\xac\x01\xf9\bk\xf1\xc4\xbe\xf5\xd1\xc0\xf0;f\x11\x93\x16\xde\xa0j\xb0I\x8b\xab\x01\xa1\xde\x13\n\xdfR\xe2\x83\xac\xfb\xcaa\xc5\xd8V{\x13\x18eu\xbe:\xca\xaa\xc7IGiy\xdc\x0f\xe9\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xfeO\xfc\xe1\xc5w\xe0\x19$2\xdbT\xcco\xde\xfc\xb0\xe4@\xc4\x13\xad\xe1\xd2\xf3\xaa\xd8\xcc:\x85\\\xc4\xdc\xe9\xc6\xdcg\vz[\xb6\xaa') 10:57:25 executing program 1: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "723fe5978551bd64ce6380bc09d277c69381d0"}) 10:57:27 executing program 3: r0 = memfd_create(&(0x7f00000000c0)='ppp1@.$mime_type-\x00', 0x0) write$char_usb(r0, 0x0, 0x0) 10:57:27 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffff04) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$GIO_SCRNMAP(r1, 0x4b40, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:57:27 executing program 5: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) dup3(r0, r2, 0x0) sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) 10:57:27 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='.\x00', 0x0, 0x0) r1 = dup(r0) getdents64(r1, &(0x7f0000000500)=""/93, 0x5d) 10:57:27 executing program 2: semctl$SEM_STAT(0x0, 0x1, 0x12, &(0x7f0000000000)=""/165) 10:57:27 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) write$9p(r0, 0x0, 0x0) 10:57:27 executing program 4: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:27 executing program 2: openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) 10:57:27 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup2(r1, r0) ioctl$int_out(r2, 0x2, &(0x7f0000000000)) 10:57:27 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x9aec485ad7976ecb, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) fcntl$setsig(r1, 0xa, 0x0) 10:57:27 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x5452, &(0x7f0000000000)) 10:57:27 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0) 10:57:28 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) r2 = gettid() ioctl$TIOCGDEV(r1, 0x80045432, 0x0) tkill(r2, 0x1000000000016) 10:57:28 executing program 4: socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000005c0)={&(0x7f0000000480), 0xc, &(0x7f0000000580)={0x0}}, 0x0) 10:57:28 executing program 1: r0 = epoll_create(0x3752f071) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r1, r0, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000005c0)={@multicast1, @local}, 0x8) 10:57:28 executing program 5: capset(&(0x7f00000001c0)={0x19980330}, &(0x7f0000000200)) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_STAT(r0, 0x2, 0x0) 10:57:28 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) r1 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r1, &(0x7f00000000c0)=ANY=[], 0xffffffe8) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, 0x0) 10:57:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:29 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 10:57:29 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:29 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) 10:57:29 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x4, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x5451, 0x0) 10:57:29 executing program 0: r0 = inotify_init1(0x0) ioctl$BLKALIGNOFF(r0, 0x5451, 0x0) 10:57:30 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') write$P9_RLERROR(r0, 0x0, 0x0) 10:57:34 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) sched_getattr(r1, &(0x7f00000000c0)={0x38}, 0x38, 0x0) 10:57:34 executing program 4: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000001500)='/proc/self\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001980)={0xffffffffffffffff}) dup2(r1, r0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:57:34 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x202) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$TIOCL_GETSHIFTSTATE(r1, 0x541c, 0x0) 10:57:34 executing program 3: r0 = memfd_create(&(0x7f00000002c0)='+posix_acl_access\x00', 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x9, &(0x7f0000000040), 0x4) 10:57:34 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f00000015c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}}, 0x0) 10:57:34 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x800) 10:57:34 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) write$P9_RREAD(r0, 0x0, 0x0) 10:57:35 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000001c0)='/dev/input/event#\x00', 0x0, 0x806) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$TCSBRK(r1, 0x5409, 0x0) 10:57:35 executing program 0: r0 = socket(0x2, 0xa, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, 0x0, 0x0) 10:57:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/net/tun\x00', 0x0, 0x0) r3 = dup2(r2, r1) r4 = dup2(r2, r3) ioctl$KDSETMODE(r4, 0x4b3a, 0x0) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:57:35 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NLBL_UNLABEL_C_ACCEPT(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:35 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3f) ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x5450, 0x0) 10:57:35 executing program 5: sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='auxv\x00') ioctl$sock_SIOCGIFBR(r0, 0x5451, 0x0) 10:57:35 executing program 0: r0 = eventfd(0x0) r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) dup2(r0, r1) write$cgroup_type(r1, &(0x7f0000000100)='threaded\x00', 0x9) 10:57:35 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, 0x0) 10:57:36 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1a, &(0x7f00000000c0)={@ipv4={[], [], @empty}}, 0x20) 10:57:36 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f00000010c0)={0x77359400}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) r1 = dup(r0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0) recvfrom$inet6(r1, &(0x7f0000000080)=""/162, 0xa2, 0x0, 0x0, 0x0) 10:57:36 executing program 5: r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x20) 10:57:36 executing program 4: open$dir(&(0x7f0000000040)='./file0\x00', 0x123442, 0x108) 10:57:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "b84663402b479ee2ede44dd61f77bfbefff300"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, 0x0) 10:57:41 executing program 1: socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) fchownat(r2, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000) 10:57:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) 10:57:41 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = signalfd4(0xffffffffffffffff, &(0x7f00000004c0), 0x8, 0x0) dup2(r0, r1) getsockopt$IP6T_SO_GET_INFO(r1, 0x88, 0xa, 0xffffffffffffffff, &(0x7f0000000040)) 10:57:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000000), 0x0, 0x40012122, &(0x7f0000000040)={0x0, 0x3938700}) 10:57:41 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000080)) 10:57:41 executing program 0: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RCREATE(r0, &(0x7f0000000000)={0x18}, 0xffffff93) write$evdev(r0, &(0x7f0000000100)=[{}], 0x18) 10:57:41 executing program 5: socketpair(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() sendmsg$inet6(r1, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r1) socket$inet(0x2, 0x3, 0x4) tkill(r2, 0x1000000000016) 10:57:41 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) dup2(r0, r1) write$P9_RLOPEN(r1, 0x0, 0x0) 10:57:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x540d, 0x0) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0x5450, 0x0) 10:57:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000380)=0x404100000001, 0xfe3f) r1 = socket(0x2, 0x80001, 0x0) r2 = dup2(r0, r1) connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e) sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:57:42 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) dup2(r1, r0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000000)) 10:57:42 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RLERRORu(r0, 0x0, 0x0) 10:57:42 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = dup2(r0, r0) connect$inet6(r1, &(0x7f00000018c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) write$char_usb(r1, &(0x7f0000000000)="1333", 0x2) 10:57:42 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x6, 0x0) dup3(r0, r1, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:57:42 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) close(r0) socket$packet(0x11, 0x3, 0x300) r1 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r2, 0x1, 0x6}, 0x10) 10:57:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) syz_open_pts(r1, 0x301000) [ 1274.099870][T23403] device lo entered promiscuous mode [ 1274.150361][T23398] device lo left promiscuous mode [ 1274.196957][T23408] device lo entered promiscuous mode [ 1274.231243][T23398] device lo left promiscuous mode 10:57:43 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) sendmmsg$sock(r2, &(0x7f0000000440)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x3}, 0x80, 0x0}}], 0x1, 0x200080d1) sendmsg$IPVS_CMD_SET_CONFIG(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x41) 