[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.414561] audit: type=1800 audit(1542747376.476:25): pid=6578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.433886] audit: type=1800 audit(1542747376.486:26): pid=6578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.453284] audit: type=1800 audit(1542747376.496:27): pid=6578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. 2018/11/20 20:56:32 fuzzer started 2018/11/20 20:56:37 dialing manager at 10.128.0.26:44257 2018/11/20 20:56:37 syscalls: 1 2018/11/20 20:56:37 code coverage: enabled 2018/11/20 20:56:37 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/20 20:56:37 setuid sandbox: enabled 2018/11/20 20:56:37 namespace sandbox: enabled 2018/11/20 20:56:37 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/20 20:56:37 fault injection: enabled 2018/11/20 20:56:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/20 20:56:37 net packet injection: enabled 2018/11/20 20:56:37 net device setup: enabled 20:58:59 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000064e000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f00005ebff8)=0x3f) fcntl$setsig(r2, 0xa, 0x12) fcntl$setownex(r2, 0xf, &(0x7f0000704000)={0x0, r1}) recvmsg(r3, &(0x7f000095cfc8)={&(0x7f0000893ff8)=@sco, 0x80, &(0x7f0000000580), 0x0, &(0x7f0000b30000)}, 0x0) dup2(r2, r3) tkill(r1, 0x15) poll(&(0x7f0000000300)=[{}, {}, {r0, 0x2600}], 0x3, 0x4) syzkaller login: [ 219.507630] IPVS: ftp: loaded support on port[0] = 21 [ 221.358661] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.365304] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.373460] device bridge_slave_0 entered promiscuous mode [ 221.497979] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.504617] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.512947] device bridge_slave_1 entered promiscuous mode [ 221.623564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.736481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.092130] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.208346] bond0: Enslaving bond_slave_1 as an active interface with an up link 20:59:03 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xf7fffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x7, &(0x7f000058a000)) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000006000)={0x7fffffff}, 0x8, 0x0) readv(r2, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/205, 0xfffffec5}], 0x1) [ 223.020149] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.028254] team0: Port device team_slave_0 added [ 223.049399] IPVS: ftp: loaded support on port[0] = 21 [ 223.293646] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.301518] team0: Port device team_slave_1 added [ 223.555976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 223.567078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.575950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.723391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.919074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 223.926804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.935906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.186634] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 224.194501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.203617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.935332] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.942153] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.950442] device bridge_slave_0 entered promiscuous mode [ 226.150362] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.157041] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.165600] device bridge_slave_1 entered promiscuous mode [ 226.357496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.612693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 226.665492] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.672121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.679134] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.685713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.694220] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.161425] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.182035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 227.332617] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 227.501554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 227.508806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 20:59:08 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, &(0x7f0000000000), 0x3cc}}], 0x1, 0x0, &(0x7f0000000140)) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/ip6_tables_matches\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 227.657275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 227.664544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 228.383354] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.391277] team0: Port device team_slave_0 added [ 228.532079] IPVS: ftp: loaded support on port[0] = 21 [ 228.657193] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.665328] team0: Port device team_slave_1 added [ 228.978111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 228.985353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.994187] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.246890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 229.254094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.263003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.518452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 229.526147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.535123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.816920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 229.825019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.834131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.584467] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.590981] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.599599] device bridge_slave_0 entered promiscuous mode [ 232.612256] not chained 10000 origins [ 232.616101] CPU: 0 PID: 7020 Comm: ip Not tainted 4.20.0-rc3+ #90 [ 232.622342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.631716] Call Trace: [ 232.634330] dump_stack+0x32d/0x480 [ 232.637988] ? save_stack_trace+0xc6/0x110 [ 232.642265] kmsan_internal_chain_origin+0x222/0x240 [ 232.647394] ? kmsan_internal_chain_origin+0x136/0x240 [ 232.652686] ? __msan_chain_origin+0x6d/0xb0 [ 232.657111] ? __save_stack_trace+0x833/0xc60 [ 232.661624] ? save_stack_trace+0xc6/0x110 [ 232.665874] ? kmsan_internal_chain_origin+0x136/0x240 [ 232.671168] ? kmsan_memcpy_origins+0x13d/0x190 [ 232.675855] ? __msan_memcpy+0x6f/0x80 [ 232.679759] ? nla_put+0x20a/0x2d0 [ 232.683331] ? br_port_fill_attrs+0x42b/0x1ea0 [ 232.687932] ? br_port_fill_slave_info+0xff/0x120 [ 232.692814] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 232.697329] ? rtnl_dump_ifinfo+0x18b5/0x2140 [ 232.701841] ? netlink_dump+0xc79/0x1c90 [ 232.705919] ? netlink_recvmsg+0xec2/0x19d0 [ 232.710260] ? sock_recvmsg+0x1d1/0x230 [ 232.714246] ? ___sys_recvmsg+0x444/0xae0 [ 232.718408] ? __se_sys_recvmsg+0x2fa/0x450 [ 232.722742] ? __x64_sys_recvmsg+0x4a/0x70 [ 232.727008] ? do_syscall_64+0xcf/0x110 [ 232.731007] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 232.736393] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 232.741517] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 232.746827] ? kmsan_internal_chain_origin+0x136/0x240 [ 232.752123] ? __msan_chain_origin+0x6d/0xb0 [ 232.756544] ? save_stack_trace+0xfa/0x110 [ 232.760819] ? kmsan_internal_chain_origin+0x136/0x240 [ 232.766114] ? kmsan_memcpy_origins+0x13d/0x190 [ 232.770813] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 232.776296] ? in_task_stack+0x12c/0x210 [ 232.780395] __msan_chain_origin+0x6d/0xb0 [ 232.784653] ? __msan_memcpy+0x6f/0x80 [ 232.788556] __save_stack_trace+0x8be/0xc60 [ 232.792914] ? __msan_memcpy+0x6f/0x80 [ 232.796827] save_stack_trace+0xc6/0x110 [ 232.800914] kmsan_internal_chain_origin+0x136/0x240 [ 232.806050] ? kmsan_internal_chain_origin+0x136/0x240 [ 232.811342] ? kmsan_memcpy_origins+0x13d/0x190 [ 232.816035] ? __msan_memcpy+0x6f/0x80 [ 232.819948] ? nla_put+0x20a/0x2d0 [ 232.823506] ? br_port_fill_attrs+0x366/0x1ea0 [ 232.828177] ? br_port_fill_slave_info+0xff/0x120 [ 232.833279] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 232.837811] ? rtnl_dump_ifinfo+0x18b5/0x2140 [ 232.842323] ? netlink_dump+0xc79/0x1c90 [ 232.846402] ? netlink_recvmsg+0xec2/0x19d0 [ 232.850754] ? sock_recvmsg+0x1d1/0x230 [ 232.854756] ? ___sys_recvmsg+0x444/0xae0 [ 232.858930] ? __se_sys_recvmsg+0x2fa/0x450 [ 232.863262] ? __x64_sys_recvmsg+0x4a/0x70 [ 232.867601] ? do_syscall_64+0xcf/0x110 [ 232.871592] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 232.876980] ? __msan_poison_alloca+0x1e0/0x270 [ 232.881679] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 232.887058] ? find_next_bit+0x25b/0x2a0 [ 232.891134] ? vmalloc_to_page+0x585/0x6c0 [ 232.895392] ? kmsan_set_origin+0x7f/0x100 [ 232.899650] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 232.905045] kmsan_memcpy_origins+0x13d/0x190 [ 232.909601] __msan_memcpy+0x6f/0x80 [ 232.913337] nla_put+0x20a/0x2d0 [ 232.916730] br_port_fill_attrs+0x42b/0x1ea0 [ 232.921182] br_port_fill_slave_info+0xff/0x120 [ 232.925874] ? br_port_get_slave_size+0x30/0x30 [ 232.930558] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 232.934929] rtnl_dump_ifinfo+0x18b5/0x2140 [ 232.939350] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 232.944756] ? rtnl_getlink+0xec0/0xec0 [ 232.948759] netlink_dump+0xc79/0x1c90 [ 232.952704] netlink_recvmsg+0xec2/0x19d0 [ 232.956893] sock_recvmsg+0x1d1/0x230 [ 232.960710] ? netlink_sendmsg+0x1440/0x1440 [ 232.965140] ___sys_recvmsg+0x444/0xae0 [ 232.969149] ? __msan_poison_alloca+0x1e0/0x270 [ 232.973845] ? __se_sys_recvmsg+0xca/0x450 [ 232.978112] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 232.983494] ? __fdget+0x23c/0x440 [ 232.987062] __se_sys_recvmsg+0x2fa/0x450 [ 232.991242] __x64_sys_recvmsg+0x4a/0x70 [ 232.995325] do_syscall_64+0xcf/0x110 [ 232.999143] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.004345] RIP: 0033:0x7f184e347210 [ 233.008073] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 233.026989] RSP: 002b:00007ffcd6bb0d18 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 233.034709] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f184e347210 [ 233.041988] RDX: 0000000000000000 RSI: 00007ffcd6bb0d60 RDI: 0000000000000003 [ 233.049265] RBP: 0000000000001fe4 R08: 00007f184e5f0ec8 R09: 0000000000000000 [ 233.056538] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000006395c0 [ 233.063816] R13: 00007ffcd6bb4df0 R14: 0000000000001fe4 R15: 00007ffcd6bb2d84 [ 233.071102] Uninit was stored to memory at: [ 233.075434] kmsan_internal_chain_origin+0x136/0x240 [ 233.080540] __msan_chain_origin+0x6d/0xb0 [ 233.084784] __save_stack_trace+0x8be/0xc60 [ 233.089107] save_stack_trace+0xc6/0x110 [ 233.093169] kmsan_internal_chain_origin+0x136/0x240 [ 233.098274] kmsan_memcpy_origins+0x13d/0x190 [ 233.102780] __msan_memcpy+0x6f/0x80 [ 233.106517] nla_put+0x20a/0x2d0 [ 233.109888] br_port_fill_attrs+0x366/0x1ea0 [ 233.114304] br_port_fill_slave_info+0xff/0x120 [ 233.118978] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.123312] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.127633] netlink_dump+0xc79/0x1c90 [ 233.131521] netlink_recvmsg+0xec2/0x19d0 [ 233.135669] sock_recvmsg+0x1d1/0x230 [ 233.139468] ___sys_recvmsg+0x444/0xae0 [ 233.143443] __se_sys_recvmsg+0x2fa/0x450 [ 233.147606] __x64_sys_recvmsg+0x4a/0x70 [ 233.151666] do_syscall_64+0xcf/0x110 [ 233.155475] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.160658] [ 233.162282] Uninit was stored to memory at: [ 233.166607] kmsan_internal_chain_origin+0x136/0x240 [ 233.171715] __msan_chain_origin+0x6d/0xb0 [ 233.175955] __save_stack_trace+0x8be/0xc60 [ 233.180291] save_stack_trace+0xc6/0x110 [ 233.184380] kmsan_internal_chain_origin+0x136/0x240 [ 233.189488] kmsan_memcpy_origins+0x13d/0x190 [ 233.193985] __msan_memcpy+0x6f/0x80 [ 233.197701] nla_put+0x20a/0x2d0 [ 233.201071] br_port_fill_attrs+0x366/0x1ea0 [ 233.205492] br_port_fill_slave_info+0xff/0x120 [ 233.210157] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.214478] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.218806] netlink_dump+0xc79/0x1c90 [ 233.222703] netlink_recvmsg+0xec2/0x19d0 [ 233.226859] sock_recvmsg+0x1d1/0x230 [ 233.230664] ___sys_recvmsg+0x444/0xae0 [ 233.234645] __se_sys_recvmsg+0x2fa/0x450 [ 233.238809] __x64_sys_recvmsg+0x4a/0x70 [ 233.242978] do_syscall_64+0xcf/0x110 [ 233.246799] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.251980] [ 233.253602] Uninit was stored to memory at: [ 233.257928] kmsan_internal_chain_origin+0x136/0x240 [ 233.263048] __msan_chain_origin+0x6d/0xb0 [ 233.267309] __save_stack_trace+0x8be/0xc60 [ 233.271722] save_stack_trace+0xc6/0x110 [ 233.275790] kmsan_internal_chain_origin+0x136/0x240 [ 233.280899] kmsan_memcpy_origins+0x13d/0x190 [ 233.285398] __msan_memcpy+0x6f/0x80 [ 233.289118] nla_put+0x20a/0x2d0 [ 233.292487] br_port_fill_attrs+0x366/0x1ea0 [ 233.296901] br_port_fill_slave_info+0xff/0x120 [ 233.301573] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.305916] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.310245] netlink_dump+0xc79/0x1c90 [ 233.314133] netlink_recvmsg+0xec2/0x19d0 [ 233.318310] sock_recvmsg+0x1d1/0x230 [ 233.322116] ___sys_recvmsg+0x444/0xae0 [ 233.326090] __se_sys_recvmsg+0x2fa/0x450 [ 233.330237] __x64_sys_recvmsg+0x4a/0x70 [ 233.334314] do_syscall_64+0xcf/0x110 [ 233.338120] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.343304] [ 233.344927] Uninit was stored to memory at: [ 233.349252] kmsan_internal_chain_origin+0x136/0x240 [ 233.354353] __msan_chain_origin+0x6d/0xb0 [ 233.358588] __save_stack_trace+0x8be/0xc60 [ 233.363001] save_stack_trace+0xc6/0x110 [ 233.367084] kmsan_internal_chain_origin+0x136/0x240 [ 233.372196] kmsan_memcpy_origins+0x13d/0x190 [ 233.376706] __msan_memcpy+0x6f/0x80 [ 233.380426] nla_put+0x20a/0x2d0 [ 233.383805] br_port_fill_attrs+0x366/0x1ea0 [ 233.388216] br_port_fill_slave_info+0xff/0x120 [ 233.392977] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.397300] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.401623] netlink_dump+0xc79/0x1c90 [ 233.405516] netlink_recvmsg+0xec2/0x19d0 [ 233.409666] sock_recvmsg+0x1d1/0x230 [ 233.413462] ___sys_recvmsg+0x444/0xae0 [ 233.417440] __se_sys_recvmsg+0x2fa/0x450 [ 233.421603] __x64_sys_recvmsg+0x4a/0x70 [ 233.425666] do_syscall_64+0xcf/0x110 [ 233.429486] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.434757] [ 233.436405] Uninit was stored to memory at: [ 233.440732] kmsan_internal_chain_origin+0x136/0x240 [ 233.445842] __msan_chain_origin+0x6d/0xb0 [ 233.450080] __save_stack_trace+0x8be/0xc60 [ 233.454398] save_stack_trace+0xc6/0x110 [ 233.458550] kmsan_internal_chain_origin+0x136/0x240 [ 233.463658] kmsan_memcpy_origins+0x13d/0x190 [ 233.468158] __msan_memcpy+0x6f/0x80 [ 233.471880] nla_put+0x20a/0x2d0 [ 233.475250] br_port_fill_attrs+0x366/0x1ea0 [ 233.479664] br_port_fill_slave_info+0xff/0x120 [ 233.484346] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.488675] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.492999] netlink_dump+0xc79/0x1c90 [ 233.496892] netlink_recvmsg+0xec2/0x19d0 [ 233.501047] sock_recvmsg+0x1d1/0x230 [ 233.504860] ___sys_recvmsg+0x444/0xae0 [ 233.508838] __se_sys_recvmsg+0x2fa/0x450 [ 233.513081] __x64_sys_recvmsg+0x4a/0x70 [ 233.517146] do_syscall_64+0xcf/0x110 [ 233.520953] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.526139] [ 233.527772] Uninit was stored to memory at: [ 233.532099] kmsan_internal_chain_origin+0x136/0x240 [ 233.537207] __msan_chain_origin+0x6d/0xb0 [ 233.541445] __save_stack_trace+0x8be/0xc60 [ 233.545783] save_stack_trace+0xc6/0x110 [ 233.550063] kmsan_internal_chain_origin+0x136/0x240 [ 233.555170] kmsan_memcpy_origins+0x13d/0x190 [ 233.559692] __msan_memcpy+0x6f/0x80 [ 233.563498] nla_put+0x20a/0x2d0 [ 233.566874] br_port_fill_attrs+0x366/0x1ea0 [ 233.571293] br_port_fill_slave_info+0xff/0x120 [ 233.575969] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.580300] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.584631] netlink_dump+0xc79/0x1c90 [ 233.588520] netlink_recvmsg+0xec2/0x19d0 [ 233.592679] sock_recvmsg+0x1d1/0x230 [ 233.596573] ___sys_recvmsg+0x444/0xae0 [ 233.600550] __se_sys_recvmsg+0x2fa/0x450 [ 233.604697] __x64_sys_recvmsg+0x4a/0x70 [ 233.608771] do_syscall_64+0xcf/0x110 [ 233.612577] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.617757] [ 233.619390] Uninit was stored to memory at: [ 233.623716] kmsan_internal_chain_origin+0x136/0x240 [ 233.628817] __msan_chain_origin+0x6d/0xb0 [ 233.633055] __save_stack_trace+0x8be/0xc60 [ 233.637377] save_stack_trace+0xc6/0x110 [ 233.641442] kmsan_internal_chain_origin+0x136/0x240 [ 233.646544] kmsan_memcpy_origins+0x13d/0x190 [ 233.651047] __msan_memcpy+0x6f/0x80 [ 233.654774] nla_put+0x20a/0x2d0 [ 233.658153] br_port_fill_attrs+0x366/0x1ea0 [ 233.662564] br_port_fill_slave_info+0xff/0x120 [ 233.667493] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 233.671813] rtnl_dump_ifinfo+0x18b5/0x2140 [ 233.676164] netlink_dump+0xc79/0x1c90 [ 233.680063] netlink_recvmsg+0xec2/0x19d0 [ 233.684226] sock_recvmsg+0x1d1/0x230 [ 233.688031] ___sys_recvmsg+0x444/0xae0 [ 233.692011] __se_sys_recvmsg+0x2fa/0x450 [ 233.696185] __x64_sys_recvmsg+0x4a/0x70 [ 233.700273] do_syscall_64+0xcf/0x110 [ 233.704076] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.709272] [ 233.710900] Local variable description: ----c.i.i@should_fail [ 233.716793] Variable was created at: [ 233.720510] should_fail+0x162/0x13c0 [ 233.724489] __alloc_pages_nodemask+0x73f/0x63e0 [ 233.748031] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.754586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.761485] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.768137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.776729] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.992670] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.999250] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.007582] device bridge_slave_1 entered promiscuous mode 20:59:15 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xa0000013}) timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, &(0x7f00000000c0)) epoll_pwait(r1, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, &(0x7f00009d2000), 0x8) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000021ff4)={0x2001}) [ 234.253609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.560679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.812004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.157474] IPVS: ftp: loaded support on port[0] = 21 [ 235.519695] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.875824] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.152462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 236.159531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.382378] ip (7088) used greatest stack depth: 53024 bytes left [ 236.461420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.468603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.278079] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.286019] team0: Port device team_slave_0 added [ 237.601257] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.609522] team0: Port device team_slave_1 added [ 237.925151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.933992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.942733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.190318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 238.197658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.206238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.389665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.542193] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 238.549988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.558873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.810128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.818080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.827139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.433527] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.472567] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.479065] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.487603] device bridge_slave_0 entered promiscuous mode [ 240.554458] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.560904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.569007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.770055] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.776705] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.785112] device bridge_slave_1 entered promiscuous mode [ 241.055231] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.295377] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.847926] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.269487] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.276084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.283158] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.289632] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.298241] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.308500] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 242.716848] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 243.039375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 243.046620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 243.054929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 243.283951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 243.291059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 20:59:25 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f00000006c0)="0a5c2d023c126285718070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000007c0)={&(0x7f0000000000)={0x10, 0x34000}, 0xc, &(0x7f0000000040)={&(0x7f0000009480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000003300000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000e2ff000000000000000000000000000000000000000000000000000000000000000000c8000000000000000000000000000000000000000000000000000000000000000000000000007725d1ace8e2000000000000000000000000000a0000000000000000000000c5febe35ff0f0000b060ff5f8fb485cf688204abe4d362d42c28c31685d58fc9be2a5d8215fa8576f4263c440d30c53a981b2471d4468062178a4d80836cbdd8f06b825d0f075fc822793a0a3a642e1eb90211d400"], 0x1}}, 0x0) [ 244.170217] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 244.178530] team0: Port device team_slave_0 added [ 244.623991] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 244.632203] team0: Port device team_slave_1 added [ 245.006269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 245.013568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.022198] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.370311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 245.377599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.413460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.430467] IPVS: ftp: loaded support on port[0] = 21 [ 245.694037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 245.701863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.710690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.068286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 246.076019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.085126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.476995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.784441] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 249.123453] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 249.129869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 249.137746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.344435] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.385430] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.392003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.398905] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.405469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.413915] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.115055] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.121630] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.130001] device bridge_slave_0 entered promiscuous mode [ 251.212721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.421132] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.427900] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.436386] device bridge_slave_1 entered promiscuous mode [ 251.776357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 252.092013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 20:59:33 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, &(0x7f0000000000), 0x3cc}}], 0x1, 0x0, &(0x7f0000000140)) r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/ip6_tables_matches\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 20:59:34 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000180)=0x8) syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x4, 0x80000) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f00000001c0)={r3, 0x6, 0x20, 0x6, 0x8a6f}, &(0x7f0000000200)=0x18) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000300)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) read(r0, &(0x7f0000000000)=""/114, 0x40) r4 = dup(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r4, 0x800442d3, &(0x7f0000000080)={0x0, 0x0, 0x0, @empty, 'gretap0\x00'}) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000240)={{0x1, 0x9}, {0x7, 0xcb4f}, 0x400, 0x1, 0x7}) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000340)={0x7fff, 0x4}) [ 253.192966] Unknown ioctl 1079006001 [ 253.202227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 253.214008] Unknown ioctl 25630 [ 253.226114] Unknown ioctl -1073195493 [ 253.277376] Unknown ioctl 1079006001 [ 253.313452] Unknown ioctl 25630 [ 253.471907] bond0: Enslaving bond_slave_1 as an active interface with an up link 20:59:34 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) pwrite64(r0, &(0x7f00000002c0), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x0, [], [{0xa7, 0xff, 0x100000001, 0x4, 0x7, 0x101}, {0xff5a, 0x7, 0x6, 0x101, 0xffff, 0x6}], [[], [], [], [], []]}) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xfff, 0x22e493328fea366c) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f00000002c0)={0x5, 0x8200, 0x74a, 0x6, 0x0}, &(0x7f0000000340)=0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000380)={r3, 0x1}, 0x8) [ 253.859470] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 253.866910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 20:59:35 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x4000) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) setsockopt$inet_int(r0, 0x0, 0xc8, &(0x7f0000000040), 0x229) [ 254.235283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 254.242667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 20:59:35 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000002240)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f0000003a40)=0x2) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r1}, 0x10) [ 255.193096] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 255.201137] team0: Port device team_slave_0 added [ 255.449053] 8021q: adding VLAN 0 to HW filter on device bond0 20:59:36 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xcc, 0x0) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000040)) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r1 = openat$cgroup_type(r0, &(0x7f00000000c0)='cgroup.type\x00', 0x2, 0x0) ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000100)) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000180)={{0x84, @multicast2, 0x4e22, 0x2, 'dh\x00', 0x4, 0xa9, 0x7c}, {@broadcast, 0x4e21, 0x6, 0x81, 0x2, 0x20}}, 0x44) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e23, 0x4, @mcast1, 0xffffffff}}, 0xa22, 0xffffffff}, &(0x7f0000000300)=0x90) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000340)={0x2, 0x200, 0x7, 0x6, r4}, &(0x7f0000000380)=0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000003c0)={@mcast2, 0x9d12, 0x1, 0x0, 0xe, 0x5, 0x806, 0x2b1b}, 0x20) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)={r5, 0xffffffffffffc430, 0x21, "0ca6c2978ab65deedf28bdc09c75e02aa5593b7681c71e8ea1ce3a5a4568573d85"}, 0x29) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000440)={r5, 0x1, 0x30}, &(0x7f0000000480)=0xc) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000004c0)=@assoc_value, &(0x7f0000000500)=0x8) ioctl$LOOP_GET_STATUS(r2, 0x4c03, &(0x7f0000000540)) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x541b, &(0x7f0000000600)) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2) r6 = msgget(0x0, 0x2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000640)={0x0, 0x0}, &(0x7f0000000680)=0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, &(0x7f0000000700)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000740)={0x0, 0x0}, &(0x7f0000000780)=0xc) getresgid(&(0x7f00000007c0), &(0x7f0000000800)=0x0, &(0x7f0000000840)) r11 = getpgid(0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000880)={0x0, 0x0}) msgctl$IPC_SET(r6, 0x1, &(0x7f00000008c0)={{0x8, r7, r8, r9, r10, 0x100, 0x7fff}, 0x8000, 0x7ff, 0x100000001, 0x4, 0x2, 0x2, r11, r12}) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000940)={r2, r0}) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000980)='veth0_to_bridge\x00') accept$inet6(r2, &(0x7f00000009c0)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000a00)=0x1c) [ 255.587035] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 255.595086] team0: Port device team_slave_1 added 20:59:36 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) readv(r1, &(0x7f00000007c0)=[{&(0x7f00000001c0)=""/104, 0x34910}], 0x1) [ 256.019939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 256.027346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 256.036211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 256.134714] not chained 20000 origins [ 256.138590] CPU: 0 PID: 7654 Comm: ip Not tainted 4.20.0-rc3+ #90 [ 256.144938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.154299] Call Trace: [ 256.156910] dump_stack+0x32d/0x480 [ 256.160563] kmsan_internal_chain_origin+0x222/0x240 [ 256.165704] ? save_stack_trace+0xc6/0x110 [ 256.169997] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 256.175215] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 256.180517] ? kmsan_internal_chain_origin+0x136/0x240 [ 256.185816] ? __msan_chain_origin+0x6d/0xb0 [ 256.190253] ? save_stack_trace+0xfa/0x110 [ 256.194528] ? kmsan_internal_chain_origin+0x136/0x240 [ 256.199822] ? kmsan_memcpy_origins+0x13d/0x190 [ 256.204530] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 256.209997] ? in_task_stack+0x12c/0x210 [ 256.214100] __msan_chain_origin+0x6d/0xb0 [ 256.218349] ? do_syscall_64+0xcf/0x110 [ 256.222330] __save_stack_trace+0x8be/0xc60 [ 256.226671] ? __save_stack_trace+0x9f2/0xc60 [ 256.231300] ? do_syscall_64+0xcf/0x110 [ 256.235286] save_stack_trace+0xc6/0x110 [ 256.239452] kmsan_internal_chain_origin+0x136/0x240 [ 256.244566] ? kmsan_internal_chain_origin+0x136/0x240 [ 256.249845] ? kmsan_memcpy_origins+0x13d/0x190 [ 256.254518] ? __msan_memcpy+0x6f/0x80 [ 256.258494] ? nla_put+0x20a/0x2d0 [ 256.262047] ? br_port_fill_attrs+0x42b/0x1ea0 [ 256.266669] ? br_port_fill_slave_info+0xff/0x120 [ 256.271520] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.276029] ? rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.280525] ? netlink_dump+0xc79/0x1c90 [ 256.284589] ? netlink_recvmsg+0xec2/0x19d0 [ 256.288917] ? sock_recvmsg+0x1d1/0x230 [ 256.292902] ? ___sys_recvmsg+0x444/0xae0 [ 256.297060] ? __se_sys_recvmsg+0x2fa/0x450 [ 256.301388] ? __x64_sys_recvmsg+0x4a/0x70 [ 256.305626] ? do_syscall_64+0xcf/0x110 [ 256.309605] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.314980] ? __msan_poison_alloca+0x1e0/0x270 [ 256.319668] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 256.325044] ? find_next_bit+0x25b/0x2a0 [ 256.329133] ? vmalloc_to_page+0x585/0x6c0 [ 256.333400] ? kmsan_set_origin+0x7f/0x100 [ 256.337652] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 256.343031] kmsan_memcpy_origins+0x13d/0x190 [ 256.347541] __msan_memcpy+0x6f/0x80 [ 256.351265] nla_put+0x20a/0x2d0 [ 256.354648] br_port_fill_attrs+0x42b/0x1ea0 [ 256.359089] br_port_fill_slave_info+0xff/0x120 [ 256.363947] ? br_port_get_slave_size+0x30/0x30 [ 256.368631] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.373033] rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.377444] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 256.380744] IPVS: ftp: loaded support on port[0] = 21 [ 256.382828] ? rtnl_getlink+0xec0/0xec0 [ 256.382847] netlink_dump+0xc79/0x1c90 [ 256.382896] netlink_recvmsg+0xec2/0x19d0 [ 256.400204] sock_recvmsg+0x1d1/0x230 [ 256.404014] ? netlink_sendmsg+0x1440/0x1440 [ 256.408438] ___sys_recvmsg+0x444/0xae0 [ 256.412426] ? __msan_poison_alloca+0x1e0/0x270 [ 256.417099] ? __se_sys_recvmsg+0xca/0x450 [ 256.421336] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 256.426704] ? __fdget+0x23c/0x440 [ 256.430438] __se_sys_recvmsg+0x2fa/0x450 [ 256.434615] __x64_sys_recvmsg+0x4a/0x70 [ 256.438785] do_syscall_64+0xcf/0x110 [ 256.442602] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.447801] RIP: 0033:0x7fcf4164f210 [ 256.451520] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 256.470432] RSP: 002b:00007ffc65ea6148 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 256.478238] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcf4164f210 [ 256.485520] RDX: 0000000000000000 RSI: 00007ffc65ea6190 RDI: 0000000000000003 [ 256.492904] RBP: 0000000000000ac0 R08: 00007fcf418f8ec8 R09: 00007fcf41695800 [ 256.500186] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006395c0 [ 256.507467] R13: 00007ffc65eaa220 R14: 0000000000000ac0 R15: 00007ffc65ea6c90 [ 256.514757] Uninit was stored to memory at: [ 256.519112] kmsan_internal_chain_origin+0x136/0x240 [ 256.524230] __msan_chain_origin+0x6d/0xb0 [ 256.528483] __save_stack_trace+0x8be/0xc60 [ 256.532822] save_stack_trace+0xc6/0x110 [ 256.536902] kmsan_internal_chain_origin+0x136/0x240 [ 256.542035] kmsan_memcpy_origins+0x13d/0x190 [ 256.546540] __msan_memcpy+0x6f/0x80 [ 256.550267] nla_put+0x20a/0x2d0 [ 256.553645] br_port_fill_attrs+0x366/0x1ea0 [ 256.558067] br_port_fill_slave_info+0xff/0x120 [ 256.562838] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.567171] rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.571503] netlink_dump+0xc79/0x1c90 [ 256.575394] netlink_recvmsg+0xec2/0x19d0 [ 256.579550] sock_recvmsg+0x1d1/0x230 [ 256.583355] ___sys_recvmsg+0x444/0xae0 [ 256.587342] __se_sys_recvmsg+0x2fa/0x450 [ 256.591509] __x64_sys_recvmsg+0x4a/0x70 [ 256.595679] do_syscall_64+0xcf/0x110 [ 256.599492] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.604682] [ 256.606316] Uninit was stored to memory at: [ 256.610649] kmsan_internal_chain_origin+0x136/0x240 [ 256.615777] __msan_chain_origin+0x6d/0xb0 [ 256.620039] __save_stack_trace+0x8be/0xc60 [ 256.624376] save_stack_trace+0xc6/0x110 [ 256.628451] kmsan_internal_chain_origin+0x136/0x240 [ 256.633566] kmsan_memcpy_origins+0x13d/0x190 [ 256.638072] __msan_memcpy+0x6f/0x80 [ 256.641804] nla_put+0x20a/0x2d0 [ 256.645273] br_port_fill_attrs+0x366/0x1ea0 [ 256.649795] br_port_fill_slave_info+0xff/0x120 [ 256.654472] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.658805] rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.663134] netlink_dump+0xc79/0x1c90 [ 256.667213] netlink_recvmsg+0xec2/0x19d0 [ 256.671366] sock_recvmsg+0x1d1/0x230 [ 256.675170] ___sys_recvmsg+0x444/0xae0 [ 256.679163] __se_sys_recvmsg+0x2fa/0x450 [ 256.683319] __x64_sys_recvmsg+0x4a/0x70 [ 256.687403] do_syscall_64+0xcf/0x110 [ 256.691223] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.696422] [ 256.698049] Uninit was stored to memory at: [ 256.702376] kmsan_internal_chain_origin+0x136/0x240 [ 256.707572] __msan_chain_origin+0x6d/0xb0 [ 256.711816] __save_stack_trace+0x8be/0xc60 [ 256.716143] save_stack_trace+0xc6/0x110 [ 256.720211] kmsan_internal_chain_origin+0x136/0x240 [ 256.725321] kmsan_memcpy_origins+0x13d/0x190 [ 256.729826] __msan_memcpy+0x6f/0x80 [ 256.733552] nla_put+0x20a/0x2d0 [ 256.736952] br_port_fill_attrs+0x366/0x1ea0 [ 256.741466] br_port_fill_slave_info+0xff/0x120 [ 256.746170] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.750508] rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.754840] netlink_dump+0xc79/0x1c90 [ 256.758788] netlink_recvmsg+0xec2/0x19d0 [ 256.762947] sock_recvmsg+0x1d1/0x230 [ 256.766779] ___sys_recvmsg+0x444/0xae0 [ 256.770760] __se_sys_recvmsg+0x2fa/0x450 [ 256.774928] __x64_sys_recvmsg+0x4a/0x70 [ 256.778996] do_syscall_64+0xcf/0x110 [ 256.782820] entry_SYSCALL_64_after_hwframe+0x63/0xe7 20:59:37 