10:57:43 executing program 1: mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 10:57:43 executing program 4: openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x200500, 0x0) 10:57:43 executing program 0: r0 = memfd_create(&(0x7f00000000c0)='-(\x00', 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x5450, 0x0) 10:57:43 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000000)) 10:57:43 executing program 3: r0 = epoll_create1(0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x2, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}) 10:57:43 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, 0x0}, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') close(r2) socket$inet_udplite(0x2, 0x2, 0x88) tkill(r1, 0x1000000000016) 10:57:43 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) 10:57:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r1, 0x5450, 0x0) 10:57:43 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={0x0}}, 0x20000001) 10:57:44 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:44 executing program 3: r0 = inotify_init() r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0) 10:57:44 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) sendmsg$NLBL_CALIPSO_C_LIST(r0, 0x0, 0x0) 10:57:44 executing program 4: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0x541b, 0x960000) 10:57:44 executing program 2: r0 = eventfd2(0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:44 executing program 0: timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000440)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, r0+10000000}}, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000740)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = memfd_create(&(0x7f0000000340)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x948\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf$\x89\x00\x00\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88\xf0\x1e\r\xd5\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j%\xa5\xcc\xa6\x86\xb2\xdeY\x17yX\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd7\x1c]ImZlU\".\x18)\xcf\x1am\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xcew\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf\x00'/246, 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) setfsuid(0x0) 10:57:44 executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x5450, 0x0) 10:57:45 executing program 4: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) fcntl$addseals(r0, 0x2, 0x0) 10:57:45 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) [ 1276.452170][T23460] ERROR: Domain ' /sbin/init /usr/sbin/sshd /usr/sbin/sshd /bin/bash /root/syz-fuzzer /root/syz-executor.0 proc:/self/fd/3' not defined. 10:57:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x8880) 10:57:45 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000080)) 10:57:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername$inet(r0, 0x0, 0x0) 10:57:45 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$KIOCSOUND(r1, 0x540c, 0x0) 10:57:45 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 10:57:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:46 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:57:46 executing program 0: ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) dup3(r0, r1, 0x0) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:46 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) dup3(r1, r0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) write$binfmt_elf64(r0, &(0x7f0000001880)=ANY=[], 0x6c1) r2 = dup(r0) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x11c}}, 0x0) 10:57:46 executing program 1: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) close(r0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$FS_IOC_MEASURE_VERITY(r0, 0x8903, &(0x7f0000000200)) 10:57:46 executing program 3: timer_create(0x0, &(0x7f0000000340)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() r2 = dup(r0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r2, r3) setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000140)={0x77359400}, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1004000000013) 10:57:47 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$LOOP_GET_STATUS64(r0, 0x5421, &(0x7f0000000080)) 10:57:47 executing program 0: socket$inet_icmp_raw(0x2, 0x2, 0x1) 10:57:47 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffffb, &(0x7f0000000000)={0x0, 0xfffffed1}}, 0x0) 10:57:47 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$EVIOCGABS2F(r0, 0x5450, 0x0) 10:57:47 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000280)=[{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, 0x0}], 0x1, 0x0) 10:57:47 executing program 0: r0 = socket(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={0x0}}, 0x0) 10:57:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0xb6) read(r0, &(0x7f00000000c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_open_pts(r0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f00000001c0)) 10:57:48 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:57:48 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) r1 = open(&(0x7f0000000000)='./file1\x00', 0x870596b8a61e827e, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x5450, r0) 10:57:48 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGUNIQ(r1, 0x80404508, 0x0) 10:57:48 executing program 4: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f00000004c0)={&(0x7f00000003c0), 0xc, &(0x7f0000000480)={0x0}}, 0x0) 10:57:48 executing program 3: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000640)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$FIBMAP(r0, 0x5421, &(0x7f0000000040)) 10:57:48 executing program 2: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:48 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000008440)='/dev/full\x00', 0x0, 0x0) ioctl$sock_SIOCADDDLCI(r0, 0x8980, 0x0) 10:57:49 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:49 executing program 5: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000009c0)=ANY=[], 0x2d0}}, 0x0) 10:57:49 executing program 3: r0 = eventfd2(0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:57:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$EVIOCGABS3F(r0, 0x5450, 0x0) 10:57:49 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='ns\x00') dup3(r0, r1, 0x0) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:57:49 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) pipe2(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup2(r0, r1) ioctl$KDSKBMODE(r1, 0x4b40, 0x0) 10:57:49 executing program 0: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:50 executing program 3: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:50 executing program 4: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') faccessat(r0, &(0x7f00000001c0)='./file0/../file0\x00', 0x0) 10:57:50 executing program 5: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x4b66, &(0x7f0000000000)) 10:57:50 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) 10:57:50 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) vmsplice(r0, 0x0, 0x0, 0x0) 10:57:50 executing program 3: r0 = socket(0x2, 0x80002, 0x0) close(r0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='oom_adj\x00') splice(r0, 0x0, r2, 0x0, 0xc0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYRESHEX], 0x12) 10:57:50 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$unix(0x1, 0x1, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) 10:57:50 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000200)="96", 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x2000, 0x0, 0x0) sendmsg$FOU_CMD_GET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:57:50 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:51 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) r3 = dup(r0) write$P9_RVERSION(r3, 0x0, 0x0) 10:57:51 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0x5450, 0x0) 10:57:51 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = ioctl$TUNGETDEVNETNS(r0, 0x5450, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000002940)=0x5e) close(r3) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendmmsg$inet(r1, 0x0, 0x0, 0x0) 10:57:51 executing program 5: r0 = memfd_create(&(0x7f0000000280)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa2Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bcc\xad\x89\x9ck\xde\xc5\xe96\xddUE\xc98M\xcd\xfb\xcc\x97\xb4\v\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\x00\xa5\xc24\xd6\xfe7\x0f', 0x0) write$cgroup_pid(r0, &(0x7f0000000040), 0x12) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000080), 0x219) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) 10:57:51 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r0, r1) setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000280)={@mcast1}, 0x14) 10:57:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$TIOCSSOFTCAR(r1, 0x5421, &(0x7f0000000040)) 10:57:51 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000040)) 10:57:51 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/protocols\x00') readv(r0, 0x0, 0x0) 10:57:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) capset(&(0x7f0000000280)={0x19980330}, &(0x7f0000000600)) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:52 executing program 5: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) syz_open_procfs(0x0, 0x0) ioctl$SIOCGIFHWADDR(r0, 0x8927, 0x0) 10:57:52 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) dup2(r0, r1) getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x1a, 0x0, &(0x7f0000000080)) 10:57:52 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4000) 10:57:52 executing program 1: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x4000000000001e1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) 10:57:52 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000500)='/dev/full\x00', 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ttyS3\x00', 0x0, 0x0) dup2(r1, r0) ioctl$KDSETLED(r0, 0x5409, 0x0) 10:57:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000001580)='/proc/self/attr/current\x00', 0x2, 0x0) dup2(r0, r1) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r0, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f00000000c0)=0x80) dup3(r0, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:57:53 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = dup(r0) ioctl$RNDADDENTROPY(r1, 0x5452, &(0x7f0000000080)) 10:57:53 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000300)="86", 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0xfffffffffffffd0f, 0x2000, 0x0, 0xfffffe73) sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) read$eventfd(r0, 0x0, 0x0) 10:57:53 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00') exit(0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) 10:57:53 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x4b, 0x0, &(0x7f0000000000)) 10:57:54 executing program 5: sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, 0x0) 10:57:54 executing program 3: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000002b00)='net/dev_snmp6\x00') dup2(r1, r0) fchdir(r0) 10:57:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x6, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) dup2(r2, r1) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x5, 0x0, &(0x7f0000000000)) 10:57:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r1, r0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x21, 0x0, &(0x7f0000000040)) 10:57:54 executing program 0: r0 = eventfd(0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) dup2(r1, r0) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000200)=""/4096) 10:57:55 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x100, 0x0) ioctl$TUNSETCARRIER(r0, 0x5450, 0x0) 10:57:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x4801) 10:57:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r0, &(0x7f0000000900)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000980)=0x80) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, 0x0, 0x0) 10:57:55 executing program 2: r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x840, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:57:55 executing program 0: r0 = memfd_create(&(0x7f0000000100)='\x84\x0e\x13s\xf1\xb5\x05\xe2qO\xb8\x893\x81`\xd2\x99\x96\x01\x00\x00\x00\x00\x00\x00\x00\x1c\a\xd0#\x05%\x18\x17Z\xa2gS\xc1\xe0\v\xcb\t\xe6\xe6*\xe9\xa3\xdc\x91', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, 0x0, &(0x7f0000000040)) 10:57:55 executing program 4: sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) 10:57:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x294) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) getsockopt$inet_mreqsrc(r1, 0x0, 0x29, 0x0, &(0x7f00000000c0)) 10:57:56 executing program 5: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000540)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000240)) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:56 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r0, 0x541b, 0x960000) 10:57:56 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r1, r0, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0xa, 0x0, &(0x7f0000000bc0)) 10:57:56 executing program 4: r0 = socket$nl_generic(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x5411, &(0x7f0000000080)={0x2, 'geneve1\x00'}) 10:57:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000180)={0x20, 0x0, 0x0, 0x0, 0x25dfdbfc, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) socket$packet(0x11, 0x0, 0x300) tkill(r2, 0x1000000000016) 10:57:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x80) 10:57:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, 0x0) 10:57:57 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000f40)='net/sockstat\x00') read$eventfd(r0, 0x0, 0x0) 10:57:57 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x5450, 0x0) 10:57:57 executing program 0: r0 = msgget(0xffffffffffffffff, 0x0) msgsnd(r0, &(0x7f0000000340)={0x2, "6ba1529d9040ff4e7b1a34425847c6c044572beac6010140d6ff39efbd805f92576eaebde09d94865a5d711493fa3c3ded050c11da2b4095f489ef1f00"/89}, 0x0, 0x800) msgrcv(r0, &(0x7f0000000040)=ANY=[], 0x0, 0x1, 0x2000) 10:57:57 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) close(r0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_FONT(r0, 0x4b60, 0x0) 10:57:57 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) r3 = dup2(r2, r0) ioctl$RNDCLEARPOOL(r3, 0x5206, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:57:57 executing program 0: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r2 = dup(r0) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:58 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup2(r0, r0) write$P9_RRENAMEAT(r1, 0x0, 0x0) 10:57:58 executing program 1: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5450, 0x0) 10:57:58 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:57:58 executing program 4: r0 = open(&(0x7f0000000080)='./file0\x00', 0x113460, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:57:58 executing program 2: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={0x0}}, 0x0) 10:57:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r0, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000100)=0x34) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r2, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000100)=0x34) sendmsg$NL80211_CMD_GET_MPATH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:57:59 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/ipc\x00') r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/zero\x00', 0x0, 0x0) dup3(r1, r0, 0x0) read(r0, 0x0, 0x0) 10:57:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x4b, 0x0, &(0x7f00000000c0)) 10:57:59 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='oom_adj\x00') write$P9_RREADDIR(r0, &(0x7f0000000300)={0x30, 0x29, 0x0, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}, {{}, 0x0, 0x0, 0x7, './file0'}, {{}, 0x0, 0x0, 0xfffffffffffffd9e, './file0'}, {{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x87) 10:57:59 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x0, 0x0) dup2(r0, r1) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0xa, 0x0, 0x0) 10:58:00 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0xffffffffffffb939}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 10:58:00 executing program 0: r0 = socket$inet(0x2, 0x803, 0x1) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000ec0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)) 10:58:00 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x101401, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) 10:58:00 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x977623d8}}, 0x0) 10:58:00 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x24040854) 10:58:00 executing program 4: openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.clone_children\x00', 0x2, 0x0) pwritev(r0, 0x0, 0x0, 0x0, 0x0) 10:58:00 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x0) 10:58:00 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = dup(r0) ioctl$TIOCNOTTY(r1, 0x5422) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:58:00 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000004f00)={0x0, 0x0, &(0x7f0000004ec0)={0x0}}, 0x0) 10:58:00 executing program 4: r0 = open(&(0x7f0000000180)='./file1\x00', 0x84c0, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:01 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r2 = dup3(r0, r1, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:58:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) dup2(r0, r1) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4) 10:58:01 executing program 0: capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={0x0}}, 0x0) 10:58:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) close(r0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0xffffffffffffb939}, 0x1c) r3 = gettid() tkill(r3, 0x1000000000016) 10:58:01 