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000280)="6e730023f782c3746d20ae7c2d6268740b044ce2e5c93884d92dbb9385af4d724e9958cca6be96ecfb9aa8c7a5d5490d36a89796e727f5a3572111ed5e46ea1d04fded25c495b991841f8a33916bdfcad73e9087344cc491a2634442d3ae209d43d1fca5a763529c04a5e82a07812a18bd96599551848e567af2b3f403ede1563b9b8b2450e59fc3a66e6d72db357866000000") socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_procfs(0x0, &(0x7f0000000100)='mounts\x00') fstat(r0, &(0x7f00000003c0)) [ 256.788009] [ 256.789641] Uninit was stored to memory at: [ 256.793981] kmsan_internal_chain_origin+0x136/0x240 [ 256.799211] __msan_chain_origin+0x6d/0xb0 [ 256.803457] __save_stack_trace+0x8be/0xc60 [ 256.807815] save_stack_trace+0xc6/0x110 [ 256.811889] kmsan_internal_chain_origin+0x136/0x240 [ 256.817010] kmsan_memcpy_origins+0x13d/0x190 [ 256.821522] __msan_memcpy+0x6f/0x80 [ 256.825274] nla_put+0x20a/0x2d0 [ 256.828645] br_port_fill_attrs+0x366/0x1ea0 [ 256.833303] br_port_fill_slave_info+0xff/0x120 [ 256.837977] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.842312] rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.846643] netlink_dump+0xc79/0x1c90 [ 256.850542] netlink_recvmsg+0xec2/0x19d0 [ 256.854709] sock_recvmsg+0x1d1/0x230 [ 256.858521] ___sys_recvmsg+0x444/0xae0 [ 256.862510] __se_sys_recvmsg+0x2fa/0x450 [ 256.866673] __x64_sys_recvmsg+0x4a/0x70 [ 256.870749] do_syscall_64+0xcf/0x110 [ 256.874579] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.879953] [ 256.881588] Uninit was stored to memory at: [ 256.885916] kmsan_internal_chain_origin+0x136/0x240 [ 256.891011] __msan_chain_origin+0x6d/0xb0 [ 256.895250] __save_stack_trace+0x8be/0xc60 [ 256.899575] save_stack_trace+0xc6/0x110 [ 256.903635] kmsan_internal_chain_origin+0x136/0x240 [ 256.908745] kmsan_memcpy_origins+0x13d/0x190 [ 256.913258] __msan_memcpy+0x6f/0x80 [ 256.917062] nla_put+0x20a/0x2d0 [ 256.920448] br_port_fill_attrs+0x366/0x1ea0 [ 256.924860] br_port_fill_slave_info+0xff/0x120 [ 256.929519] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 256.933826] rtnl_dump_ifinfo+0x18b5/0x2140 [ 256.938145] netlink_dump+0xc79/0x1c90 [ 256.942031] netlink_recvmsg+0xec2/0x19d0 [ 256.946162] sock_recvmsg+0x1d1/0x230 [ 256.950070] ___sys_recvmsg+0x444/0xae0 [ 256.954042] __se_sys_recvmsg+0x2fa/0x450 [ 256.958182] __x64_sys_recvmsg+0x4a/0x70 [ 256.962254] do_syscall_64+0xcf/0x110 [ 256.966049] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.971228] [ 256.972854] Uninit was stored to memory at: [ 256.977177] kmsan_internal_chain_origin+0x136/0x240 [ 256.982282] __msan_chain_origin+0x6d/0xb0 [ 256.986522] __save_stack_trace+0x8be/0xc60 [ 256.990845] save_stack_trace+0xc6/0x110 [ 256.994912] kmsan_internal_chain_origin+0x136/0x240 [ 257.000030] kmsan_memcpy_origins+0x13d/0x190 [ 257.004515] __msan_memcpy+0x6f/0x80 [ 257.008218] nla_put+0x20a/0x2d0 [ 257.011584] br_port_fill_attrs+0x366/0x1ea0 [ 257.015992] br_port_fill_slave_info+0xff/0x120 [ 257.020667] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 257.024985] rtnl_dump_ifinfo+0x18b5/0x2140 [ 257.029305] netlink_dump+0xc79/0x1c90 [ 257.033187] netlink_recvmsg+0xec2/0x19d0 [ 257.037346] sock_recvmsg+0x1d1/0x230 [ 257.041141] ___sys_recvmsg+0x444/0xae0 [ 257.045127] __se_sys_recvmsg+0x2fa/0x450 [ 257.049265] __x64_sys_recvmsg+0x4a/0x70 [ 257.053315] do_syscall_64+0xcf/0x110 [ 257.057103] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 257.062371] [ 257.063981] Uninit was stored to memory at: [ 257.068294] kmsan_internal_chain_origin+0x136/0x240 [ 257.073379] __msan_chain_origin+0x6d/0xb0 [ 257.077597] __save_stack_trace+0x8be/0xc60 [ 257.081915] save_stack_trace+0xc6/0x110 [ 257.085992] kmsan_internal_chain_origin+0x136/0x240 [ 257.091090] kmsan_memcpy_origins+0x13d/0x190 [ 257.095585] __msan_memcpy+0x6f/0x80 [ 257.099384] nla_put+0x20a/0x2d0 [ 257.102767] br_port_fill_attrs+0x366/0x1ea0 [ 257.107171] br_port_fill_slave_info+0xff/0x120 [ 257.111848] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 257.116164] rtnl_dump_ifinfo+0x18b5/0x2140 [ 257.120480] netlink_dump+0xc79/0x1c90 [ 257.124377] netlink_recvmsg+0xec2/0x19d0 [ 257.128522] sock_recvmsg+0x1d1/0x230 [ 257.132327] ___sys_recvmsg+0x444/0xae0 [ 257.136305] __se_sys_recvmsg+0x2fa/0x450 [ 257.140445] __x64_sys_recvmsg+0x4a/0x70 [ 257.144500] do_syscall_64+0xcf/0x110 [ 257.148320] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 257.153523] [ 257.155146] Local variable description: ----v.addr.i.i108@update_curr [ 257.161718] Variable was created at: [ 257.165450] update_curr+0x62/0x2100 [ 257.169157] pick_next_task_fair+0x29c/0x3060 [ 257.231006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 257.238454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 257.246999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 257.623787] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 257.631462] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 257.640044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 257.781119] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 257.907741] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 257.915582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 257.924678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 258.950798] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.957380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.965161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 20:59:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000088cff6)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000000)) [ 259.952455] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.980900] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.987437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.994448] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.000948] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.008981] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 261.522143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 261.590844] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.597504] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.606038] device bridge_slave_0 entered promiscuous mode [ 261.888776] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.895423] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.903829] device bridge_slave_1 entered promiscuous mode [ 262.137091] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 262.362223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 262.963824] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 263.149330] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 263.321965] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 263.347171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.626437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.171422] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.179897] team0: Port device team_slave_0 added [ 264.462460] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 264.475038] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.482829] team0: Port device team_slave_1 added [ 264.800409] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 264.807737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 264.816502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 265.047598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 265.055047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 265.063659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 265.264209] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 265.287314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 265.296655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 265.389439] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 265.396015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 265.403627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 265.417406] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 265.430343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 20:59:46 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008002, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9) recvfrom(r0, &(0x7f0000000200)=""/101, 0xffffffffffffff46, 0x120, 0x0, 0xffffffffffffffeb) [ 265.439454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.535204] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 266.151899] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.822754] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.829332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.836355] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.842980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.851480] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.858438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 269.897046] 8021q: adding VLAN 0 to HW filter on device bond0 20:59:51 executing program 3: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) read(r0, &(0x7f0000000080)=""/100, 0x64) [ 270.661501] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 271.142897] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 271.149354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 271.157887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 271.633447] 8021q: adding VLAN 0 to HW filter on device team0 [ 273.726273] not chained 30000 origins [ 273.730150] CPU: 1 PID: 8258 Comm: ip Not tainted 4.20.0-rc3+ #90 [ 273.736384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.745745] Call Trace: [ 273.748352] dump_stack+0x32d/0x480 [ 273.752013] kmsan_internal_chain_origin+0x222/0x240 [ 273.757148] ? save_stack_trace+0xc6/0x110 [ 273.761919] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 273.767033] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 273.772352] ? kmsan_internal_chain_origin+0x136/0x240 [ 273.777639] ? __msan_chain_origin+0x6d/0xb0 [ 273.782053] ? save_stack_trace+0xfa/0x110 [ 273.786291] ? kmsan_internal_chain_origin+0x136/0x240 [ 273.791651] ? kmsan_memcpy_origins+0x13d/0x190 [ 273.796319] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 273.801794] ? in_task_stack+0x12c/0x210 [ 273.805857] __msan_chain_origin+0x6d/0xb0 [ 273.810076] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 273.814556] __save_stack_trace+0x8be/0xc60 [ 273.818942] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 273.823424] save_stack_trace+0xc6/0x110 [ 273.827469] kmsan_internal_chain_origin+0x136/0x240 [ 273.832559] ? kmsan_internal_chain_origin+0x136/0x240 [ 273.837819] ? kmsan_memcpy_origins+0x13d/0x190 [ 273.842470] ? __msan_memcpy+0x6f/0x80 [ 273.846355] ? nla_put+0x20a/0x2d0 [ 273.849881] ? br_port_fill_attrs+0x42b/0x1ea0 [ 273.854458] ? br_port_fill_slave_info+0xff/0x120 [ 273.859302] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 273.863798] ? rtnl_dump_ifinfo+0x18b5/0x2140 [ 273.868299] ? netlink_dump+0xc79/0x1c90 [ 273.872351] ? netlink_recvmsg+0xec2/0x19d0 [ 273.876661] ? sock_recvmsg+0x1d1/0x230 [ 273.880618] ? ___sys_recvmsg+0x444/0xae0 [ 273.884749] ? __se_sys_recvmsg+0x2fa/0x450 [ 273.889058] ? __x64_sys_recvmsg+0x4a/0x70 [ 273.893274] ? do_syscall_64+0xcf/0x110 [ 273.897240] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 273.902774] ? __msan_poison_alloca+0x1e0/0x270 [ 273.907455] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 273.912855] ? find_next_bit+0x25b/0x2a0 [ 273.916907] ? vmalloc_to_page+0x585/0x6c0 [ 273.921123] ? kmsan_set_origin+0x7f/0x100 [ 273.925349] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 273.930702] kmsan_memcpy_origins+0x13d/0x190 [ 273.935317] __msan_memcpy+0x6f/0x80 [ 273.939023] nla_put+0x20a/0x2d0 [ 273.942483] br_port_fill_attrs+0x42b/0x1ea0 [ 273.946892] br_port_fill_slave_info+0xff/0x120 [ 273.951550] ? br_port_get_slave_size+0x30/0x30 [ 273.956217] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 273.960542] rtnl_dump_ifinfo+0x18b5/0x2140 [ 273.964889] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 273.970239] ? rtnl_getlink+0xec0/0xec0 [ 273.974195] netlink_dump+0xc79/0x1c90 [ 273.978200] netlink_recvmsg+0xec2/0x19d0 [ 273.982341] sock_recvmsg+0x1d1/0x230 [ 273.986128] ? netlink_sendmsg+0x1440/0x1440 [ 273.990531] ___sys_recvmsg+0x444/0xae0 [ 273.994501] ? __msan_poison_alloca+0x1e0/0x270 [ 273.999163] ? __se_sys_recvmsg+0xca/0x450 [ 274.003388] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 274.008745] ? __fdget+0x23c/0x440 [ 274.012280] __se_sys_recvmsg+0x2fa/0x450 [ 274.016420] __x64_sys_recvmsg+0x4a/0x70 [ 274.020464] do_syscall_64+0xcf/0x110 [ 274.024254] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.029430] RIP: 0033:0x7f7deda99210 [ 274.033154] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 274.052143] RSP: 002b:00007ffc518ead08 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 274.059867] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7deda99210 [ 274.067215] RDX: 0000000000000000 RSI: 00007ffc518ead50 RDI: 0000000000000003 [ 274.074474] RBP: 0000000000001c28 R08: 00007f7dedd42ec8 R09: 00007f7dedadfc00 [ 274.081736] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006395c0 [ 274.089007] R13: 00007ffc518eede0 R14: 0000000000001c28 R15: 00007ffc518ec9b8 [ 274.096268] Uninit was stored to memory at: [ 274.100577] kmsan_internal_chain_origin+0x136/0x240 [ 274.105668] __msan_chain_origin+0x6d/0xb0 [ 274.110008] __save_stack_trace+0x8be/0xc60 [ 274.114317] save_stack_trace+0xc6/0x110 [ 274.118364] kmsan_internal_chain_origin+0x136/0x240 [ 274.123466] kmsan_memcpy_origins+0x13d/0x190 [ 274.127944] __msan_memcpy+0x6f/0x80 [ 274.131650] nla_put+0x20a/0x2d0 [ 274.135014] br_port_fill_attrs+0x366/0x1ea0 [ 274.139424] br_port_fill_slave_info+0xff/0x120 [ 274.144081] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.148476] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.152786] netlink_dump+0xc79/0x1c90 [ 274.156733] netlink_recvmsg+0xec2/0x19d0 [ 274.160863] sock_recvmsg+0x1d1/0x230 [ 274.164651] ___sys_recvmsg+0x444/0xae0 [ 274.168613] __se_sys_recvmsg+0x2fa/0x450 [ 274.172749] __x64_sys_recvmsg+0x4a/0x70 [ 274.176804] do_syscall_64+0xcf/0x110 [ 274.180588] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.185786] [ 274.187401] Uninit was stored to memory at: [ 274.191744] kmsan_internal_chain_origin+0x136/0x240 [ 274.196871] __msan_chain_origin+0x6d/0xb0 [ 274.201111] __save_stack_trace+0x8be/0xc60 [ 274.205422] save_stack_trace+0xc6/0x110 [ 274.209487] kmsan_internal_chain_origin+0x136/0x240 [ 274.214590] kmsan_memcpy_origins+0x13d/0x190 [ 274.219070] __msan_memcpy+0x6f/0x80 [ 274.222780] nla_put+0x20a/0x2d0 [ 274.226143] br_port_fill_attrs+0x366/0x1ea0 [ 274.230624] br_port_fill_slave_info+0xff/0x120 [ 274.235280] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.239587] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.244011] netlink_dump+0xc79/0x1c90 [ 274.247891] netlink_recvmsg+0xec2/0x19d0 [ 274.252034] sock_recvmsg+0x1d1/0x230 [ 274.255831] ___sys_recvmsg+0x444/0xae0 [ 274.259787] __se_sys_recvmsg+0x2fa/0x450 [ 274.263917] __x64_sys_recvmsg+0x4a/0x70 [ 274.267958] do_syscall_64+0xcf/0x110 [ 274.271779] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.276969] [ 274.278576] Uninit was stored to memory at: [ 274.282885] kmsan_internal_chain_origin+0x136/0x240 [ 274.287998] __msan_chain_origin+0x6d/0xb0 [ 274.292227] __save_stack_trace+0x8be/0xc60 [ 274.296536] save_stack_trace+0xc6/0x110 [ 274.300584] kmsan_internal_chain_origin+0x136/0x240 [ 274.305675] kmsan_memcpy_origins+0x13d/0x190 [ 274.310157] __msan_memcpy+0x6f/0x80 [ 274.313860] nla_put+0x20a/0x2d0 [ 274.317215] br_port_fill_attrs+0x366/0x1ea0 [ 274.321613] br_port_fill_slave_info+0xff/0x120 [ 274.326360] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.330667] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.334979] netlink_dump+0xc79/0x1c90 [ 274.338854] netlink_recvmsg+0xec2/0x19d0 [ 274.342995] sock_recvmsg+0x1d1/0x230 [ 274.346789] ___sys_recvmsg+0x444/0xae0 [ 274.350836] __se_sys_recvmsg+0x2fa/0x450 [ 274.354965] __x64_sys_recvmsg+0x4a/0x70 [ 274.359015] do_syscall_64+0xcf/0x110 [ 274.362818] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.368075] [ 274.369696] Uninit was stored to memory at: [ 274.374112] kmsan_internal_chain_origin+0x136/0x240 [ 274.379304] __msan_chain_origin+0x6d/0xb0 [ 274.383530] __save_stack_trace+0x8be/0xc60 [ 274.387835] save_stack_trace+0xc6/0x110 [ 274.391883] kmsan_internal_chain_origin+0x136/0x240 [ 274.396971] kmsan_memcpy_origins+0x13d/0x190 [ 274.401548] __msan_memcpy+0x6f/0x80 [ 274.405255] nla_put+0x20a/0x2d0 [ 274.408607] br_port_fill_attrs+0x366/0x1ea0 [ 274.413002] br_port_fill_slave_info+0xff/0x120 [ 274.417656] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.421964] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.426268] netlink_dump+0xc79/0x1c90 [ 274.430138] netlink_recvmsg+0xec2/0x19d0 [ 274.434272] sock_recvmsg+0x1d1/0x230 [ 274.438054] ___sys_recvmsg+0x444/0xae0 [ 274.442017] __se_sys_recvmsg+0x2fa/0x450 [ 274.446149] __x64_sys_recvmsg+0x4a/0x70 [ 274.450195] do_syscall_64+0xcf/0x110 [ 274.453981] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.459149] [ 274.460757] Uninit was stored to memory at: [ 274.465070] kmsan_internal_chain_origin+0x136/0x240 [ 274.470157] __msan_chain_origin+0x6d/0xb0 [ 274.474373] __save_stack_trace+0x8be/0xc60 [ 274.478691] save_stack_trace+0xc6/0x110 [ 274.482737] kmsan_internal_chain_origin+0x136/0x240 [ 274.487831] kmsan_memcpy_origins+0x13d/0x190 [ 274.492328] __msan_memcpy+0x6f/0x80 [ 274.496037] nla_put+0x20a/0x2d0 [ 274.499391] br_port_fill_attrs+0x366/0x1ea0 [ 274.503792] br_port_fill_slave_info+0xff/0x120 [ 274.508442] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.512747] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.517060] netlink_dump+0xc79/0x1c90 [ 274.520942] netlink_recvmsg+0xec2/0x19d0 [ 274.525163] sock_recvmsg+0x1d1/0x230 [ 274.528944] ___sys_recvmsg+0x444/0xae0 [ 274.532902] __se_sys_recvmsg+0x2fa/0x450 [ 274.537036] __x64_sys_recvmsg+0x4a/0x70 [ 274.541077] do_syscall_64+0xcf/0x110 [ 274.544862] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.550035] [ 274.551646] Uninit was stored to memory at: [ 274.555964] kmsan_internal_chain_origin+0x136/0x240 [ 274.561051] __msan_chain_origin+0x6d/0xb0 [ 274.565274] __save_stack_trace+0x8be/0xc60 [ 274.569593] save_stack_trace+0xc6/0x110 [ 274.573654] kmsan_internal_chain_origin+0x136/0x240 [ 274.578741] kmsan_memcpy_origins+0x13d/0x190 [ 274.583240] __msan_memcpy+0x6f/0x80 [ 274.586941] nla_put+0x20a/0x2d0 [ 274.590291] br_port_fill_attrs+0x366/0x1ea0 [ 274.594683] br_port_fill_slave_info+0xff/0x120 [ 274.599337] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.603643] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.607953] netlink_dump+0xc79/0x1c90 [ 