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) close(r1) close(0xffffffffffffffff) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0xffffffffffffb939}, 0x1c) r3 = gettid() tkill(r3, 0x1004000000015) 10:58:01 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$CHAR_RAW_BSZSET(r0, 0x5451, 0x0) 10:58:01 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:58:01 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x4000000) 10:58:02 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(0xffffffffffffffff, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) setsockopt$inet_buf(r1, 0x0, 0x0, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000b80)='\x88])+\x00', 0x0) write(r2, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x15) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000000)={0x3, 'veth1_macvtap\x00', {0x7200}, 0x3}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 10:58:02 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) close(r0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) setsockopt$sock_int(r3, 0x1, 0x2b, &(0x7f0000000100)=0x20, 0x4) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000140)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14) tkill(r1, 0x1000000000016) 10:58:02 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) socket$unix(0x1, 0x1, 0x0) tkill(r2, 0x1000000000016) 10:58:02 executing program 5: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_udp_int(r0, 0x11, 0xb, 0x0, &(0x7f0000000040)) 10:58:02 executing program 2: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='sysfs\x00', 0x4, &(0x7f00000001c0)=',\x00') 10:58:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_mreq(r0, 0x0, 0x20, 0x0, &(0x7f0000000380)) 10:58:03 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r2 = dup2(r0, r1) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:58:03 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r0, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f0000000080)=0xf) dup3(r1, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:58:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r2 = ioctl$TIOCGPTPEER(r1, 0x540d, 0x0) dup2(r0, r2) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r4 = ioctl$TIOCGPTPEER(r3, 0x540d, 0x0) ioctl$TCSETXW(r4, 0x5427, 0x0) 10:58:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x8000) 10:58:03 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2}, 0x1c) listen(r1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) 10:58:03 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) bind(r0, &(0x7f0000001600)=@ethernet, 0x80) 10:58:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = creat(&(0x7f0000000d80)='./file0\x00', 0x0) dup3(r0, r1, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) [ 1295.035289][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. 10:58:03 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) [ 1295.136668][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. 10:58:04 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r0, 0x5608, &(0x7f0000000180)) 10:58:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r0, r1) sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:04 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000080)={0x0, @rand_addr, @initdev}, &(0x7f00000000c0)=0xc) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x0) 10:58:04 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = memfd_create(&(0x7f0000000000)='[\x00', 0x0) dup3(r0, r1, 0x0) sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10:58:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGKEYCODE_V2(r0, 0x5421, &(0x7f0000000240)=""/168) 10:58:04 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:04 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x200000000001, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r2 = dup3(r1, r0, 0x0) r3 = accept4$packet(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f0000000000)) 10:58:04 executing program 3: r0 = timerfd_create(0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:58:04 executing program 2: r0 = socket$nl_generic(0xa, 0x3, 0x10) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x5c, 0x0, 0x0, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vlan0\x00'}]}]}, 0x5c}}, 0x0) setsockopt$netlink_NETLINK_RX_RING(r0, 0x29, 0x14, &(0x7f0000000500)={0xf0ffff}, 0x1b) 10:58:04 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) dup2(r0, r1) getsockopt$inet6_opts(r1, 0x29, 0x37, &(0x7f0000000800)=""/114, &(0x7f0000000880)=0x72) 10:58:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000140)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x129f0817) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, 0x0) 10:58:05 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000280)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) 10:58:05 executing program 5: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) lseek(r0, 0x0, 0x3) 10:58:05 executing program 3: r0 = eventfd(0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000026c0)={0x0}}, 0x0) 10:58:05 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8901, &(0x7f00000002c0)={0x2, 'nr0\x00'}) 10:58:05 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x50009401, 0x0) 10:58:06 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:58:06 executing program 3: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:06 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, 0x0) 10:58:07 executing program 5: r0 = epoll_create(0x5) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x5451, 0x0) 10:58:07 executing program 1: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000740)='/proc/thread-self/attr/current\x00', 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000800)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x0) 10:58:07 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, 0x0) 10:58:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r0, &(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000600)=0x80) sendmsg$inet6(r1, 0x0, 0x0) 10:58:08 executing program 5: lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) utimensat(r0, 0x0, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, 0x0) 10:58:08 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) writev(r0, 0x0, 0x0) 10:58:08 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = eventfd2(0x0, 0x0) dup2(r0, r1) ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000001800)) 10:58:08 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x5409, 0x0) 10:58:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000040), 0x10) 10:58:12 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x4, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}}}, 0x108) 10:58:12 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) 10:58:12 executing program 1: sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, 0x0, 0xba5af438dd67a809) 10:58:12 executing program 3: openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r0, 0x5451, 0x0) 10:58:12 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) dup2(r0, r1) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000280)=""/4096) 10:58:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup2(r0, r0) getpeername$inet(r1, 0x0, &(0x7f0000000040)) 10:58:13 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vga_arbiter\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:58:13 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) close(r0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r0, 0x4b37, 0x0) 10:58:13 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) 10:58:13 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r0, 0x402c542b, &(0x7f0000000080)) 10:58:13 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x5421, &(0x7f0000000080)={'veth0_vlan\x00', {0x2, 0x0, @local}}) 10:58:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) dup2(r0, r1) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:58:14 executing program 2: r0 = socket$inet(0x2, 0xa, 0x0) connect$inet(r0, 0x0, 0x26) 10:58:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x200440c0) 10:58:14 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, 0x0) 10:58:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000180)=0x80) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_SET_PMK(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:58:14 executing program 3: open$dir(0x0, 0x484081, 0x0) 10:58:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x4c}}, 0x8d0) 10:58:14 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r0) syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:58:15 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a40)={0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000740)={0x191, 0x0, 0x0}) 10:58:15 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3f, 0x0) ioctl$GIO_UNISCRNMAP(r0, 0x5451, 0x0) 10:58:15 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/current\x00') dup3(r0, r2, 0x0) getsockname$inet(r2, 0x0, &(0x7f0000000200)) 10:58:15 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:58:15 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup2(r1, r0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xc, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x0, 0x0, 0x0, "a64fa31e6f47866673f8587ed2abf2a6518204ce0bb001040000b4f9ebd21d4b0730ab800000000000000000000000000000004200f6ecec353bfa775c000d00000000000b00"}, 0xd8) 10:58:15 executing program 1: syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000680)='fd/3\x00') ioctl$KDADDIO(r0, 0x540b, 0x0) 10:58:16 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:58:20 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x21d, 0x372) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000100)="10", 0x1, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x2000, 0x0, 0x47) sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:58:20 executing program 5: r0 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) close(r0) socket$inet(0x10, 0x2, 0x0) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) getpeername(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f0000000000)=0x80) dup2(r0, r1) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 10:58:20 executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5451, 0x0) 10:58:20 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') dup3(r1, r3, 0x0) write$P9_RSTAT(r3, 0x0, 0x0) dup3(r2, r0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:58:20 executing program 2: sched_setscheduler(0x0, 0x5, &(0x7f0000000180)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) fremovexattr(0xffffffffffffffff, 0x0) 10:58:20 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, 0x0) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil) 10:58:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="a3550100", @ANYRES16, @ANYBLOB="010028bd7000ffdbdf25050000000400068004000580b0000580080001006574680014000280080001001f00000008000300ac000000140002800800020000100000080001000000000008000100657468000c000280080001000700000008000100756470001400028008000400d6c05411080003000104000008000100657468003c000280080004000700000008000400fa9e4e4408000100160000000800020026000000080003000700000008000200ff7f0000080001001000000008000100756470000c00028008000200080000002c00028008000200ff7f000004000400080001008100000014000380080002000000000008000100ff0f00004800068008000100edc26bd10800010083e700000800010000000000040002000800010000800000080001000300000008000100090000000800010067080000080001001c030000cc0004804400078008000300000200000800020006000000080003000cfcffff080002000400000008000300080000000800010002000000080004005731000008000200070000001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00000900010073797a30000000002400078008000100140000000800020006000000080004000900000008000300060000000900010073797a31000000000900010073797a30000000001c0003"], 0x234}}, 0x0) socket$unix(0x1, 0x0, 0x0) tkill(r2, 0x1000000000016) 10:58:20 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300)='/dev/zero\x00', 0x0, 0x0) sendmsg$BATADV_CMD_TP_METER(r0, 0x0, 0x0) 10:58:20 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x2, &(0x7f0000000080)={@local}) 10:58:21 executing program 4: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f00000084c0)={0x0, 0x0, &(0x7f0000008480)={0x0}}, 0x0) 10:58:21 executing program 3: r0 = eventfd2(0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x6, 0x11, 0x0, &(0x7f0000000040)) 10:58:21 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r0, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f0000000080)=0x80) dup3(r0, r1, 0x0) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) 10:58:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 10:58:21 executing program 4: timer_create(0x0, &(0x7f0000000340)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() r2 = dup(r0) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) recvmmsg(r0, &(0x7f0000003c00)=[{{0x0, 0x0, &(0x7f0000003b00), 0x0, &(0x7f0000000180)=""/106, 0x6a}}], 0x400000000000116, 0x0, &(0x7f0000000040)={0x77359400}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1004000000013) 10:58:21 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001240)='/dev/autofs\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000001080)=ANY=[@ANYBLOB="0003000000000000c91000000000000000000000ffff7f0000010708000000000000000000000000121c0193da06593e826b0479963ba7e22ba0c9ca3fb31683af211a2843a256a96d8cb744bc323eb51725df13e45b656941b377e479a84ff828f1fa78b2517fd8351dd4c6616d08ad681ae7c644b42254f0305ec22304e6832e5a968401db29bb8b8836fbf8f737e7905e7d7a96c73bdf2ebc283dfba1b8b88bba6cdbe851be8e5019b7f398c14336fdd39e1d298ac12979204ebae707ddf5065e0514a80289a3a15ee702fe97a3b2664b0af84454ae1ffa8881e2bb24c3ccd5f3834f8dacbb8079c04b66ff9e075d47cae619cac80d3c5278e3e59c8418815d054f288334be0e13ca65a376233546060d83002ee6d6b10d46bef5daafcf2c6eded871b3bd944a0558a2cad46cfc8f67276d9acd85a00c255f159865740371e459"], 0x28) recvmsg(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r2 = dup2(r1, r0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) sendmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$GTP_CMD_GETPDP(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) 10:58:22 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x4000000) 10:58:22 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="0001000000000000c2"], 0x18) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) write(r0, 0x0, 0x0) r1 = dup(r0) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NET_DM_CMD_START(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) sendmmsg$unix(r1, &(0x7f0000000540)=[{0x0, 0x0, 0x0}], 0x1, 0x0) 10:58:22 executing program 0: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r1, r0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x10e, 0x3, 0x0, 0x0) 10:58:22 executing program 1: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) recvmsg(r1, &(0x7f0000000840)={&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x80, 0x0}, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) 10:58:22 executing program 5: r0 = eventfd(0x0) fcntl$setown(r0, 0x8, 0x0) 10:58:22 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000050) 10:58:23 executing program 0: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f0000000340)) 10:58:23 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 10:58:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 10:58:23 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x4000094) 10:58:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BLKZEROOUT(r0, 0x5450, 0x0) 10:58:23 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10:58:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) dup2(r2, r1) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 10:58:23 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:58:23 executing program 1: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSTAT(r0, &(0x7f0000000080)=ANY=[], 0xfffffef9) write$char_raw(r0, &(0x7f0000000200)={"89"}, 0x200) 10:58:23 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 10:58:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xffffff5a}}, 0x0) 10:58:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$sock_timeval(r2, 0x1, 0x14, &(0x7f0000000100)={0x0, 0xea60}, 0x10) 10:58:24 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7e, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_pts(r0, 0x24a000) 10:58:24 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup(r0) sendmmsg$inet6(r1, &(0x7f0000001580)=[{{0x0, 0xffffffffffffff5b, 0x0}}], 0x4000000000001d5, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:58:25 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) ioctl$CHAR_RAW_IOOPT(r0, 0x8903, &(0x7f0000000000)) 10:58:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x0, 0x0) dup3(r0, r1, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) 10:58:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x20}}, 0x40) 10:58:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x15, 0x0, &(0x7f0000000040)) 10:58:25 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000019080)='/dev/urandom\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000080)=""/102400, 0x19000, 0x0) 10:58:26 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ptype\x00') ioctl$IOC_PR_REGISTER(r0, 0x5450, 0x0) 10:58:26 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, 0x0, 0x0) 10:58:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r0, &(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000600)=0x80) ioctl$sock_SIOCADDRT(r1, 0x890b, 0x0) 10:58:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendto(r0, &(0x7f0000000000), 0x0, 0x4048894, 0x0, 0x0) 10:58:26 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x5451, 0x0) 10:58:26 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5450, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000380)=0x404100000001, 0xfe3f) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x132441) connect$unix(r2, &(0x7f00000000c0)=@abs, 0x6e) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 10:58:26 executing program 4: r0 = socket(0x2, 0x3, 0x401) sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0xfeb8, &(0x7f0000000180)={0x0}}, 