274.611831] netlink_recvmsg+0xec2/0x19d0 [ 274.615964] sock_recvmsg+0x1d1/0x230 [ 274.619853] ___sys_recvmsg+0x444/0xae0 [ 274.623814] __se_sys_recvmsg+0x2fa/0x450 [ 274.627948] __x64_sys_recvmsg+0x4a/0x70 [ 274.631993] do_syscall_64+0xcf/0x110 [ 274.635784] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.640954] [ 274.642563] Uninit was stored to memory at: [ 274.646870] kmsan_internal_chain_origin+0x136/0x240 [ 274.651960] __msan_chain_origin+0x6d/0xb0 [ 274.656201] __save_stack_trace+0x8be/0xc60 [ 274.660548] save_stack_trace+0xc6/0x110 [ 274.664610] kmsan_internal_chain_origin+0x136/0x240 [ 274.669707] kmsan_memcpy_origins+0x13d/0x190 [ 274.674189] __msan_memcpy+0x6f/0x80 [ 274.677888] nla_put+0x20a/0x2d0 [ 274.681259] br_port_fill_attrs+0x366/0x1ea0 [ 274.685668] br_port_fill_slave_info+0xff/0x120 [ 274.690324] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 274.694634] rtnl_dump_ifinfo+0x18b5/0x2140 [ 274.698942] netlink_dump+0xc79/0x1c90 [ 274.702819] netlink_recvmsg+0xec2/0x19d0 [ 274.706953] sock_recvmsg+0x1d1/0x230 [ 274.710735] ___sys_recvmsg+0x444/0xae0 [ 274.714691] __se_sys_recvmsg+0x2fa/0x450 [ 274.718824] __x64_sys_recvmsg+0x4a/0x70 [ 274.722869] do_syscall_64+0xcf/0x110 [ 274.726666] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.731830] [ 274.733437] Local variable description: ----c.i.i@should_fail [ 274.739297] Variable was created at: [ 274.742995] should_fail+0x162/0x13c0 [ 274.746791] __alloc_pages_nodemask+0x73f/0x63e0 [ 274.772263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.225241] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 20:59:56 executing program 4: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423) unlink(&(0x7f0000000040)='./file0\x00') mount(&(0x7f00000004c0)=ANY=[@ANYBLOB='/'], &(0x7f0000000080)='./file0\x00', &(0x7f0000000540)='vfat\x00', 0x2000, &(0x7f0000000000)='\x00') 20:59:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) fremovexattr(r0, &(0x7f0000000000)=@random={'btrfs.', '\x00'}) 20:59:56 executing program 1: semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000ac0)) 20:59:56 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000540)=""/246) 20:59:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000200)={0x7b, 0x0, [0x40000003]}) [ 275.627759] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 20:59:56 executing program 1: r0 = open(&(0x7f00000005c0)='./file0\x00', 0x41ff, 0x5) getsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000000), &(0x7f0000000080)=0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r1, &(0x7f0000000540)=[{&(0x7f0000000440)='b', 0x1}], 0x1, 0x0) r2 = gettid() clone(0x0, &(0x7f00000048c0), &(0x7f0000004a00), &(0x7f0000000000), &(0x7f0000000180)) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={&(0x7f0000000180), &(0x7f0000000280)}}, &(0x7f0000044000)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r2, 0x1000000000016) [ 276.040248] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 276.046870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.055057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 276.722704] 8021q: adding VLAN 0 to HW filter on device team0 20:59:59 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x12}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getflags(r0, 0x1) 20:59:59 executing program 0: shmat(0x0, &(0x7f0000955000/0x3000)=nil, 0x6ffc) msync(&(0x7f0000955000/0x2000)=nil, 0x2000, 0x4) 20:59:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) dup3(r0, r1, 0x0) 20:59:59 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000540)=""/246) 20:59:59 executing program 1: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) msgctl$MSG_STAT(0x0, 0xb, 0x0) 20:59:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000001280)={'broute\x00', 0x0, 0x0, 0x1000, [], 0x0, &(0x7f00000001c0), &(0x7f0000000280)=""/4096}, &(0x7f0000000200)=0x78) [ 278.430861] Unknown ioctl 19459 [ 278.435647] Unknown ioctl 21531 [ 278.442229] Unknown ioctl 35232 [ 278.450133] Unknown ioctl 19459 [ 278.452942] Unknown ioctl 21531 [ 278.458282] Unknown ioctl 35232 20:59:59 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$sock_timeval(r1, 0x1, 0x2c, &(0x7f0000000080)={0x77359400}, 0x10) 20:59:59 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000540)=""/246) 20:59:59 executing program 1: fcntl$notify(0xffffffffffffffff, 0x402, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @broadcast}}) 20:59:59 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$sock_timeval(r1, 0x1, 0xe, &(0x7f0000000080)={0x77359400}, 0x10) 21:00:00 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000000e80), 0x0, 0x200007fd, &(0x7f0000001040)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000002c0)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c4600706a5ce1a2ee467d3bca22f507643a066104010000000000000c02000000000000a6d10000030038000200ffffffff468051e5746403000000ff00000000000000bc08000000000000f9ffffffffffffffff7f0000000000000600000000000000000800000000800005000000020000006f000000000000000000000000000000ea2b000000000000080000000000000003000000000000000800000000000000f8d1cf6bb60a3cc8252c025b5f92a84bb4d5efd7201c0b3858f135eeae37c7f0e87b4cb7c2ebe8e1bf26d90204e8796ae2234ab4507f89e0a927c56e06ac8486242f23306477b3ced713f3ccd7a0f1572c2cfeceaf21b6b33f3293bfb67974157e7a4e10510b1d74ca0f796a92f62c8102c33ef139e0cf2ccd4388e8404194afc7dcb3c0580904a76736e493f5c3d9c8d91d510485793916f26e041f6b30857e8c9b55fe64259328116a71513c065b05319d42f98f00000000000000775f402d0000000000000000000000000000000000000000000000000000100000000000000000000000000000000002000000008f00000000000000000000000000f9ffffff000000000000000000000000000000000000000100001e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff07000000000000000000000000000000000000000400000000000000040000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000"], 0x259) [ 278.981078] sock: process `syz-executor2' is using obsolete setsockopt SO_BSDCOMPAT 21:00:00 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080)="df6c51c7bf5f8a4d8643869e4ccb891cdfcdf8426b0192fdaccef9985d539aa3ca359c284afe17", 0x27) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f00000000c0)={'ip6_vth0\x00', {0x2, 0x0, @multicast2}}) setsockopt$inet6_buf(r0, 0x29, 0x80000000000040, &(0x7f0000000080), 0x0) 21:00:00 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r0, 0x0, 0x7, &(0x7f00000000c0), &(0x7f0000000200)=0x4) 21:00:00 executing program 3: perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)="7374617475730042236739c16d17f90dc22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a50115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f687df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b99e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b03f6b1818bc97077db23") write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0x0) memfd_create(&(0x7f0000000640)="7374617475730042236739c16d17f90dc22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a50115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f687df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b99e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b03f6b1818bc97077db23", 0x0) setgroups(0x2a7, &(0x7f0000000140)) sendfile(r0, r1, &(0x7f0000000040), 0x4) 21:00:00 executing program 2: syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_targets\x00') 21:00:00 executing program 0: 21:00:00 executing program 2: 21:00:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000180)=0x7fff, 0x4) 21:00:00 executing program 2: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423) mount(&(0x7f00000004c0)=ANY=[@ANYBLOB='/'], &(0x7f0000000080)='./file0\x00', &(0x7f0000000540)='vfat\x00', 0x0, &(0x7f0000000000)='\x00') 21:00:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000)) 21:00:00 executing program 3: perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)="7374617475730042236739c16d17f90dc22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a50115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f687df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b99e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b03f6b1818bc97077db23") write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0x0) memfd_create(&(0x7f0000000640)="7374617475730042236739c16d17f90dc22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a50115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f687df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b99e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b03f6b1818bc97077db23", 0x0) setgroups(0x2a7, &(0x7f0000000140)) sendfile(r0, r1, &(0x7f0000000040), 0x4) 21:00:00 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[]}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = socket$inet6(0xa, 0x80f, 0x80000000) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setflags(r3, 0x2, 0x400001) ioctl$sock_SIOCGSKNS(r2, 0x894c, &(0x7f0000000140)=0x5) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ftruncate(r5, 0x8000) ioctl$SNDRV_TIMER_IOCTL_STATUS(r4, 0x80605414, &(0x7f0000000200)) ioctl$GIO_FONTX(r5, 0x4b6b, &(0x7f0000000300)=""/112) r6 = socket$inet6(0xa, 0x400000000001, 0x0) r7 = dup(r6) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f00000004c0), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x1) ftruncate(r8, 0x2007fff) sendfile(r7, r8, &(0x7f0000d83ff8), 0x8000fffffffe) getsockopt$IP_VS_SO_GET_SERVICE(r4, 0x0, 0x483, &(0x7f0000000200), &(0x7f0000000280)=0x68) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000001c0)) bind$vsock_dgram(r5, &(0x7f00000002c0)={0x28, 0x0, 0xffffffff, @host}, 0x10) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="02030009100000001d0000000000000002001300f4ffffffffffffff00000000050006a24d50e20000dd00000a0000000000000000000000000000000000000000000000010000f80000000002000100000000c300000002000000000500000200000000000000ff170000000400000000000000000017000b0000000000001c770ea223515a710385b2cff09755b128a266273e265215c3300103b1e90db0e199377d57335f868609a23b14b9b407d96acb72bb33c9952f734fe900fea2e59f803e622d1d5060ebb6a47853dfb6f5efcdb78fbab9bb2ce881511257bf6bd7743d689231608c9c2471f5afc415cd3448054de51fc9e567164e35663bf0c99b2ad9218456a626dd4f6a8861a1e894987402fdc14dc55d78a7b84ac095b1445b4bbab75155c51a11d11e8a5097a24b43e195e1a59eb119d888e7aa5e3f6b7e585aed3ea5dae8c4121482ad260c094da523e70137341395ace72c70fa6ab692519eb8af4a66ebacd11feb17f8f5283f9b8c2d1082856ed44173fe00a34d"], 0x17c}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000005c0)={@mcast1, @loopback, @mcast1, 0x0, 0x8, 0x8, 0x400, 0xef1f, 0x7000031}) 21:00:01 executing program 4: [ 280.137271] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 21:00:01 executing program 5: 21:00:01 executing program 3: 21:00:01 executing program 4: 21:00:01 executing program 0: 21:00:01 executing program 3: 21:00:01 executing program 5: 21:00:01 executing program 4: 21:00:02 executing program 3: 21:00:02 executing program 2: 21:00:02 executing program 0: 21:00:02 executing program 1: 21:00:02 executing program 4: 21:00:02 executing program 5: 21:00:02 executing program 0: 21:00:02 executing program 4: 21:00:02 executing program 3: 21:00:02 executing program 2: 21:00:02 executing program 5: 21:00:02 executing program 0: 21:00:02 executing program 1: 21:00:02 executing program 2: 21:00:02 executing program 4: 21:00:02 executing program 3: 21:00:02 executing program 5: 21:00:03 executing program 1: 21:00:03 executing program 0: 21:00:03 executing program 4: 21:00:03 executing program 2: 21:00:03 executing program 3: 21:00:03 executing program 5: 21:00:03 executing program 1: 21:00:03 executing program 4: 21:00:03 executing program 0: 21:00:03 executing program 2: 21:00:03 executing program 3: 21:00:03 executing program 5: 21:00:03 executing program 0: 21:00:03 executing program 4: 21:00:03 executing program 1: 21:00:04 executing program 2: 21:00:04 executing program 3: 21:00:04 executing program 5: 21:00:04 executing program 0: 21:00:04 executing program 4: 21:00:04 executing program 2: 21:00:04 executing program 1: 21:00:04 executing program 5: 21:00:04 executing program 0: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423) r1 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000500), 0xffffffffffffffff) mount(&(0x7f00000004c0)=ANY=[@ANYBLOB='/'], &(0x7f0000000080)='./file0\x00', &(0x7f0000000540)='vfat\x00', 0x2000, &(0x7f0000000000)='\x00') lseek(r1, 0x0, 0x4) 21:00:04 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000240)="2400000058001f00ff07f4f9002304000a04f51108000100020100020800039201000000", 0x24) 21:00:04 executing program 4: clone(0x800200, &(0x7f0000000040), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f0000000100)) mknod(&(0x7f0000000040)='./file0\x00', 0x103e, 0x7ff) execve(&(0x7f0000000140)='./file0\x00', &(0x7f0000000040), &(0x7f0000000200)) r0 = inotify_init1(0x0) r1 = getpid() fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) kcmp(r1, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x4, 0xffffffffffffffff, &(0x7f0000000440)) open$dir(&(0x7f0000000000)='./file0\x00', 0x4000000027e, 0x0) 21:00:04 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f00000004c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) futex(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000003ff0), &(0x7f0000000400), 0x0) dup3(r2, r1, 0x0) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f000000ab80)={&(0x7f0000000040), 0xc, &(0x7f000000ab40)={&(0x7f000000a200)={0x14}, 0x14}}, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000740)={0x0, 0xc000000000000000}) getpgid(0x0) 21:00:04 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f0000000080)=""/195}, 0x48) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000008ffc)=0x57bd, 0x4) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f0000009000)=r0, 0x4) dup3(r0, r1, 0x0) 21:00:05 executing program 5: 21:00:05 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201e}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip_vti0\x00\x00\x00\x00\x00\a\x00', 0x0}) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={@dev, 0x0, r2}) 21:00:05 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) 21:00:05 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201f}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001fc0)={'ip_vti0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000100)={@remote, 0x0, r2}) close(r1) 21:00:05 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/pid\x00') 21:00:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000140)={0x7d, 0x0, [0x40000075]}) 21:00:05 executing program 4: clone(0x800200, &(0x7f0000000040), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f0000000100)) mknod(&(0x7f0000000040)='./file0\x00', 0x103e, 0x7ff) execve(&(0x7f0000000140)='./file0\x00', &(0x7f0000000040), &(0x7f0000000200)) r0 = inotify_init1(0x0) r1 = getpid() fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) kcmp(r1, r2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x4, 0xffffffffffffffff, &(0x7f0000000440)) open$dir(&(0x7f0000000000)='./file0\x00', 0x4000000027e, 0x0) 21:00:06 executing program 0: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000300), 0x0, 0x20040880, &(0x7f0000000040)={0xa, 0x4004e22, 0x0, @loopback}, 0x1c) 21:00:06 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201f}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001fc0)={'ip_vti0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000100)={@remote, 0x0, r2}) close(r1) 21:00:06 executing program 1: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r1 = eventfd(0x0) read$eventfd(r1, &(0x7f0000000040), 0x8) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r0, 0x15) write(r1, &(0x7f0000000240)="78f7a7f5eceda5fa", 0x8) 21:00:06 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) fremovexattr(r0, &(0x7f0000000080)=@known='com.apple.system.Security\x00') 21:00:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201e}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip_vti0\x00\x00\x00\x00\x00\a\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={@dev, 0x0, r2}) 21:00:06 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) signalfd4(0xffffffffffffff9c, &(0x7f00000000c0)={0x100000000000000}, 0x8, 0x0) clone(0x8090900, &(0x7f00009f4000), &(0x7f0000000040), &(0x7f0000000000), &(0x7f0000000200)) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) seccomp(0x0, 0x0, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x26) flock(0xffffffffffffffff, 0x0) 21:00:06 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000a8eff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2000000000007, &(0x7f0000000200), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = memfd_create(&(0x7f0000000100)='dev ', 0x3) write(r2, &(0x7f0000000040)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0xffff) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$addseals(r2, 0x409, 0xa) dup2(r1, r0) 21:00:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201e}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip_vti0\x00\x00\x00\x00\x00\a\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={@dev, 0x33, r2}) 21:00:06 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) 21:00:06 executing program 0: connect(0xffffffffffffffff, &(0x7f0000000500)=@generic={0x0, "0574bb16251ce8eb68b4e1031b01818b639da7be6f3ed327a36fbd7c9c136f40f89e3425d69b65658c486b701ac2c8f1e4f7490949ae73e7ab366f6c5cd22a5918fbefda4ba672f7f0c8c9b330c697c13aa4d59ab033a5fc563c7dc398ba6d4595f9b09e855a5f2171f6e8741fe0877fdb27d1ab021499de9558a6031db8"}, 0x80) utimensat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', &(0x7f0000000680), 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x31, 0xffffffffffffffff, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pread64(r2, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) 21:00:06 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000005c0)={0x0, 0x12}, &(0x7f0000000580)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f00000000c0)) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) readv(r1, &(0x7f00000007c0)=[{&(0x7f0000000740)=""/114, 0x72}], 0x2000000000000145) dup2(r0, r1) r2 = gettid() tkill(r2, 0x1000000000016) 21:00:06 executing program 2: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x62102) r1 = dup(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x27fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000ffffffff) 21:00:06 executing program 5: socketpair$unix(0x1, 0x100000000002, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000ac0)="6e65742f6970365f666c6f776c6162656c006ec03114893458edc1c9d8dc4b0d8dae982640d0e6bb51d7ff596e1c92de0eaa319198e91f0a4d43697c2bcd77f017365af160acf33bd66432ebe50c0e8bdaf7fc39feff34ef27a1397193227f4733c145e66536c6c275112520e72b3097843b5cdac480c3b1384ebf592505f88589fcd2d7") sendfile(r1, r1, &(0x7f00000000c0)=0x202, 0x5a) [ 285.793263] hrtimer: interrupt took 44667 ns 21:00:06 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000280)="6e730023f782c3746d20ae7c2d6268740b044ce2e5c93884d92dbb9385af4d724e9958cca6be96ecfb9aa8c7a5d5490d36a89796e727f5a3572111ed5e46ea1d04fded25c495b991841f8a33916bdfcad73e9087344cc491a2634442d3ae209d43d1fca5a763529c04a5e82a07812a18bd96599551848e567af2b3f403ede1563b9b8b2450e59fc3a66e6d72db357866000000") utimensat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x0, 0x2710}}, 0x0) 21:00:07 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000040)="96", 0x1, 0x0, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10) recvfrom(r0, &(0x7f00000007c0)=""/4096, 0x1000, 0x2000, &(0x7f0000000080)=@ax25={0x3, {"3957691ad35257"}}, 0x80) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[]}}, 0x0) 21:00:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) write$P9_RSETATTR(r1, &(0x7f0000000140)={0x7}, 0x7) 21:00:07 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34060}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="180000002f002908000000000000000004000000cb028a5eee350400000088e5355a5e7b071849d35ffb0a099f822a88bc22f710b1d840c42fc04c6303f8ae8c13c820b783eb97345eeedecf15291c7bcd6d714897739b16b6ad9041eea9e017e7faecd0f24ad8dcc165163d419b33f73adf482d43caf404ee046429c727ba551df80680517ef2785b8dc434c17a8d6f23af06fa27f0d320"], 0x1}}, 0x0) 21:00:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x28, 0xb01, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) 21:00:07 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$sock_timeval(r1, 0x1, 0x24, &(0x7f0000000080)={0x77359400}, 0x10) 21:00:08 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34060}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="180000002f002908000000000000000004000000cb028a5eee350400000088e5355a5e7b071849d35ffb0a099f822a88bc22f710b1d840c42fc04c6303f8ae8c13c820b783eb97345eeedecf15291c7bcd6d714897739b16b6ad9041eea9e017e7faecd0f24ad8dcc165163d419b33f73adf482d43caf404ee046429c727ba551df80680517ef2785b8dc434c17a8d6f23af06fa27f0d320"], 0x1}}, 0x0) 21:00:08 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) write$P9_RSETATTR(r1, &(0x7f0000000140)={0x7}, 0x7) 21:00:08 executing program 0: connect(0xffffffffffffffff, &(0x7f0000000500)=@generic={0x0, "0574bb16251ce8eb68b4e1031b01818b639da7be6f3ed327a36fbd7c9c136f40f89e3425d69b65658c486b701ac2c8f1e4f7490949ae73e7ab366f6c5cd22a5918fbefda4ba672f7f0c8c9b330c697c13aa4d59ab033a5fc563c7dc398ba6d4595f9b09e855a5f2171f6e8741fe0877fdb27d1ab021499de9558a6031db8"}, 0x80) utimensat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', &(0x7f0000000680), 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x31, 0xffffffffffffffff, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pread64(r2, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) 21:00:08 executing program 3: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) getpeername$unix(r0, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r1 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) sendfile(r1, r2, &(0x7f0000000000), 0x80003) 21:00:09 executing program 2: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@ipx={0x4, 0x0, 0x0, "0950fe4adba7"}, 0x16, &(0x7f0000000000), 0x0, &(0x7f0000000240)}, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) recvmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000680)=""/225, 0xe1}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000002740)=""/165, 0xa5}, {&(0x7f0000000780)=""/147, 0x93}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/136, 0x88}], 0x6, &(0x7f0000000000)}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000003980)=@l2, 0x80, &(0x7f0000000440)=[{&(0x7f0000000000)="f65366e80a16", 0x6}], 0x1, &(0x7f0000004b00)}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x1ce) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x34000, 0x0, 0x5, @dev}, 0x80, &(0x7f0000000340), 0x25d, &(0x7f0000000380)}, 0x0) 21:00:09 executing program 1: getpeername$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) sendfile(r0, r1, &(0x7f0000000000), 0x80003) 21:00:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040), 0x4) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000040), 0xc, &(0x7f0000000700)={&(0x7f0000000580)=ANY=[]}}, 0x0) 21:00:09 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x3, 0x20) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000a0000000000000000000000000000000000000000000001000000000040000000000000000000000000000000000000000000000000000000000000000000000000003c0a2322fbf74aa5e2b1236576d8315f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1) [ 288.134826] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 21:00:09 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000040)="96", 0x1, 0x0, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10) recvfrom(r0, &(0x7f00000007c0)=""/4096, 0x1000, 0x2000, &(0x7f0000000080)=@ax25={0x3, {"3957691ad35257"}}, 0x80) write$P9_RCLUNK(r1, &(0x7f0000000400)={0x7}, 0x7) 21:00:09 executing program 3: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) getpeername$unix(r0, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r1 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) sendfile(r1, r2, &(0x7f0000000000), 0x80003) 21:00:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, &(0x7f00000001c0), 0xff7b, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c) sendto$inet6(r1, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) 21:00:09 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001400)={&(0x7f00000003c0), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_getanyicast={0x14, 0x12, 0x105}, 0x14}}, 0x0) read(r0, &(0x7f0000000100)=""/104, 0x100000048) 21:00:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) 21:00:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f00000002031900000007000000068100ed853b09000100010100ff3ffe58", 0x1f}], 0x1) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 21:00:10 executing program 0: close(0xffffffffffffffff) r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x9) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) mmap(&(0x7f0000001000/0xe000)=nil, 0xe000, 0x40000800002, 0x40011, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x80) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) sendfile(r0, r1, &(0x7f0000000000), 0x80003) 21:00:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f00000002031900000007000000068100ed853b09000100010100ff3ffe58", 0x1f}], 0x1) writev(r1, &(0x7f0000fb5ff0)=[{&(0x7f0000fb6000)="1f00000002031900000007000000e3800802bb0509000100010100493ffe58", 0x1f}], 0x1) 21:00:10 executing program 1: getpeername$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) sendfile(r0, r1, &(0x7f0000000000), 0x80003) 21:00:10 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000140)) 21:00:10 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) msgctl$MSG_STAT(0x0, 0xb, 0x0) 21:00:10 executing program 3: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) getpeername$unix(r0, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r1 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) sendfile(r1, r2, &(0x7f0000000000), 0x80003) 21:00:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40046302}], 0x0, 0x0, &(0x7f0000000140)}) 21:00:11 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) write$FUSE_ENTRY(r2, &(0x7f0000001280)={0x90}, 0xfffffcfb) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r1, 0x0, r4, 0x0, 0x1, 0x0) 21:00:11 executing program 4: pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) read(r0, &(0x7f0000000200)=""/250, 0x4ba09e13) [ 289.990042] binder: BC_ACQUIRE_RESULT not supported [ 289.995537] binder: 8801:8802 ioctl c0306201 20000180 returned -22 21:00:11 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x0, 0xffffffdffffffffc}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r1, 0x0, 0x20, &(0x7f0000000000)={@rand_addr, @local}, 0x21a) sendto$inet(r1, &(0x7f0000e76000)="18631ccc129cfe6da87b432660521bda2cfa08561e1daa4de85af3298223e83f37926ae556dd4a7a25f1a7b54208b3c12ae701b74daf6c7e9ec726930f1893953fc43d7c63050e359e8ada93a455fa265b578a5f92b7fc5698f55d554653f0ced1f85c3735bd21bca77d7d9ba3458472926ed49515628bd9c3b940a33cc1bc77ea3a584afc89539a7417791023ff8ca33799b374e760179e5b39b74997e096128c12a6dda762f27df4b0f2b39eb1736b5ae773592489f2f5fd86c1910d414735c23f2aa2053c06fd076b126a9e3318158fb971e3a179206e0cfa842510d062585f2ed0433bd6f6c826706e26b1a1c7ab8aba4278978279bef2a074af9240ad01beb0b7d6d24c06ca3b93a11ec2dde0cd556f7f661fda8d4b52095312c1ad6e538d10ae71ce64181ca2ac7ebff633c940fceb8191e431014cc1ad60cbaedb15832025573e0d44dd1132df1a4e4094be90f9d743074178b4e239470e82745feaa4577ff19c9295d4366509a8118d9c2d7f407974af1818796aecfb780aae793f4f16dad688abad30ca0965ddc9764321505d6ef60bc519dc03a465534b66af52e4e70669ae4506107dc830ef124521097e9fcdadcc39a8eb7b41fb60b74583c5abdf384467d20a97dba87da9ece6628fdc4a2f781ab0780df2e2cffb318bff3013fe4a5b7ba50c0ce804e8102d41a6856364ef62ca72b815672074595b734d76fab41e26af3ccf2d39f4d49d2d3d1b117881792f068a7cac9782f2c8cbcf11023685ac781ff70f96b16d7eb956fe31aea3af7974f8385cf2fe9152baa7c2556e8bb7030b0dd1f0d21503af85de38a85532a75dfa0ce136703def956ade894ff2d7f415a355a33fe65c5e7c6e6fd58f39169e60d50fba3ce3bc9058322a3575dc6412aa5ecb8d62939e5c94b0ba12613a6a3618912437182bce9130f8ece10ad861159bea5911d44f7a8d7ef8f7a160d6ae3b7165fb66425ca9732686356636efdb77fc05e28a5a6493f9bf9703fcc9f5571ab3ce59ca5ee35a94e821e6ada2da7916a37a74a30313820a5cdf1f3017a268acb2bf42dcbcaa6722bb31a70dd8b812760bcd092c65360a171227f80de6b8d1e127774b392fc52bc0b565ab6f8450d3b7ab1c3543917ab303955d66fee82791eff78f1a98177ea3acf2a4c926618a0dd180bcafce2f24196fff796c498900f945f97ba2904aafc4b5775e171ee5aa13e35f34cd58e700abd191b42dbb6a1d4847747bc330318b3865b18e301d44e3c6274dd2a374d25885680f18295efeb6d94f943b43fc8fae544cbc5f5e9528e45b8f8e579f6815295eaeab7f3980a09bd13858a22cd2c5b788c29c016d578b052e2d2c0ef7913a78c2b21b3713d293b62f54ecab1efb03c4518e71c9457c3c190c31f13b7a06fa28ecc071b29829cef338e80dae408d7f06b8e75da745cf83fb8a6e16600549ed3a729811cd77c8165758e023d706b218e0780678ca6d7bd291980a268f4a55d00a6ea969a14c0efe619b032fc6ccae50845c82fec6e8662ffb25dc4a733426a500828bbc1fe570acc5eefd334a2f68e497448dc85becb9c084b5186ca9b872be84a39853a59c32305d2c8d1365bf4a047e829e995c843fbda0a3f4bf9373d2c6e2f9b71f088d61cbe793409b450aff67d0ead723b7da7ecd896ddc5ba10d34cfa4b203d19b9707eb5a8cb98a9a38d5d95219f41989088973778fe7dcad466cb8221504300bd6fd90a2a48e033cc93474f6091be4466c89aff8c8dab3b838808ea220e63e2cdba7b7a65025c315739232c9b91db85e93a2022f08d3d367c014dcfa9437df5548a6a53237fbd312c747a696ad991e4734adb8f1ce54e505616117abda379d7cc636712aab4cd88059a8382a9f57ca4f4eefe878773f7ea46ad0c2d28eb8621ef7000997a8d89c8d4ff1d00c223dbd642cbe29bf3bfaca3c77949eeeaf57b5c068d3729266dc8fb7e2e737e94458fefe1420830415d7a948a850c4b88218fc005b6c664f909a", 0x591, 0x0, &(0x7f0000bc8ff0)={0x2, 0x4e20, @multicast1}, 0x10) 21:00:11 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x5, 0x5, 0x7, 0x9}, 0x2c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x1ff, 0x4, 0x100000001, 0x0, r1}, 0x21) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000400)={r2, &(0x7f0000000380)}, 0x10) 21:00:11 executing program 1: getpeername$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) sendfile(r0, r1, &(0x7f0000000000), 0x80003) 21:00:11 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) 21:00:11 executing program 3: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) getpeername$unix(r0, &(0x7f0000000480)=@abs, &(0x7f0000000100)=0x6e) r1 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000003c0)) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) sendfile(r1, r2, &(0x7f0000000000), 0x80003) 21:00:12 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40046302}], 0x0, 0x0, &(0x7f0000000140)}) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f00000001c0), 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000280), &(0x7f00000002c0)=0x10) 21:00:12 executing program 5: syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xd}}, @icmp=@parameter_prob={0x8, 0x8, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x70}, @dev}}}}}}, &(0x7f0000000040)) 21:00:12 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r1 = accept4(r0, 0x0, &(0x7f00000000c0), 0x0) sendto$packet(r1, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) 21:00:12 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") shutdown(r0, 0x1) [ 291.177619] binder: BC_ACQUIRE_RESULT not supported [ 291.183173] binder: 8839:8842 ioctl c0306201 20000180 returned -22 [ 291.371642] binder: BC_ACQUIRE_RESULT not supported [ 291.377739] binder: 8839:8842 ioctl c0306201 20000180 returned -22 21:00:12 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000240)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"76657400000000000000000400", 0x43732e5398416f1a}) 21:00:12 executing program 0: r0 = socket$kcm(0x11, 0x2, 0x300) r1 = socket$kcm(0x2, 0x400000805, 0x0) sendmsg$kcm(r1, &(0x7f0000000740)={&(0x7f0000000040)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="ff", 0x1}], 0x1, &(0x7f0000000600)}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) recvmsg(r0, &(0x7f000000c240)={&(0x7f000000b0c0)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f000000c140), 0x0, &(0x7f000000c180)=""/154, 0x9a}, 0x0) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f00000003c0)=r3) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={"6e720000000000004e97810000000200", 0x213}) 21:00:12 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x3, &(0x7f0000002000), &(0x7f0000003ff6)='syzkaller\x00', 0x7, 0xc3, &(0x7f0000000480)=""/195}, 0x48) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000100)=r0, 0xfffffffffffffd87) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x10d) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r1, &(0x7f0000000040), &(0x7f0000000100)}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffff9c, 0x10, &(0x7f00000000c0)={&(0x7f0000000180)=""/119, 0x77, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=r2, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r1, &(0x7f0000000080), &(0x7f0000000340)=""/226}, 0x18) 21:00:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000e40)=0x270000) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000000c0)=r1) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000200), 0x8) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000240)=""/250) r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000080)={0xb8, 0x9}) recvfrom(r0, &(0x7f0000000140)=""/101, 0xffffffffffffff26, 0x700, 0x0, 0x100000000000003) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000340)={0x3f, {{0x2, 0x4e24, @remote}}}, 0x88) accept$inet6(r2, 0x0, &(0x7f0000000580)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000500)={r0, r2, 0x10001, 0x5bf6, &(0x7f0000000400), 0xfffffffffffffe01, 0x0, 0x8, 0x0, 0x81, 0xffff, 0x0, "a700b71b366be4a1d9decab0afc2ad4e42441bc1888620e60897b49532ab1e0e24adf8be7891f874767c4661526ce4e8e761938dd265be4903b24d21e398a570bc962027"}) 21:00:12 executing program 2: socket$inet_tcp(0x2, 0x1, 0x0) io_setup(0x7, &(0x7f00000003c0)=0x0) io_submit(r0, 0x1, &(0x7f0000002a40)=[&(0x7f0000001540)={0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000500)}]) 21:00:13 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) io_setup(0x7, &(0x7f00000003c0)=0x0) io_submit(r1, 0x1, &(0x7f0000002a40)=[&(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x75, r0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x2}]) 21:00:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000004d0}]}) 21:00:13 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f00009b1ffc)) clock_gettime(0x0, &(0x7f0000000300)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f00000001c0)={0x0, r1+30000000}, &(0x7f00000002c0)) r2 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r2, 0x1000000000016) tkill(r0, 0x1000000000016) 21:00:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000002ff, 0x0, 0x40303c}]}) 21:00:13 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xacad, 0x20000) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000200)=0x8, 0xfffffffffffffde2) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r2 = accept4(r0, 0x0, &(0x7f00000000c0), 0x0) sendto$inet(r2, &(0x7f00000001c0), 0x3a36a8, 0x0, 0x0, 0x300) 21:00:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000e40)=0x270000) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000000c0)=r1) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000200), 0x8) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000240)=""/250) r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000080)={0xb8, 0x9}) recvfrom(r0, &(0x7f0000000140)=""/101, 0xffffffffffffff26, 0x700, 0x0, 0x100000000000003) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000340)={0x3f, {{0x2, 0x4e24, @remote}}}, 0x88) accept$inet6(r2, 0x0, &(0x7f0000000580)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000500)={r0, r2, 0x10001, 0x5bf6, &(0x7f0000000400), 0xfffffffffffffe01, 0x0, 0x8, 0x0, 0x81, 0xffff, 0x0, "a700b71b366be4a1d9decab0afc2ad4e42441bc1888620e60897b49532ab1e0e24adf8be7891f874767c4661526ce4e8e761938dd265be4903b24d21e398a570bc962027"}) 21:00:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000004d0, 0x0, 0x40303c}]}) 21:00:13 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={"0000000000000000000000000200", 0x5002}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0x0, 0x4) write$P9_RXATTRCREATE(r3, &(0x7f0000000040)={0x1000001a4}, 0xfffffecd) sendfile(r0, r3, &(0x7f0000000080), 0x800000000024) [ 292.814141] not chained 40000 origins [ 292.818025] CPU: 1 PID: 3778 Comm: udevd Not tainted 4.20.0-rc3+ #90 [ 292.824529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.834401] Call Trace: [ 292.836997] [ 292.839172] dump_stack+0x32d/0x480 [ 292.842934] kmsan_internal_chain_origin+0x222/0x240 [ 292.848062] ? __qdisc_run+0x35be/0x3600 [ 292.852159] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 292.859281] ? __module_address+0x6a/0x5f0 [ 292.863540] ? __local_bh_enable_ip+0x46/0x260 [ 292.868139] ? is_bpf_text_address+0x3e5/0x4d0 [ 292.872771] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 292.878155] ? is_bpf_text_address+0x49e/0x4d0 [ 292.882773] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 292.888159] ? __module_address+0x6a/0x5f0 [ 292.892514] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 292.897904] ? is_bpf_text_address+0x49e/0x4d0 [ 292.902514] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 292.908002] __msan_chain_origin+0x6d/0xb0 [ 292.912258] ? call_timer_fn+0x356/0x7c0 [ 292.916342] __save_stack_trace+0x8be/0xc60 [ 292.920710] ? call_timer_fn+0x356/0x7c0 [ 292.924818] save_stack_trace+0xc6/0x110 [ 292.928908] kmsan_internal_chain_origin+0x136/0x240 [ 292.934046] ? ima_get_action+0x14b/0x160 [ 292.938224] ? kmsan_internal_chain_origin+0x136/0x240 [ 292.943531] ? kmsan_memcpy_origins+0x13d/0x190 [ 292.948218] ? __msan_memcpy+0x6f/0x80 [ 292.952124] ? pskb_expand_head+0x436/0x1d20 [ 292.956557] ? __tcp_retransmit_skb+0xdf6/0x46c0 [ 292.961324] ? tcp_send_loss_probe+0x8fb/0xc00 [ 292.965920] ? tcp_write_timer_handler+0x691/0xe80 [ 292.970870] ? tcp_write_timer+0x139/0x250 [ 292.975123] ? call_timer_fn+0x356/0x7c0 [ 292.979203] ? __run_timers+0xe95/0x1300 [ 292.983376] ? run_timer_softirq+0x55/0xa0 [ 292.987625] ? __do_softirq+0x721/0xc7f [ 292.991614] ? irq_exit+0x305/0x340 [ 292.995270] ? exiting_irq+0xe/0x10 [ 292.998915] ? smp_apic_timer_interrupt+0x64/0x90 [ 293.003786] ? apic_timer_interrupt+0xf/0x20 [ 293.008216] ? __sanitizer_cov_trace_pc+0xd/0x50 [ 293.012993] ? ima_get_action+0x14b/0x160 [ 293.017155] ? process_measurement+0x369/0x2830 [ 293.021836] ? ima_file_check+0x142/0x190 [ 293.025995] ? path_openat+0x3333/0x7460 [ 293.030064] ? do_filp_open+0x2c9/0x720 [ 293.034057] ? do_sys_open+0x63d/0x960 [ 293.037973] ? __se_sys_open+0xad/0xc0 [ 293.041875] ? __x64_sys_open+0x4a/0x70 [ 293.045886] ? do_syscall_64+0xcf/0x110 [ 293.049885] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 293.055314] ? __msan_get_context_state+0x9/0x20 [ 293.060090] ? INIT_INT+0xc/0x30 [ 293.063474] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 293.068861] ? ipv4_dst_check+0x1aa/0x2a0 [ 293.073042] kmsan_memcpy_origins+0x13d/0x190 [ 293.077742] __msan_memcpy+0x6f/0x80 [ 293.081484] pskb_expand_head+0x436/0x1d20 [ 293.085743] ? ipv4_mtu+0x47d/0x530 [ 293.089410] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.094013] ? ret_from_intr+0x13/0x33 [ 293.097917] ? skb_recv_done+0x180/0x180 [ 293.102006] ? common_interrupt+0xa/0xf [ 293.106011] ? ipv4_mtu+0x47d/0x530 [ 293.109681] tcp_send_loss_probe+0x8fb/0xc00 [ 293.114120] tcp_write_timer_handler+0x691/0xe80 [ 293.118911] tcp_write_timer+0x139/0x250 [ 293.122999] call_timer_fn+0x356/0x7c0 [ 293.126901] ? tcp_init_xmit_timers+0x130/0x130 [ 293.131595] __run_timers+0xe95/0x1300 [ 293.135504] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 293.140889] ? tcp_init_xmit_timers+0x130/0x130 [ 293.145597] ? irqtime_account_irq+0x21e/0x3c0 [ 293.150227] run_timer_softirq+0x55/0xa0 [ 293.154311] ? timers_dead_cpu+0xb70/0xb70 [ 293.158564] __do_softirq+0x721/0xc7f [ 293.162399] irq_exit+0x305/0x340 [ 293.165870] exiting_irq+0xe/0x10 [ 293.169433] smp_apic_timer_interrupt+0x64/0x90 [ 293.174118] apic_timer_interrupt+0xf/0x20 [ 293.178364] [ 293.180624] RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x50 [ 293.186005] Code: 4c 89 f7 e8 45 13 ff ff 5b 41 5c 41 5e 41 5f 5d c3 90 90 90 90 90 90 90 90 90 90 90 90 48 8b 04 24 65 48 8b 0c 25 00 fd 02 00 <65> 8b 14 25 14 fd 02 00 f7 c2 00 01 1f 00 75 2c 8b 91 48 19 00 00 [ 293.204926] RSP: 0018:ffff8881aba0f4d0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 293.212757] RAX: ffffffff844c4a67 RBX: 0000000000000000 RCX: ffff8881ab83bc00 [ 293.220046] RDX: ffff8881fcb8dd54 RSI: 0000160000000000 RDI: aaaaaaaaaaaab000 [ 293.227324] RBP: ffff8881aba0f668 R08: ffff888000000000 R09: ffff8881aba0f82c [ 293.234606] R10: 0000000000000000 R11: ffffffff8446a580 R12: 0000000000000000 [ 293.241998] R13: 0000000062656572 R14: ffffffff8bb8dd40 R15: 0000000000000000 [ 293.249393] ? apparmor_task_alloc+0x300/0x300 [ 293.253994] ? ima_match_policy+0xea7/0x22f0 [ 293.258520] ? ima_match_policy+0xea7/0x22f0 [ 293.263001] ima_get_action+0x14b/0x160 [ 293.267006] process_measurement+0x369/0x2830 [ 293.271535] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 293.276929] ? refcount_sub_and_test_checked+0x5ef/0x710 [ 293.282434] ? refcount_dec_and_test_checked+0x4a/0x60 [ 293.287736] ? apparmor_task_getsecid+0x172/0x190 [ 293.292606] ? apparmor_task_alloc+0x300/0x300 [ 293.297214] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 293.302594] ? security_task_getsecid+0x17f/0x190 [ 293.307479] ima_file_check+0x142/0x190 [ 293.311493] path_openat+0x3333/0x7460 [ 293.315452] ? do_filp_open+0x84/0x720 [ 293.319359] ? do_sys_open+0x63d/0x960 [ 293.323273] do_filp_open+0x2c9/0x720 [ 293.327110] do_sys_open+0x63d/0x960 [ 293.330848] __se_sys_open+0xad/0xc0 [ 293.334588] __x64_sys_open+0x4a/0x70 [ 293.338408] do_syscall_64+0xcf/0x110 [ 293.342318] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 293.347560] RIP: 0033:0x7fd9ddfe5120 [ 293.351297] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 293.370324] RSP: 002b:00007fff86e2c688 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 293.378074] RAX: ffffffffffffffda RBX: 0000000000f69280 RCX: 00007fd9ddfe5120 [ 293.385356] RDX: 00000000000001b6 RSI: 0000000000080000 RDI: 00007fff86e2c760 [ 293.392641] RBP: 00007fff86e2c700 R08: 0000000000000008 R09: 0000000000000001 [ 293.399925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 293.407297] R13: 000000000041f57a R14: 0000000000f59250 R15: 000000000000000b [ 293.414681] Uninit was stored to memory at: [ 293.419027] kmsan_internal_chain_origin+0x136/0x240 [ 293.424150] __msan_chain_origin+0x6d/0xb0 [ 293.428393] __save_stack_trace+0x8be/0xc60 [ 293.432729] save_stack_trace+0xc6/0x110 [ 293.436818] kmsan_internal_chain_origin+0x136/0x240 [ 293.441939] kmsan_memcpy_origins+0x13d/0x190 [ 293.446463] __msan_memcpy+0x6f/0x80 [ 293.450190] pskb_expand_head+0x436/0x1d20 [ 293.454443] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.459037] tcp_send_loss_probe+0x8fb/0xc00 [ 293.463460] tcp_write_timer_handler+0x691/0xe80 [ 293.468232] tcp_write_timer+0x139/0x250 [ 293.472310] call_timer_fn+0x356/0x7c0 [ 293.476313] __run_timers+0xe95/0x1300 [ 293.480221] run_timer_softirq+0x55/0xa0 [ 293.484298] __do_softirq+0x721/0xc7f [ 293.488099] [ 293.489727] Uninit was stored to memory at: [ 293.494075] kmsan_internal_chain_origin+0x136/0x240 [ 293.499197] __msan_chain_origin+0x6d/0xb0 [ 293.503448] __save_stack_trace+0x8be/0xc60 [ 293.507796] save_stack_trace+0xc6/0x110 [ 293.511872] kmsan_internal_chain_origin+0x136/0x240 [ 293.516992] kmsan_memcpy_origins+0x13d/0x190 [ 293.521499] __msan_memcpy+0x6f/0x80 [ 293.525225] pskb_expand_head+0x436/0x1d20 [ 293.529461] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.534145] tcp_send_loss_probe+0x8fb/0xc00 [ 293.538571] tcp_write_timer_handler+0x691/0xe80 [ 293.543351] tcp_write_timer+0x139/0x250 [ 293.547434] call_timer_fn+0x356/0x7c0 [ 293.551337] __run_timers+0xe95/0x1300 [ 293.555238] run_timer_softirq+0x55/0xa0 [ 293.559314] __do_softirq+0x721/0xc7f [ 293.563182] [ 293.564921] Uninit was stored to memory at: [ 293.569260] kmsan_internal_chain_origin+0x136/0x240 [ 293.574379] __msan_chain_origin+0x6d/0xb0 [ 293.578632] __save_stack_trace+0x8be/0xc60 [ 293.582971] save_stack_trace+0xc6/0x110 [ 293.587043] kmsan_internal_chain_origin+0x136/0x240 [ 293.592163] kmsan_memcpy_origins+0x13d/0x190 [ 293.596673] __msan_memcpy+0x6f/0x80 [ 293.600402] pskb_expand_head+0x436/0x1d20 [ 293.604652] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.609250] tcp_send_loss_probe+0x8fb/0xc00 [ 293.613755] tcp_write_timer_handler+0x691/0xe80 [ 293.618537] tcp_write_timer+0x139/0x250 [ 293.622613] call_timer_fn+0x356/0x7c0 [ 293.626507] __run_timers+0xe95/0x1300 [ 293.630405] run_timer_softirq+0x55/0xa0 [ 293.634482] __do_softirq+0x721/0xc7f [ 293.638298] [ 293.639926] Uninit was stored to memory at: [ 293.644268] kmsan_internal_chain_origin+0x136/0x240 [ 293.649386] __msan_chain_origin+0x6d/0xb0 [ 293.653636] __save_stack_trace+0x8be/0xc60 [ 293.657973] save_stack_trace+0xc6/0x110 [ 293.662049] kmsan_internal_chain_origin+0x136/0x240 [ 293.667630] kmsan_memcpy_origins+0x13d/0x190 [ 293.672143] __msan_memcpy+0x6f/0x80 [ 293.675878] pskb_expand_head+0x436/0x1d20 [ 293.680127] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.684724] tcp_send_loss_probe+0x8fb/0xc00 [ 293.689158] tcp_write_timer_handler+0x691/0xe80 [ 293.693938] tcp_write_timer+0x139/0x250 [ 293.698015] call_timer_fn+0x356/0x7c0 [ 293.701908] __run_timers+0xe95/0x1300 [ 293.705800] run_timer_softirq+0x55/0xa0 [ 293.709869] __do_softirq+0x721/0xc7f [ 293.713662] [ 293.715284] Uninit was stored to memory at: [ 293.719608] kmsan_internal_chain_origin+0x136/0x240 [ 293.724712] __msan_chain_origin+0x6d/0xb0 [ 293.735285] __save_stack_trace+0x8be/0xc60 [ 293.739634] save_stack_trace+0xc6/0x110 [ 293.743708] kmsan_internal_chain_origin+0x136/0x240 [ 293.748854] kmsan_memcpy_origins+0x13d/0x190 [ 293.753357] __msan_memcpy+0x6f/0x80 [ 293.757184] pskb_expand_head+0x436/0x1d20 [ 293.761525] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.766109] tcp_send_loss_probe+0x8fb/0xc00 [ 293.770525] tcp_write_timer_handler+0x691/0xe80 [ 293.775395] tcp_write_timer+0x139/0x250 [ 293.779463] call_timer_fn+0x356/0x7c0 [ 293.783355] __run_timers+0xe95/0x1300 [ 293.787246] run_timer_softirq+0x55/0xa0 [ 293.791323] __do_softirq+0x721/0xc7f [ 293.795120] [ 293.796740] Uninit was stored to memory at: [ 293.801074] kmsan_internal_chain_origin+0x136/0x240 [ 293.806352] __msan_chain_origin+0x6d/0xb0 [ 293.810591] __save_stack_trace+0x8be/0xc60 [ 293.814913] save_stack_trace+0xc6/0x110 [ 293.818975] kmsan_internal_chain_origin+0x136/0x240 [ 293.824078] kmsan_memcpy_origins+0x13d/0x190 [ 293.828562] __msan_memcpy+0x6f/0x80 [ 293.832290] pskb_expand_head+0x436/0x1d20 [ 293.836983] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.841563] tcp_send_loss_probe+0x8fb/0xc00 [ 293.845975] tcp_write_timer_handler+0x691/0xe80 [ 293.850741] tcp_write_timer+0x139/0x250 [ 293.854815] call_timer_fn+0x356/0x7c0 [ 293.858715] __run_timers+0xe95/0x1300 [ 293.862605] run_timer_softirq+0x55/0xa0 [ 293.866668] __do_softirq+0x721/0xc7f [ 293.870457] [ 293.872082] Uninit was stored to memory at: [ 293.876409] kmsan_internal_chain_origin+0x136/0x240 [ 293.881518] __msan_chain_origin+0x6d/0xb0 [ 293.885773] __save_stack_trace+0x8be/0xc60 [ 293.890098] save_stack_trace+0xc6/0x110 [ 293.894166] kmsan_internal_chain_origin+0x136/0x240 [ 293.899270] kmsan_memcpy_origins+0x13d/0x190 [ 293.903773] __msan_memcpy+0x6f/0x80 [ 293.907503] pskb_expand_head+0x436/0x1d20 [ 293.911746] __tcp_retransmit_skb+0xdf6/0x46c0 [ 293.916338] tcp_send_loss_probe+0x8fb/0xc00 [ 293.920770] tcp_write_timer_handler+0x691/0xe80 [ 293.925529] tcp_write_timer+0x139/0x250 [ 293.929590] call_timer_fn+0x356/0x7c0 [ 293.933480] __run_timers+0xe95/0x1300 [ 293.937372] run_timer_softirq+0x55/0xa0 [ 293.941434] __do_softirq+0x721/0xc7f [ 293.945226] [ 293.946850] Local variable description: ----iph@ip_vs_out [ 293.952481] Variable was created at: [ 293.956197] ip_vs_out+0x1bf/0x4570 [ 293.959927] ip_vs_local_reply4+0xec/0x130 21:00:15 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353686c0, 0x120, 0x0, 0xffffffffffffffeb) sendto$inet(r1, &(0x7f0000000080)="89", 0x1, 0x41, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") [ 294.295904] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 294.303139] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 21:00:15 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000000)=""/149) 21:00:15 executing program 0: socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000080)={'veth1\x00', {0x2, 0x4e24, @rand_addr}}) r0 = socket$inet6(0xa, 0x803, 0x3) socketpair$inet(0x2, 0x0, 0x0, &(0x7f0000000040)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000340), 0x28b) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028]}, 0x10) setsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000980), 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353686c0, 0x120, 0x0, 0xffffffffffffffeb) sendto$inet(r1, &(0x7f0000000080)="89", 0x1, 0x41, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000840)={0x0, {{0x2, 0x0, @loopback}}}, 0x90) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)) [ 294.641221] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 295.024618] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 21:00:16 executing program 4: syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x2, 0x105000) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 295.200327] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 21:00:16 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) lookup_dcookie(0x0, &(0x7f0000000000)=""/176, 0xb0) 21:00:16 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353686c0, 0x120, 0x0, 0xffffffffffffffeb) sendto$inet(r1, &(0x7f0000000080)="89", 0x1, 0x41, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") 21:00:16 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000e40)=0x270000) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000000c0)=r1) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000200), 0x8) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000240)=""/250) r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000080)={0xb8, 0x9}) recvfrom(r0, &(0x7f0000000140)=""/101, 0xffffffffffffff26, 0x700, 0x0, 0x100000000000003) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000340)={0x3f, {{0x2, 0x4e24, @remote}}}, 0x88) accept$inet6(r2, 0x0, &(0x7f0000000580)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000500)={r0, r2, 0x10001, 0x5bf6, &(0x7f0000000400), 0xfffffffffffffe01, 0x0, 0x8, 0x0, 0x81, 0xffff, 0x0, "a700b71b366be4a1d9decab0afc2ad4e42441bc1888620e60897b49532ab1e0e24adf8be7891f874767c4661526ce4e8e761938dd265be4903b24d21e398a570bc962027"}) 21:00:18 executing program 0: socket$inet6(0xa, 0x803, 0x3) openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000780)=""/95) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f00000005c0)={0x5ade, {{0xa, 0x0, 0xc4c0, @remote}}}, 0x88) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, &(0x7f00000009c0)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000a00)={r2, @in={{0x2, 0x4e24}}, 0x8, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000ac0)=0x98) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair(0x0, 0x80f, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/dsp\x00', 0x0, 0x0) getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000280)=0x60) syz_open_dev$mice(&(0x7f00000003c0)='/dev/input/mice\x00', 0x0, 0x240800) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000540)="66660f3882811344bd85b87f7800000f23c80f21f8350000f0000f23f866ba2100b0faee0f01f70f20c035040000000f22c0360f00d6660f3801a7627a33460f234cb83e0000000f23d00f21f835100000020f23f866baa10066ed", 0x5b}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x20) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000000c0)="2e2e640fc7a80900fdb8e8038ee0f2e053baf80c66b820bbcb8866efbafc0c66b80000000066ef0f95610166b8150000000f23c80f21f86635000040000f23f8b800008ee8640f9a8803003d0000", 0x4e}], 0x129, 0x0, &(0x7f00000000c0), 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(r6, 0x770a, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000500), 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ustat(0x5, &(0x7f0000000140)) preadv(0xffffffffffffffff, &(0x7f0000000940), 0x0, 0x0) 21:00:18 executing program 4: r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) mount(&(0x7f0000000080), &(0x7f0000000080)='./file1\x00', &(0x7f0000000180)='romfs\x00', 0x1000, &(0x7f00000001c0)) ftruncate(0xffffffffffffffff, 0x0) 21:00:18 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000e40)=0x270000) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000000c0)=r1) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000200), 0x8) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000240)=""/250) r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000080)={0xb8, 0x9}) recvfrom(r0, &(0x7f0000000140)=""/101, 0xffffffffffffff26, 0x700, 0x0, 0x100000000000003) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000340)={0x3f, {{0x2, 0x4e24, @remote}}}, 0x88) accept$inet6(r2, 0x0, &(0x7f0000000580)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000500)={r0, r2, 0x10001, 0x5bf6, &(0x7f0000000400), 0xfffffffffffffe01, 0x0, 0x8, 0x0, 0x81, 0xffff, 0x0, "a700b71b366be4a1d9decab0afc2ad4e42441bc1888620e60897b49532ab1e0e24adf8be7891f874767c4661526ce4e8e761938dd265be4903b24d21e398a570bc962027"}) 21:00:18 executing program 5: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={"79616d300001178b000000000100", 0x4014}) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000001c0)={0x0, 0x3}) ptrace$setregset(0x4209, r1, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)}) [ 297.733917] ptrace attach of "/root/syz-executor5"[7659] was attempted by "/root/syz-executor5"[8987] [ 297.779482] ptrace attach of "/root/syz-executor5"[7659] was attempted by "/root/syz-executor5"[8987] 21:00:19 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x0) pwritev(r1, &(0x7f0000003440)=[{&(0x7f0000002400)='I', 0x1}], 0x1, 0x40000) fallocate(r1, 0x3, 0x0, 0x10001) 21:00:19 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353686c0, 0x120, 0x0, 0xffffffffffffffeb) sendto$inet(r1, &(0x7f0000000080)="89", 0x1, 0x41, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") 21:00:19 executing program 5: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={"79616d300001178b000000000100", 0x4014}) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000001c0)={0x0, 0x3}) ptrace$setregset(0x4209, r1, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)}) 21:00:19 executing program 4: r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) mount(&(0x7f0000000080), &(0x7f0000000080)='./file1\x00', &(0x7f0000000180)='romfs\x00', 0x1000, &(0x7f00000001c0)) ftruncate(0xffffffffffffffff, 0x0) 21:00:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 298.748410] ptrace attach of "/root/syz-executor5"[7659] was attempted by "/root/syz-executor5"[9005] 21:00:19 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197e37e870a308b1e3a798fa788a46d3025ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d097354aaa5860d2383df87526baa184d90bb7729366c17bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc80c374dc07142a1c2e9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec", 0x0, 0x0) fcntl$notify(r1, 0x402, 0x20) 21:00:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:20 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = semget$private(0x0, 0x8, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x1000}], 0x1) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000140)) 