0x0) 10:58:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) close(r0) socket$nl_crypto(0x10, 0x3, 0x15) r2 = gettid() tkill(r2, 0x1000000000016) 10:58:26 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000340)='/dev/urandom\x00', 0x0, 0x0) dup3(r0, r1, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) 10:58:26 executing program 0: r0 = epoll_create1(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r1, r0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcsa\x00', 0x0, 0x0) dup2(r2, r3) unlinkat(r3, &(0x7f0000000080)='./file0\x00', 0x200) 10:58:27 executing program 3: openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x22000, 0x0) 10:58:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = dup2(r0, r0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000200)=0x18, 0x4) 10:58:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$tun(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x2, 0x0) tkill(r2, 0x1000000000016) 10:58:27 executing program 2: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) ioctl$BLKFLSBUF(r0, 0x5450, 0x0) 10:58:27 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = memfd_create(&(0x7f0000001840)='\xf9cgroupuserprocem0\x00', 0x0) openat$cgroup_type(r0, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, 0x0, 0x0) 10:58:27 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r2, 0x5451, 0x0) 10:58:28 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x890c, &(0x7f00000000c0)={'sit0\x00', 0x0}) 10:58:28 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x5411, &(0x7f0000000000)={'batadv0\x00'}) 10:58:28 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, 0x0, 0x0) 10:58:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$sock_TIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) 10:58:28 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 10:58:28 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$inet(r0, &(0x7f0000000200)="2cc4ed9696d74895615722a74fe426392e81ac40b7e2f3546574de454385891fba6f84465ab821a64ef7a1e73fa35ea479668204da19a59f7dd5733b831a9db40ebad1c7d5031193664cb5df7f3ad389f0b2bfbad5c9ba43abd5689d98c5d1258dcd9b48669f9da7504a809266e1376860a891a1e5b4141198b1153a6f84ded2729ba5fde8c36a2100d87767b4152397b791467c79e6956b8b540efa1fd0cb2c1a8b1b2fd81d3cf83cebc552aed40ac13b3854b41422baab6ce93ce88d9ecb0b88b116b36f556251cc28ccdf", 0xcc, 0x2000c800, &(0x7f0000000380)={0x2, 0x0, @broadcast}, 0x0) 10:58:28 executing program 1: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x77359400}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = fcntl$dupfd(r0, 0x0, r2) write$P9_RAUTH(r3, 0x0, 0x0) 10:58:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000003300)=[{{&(0x7f0000000740)={0x2, 0x4e23, @local}, 0x10, 0x0}}], 0x1, 0x8000) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 10:58:29 executing program 5: sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0) 10:58:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = dup(r0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:58:29 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000240)=@hopopts={0x0, 0x1, [], [@jumbo, @ra]}, 0x18) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) write(r0, 0x0, 0x0) r1 = dup(r0) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NET_DM_CMD_START(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:58:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x20044884) 10:58:29 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x5451, 0x0) 10:58:29 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) close(r0) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x4b40, 0x0) 10:58:29 executing program 1: mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) statfs(&(0x7f0000000000)='./file0/file0\x00', 0x0) 10:58:29 executing program 2: r0 = inotify_init1(0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x2c}}, 0x0) 10:58:30 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0xd0) 10:58:30 executing program 0: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r1, r0, 0x0) getsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, &(0x7f0000000080)) 10:58:30 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup2(r0, r0) sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0}}, 0x0) 10:58:30 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x141, 0x0) write$nbd(r0, 0x0, 0x20) 10:58:30 executing program 5: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(0x0) lremovexattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)=@known='security.apparmor\x00') 10:58:30 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept4$inet6(r1, 0x0, 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(r2, 0x1, 0xe, 0x0, &(0x7f0000000080)) 10:58:30 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x6, 0x0, &(0x7f0000000000)) 10:58:31 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10) 10:58:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) close(r0) close(0xffffffffffffffff) socket(0xa, 0x2, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) [ 1322.346553][T24323] sock: process `syz-executor.2' is using obsolete getsockopt SO_BSDCOMPAT 10:58:31 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vcsn(&(0x7f0000002fc0)='/dev/vcs#\x00', 0x100000000, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000003140)={0x0}}, 0x0) 10:58:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0}}, 0x0) 10:58:31 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x0, 0x0) ioctl$TUNSETVNETBE(r0, 0x5421, &(0x7f0000000040)) 10:58:31 executing program 0: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) inotify_init1(0x0) 10:58:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0, 0x0, 0x0, 0x190}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={0x0, 0x24}}, 0x20004800) [ 1323.090024][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:58:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RGETATTR(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r1) socket$nl_crypto(0x10, 0x3, 0x15) tkill(r2, 0x1000000000016) 10:58:32 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) dup2(r0, r1) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 10:58:32 executing program 2: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) connect$packet(r1, &(0x7f0000002d40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="22fff4ecf63e"}, 0x14) 10:58:32 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) r1 = dup(r0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3938700}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, 0x0) 10:58:32 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f0000000140)=""/112) 10:58:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffc47, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() write$P9_RWRITE(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) close(r0) socket$packet(0x11, 0x2, 0x300) tkill(r2, 0x1000000000016) 10:58:32 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000900)=""/4096, 0x1000}], 0x1) 10:58:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup(r1) r3 = dup2(r2, r0) close(r3) timer_create(0x0, &(0x7f0000000340)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r5 = gettid() sendmsg$IPVS_CMD_NEW_DEST(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) recvmmsg(r4, &(0x7f0000003c00)=[{{0x0, 0x0, &(0x7f0000003b00), 0x0, &(0x7f0000000180)=""/106, 0x6a}}], 0x400000000000116, 0x0, &(0x7f0000000040)={0x77359400}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r5, 0x1004000000013) 10:58:33 executing program 0: fchownat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xee01, 0xee00, 0x0) 10:58:33 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10:58:33 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xffffffffffffffca, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup(r0) sendmsg$SOCK_DESTROY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x20040005) 10:58:33 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) openat(r0, &(0x7f0000000380)='./file0\x00', 0x840, 0xa) 10:58:34 executing program 0: r0 = socket(0x10, 0x2, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000002500)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={0x0}}, 0x0) 10:58:34 executing program 5: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) syz_genetlink_get_family_id$netlbl_mgmt(0x0) 10:58:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup3(r0, r1, 0x0) ioctl$TIOCGDEV(r1, 0x80045432, &(0x7f00000000c0)) 10:58:38 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x1fffffffffffecb, [{{0xa, 0x0, 0x0, @local}}, {{0xa, 0x0, 0x0, @dev}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}]}, 0x210) 10:58:38 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x6) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0xf503, 0x0) 10:58:38 executing program 0: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) syz_genetlink_get_family_id$nbd(0x0) 10:58:38 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r1, 0x5452, &(0x7f0000000140)) 10:58:38 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RCLUNK(r0, 0x0, 0x0) 10:58:38 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={0x0}}, 0x24004050) 10:58:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0xc0) 10:58:39 executing program 2: r0 = open(&(0x7f0000000000)='./file0\x00', 0x10840, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) 10:58:39 executing program 5: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x5452, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "9caa8d7bfd5a901dcbc47dbb8a93efcab32291e02a120020070cc8994d98d94e"}) 10:58:39 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCSABS0(r0, 0x5451, 0x0) 10:58:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[], 0x4c}}, 0x4004) 10:58:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r1, r0, 0x0) sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 10:58:39 executing program 2: prlimit64(0x0, 0x7, &(0x7f0000000240), 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000003180)='./file0\x00', 0x0, 0x0) 10:58:44 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000002380)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000002580)={0x1c, 0x0, 0x70d}, 0x1c}}, 0x0) dup3(r0, r1, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={0x0}}, 0x0) 10:58:44 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8903, &(0x7f00000002c0)={@local}) 10:58:44 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x5450, 0x0) 10:58:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_crypto(0x10, 0x3, 0x15) dup3(r0, r1, 0x0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10:58:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0) dup2(r0, r1) getsockopt$EBT_SO_GET_INFO(r1, 0x29, 0x4, 0x0, &(0x7f00000000c0)) 10:58:44 executing program 2: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x10040, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x294) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0xa, 0x0, &(0x7f0000000000)) 10:58:44 executing program 3: r0 = socket$inet6_udplite(0x1c, 0x2, 0x88) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x2e, &(0x7f00000000c0)={@loopback}, 0x14) 10:58:44 executing program 4: r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) connect(r0, &(0x7f0000000040)=@in6={0x1c, 0x1c}, 0x1c) 10:58:44 executing program 0: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x17, 0x0, &(0x7f0000000240)) 10:58:44 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@dstaddrv6={0x1c, 0x84, 0xa, @mcast1}], 0x1c}, 0x100) 10:58:44 executing program 1: r0 = socket$inet6_udplite(0x1c, 0x2, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x52, &(0x7f00000000c0)={0x4, {{0x1c, 0x1c, 0x2}}, {{0x1c, 0x1c, 0x3}}}, 0x108) 10:58:45 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="b5", 0x1}, {0x0}, {0x0}, {&(0x7f00000003c0)="fa", 0x1}], 0x4}, 0x0) 10:58:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 10:58:45 executing program 4: r0 = socket(0x1, 0x5, 0x0) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) 10:58:45 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x8, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, 0x0) 10:58:45 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20c1, 0x0) 10:58:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002a40)={0x10, 0x11, 0x1}, 0x10}, {&(0x7f0000002140)={0x10}, 0x10}], 0x2}, 0x0) 10:58:45 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:58:46 executing program 5: socketpair(0x1, 0x0, 0xb8a, &(0x7f0000000080)) 10:58:46 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1c, 0x3, &(0x7f00000009c0)=@framed, &(0x7f0000000800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 10:58:46 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000080)='syzkaller\x00', 0x7, 0xd8, &(0x7f0000000180)=""/216, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 10:58:46 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0xae000000, 0x0, 0x0, 0x2}}, &(0x7f0000000500)=""/175, 0x1a, 0xaf, 0x1}, 0x20) 10:58:46 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000ac0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) 10:58:46 executing program 2: r0 = socket$kcm(0x29, 0x5, 0x0) recvmsg(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000a00)=[{0x0}, {0x0}], 0x2}, 0x0) 10:58:46 executing program 5: symlinkat(&(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00') linkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0, 0x4) 10:58:46 executing program 4: msgsnd(0xffffffffffffffff, &(0x7f0000001500)=ANY=[@ANYBLOB="0000b20ff8166deebc3ea15d29618f91"], 0x84, 0x0) readv(0xffffffffffffffff, &(0x7f0000001480)=[{&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)}, {&(0x7f00000016c0)=""/93, 0x5d}, {&(0x7f0000001300)=""/118, 0x76}, {&(0x7f0000001380)=""/211, 0xd3}], 0x42) 10:58:46 executing program 3: pipe(&(0x7f0000000100)) clock_gettime(0x5, &(0x7f00000003c0)) 10:58:46 executing program 0: setrlimit(0x7, &(0x7f00000000c0)) 10:58:47 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) sendmsg(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000500)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, &(0x7f00000005c0)=[{0x10}], 0x10}, 0x0) 10:58:47 executing program 5: symlinkat(&(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00') lstat(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)) 10:58:47 executing program 4: mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0) 10:58:47 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fchmod(r0, 0x4) 10:58:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) accept4$unix(r1, 0x0, 0x0, 0x0) 10:58:47 executing program 1: openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xbd6442, 0x0) 10:58:47 executing program 4: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self\x00', 0x80, 0x0) 10:58:48 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r0, &(0x7f0000001200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000011c0)={&(0x7f0000000140)={0x1060, 0x0, 0x5, 0x0, 0x0, 0x0, {}, [{{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', "beeec174691129483c15ca03f1fba71f1e2c91d720972d0e5981531e5e60ed55", "468e0a8cafb4c4641dc96d7c924e2446ff936eae26dc2e9a1a287ea41438c77d"}}}, {{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', "cdebdf4afb25e217d636f65627458e7c9797861c9d867e03ffe8792656c8c708", "21b3d3721044eee28a98f7fb684069d393d189a9651b135eaa913fd960bb5c2e"}}}, {{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', "8cf07a59b6bbdaec1c532b1178116589a8a0dbe53884266f4aecf17c07da08ff", "9dbd3198ce0c377e5415317b6231c21a3a4dbec55160a9a661cabc5340411986"}}}, {{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', "42d556c57c422f04b69fee384be6a72bc0e5e5e6dfebc24e83a068cea8c1eba1", "7ba9d60f7de9d598774ea55f865af6c55d178d7353bf685a126e9bd903865055", [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x42}]}}}, {{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', "b7794ef383dc6b027d0e231989300c4df99305cabf003853ce29b34b5d212de7", "f15f7d2dae6c98a35a3029e2a67193d96c57b21364bfddcc8631edb44bc6833c"}}}, {{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', "2b786bfefe22d36e2ad08bbcf10a7dcc373760954402d115bd037f1392153c1c", "e12f6927ce4d3b7ec9d041dff32aad85372a856bde6cdbd29417a7f83d18e9cc"}}}, {{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', "6da80684b6a7b2176be4e7c468ef430fe6a11b98b72f023733e9c6ddc30e7119", "1f7c8c60c010a6324f152509db6a0ff5bff00f66dfc7eb06d3ff820a8f1c7865"}}}]}, 0x1060}}, 0x0) 10:58:48 executing program 5: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0) 10:58:48 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x8953, &(0x7f0000000040)={'syztnl1\x00', 0x0}) 10:58:48 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x5}, 0x40) 10:58:48 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x8915, &(0x7f0000000040)={'syztnl1\x00', 0x0}) 10:58:48 executing program 4: openat$procfs(0xffffff9c, &(0x7f0000000700)='/proc/tty/drivers\x00', 0x0, 0x0) 10:58:48 executing program 5: bpf$PROG_LOAD(0xa, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x74) 10:58:48 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r0, 0x0, &(0x7f0000001380)) 10:58:48 executing program 2: getpeername$packet(0xffffffffffffffff, 0x0, 0x0) syslog(0x2, &(0x7f0000000040)=""/246, 0xf6) 10:58:49 executing program 0: renameat2(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) 10:58:49 executing program 1: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000080)) 10:58:49 executing program 4: fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) 10:58:49 executing program 1: syz_mount_image$tmpfs(&(0x7f0000000280)='tmpfs\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x2000800, &(0x7f0000000680)={[{@size={'size', 0x3d, [0x0]}}]}) 10:58:49 executing program 0: bpf$BPF_LINK_CREATE(0x1c, 0x0, 0xb4) 10:58:49 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000700)='tmpfs\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x1, &(0x7f0000000900)=[{0x0, 0x0, 0x1000}], 0xa08002, &(0x7f0000000940)={[{@nr_inodes={'nr_inodes', 0x3d, [0x70, 0x0, 0x0]}}, {@huge_within_size='huge=within_size'}, {@uid={'uid', 