21:00:20 executing program 2: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000000c0)='threaded\x00', 0x100000084) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) mount(&(0x7f00000000c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, &(0x7f00000000c0)) msgget$private(0x0, 0x0) open(&(0x7f0000000540)='./file0\x00', 0x0, 0x0) 21:00:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:20 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) capget(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000100)) 21:00:20 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r0, 0x800000005452, &(0x7f0000000100)=0xc8) shutdown(r1, 0x1) 21:00:21 executing program 0: r0 = socket(0x2, 0x80001, 0x0) io_setup(0x7f, &(0x7f0000000100)) syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x100000009, 0x1fc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'bond0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bond0\x00', 0xffb}) [ 299.966457] capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use) 21:00:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:21 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[]}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) name_to_handle_at(r0, &(0x7f00002e4000)="2e2f66696c65ffff", &(0x7f0000000000)=ANY=[], &(0x7f0000001ffc), 0x1400) 21:00:21 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) time(&(0x7f0000000080)) 21:00:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:21 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_MCE_KILL(0x21, 0x0, 0x0) 21:00:21 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 21:00:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:22 executing program 4: dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) r0 = socket$inet(0x2, 0x80001, 0x0) r1 = dup(r0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x859, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 21:00:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000040000)) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = gettid() r3 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0) bind$inet(r3, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r3, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10) connect$inet(r3, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4000000004e23, @loopback}, 0x10) dup2(r1, r3) tkill(r2, 0x1000000000016) 21:00:22 executing program 4: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000000c0)='threaded\x00', 0x100000084) ftruncate(r0, 0x0) [ 301.922162] device bond0 entered promiscuous mode [ 301.927242] device bond_slave_0 entered promiscuous mode [ 301.933391] device bond_slave_1 entered promiscuous mode [ 301.942186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.952628] device bond0 left promiscuous mode [ 301.957561] device bond_slave_0 left promiscuous mode [ 301.963285] device bond_slave_1 left promiscuous mode [ 302.800263] device bond0 entered promiscuous mode [ 302.805537] device bond_slave_0 entered promiscuous mode [ 302.811420] device bond_slave_1 entered promiscuous mode [ 302.819870] 8021q: adding VLAN 0 to HW filter on device bond0 21:00:24 executing program 0: clone(0x0, &(0x7f00000001c0), &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) setpriority(0x0, 0x0, 0x7fffffff) 21:00:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:24 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:24 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[]}}, 0x0) mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) name_to_handle_at(r0, &(0x7f00002e4000)="2e2f66696c65ffff", &(0x7f0000000000)=ANY=[], &(0x7f0000001ffc), 0x1400) 21:00:24 executing program 3: clone(0x0, &(0x7f00000001c0), &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) setpriority(0x0, 0x0, 0x0) 21:00:24 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000040000)) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = gettid() r3 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0) bind$inet(r3, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r3, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10) connect$inet(r3, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4000000004e23, @loopback}, 0x10) dup2(r1, r3) tkill(r2, 0x1000000000016) [ 303.208477] not chained 50000 origins [ 303.212383] CPU: 1 PID: 9122 Comm: syz-executor2 Not tainted 4.20.0-rc3+ #90 [ 303.219593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.228974] Call Trace: [ 303.231590] dump_stack+0x32d/0x480 [ 303.235301] kmsan_internal_chain_origin+0x222/0x240 [ 303.240485] ? save_stack_trace+0xc6/0x110 [ 303.244909] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 303.250059] ? kmsan_internal_chain_origin+0x90/0x240 [ 303.255400] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 303.260811] ? is_bpf_text_address+0x49e/0x4d0 [ 303.265449] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 303.270935] ? in_task_stack+0x12c/0x210 [ 303.275047] __msan_chain_origin+0x6d/0xb0 [ 303.279329] ? inet_stream_connect+0xff/0x170 [ 303.283865] __save_stack_trace+0x8be/0xc60 [ 303.288251] ? inet_stream_connect+0xff/0x170 [ 303.292789] save_stack_trace+0xc6/0x110 [ 303.296890] kmsan_internal_chain_origin+0x136/0x240 [ 303.302042] ? kmsan_internal_chain_origin+0x136/0x240 [ 303.307479] ? kmsan_memcpy_origins+0x13d/0x190 [ 303.312285] ? __msan_memcpy+0x6f/0x80 [ 303.316239] ? skb_copy_bits+0x1d2/0xc90 [ 303.320341] ? skb_copy+0x56c/0xba0 [ 303.323989] ? tcp_send_synack+0x7a3/0x18f0 [ 303.328323] ? tcp_rcv_state_process+0x275d/0x6c60 [ 303.333275] ? tcp_v4_do_rcv+0xb25/0xd80 [ 303.337361] ? __release_sock+0x32d/0x750 [ 303.341531] ? release_sock+0x99/0x2a0 [ 303.345462] ? __inet_stream_connect+0xdff/0x15d0 [ 303.350332] ? inet_stream_connect+0xff/0x170 [ 303.354951] ? __sys_connect+0x745/0x860 [ 303.359084] ? __se_sys_connect+0x8d/0xb0 [ 303.363280] ? __x64_sys_connect+0x4a/0x70 [ 303.367567] ? do_syscall_64+0xcf/0x110 [ 303.371586] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 303.376996] ? memcg_kmem_put_cache+0x73/0x460 [ 303.381601] ? __kmalloc_node_track_caller+0x1010/0x14e0 [ 303.387100] ? __msan_get_context_state+0x9/0x20 [ 303.391893] ? INIT_INT+0xc/0x30 [ 303.395292] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 303.400696] ? __msan_get_context_state+0x9/0x20 [ 303.405510] kmsan_memcpy_origins+0x13d/0x190 [ 303.410081] __msan_memcpy+0x6f/0x80 [ 303.413848] skb_copy_bits+0x1d2/0xc90 [ 303.417898] skb_copy+0x56c/0xba0 [ 303.421404] tcp_send_synack+0x7a3/0x18f0 [ 303.425589] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 303.431092] tcp_rcv_state_process+0x275d/0x6c60 [ 303.435911] tcp_v4_do_rcv+0xb25/0xd80 [ 303.439840] ? __local_bh_enable_ip+0x11f/0x260 [ 303.444548] ? inet_sk_rx_dst_set+0x200/0x200 [ 303.449066] __release_sock+0x32d/0x750 [ 303.453101] release_sock+0x99/0x2a0 [ 303.456871] __inet_stream_connect+0xdff/0x15d0 [ 303.461587] ? wait_woken+0x5b0/0x5b0 [ 303.465458] inet_stream_connect+0xff/0x170 [ 303.469832] ? __inet_stream_connect+0x15d0/0x15d0 [ 303.474813] __sys_connect+0x745/0x860 [ 303.478742] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 303.484230] ? prepare_exit_to_usermode+0x182/0x4c0 [ 303.489296] __se_sys_connect+0x8d/0xb0 [ 303.493317] __x64_sys_connect+0x4a/0x70 [ 303.497428] do_syscall_64+0xcf/0x110 [ 303.501286] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 303.506504] RIP: 0033:0x457569 [ 303.509742] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 303.532122] RSP: 002b:00007f5b0d9c6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 303.539860] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 303.547158] RDX: 0000000000000010 RSI: 00000000200e5000 RDI: 0000000000000005 [ 303.554488] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 303.561887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b0d9c76d4 [ 303.569187] R13: 00000000004bdb03 R14: 00000000004ccef0 R15: 00000000ffffffff [ 303.576496] Uninit was stored to memory at: [ 303.580952] kmsan_internal_chain_origin+0x136/0x240 [ 303.586095] __msan_chain_origin+0x6d/0xb0 [ 303.590362] __save_stack_trace+0x8be/0xc60 [ 303.594713] save_stack_trace+0xc6/0x110 [ 303.598817] kmsan_internal_chain_origin+0x136/0x240 [ 303.603957] kmsan_memcpy_origins+0x13d/0x190 [ 303.608485] __msan_memcpy+0x6f/0x80 [ 303.612235] skb_copy_bits+0x1d2/0xc90 [ 303.616149] skb_copy+0x56c/0xba0 [ 303.619633] tcp_send_synack+0x7a3/0x18f0 [ 303.623830] tcp_rcv_state_process+0x275d/0x6c60 [ 303.628613] tcp_v4_do_rcv+0xb25/0xd80 [ 303.632638] __release_sock+0x32d/0x750 [ 303.636642] release_sock+0x99/0x2a0 [ 303.640390] __inet_stream_connect+0xdff/0x15d0 [ 303.645296] inet_stream_connect+0xff/0x170 [ 303.649657] __sys_connect+0x745/0x860 [ 303.653580] __se_sys_connect+0x8d/0xb0 [ 303.657608] __x64_sys_connect+0x4a/0x70 [ 303.661698] do_syscall_64+0xcf/0x110 [ 303.666109] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 303.671312] [ 303.672953] Uninit was stored to memory at: [ 303.677312] kmsan_internal_chain_origin+0x136/0x240 [ 303.682449] __msan_chain_origin+0x6d/0xb0 [ 303.686715] __save_stack_trace+0x8be/0xc60 [ 303.691072] save_stack_trace+0xc6/0x110 [ 303.695189] kmsan_internal_chain_origin+0x136/0x240 [ 303.700326] kmsan_memcpy_origins+0x13d/0x190 [ 303.704959] __msan_memcpy+0x6f/0x80 [ 303.708683] skb_copy_bits+0x1d2/0xc90 [ 303.712576] skb_copy+0x56c/0xba0 [ 303.716033] tcp_send_synack+0x7a3/0x18f0 [ 303.720186] tcp_rcv_state_process+0x275d/0x6c60 [ 303.724941] tcp_v4_do_rcv+0xb25/0xd80 [ 303.728932] __release_sock+0x32d/0x750 [ 303.732906] release_sock+0x99/0x2a0 [ 303.736625] __inet_stream_connect+0xdff/0x15d0 [ 303.741319] inet_stream_connect+0xff/0x170 [ 303.745648] __sys_connect+0x745/0x860 [ 303.749555] __se_sys_connect+0x8d/0xb0 [ 303.753552] __x64_sys_connect+0x4a/0x70 [ 303.757625] do_syscall_64+0xcf/0x110 [ 303.761432] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 303.766616] [ 303.768242] Uninit was stored to memory at: [ 303.772594] kmsan_internal_chain_origin+0x136/0x240 [ 303.777717] __msan_chain_origin+0x6d/0xb0 [ 303.781967] __save_stack_trace+0x8be/0xc60 [ 303.786294] save_stack_trace+0xc6/0x110 [ 303.790361] kmsan_internal_chain_origin+0x136/0x240 [ 303.795488] kmsan_memcpy_origins+0x13d/0x190 [ 303.799981] __msan_memcpy+0x6f/0x80 [ 303.803723] skb_copy_bits+0x1d2/0xc90 [ 303.807614] skb_copy+0x56c/0xba0 [ 303.811088] tcp_send_synack+0x7a3/0x18f0 [ 303.815237] tcp_rcv_state_process+0x275d/0x6c60 [ 303.819994] tcp_v4_do_rcv+0xb25/0xd80 [ 303.823883] __release_sock+0x32d/0x750 [ 303.827859] release_sock+0x99/0x2a0 [ 303.831568] __inet_stream_connect+0xdff/0x15d0 [ 303.836239] inet_stream_connect+0xff/0x170 [ 303.840565] __sys_connect+0x745/0x860 [ 303.844456] __se_sys_connect+0x8d/0xb0 [ 303.848448] __x64_sys_connect+0x4a/0x70 [ 303.852507] do_syscall_64+0xcf/0x110 [ 303.856315] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 303.861519] [ 303.863160] Uninit was stored to memory at: [ 303.867497] kmsan_internal_chain_origin+0x136/0x240 [ 303.873024] __msan_chain_origin+0x6d/0xb0 [ 303.877263] __save_stack_trace+0x8be/0xc60 [ 303.881588] save_stack_trace+0xc6/0x110 [ 303.885670] kmsan_internal_chain_origin+0x136/0x240 [ 303.890784] kmsan_memcpy_origins+0x13d/0x190 [ 303.895301] __msan_memcpy+0x6f/0x80 [ 303.899019] skb_copy_bits+0x1d2/0xc90 [ 303.902910] skb_copy+0x56c/0xba0 [ 303.906361] tcp_send_synack+0x7a3/0x18f0 [ 303.910511] tcp_rcv_state_process+0x275d/0x6c60 [ 303.915276] tcp_v4_do_rcv+0xb25/0xd80 [ 303.919167] __release_sock+0x32d/0x750 [ 303.923138] release_sock+0x99/0x2a0 [ 303.926844] __inet_stream_connect+0xdff/0x15d0 [ 303.931508] inet_stream_connect+0xff/0x170 [ 303.935836] __sys_connect+0x745/0x860 [ 303.939727] __se_sys_connect+0x8d/0xb0 [ 303.943702] __x64_sys_connect+0x4a/0x70 [ 303.947772] do_syscall_64+0xcf/0x110 [ 303.951578] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 303.956787] [ 303.958412] Uninit was stored to memory at: [ 303.962738] kmsan_internal_chain_origin+0x136/0x240 [ 303.967847] __msan_chain_origin+0x6d/0xb0 [ 303.972082] __save_stack_trace+0x8be/0xc60 [ 303.976408] save_stack_trace+0xc6/0x110 [ 303.980496] kmsan_internal_chain_origin+0x136/0x240 [ 303.985622] kmsan_memcpy_origins+0x13d/0x190 [ 303.990225] __msan_memcpy+0x6f/0x80 [ 303.993954] skb_copy_bits+0x1d2/0xc90 [ 303.997950] skb_copy+0x56c/0xba0 [ 304.001406] tcp_send_synack+0x7a3/0x18f0 [ 304.005646] tcp_rcv_state_process+0x275d/0x6c60 [ 304.010403] tcp_v4_do_rcv+0xb25/0xd80 [ 304.014294] __release_sock+0x32d/0x750 [ 304.018280] release_sock+0x99/0x2a0 [ 304.021996] __inet_stream_connect+0xdff/0x15d0 [ 304.026656] inet_stream_connect+0xff/0x170 [ 304.030974] __sys_connect+0x745/0x860 [ 304.034864] __se_sys_connect+0x8d/0xb0 [ 304.038840] __x64_sys_connect+0x4a/0x70 [ 304.042906] do_syscall_64+0xcf/0x110 [ 304.046713] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 304.051900] [ 304.053530] Uninit was stored to memory at: [ 304.057885] kmsan_internal_chain_origin+0x136/0x240 [ 304.062993] __msan_chain_origin+0x6d/0xb0 [ 304.067233] __save_stack_trace+0x8be/0xc60 [ 304.071564] save_stack_trace+0xc6/0x110 [ 304.075628] kmsan_internal_chain_origin+0x136/0x240 [ 304.080760] kmsan_memcpy_origins+0x13d/0x190 [ 304.085284] __msan_memcpy+0x6f/0x80 [ 304.089015] skb_copy_bits+0x1d2/0xc90 [ 304.092931] skb_copy+0x56c/0xba0 [ 304.096383] tcp_send_synack+0x7a3/0x18f0 [ 304.100640] tcp_rcv_state_process+0x275d/0x6c60 [ 304.105400] tcp_v4_do_rcv+0xb25/0xd80 [ 304.109292] __release_sock+0x32d/0x750 [ 304.113268] release_sock+0x99/0x2a0 [ 304.116985] __inet_stream_connect+0xdff/0x15d0 [ 304.121657] inet_stream_connect+0xff/0x170 [ 304.125996] __sys_connect+0x745/0x860 [ 304.129891] __se_sys_connect+0x8d/0xb0 [ 304.133873] __x64_sys_connect+0x4a/0x70 [ 304.137959] do_syscall_64+0xcf/0x110 [ 304.141792] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 304.146999] [ 304.148635] Uninit was stored to memory at: [ 304.152965] kmsan_internal_chain_origin+0x136/0x240 [ 304.158075] __msan_chain_origin+0x6d/0xb0 [ 304.162333] __save_stack_trace+0x8be/0xc60 [ 304.166673] save_stack_trace+0xc6/0x110 [ 304.170756] kmsan_internal_chain_origin+0x136/0x240 [ 304.175872] kmsan_memcpy_origins+0x13d/0x190 [ 304.180371] __msan_memcpy+0x6f/0x80 [ 304.184109] skb_copy_bits+0x1d2/0xc90 [ 304.188003] skb_copy+0x56c/0xba0 [ 304.191461] tcp_send_synack+0x7a3/0x18f0 [ 304.195612] tcp_rcv_state_process+0x275d/0x6c60 [ 304.200378] tcp_v4_do_rcv+0xb25/0xd80 [ 304.204268] __release_sock+0x32d/0x750 [ 304.208273] release_sock+0x99/0x2a0 21:00:25 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) [ 304.211994] __inet_stream_connect+0xdff/0x15d0 [ 304.216669] inet_stream_connect+0xff/0x170 [ 304.221005] __sys_connect+0x745/0x860 [ 304.224893] __se_sys_connect+0x8d/0xb0 [ 304.228860] __x64_sys_connect+0x4a/0x70 [ 304.232918] do_syscall_64+0xcf/0x110 [ 304.236743] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 304.241933] [ 304.243557] Local variable description: ----_tcph.i@ip_vs_in [ 304.249377] Variable was created at: [ 304.253094] ip_vs_in+0xe9/0x3250 [ 304.256551] ip_vs_local_request4+0xec/0x130 21:00:25 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197007f870a308b1e3a798fa78870f2fc45ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d097354aaa5860d2383df87526baa184d90bb7529366c17bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc89bacfe129e0d284be9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec", 0x0, 0x0) lseek(r0, 0x0, 0x1) 21:00:25 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mlockall(0x100000000006) 21:00:25 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @random="8b01359b1dfc", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000002c0)) 21:00:25 executing program 4: mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000380), 0x4) 21:00:25 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:25 executing program 0: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f00000002c0)) 21:00:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:26 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:26 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="e3", 0x1) 21:00:26 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x1000000002e, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x3a000000}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000100)) 21:00:26 executing program 2: clone(0xf93f00, &(0x7f0000000140), &(0x7f0000e32000), &(0x7f00000001c0), &(0x7f0000000380)) 21:00:26 executing program 3: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000000c0)='threaded\x00', 0x100000084) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) ftruncate(r0, 0x0) mount(&(0x7f00000000c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, &(0x7f00000000c0)) 21:00:26 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:26 executing program 4: 21:00:26 executing program 0: 21:00:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:26 executing program 4: 21:00:26 executing program 0: 21:00:26 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:27 executing program 4: 21:00:27 executing program 0: 21:00:27 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:27 executing program 2: 21:00:27 executing program 0: 21:00:27 executing program 4: 21:00:27 executing program 3: 21:00:27 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:28 executing program 4: 21:00:28 executing program 0: 21:00:28 executing program 3: 21:00:28 executing program 2: 21:00:28 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:28 executing program 3: 21:00:28 executing program 2: 21:00:28 executing program 4: 21:00:28 executing program 0: 21:00:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:28 executing program 3: 21:00:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:29 executing program 0: 21:00:29 executing program 2: 21:00:29 executing program 4: 21:00:29 executing program 3: 21:00:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:29 executing program 0: 21:00:29 executing program 2: 21:00:29 executing program 4: 21:00:29 executing program 3: 21:00:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:29 executing program 0: 21:00:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:29 executing program 2: 21:00:29 executing program 4: 21:00:29 executing program 3: 21:00:29 executing program 0: 21:00:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000040000108}]}) 21:00:30 executing program 3: 21:00:30 executing program 2: 21:00:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)) 21:00:30 executing program 4: 21:00:30 executing program 0: 21:00:30 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_PRIORITY(r1, 0xc0205647, 0x707000) 21:00:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:30 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000040), &(0x7f0000000200)=0x74) 21:00:30 executing program 4: clock_nanosleep(0x0, 0x0, 0x0, &(0x7f0000000080)) 21:00:30 executing program 0: semctl$GETALL(0x0, 0x0, 0xd, &(0x7f00000005c0)=""/37) 21:00:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)) 21:00:30 executing program 2: r0 = memfd_create(&(0x7f0000000040)='keyring\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000400000000400000000000000000000035570007efa973c914f53b380002000000000000000300000000000000000000000000000000000000000000000000000000008000f800000000000000"], 0x68) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) write$P9_RREAD(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="92000000750200870000007939d94fbeda73c435e3d44b05a96f94f0bb7c5f0cc76ec14a0cc5f7cad142403c7bacd94a81180867ab180fe09cbb8201db3497bbe9de17b9e39261c1db3a4b4d52aded956efbe302ace0feb2db29efd424bdcc289b5179afadfb73af6d79b5dfc1fa6b61bfa248a47abc302df3af3eb592ad"], 0x7e) write$P9_RLERRORu(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000300000008006b657972696e670006"], 0x12) execveat(r0, &(0x7f0000000100)='\x00', &(0x7f00000001c0), &(0x7f00000002c0), 0x1000) 21:00:30 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008002, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='veno\x00', 0x1015f) recvfrom(r0, &(0x7f0000000200)=""/101, 0xffffffffffffff46, 0x120, 0x0, 0xffffffffffffffeb) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") 21:00:31 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000200)) 21:00:31 executing program 3: sched_setaffinity(0x0, 0xffffffffffffffb1, &(0x7f0000000180)) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r2, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @broadcast}, 0x4, 0x0, 0x1, 0x3}}, 0x80) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4001fe) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r3, 0x6, 0x8, &(0x7f0000000040)=0xfff, 0x4) sendto$inet(r3, &(0x7f0000002440), 0x0, 0x20000802, &(0x7f0000001180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='sit0\x00', 0xa) r4 = dup3(r2, r3, 0x80000) ioctl$TUNSETSNDBUF(r4, 0x400454d4, &(0x7f0000000500)=0x28000000000000) ioctl$UI_END_FF_ERASE(r4, 0x400c55cb, &(0x7f00000004c0)={0x8}) getsockname$inet6(r4, &(0x7f00000001c0), &(0x7f0000000200)=0x1c) sendto$inet(r3, &(0x7f0000d7cfcb), 0x100000252, 0x0, &(0x7f0000893ff0), 0x10) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r4, 0xc0505405, &(0x7f0000000240)={{0x3, 0x0, 0x0, 0x3}, 0xc26, 0x9, 0x4}) shutdown(r3, 0x1) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r4, 0xc0505405, &(0x7f0000000400)={{0x3, 0x3, 0x332, 0x3, 0x21}, 0x4, 0x3ff, 0xffffffffffffff80}) r5 = gettid() capset(&(0x7f0000000540)={0x20080522, r5}, &(0x7f00000005c0)={0x7, 0x4, 0x5, 0xa3e5, 0x9, 0x7fff}) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={'lo\x00', {0x2, 0x4e24, @local}}) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f00000002c0)={'broute\x00'}, &(0x7f00000003c0)=0x78) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000380)) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000580)={0x0, 0x62, 0x1, 0x1, 0x6}) geteuid() getegid() inotify_add_watch(r4, &(0x7f0000000340)='./file0\x00', 0x4000000) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000840), &(0x7f0000000880)=0xc) getegid() getgid() 21:00:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000100)=""/208) 21:00:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)) 21:00:31 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_PRIORITY(r1, 0xc0205649, 0x707000) 21:00:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240)='/dev/uinput\x00', 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 21:00:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{}]}) 21:00:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3ff}) [ 310.993615] syz-executor3 (9367) used greatest stack depth: 52464 bytes left 21:00:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{}]}) 21:00:32 executing program 4: r0 = memfd_create(&(0x7f0000000040)='keyring\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000400000000400000000000000000000035570007efa973c914f53b380002000000000000000300000000000000000000000000000000000000000000000000000000008000f800000000000000"], 0x68) write$P9_RREAD(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="92000000750200870000007939d94fbeda73c435e3d44b05a96f94f0bb7c5f0cc76ec14a0cc5f7cad142403c7bacd94a81180867ab180fe09cbb8201db3497bbe9de17b9e39261c1db3a4b4d52aded956efbe302ace0feb2db29efd424bdcc289b5179afadfb73af6d79b5dfc1fa6b61bfa248a47abc302df3af3e"], 0x7b) write$P9_RLERRORu(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000300000008006b657972696e670006000000"], 0x15) execveat(r0, &(0x7f0000000100)='\x00', &(0x7f00000001c0), &(0x7f00000002c0), 0x1000) 21:00:32 executing program 2: quotactl(0x80000102, 0x0, 0x0, &(0x7f0000000000)) 21:00:32 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000280)="6e730023f782c3746d20ae7c2d6268740b044ce2e5c93884d92dbb9385af4d724e9958cca6be96ecfb9aa8c7a5d5490d36a89796e727f5a3572111ed5e46ea1d04fded25c495b991841f8a33916bdfcad73e9087344cc491a2634442d3ae209d43d1fca5a763529c04a5e82a07812a18bd96599551848e567af2b3f403ede1563b9b8b2450e59fc3a66e6d72db357866000000") socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fstat(r0, &(0x7f00000003c0)) 21:00:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000002ff}]}) 21:00:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) connect$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x0, 0x1000, @mcast2}, 0x1c) r1 = socket(0x840000000002, 0x3, 0xff) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000") sendfile(r1, r2, &(0x7f00000001c0), 0x100000005) 21:00:32 executing program 2: quotactl(0x80000102, 0x0, 0x0, &(0x7f0000000000)) 21:00:32 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000500)='/dev/hwrng\x00', 0x0, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={"76657400bd6800000000e2ffffff00", 0x43732e5398416f1a}) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x118, &(0x7f0000000240), 0x8, 0x0, 0x26085d6cce6967cc}}], 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000280)=""/187) accept(r0, &(0x7f0000000440)=@ax25, &(0x7f00000004c0)=0x80) 21:00:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{}]}) 21:00:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 21:00:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000002ff}]}) [ 311.866358] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 311.873999] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. [ 311.882783] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 311.890207] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. [ 312.034643] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.042293] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. [ 312.072121] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.079630] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. 21:00:33 executing program 5: 21:00:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0xae60, &(0x7f0000000580)={0x0, 0x0, @ioapic}) [ 312.152476] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.160020] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. [ 312.217034] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.224716] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. 21:00:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000002ff}]}) [ 312.286359] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.294003] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. 21:00:33 executing program 4: r0 = socket$inet6(0xa, 0x100000000002, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0xfd90, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4}, 0x1c) 21:00:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) dup(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r0, 0x5) ioctl$TCSETS(r2, 0x5402, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x8569, 0x0, 0x1ff}) r3 = dup3(r2, r0, 0x0) write$UHID_INPUT(r3, &(0x7f0000001640)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846eab1a9d914b0695b16dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1a375b63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c128cf35ddf4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a17f00912ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6692ceb4831b5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8297cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057288d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858ae38ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d294285497a42736454ccb62fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7e0cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff00", 0x1000}, 0x1006) [ 312.339249] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.346926] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. 21:00:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) capset(&(0x7f0000000040), &(0x7f0000000000)={0x0, 0x41e49f14}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000180)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 312.396282] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.403950] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. [ 312.487975] netlink: 'syz-executor3': attribute type 29 has an invalid length. [ 312.495711] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. 21:00:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10000000000002ff}]}) 21:00:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x1000000000000250}]}) [ 312.622706] ================================================================== [ 312.630143] BUG: KMSAN: uninit-value in gre_rcv+0x11a3/0x1900 [ 312.636044] CPU: 1 PID: 9453 Comm: syz-executor4 Not tainted 4.20.0-rc3+ #90 [ 312.643228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.652579] Call Trace: [ 312.655162] [ 312.657323] dump_stack+0x32d/0x480 [ 312.660967] ? gre_rcv+0x11a3/0x1900 [ 312.664693] kmsan_report+0x19f/0x300 [ 312.668506] __msan_warning+0x76/0xc0 [ 312.672325] gre_rcv+0x11a3/0x1900 [ 312.675876] ? raw_local_deliver+0xa0/0x1890 [ 312.680292] ? ip_local_deliver_finish+0x28c/0xff0 [ 312.685251] ? erspan_xmit+0x35d0/0x35d0 [ 312.689339] gre_rcv+0x2e6/0x3c0 [ 312.692721] ? gre_parse_header+0x1470/0x1470 [ 312.697220] ip_local_deliver_finish+0x8d8/0xff0 [ 312.701990] ip_local_deliver+0x44b/0x510 [ 312.706148] ? ip_local_deliver+0x510/0x510 [ 312.710494] ? ip_call_ra_chain+0x7a0/0x7a0 [ 312.714825] ip_rcv+0x6b6/0x740 [ 312.718238] ? ip_rcv_core+0x1370/0x1370 [ 312.722320] process_backlog+0x82b/0x11e0 [ 312.726480] ? ip_local_deliver_finish+0xff0/0xff0 [ 312.731507] ? rps_trigger_softirq+0x2e0/0x2e0 [ 312.736378] net_rx_action+0x98f/0x1d50 [ 312.740365] ? net_tx_action+0xf20/0xf20 [ 312.744413] __do_softirq+0x721/0xc7f [ 312.748227] do_softirq_own_stack+0x49/0x80 [ 312.752544] [ 312.754775] __local_bh_enable_ip+0x228/0x260 [ 312.759257] local_bh_enable+0x36/0x40 [ 312.763220] ip_finish_output2+0x1430/0x1560 [ 312.767743] ip_do_fragment+0x3686/0x3f10 [ 312.771894] ? ip_fragment+0x400/0x400 [ 312.775824] ip_fragment+0x247/0x400 [ 312.779547] ip_finish_output+0x1056/0x10f0 [ 312.783871] ip_output+0x55c/0x630 [ 312.787412] ? ip_mc_finish_output+0x440/0x440 [ 312.791988] ? ip_finish_output+0x10f0/0x10f0 [ 312.796473] ip_send_skb+0x178/0x370 [ 312.800221] udp_send_skb+0x1439/0x1920 [ 312.804222] udp_sendmsg+0x1496/0x4350 [ 312.808104] ? ip_copy_metadata+0x1710/0x1710 [ 312.812619] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 312.818003] ? kmsan_set_origin+0x7f/0x100 [ 312.822236] udpv6_sendmsg+0x123e/0x4960 [ 312.826287] ? aa_label_sk_perm+0xda/0x960 [ 312.830534] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 312.836374] ? aa_sk_perm+0x7ab/0x9e0 [ 312.840176] ? __sys_sendto+0x940/0xb80 [ 312.844146] ? __udp6_lib_rcv+0x3ea0/0x3ea0 [ 312.848458] inet_sendmsg+0x4e9/0x800 [ 312.852247] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 312.857598] ? security_socket_sendmsg+0x1bd/0x200 [ 312.862519] ? inet_getname+0x490/0x490 [ 312.866481] __sys_sendto+0x940/0xb80 [ 312.870287] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 312.875725] ? prepare_exit_to_usermode+0x182/0x4c0 [ 312.880730] __se_sys_sendto+0x107/0x130 [ 312.884793] __x64_sys_sendto+0x6e/0x90 [ 312.888755] do_syscall_64+0xcf/0x110 [ 312.892554] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 312.897819] RIP: 0033:0x457569 [ 312.900999] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 312.919886] RSP: 002b:00007f2bf620fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 312.927582] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 312.934835] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 312.942089] RBP: 000000000072bf00 R08: 0000000020000140 R09: 000000000000001c [ 312.949346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2bf62106d4 [ 312.956600] R13: 00000000004c407b R14: 00000000004d6910 R15: 00000000ffffffff [ 312.963859] [ 312.965466] Uninit was stored to memory at: [ 312.969786] kmsan_internal_chain_origin+0x136/0x240 [ 312.974882] kmsan_memcpy_origins+0x13d/0x190 [ 312.979361] __msan_memcpy+0x6f/0x80 [ 312.983062] pskb_expand_head+0x436/0x1d20 [ 312.987282] ip_tunnel_xmit+0x35a3/0x3d90 [ 312.991410] erspan_xmit+0x1bce/0x35d0 [ 312.995280] dev_hard_start_xmit+0x6dc/0xde0 [ 312.999672] sch_direct_xmit+0x59b/0x890 [ 313.003715] __qdisc_run+0x1bac/0x3600 [ 313.007588] __dev_queue_xmit+0x2131/0x3e00 [ 313.011894] dev_queue_xmit+0x4b/0x60 [ 313.015684] neigh_resolve_output+0xab7/0xb50 [ 313.020174] ip_finish_output2+0x141a/0x1560 [ 313.024567] ip_do_fragment+0x3686/0x3f10 [ 313.028814] ip_fragment+0x247/0x400 [ 313.032512] ip_finish_output+0x1056/0x10f0 [ 313.036823] ip_output+0x55c/0x630 [ 313.040432] ip_send_skb+0x178/0x370 [ 313.044140] udp_send_skb+0x1439/0x1920 [ 313.048103] udp_sendmsg+0x1496/0x4350 [ 313.051979] udpv6_sendmsg+0x123e/0x4960 [ 313.056028] inet_sendmsg+0x4e9/0x800 [ 313.059824] __sys_sendto+0x940/0xb80 [ 313.063610] __se_sys_sendto+0x107/0x130 [ 313.067658] __x64_sys_sendto+0x6e/0x90 [ 313.071615] do_syscall_64+0xcf/0x110 [ 313.075401] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 313.080566] [ 313.082175] Uninit was created at: [ 313.085705] kmsan_internal_poison_shadow+0xc8/0x1c0 [ 313.090794] kmsan_kmalloc+0x98/0xf0 [ 313.094496] kmsan_slab_alloc+0xe/0x10 [ 313.098364] __kmalloc_node_track_caller+0xf62/0x14e0 [ 313.103544] __alloc_skb+0x42b/0xeb0 [ 313.107241] alloc_skb_with_frags+0x1c9/0xa80 [ 313.111725] sock_alloc_send_pskb+0xeb3/0x14c0 [ 313.116289] sock_alloc_send_skb+0xca/0xe0 [ 313.120508] __ip_append_data+0x2bd2/0x4460 [ 313.124814] ip_append_data+0x30c/0x450 [ 313.128779] udp_sendmsg+0x74e/0x4350 [ 313.132564] udpv6_sendmsg+0x123e/0x4960 [ 313.136619] inet_sendmsg+0x4e9/0x800 [ 313.140404] __sys_sendto+0x940/0xb80 [ 313.144192] __se_sys_sendto+0x107/0x130 [ 313.148235] __x64_sys_sendto+0x6e/0x90 [ 313.152199] do_syscall_64+0xcf/0x110 [ 313.155991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 313.161156] ================================================================== [ 313.168498] Disabling lock debugging due to kernel taint [ 313.173933] Kernel panic - not syncing: panic_on_warn set ... [ 313.179807] CPU: 1 PID: 9453 Comm: syz-executor4 Tainted: G B 4.20.0-rc3+ #90 [ 313.188365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.197706] Call Trace: [ 313.200270] [ 313.202413] dump_stack+0x32d/0x480 [ 313.206038] panic+0x624/0xc08 [ 313.209238] kmsan_report+0x300/0x300 [ 313.213034] __msan_warning+0x76/0xc0 [ 313.216848] gre_rcv+0x11a3/0x1900 [ 313.220382] ? raw_local_deliver+0xa0/0x1890 [ 313.224796] ? ip_local_deliver_finish+0x28c/0xff0 [ 313.229728] ? erspan_xmit+0x35d0/0x35d0 [ 313.233784] gre_rcv+0x2e6/0x3c0 [ 313.237139] ? gre_parse_header+0x1470/0x1470 [ 313.241627] ip_local_deliver_finish+0x8d8/0xff0 [ 313.246381] ip_local_deliver+0x44b/0x510 [ 313.250528] ? ip_local_deliver+0x510/0x510 [ 313.254836] ? ip_call_ra_chain+0x7a0/0x7a0 [ 313.259141] ip_rcv+0x6b6/0x740 [ 313.262412] ? ip_rcv_core+0x1370/0x1370 [ 313.266471] process_backlog+0x82b/0x11e0 [ 313.270605] ? ip_local_deliver_finish+0xff0/0xff0 [ 313.275531] ? rps_trigger_softirq+0x2e0/0x2e0 [ 313.280097] net_rx_action+0x98f/0x1d50 [ 313.284160] ? net_tx_action+0xf20/0xf20 [ 313.288213] __do_softirq+0x721/0xc7f [ 313.292009] do_softirq_own_stack+0x49/0x80 [ 313.296397] [ 313.298623] __local_bh_enable_ip+0x228/0x260 [ 313.303110] local_bh_enable+0x36/0x40 [ 313.306983] ip_finish_output2+0x1430/0x1560 [ 313.311385] ip_do_fragment+0x3686/0x3f10 [ 313.315606] ? ip_fragment+0x400/0x400 [ 313.319515] ip_fragment+0x247/0x400 [ 313.323228] ip_finish_output+0x1056/0x10f0 [ 313.327547] ip_output+0x55c/0x630 [ 313.331084] ? ip_mc_finish_output+0x440/0x440 [ 313.335654] ? ip_finish_output+0x10f0/0x10f0 [ 313.340139] ip_send_skb+0x178/0x370 [ 313.343860] udp_send_skb+0x1439/0x1920 [ 313.347855] udp_sendmsg+0x1496/0x4350 [ 313.351729] ? ip_copy_metadata+0x1710/0x1710 [ 313.356226] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 313.361596] ? kmsan_set_origin+0x7f/0x100 [ 313.365830] udpv6_sendmsg+0x123e/0x4960 [ 313.369882] ? aa_label_sk_perm+0xda/0x960 [ 313.374137] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 313.379483] ? aa_sk_perm+0x7ab/0x9e0 [ 313.383648] ? __sys_sendto+0x940/0xb80 [ 313.387614] ? __udp6_lib_rcv+0x3ea0/0x3ea0 [ 313.391922] inet_sendmsg+0x4e9/0x800 [ 313.395733] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 313.401085] ? security_socket_sendmsg+0x1bd/0x200 [ 313.406122] ? inet_getname+0x490/0x490 [ 313.410104] __sys_sendto+0x940/0xb80 [ 313.413918] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 313.419360] ? prepare_exit_to_usermode+0x182/0x4c0 [ 313.424377] __se_sys_sendto+0x107/0x130 [ 313.428449] __x64_sys_sendto+0x6e/0x90 [ 313.432505] do_syscall_64+0xcf/0x110 [ 313.436304] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 313.441480] RIP: 0033:0x457569 [ 313.444663] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 313.463561] RSP: 002b:00007f2bf620fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 313.471265] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 313.478531] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 313.485805] RBP: 000000000072bf00 R08: 0000000020000140 R09: 000000000000001c [ 313.493068] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2bf62106d4 [ 313.500333] R13: 00000000004c407b R14: 00000000004d6910 R15: 00000000ffffffff [ 313.508914] Kernel Offset: disabled [ 313.512554] Rebooting in 86400 seconds..