0x3d, 0xffffffffffffffff}}, {@huge_always='huge=always'}], [{@measure='measure'}, {@pcr={'pcr', 0x3d, 0xe}}, {@subj_user={'subj_user', 0x3d, '-'}}, {@smackfsroot={'smackfsroot', 0x3d, '!)](\\('}}]}) 10:58:49 executing program 3: pipe(&(0x7f0000000440)={0xffffffffffffffff}) write$cgroup_pid(r0, 0x0, 0x0) [ 1341.506738][T24599] tmpfs: Bad value for 'size' [ 1341.533503][T24599] tmpfs: Bad value for 'size' 10:58:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 10:58:50 executing program 4: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xb1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x1009, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pivot_root(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00') r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$full(0xffffff9c, 0x0, 0x2104, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f00000000c0)={0x1, 'vlan0\x00', {}, 0x2a00}) io_setup(0x9, 0x0) syz_genetlink_get_family_id$batadv(0x0) 10:58:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAPCLR(r0, 0x4b6b, 0x0) 10:58:50 executing program 1: timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f00000002c0), 0x0) 10:58:50 executing program 5: semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000000)=""/108) 10:58:50 executing program 3: r0 = getpid() syz_open_procfs(0x0, &(0x7f0000000440)='gid_map\x00') sched_getaffinity(r0, 0x8, &(0x7f0000000000)) 10:58:51 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000540)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) 10:58:51 executing program 2: uname(&(0x7f0000000140)=""/172) 10:58:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, 0x0) 10:58:51 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ifreq(r0, 0x5452, &(0x7f00000000c0)={'macvlan1\x00', @ifru_names}) 10:58:51 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCDELRT(r0, 0x8901, &(0x7f0000001800)={0xfdfdffff, @xdp, @l2, @ipx={0x4, 0x0, 0x0, "ee5ad7e61dae"}}) 10:58:51 executing program 0: socketpair(0x29, 0x5, 0x0, &(0x7f0000000040)) 10:58:51 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind(r0, &(0x7f0000000080)=@sco, 0x80) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) 10:58:52 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x12, &(0x7f0000000040)={@loopback, @empty}, 0xc) 10:58:52 executing program 1: r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, 0x0, 0x0) 10:58:52 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x11, 0x29, 0x0, 0x0) 10:58:52 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0x15, 0x8, 0xb00, 0x0, 0x0, 0x1}, 0x40) 10:58:52 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xb, &(0x7f0000003500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 10:58:52 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x1600bd78, 0x0, 0x0) 10:58:52 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0)='ethtool\x00') sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x4}]}, 0x20}}, 0x0) 10:58:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6c4, 0x0, &(0x7f0000000080)) 10:58:53 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0xfffffffffffffff8}], 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='check_int_print_mask=0x', @ANYRESDEC]) 10:58:53 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind(r0, &(0x7f0000000080)=@sco, 0x80) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) 10:58:53 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000004680)='/dev/fuse\x00', 0x2, 0x0) 10:58:53 executing program 5: prctl$PR_SET_MM_MAP_SIZE(0x28, 0xf, 0x0) [ 1345.135046][ T1164] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 10:58:53 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0xfffffffffffffff8}], 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='check_int_print_mask=0x', @ANYRESDEC=0xee00, @ANYRESDEC, @ANYBLOB="2c6b626a5f74797088ab557225246429293a2c"]) 10:58:54 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, 0x0) 10:58:54 executing program 0: prctl$PR_SET_MM_MAP_SIZE(0x25, 0xf, 0x0) 10:58:54 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002d80)={0x18, 0x5, &(0x7f0000002bc0)=@framed={{}, [@ldst={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10}, @call]}, &(0x7f0000002c40)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 1345.542703][ T3583] Bluetooth: hci5: command 0x0405 tx timeout 10:58:54 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 10:58:54 executing program 0: syz_open_dev$dri(&(0x7f0000000700)='/dev/dri/card#\x00', 0x0, 0x90881) 10:58:54 executing program 4: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 1345.891287][ T1164] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 10:58:54 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind(r0, &(0x7f0000000080)=@sco, 0x80) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) 10:58:55 executing program 3: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) getpeername$packet(r0, 0x0, 0x0) 10:58:55 executing program 1: syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f00000002c0)="ae", 0x1}], 0x0, 0x0) 10:58:55 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, 0x0) [ 1346.529018][ T1164] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 10:58:55 executing program 0: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) r0 = open(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) 10:58:55 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000006640)={'team0\x00'}) 10:58:55 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f00000000c0)) [ 1347.180553][ T1164] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 10:58:56 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) 10:58:56 executing program 0: openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0xc201, 0x0) 10:58:56 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind(r0, &(0x7f0000000080)=@sco, 0x80) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) [ 1347.797985][ T1164] tipc: TX() has been purged, node left! 10:58:56 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002d80)={0x18, 0xa, &(0x7f0000002bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8dda, 0x0, 0x0, 0x0, 0x2}, [@ldst={0x1, 0x3, 0x6, 0x4, 0x8, 0x1, 0x10}, @call={0x85, 0x0, 0x0, 0x71}, @generic={0x1, 0x9, 0x2, 0xfffb, 0x4}, @map={0x18, 0xb, 0x1, 0x0, 0x1}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}]}, &(0x7f0000002c40)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x4, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000002d00)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000002d40)={0x0, 0x9, 0x4, 0x2}, 0x10}, 0x78) [ 1351.257346][ T1164] device hsr_slave_0 left promiscuous mode [ 1351.276155][ T1164] device hsr_slave_1 left promiscuous mode [ 1351.299795][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1351.308515][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1351.347249][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1351.354896][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1351.395687][ T1164] device bridge_slave_1 left promiscuous mode [ 1351.402657][ T1164] bridge0: port 2(bridge_slave_1) entered disabled state [ 1351.417301][ T1164] device bridge_slave_0 left promiscuous mode [ 1351.424267][ T1164] bridge0: port 1(bridge_slave_0) entered disabled state [ 1351.457169][ T1164] device veth1_macvtap left promiscuous mode [ 1351.463599][ T1164] device veth0_macvtap left promiscuous mode [ 1351.469728][ T1164] device veth1_vlan left promiscuous mode [ 1351.475787][ T1164] device veth0_vlan left promiscuous mode [ 1353.862414][ T3583] Bluetooth: hci3: command 0x0409 tx timeout [ 1354.437654][ T1164] team0 (unregistering): Port device team_slave_1 removed [ 1354.456510][ T1164] team0 (unregistering): Port device team_slave_0 removed [ 1354.471656][ T1164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1354.494650][ T1164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1354.572567][ T1164] bond0 (unregistering): Released all slaves [ 1354.658737][T24748] IPVS: ftp: loaded support on port[0] = 21 [ 1355.014874][T24748] chnl_net:caif_netlink_parms(): no params data found [ 1355.193890][T24889] Kernel panic - not syncing: kmsan_in_runtime: -1 [ 1355.200417][T24889] CPU: 1 PID: 24889 Comm: wg-crypt-wg1 Not tainted 5.9.0-rc8-syzkaller #0 [ 1355.202975][T24889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1355.202975][T24889] Call Trace: [ 1355.202975][T24889] dump_stack+0x21c/0x280 [ 1355.202975][T24889] panic+0x4c8/0xea7 [ 1355.202975][T24889] __msan_instrument_asm_store+0x12d/0x130 [ 1355.202975][T24889] clear_tsk_need_resched+0x28/0x60 [ 1355.202975][T24889] __schedule+0x25d/0x590 [ 1355.202975][T24889] schedule+0x260/0x330 [ 1355.202975][T24889] schedule_preempt_disabled+0xe/0x10 [ 1355.202975][T24889] kthread+0x421/0x560 [ 1355.202975][T24889] ? rcu_free_pwq+0x70/0x70 [ 1355.202975][T24889] ? kthread_blkcg+0x110/0x110 [ 1355.202975][T24889] ret_from_fork+0x1f/0x30 [ 1355.202975][T24889] Shutting down cpus with NMI [ 1355.202975][T24889] Kernel Offset: disabled [ 1355.202975][T24889] Rebooting in 86400 seconds..