[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. 2020/07/19 19:14:02 fuzzer started 2020/07/19 19:14:03 dialing manager at 10.128.0.26:41463 2020/07/19 19:14:03 syscalls: 2944 2020/07/19 19:14:03 code coverage: enabled 2020/07/19 19:14:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/19 19:14:03 extra coverage: enabled 2020/07/19 19:14:03 setuid sandbox: enabled 2020/07/19 19:14:03 namespace sandbox: enabled 2020/07/19 19:14:03 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/19 19:14:03 fault injection: enabled 2020/07/19 19:14:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/19 19:14:03 net packet injection: enabled 2020/07/19 19:14:03 net device setup: enabled 2020/07/19 19:14:03 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/19 19:14:03 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/19 19:14:03 USB emulation: /dev/raw-gadget does not exist 19:18:09 executing program 0: syzkaller login: [ 364.176815][ T8474] IPVS: ftp: loaded support on port[0] = 21 [ 364.437348][ T8474] chnl_net:caif_netlink_parms(): no params data found [ 364.734744][ T8474] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.742003][ T8474] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.751975][ T8474] device bridge_slave_0 entered promiscuous mode [ 364.783679][ T8474] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.790933][ T8474] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.800266][ T8474] device bridge_slave_1 entered promiscuous mode [ 364.861435][ T8474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.876000][ T8474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.932093][ T8474] team0: Port device team_slave_0 added [ 364.942757][ T8474] team0: Port device team_slave_1 added [ 364.993469][ T8474] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.000532][ T8474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.026727][ T8474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.061566][ T8474] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.068813][ T8474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.095394][ T8474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.249920][ T8474] device hsr_slave_0 entered promiscuous mode [ 365.386436][ T8474] device hsr_slave_1 entered promiscuous mode [ 365.899917][ T8474] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 365.952721][ T8474] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 366.001640][ T8474] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 366.139427][ T8474] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 366.432570][ T8474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 366.470106][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 366.479510][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 366.500291][ T8474] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.527315][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 366.537474][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 366.546951][ T2303] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.554226][ T2303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.616636][ T8474] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 366.627625][ T8474] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 366.644140][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 366.653479][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 366.663543][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 366.672950][ T2303] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.680148][ T2303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.689277][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 366.700072][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 366.711004][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 366.721380][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 366.731684][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 366.742049][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 366.752379][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 366.761978][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 366.772216][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 366.781833][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 366.798485][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 366.808074][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 366.867293][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 366.875594][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 366.896419][ T8474] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.937665][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 366.947716][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 366.991284][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 367.001117][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 367.018753][ T8474] device veth0_vlan entered promiscuous mode [ 367.040594][ T8474] device veth1_vlan entered promiscuous mode [ 367.051029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 367.060211][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 367.069311][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 367.117143][ T8474] device veth0_macvtap entered promiscuous mode [ 367.129710][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 367.139865][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 367.149734][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 367.166848][ T8474] device veth1_macvtap entered promiscuous mode [ 367.198853][ T8474] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 367.207199][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 367.216711][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 367.226359][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 367.236316][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 367.255738][ T8474] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 367.285573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 367.297024][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 19:18:12 executing program 0: 19:18:13 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 19:18:13 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000780)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x201, @mcast1}, 0x1c) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f0000000040)=@generic={0x0, 0x0, 0x100000001}) clone(0x2000000002001100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_buf(r0, 0x29, 0x22, &(0x7f0000000000), 0xd4) fcntl$setstatus(r0, 0x4, 0x80000000002c00) 19:18:13 executing program 0: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_ro(r1, 0x0, 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305829, &(0x7f0000000040)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454d1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={0x0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff7, 0xd4}, 0xd121}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x6e, 0x0, &(0x7f00000000c0)="b9ff030e5affffff7f9e14f005051fffffff00004000630677fbac141433e000000162079f4b4d2f87e5feca6aab840413f2325f1a390101050a0100010000000000df74e30d7eabe773afef6f6e4798ab117e9f84fa406b913de8ad827a022e1faee50887dc302819a8a3d0cde3", 0x0, 0x100, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)}, 0x40) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe08000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x300}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x5ee, 0xe000000, &(0x7f00000000c0)="b9ff030000ffffff7f9e14f005051fffffff00004000630677fbac141433e000000162079f4b4d2f87e5feca6aab840213f2325f1a390101050a0100010000000000df74e30d7eabe773afef6f6e4798ab117e9f84fa406b913de8ad827a022e1faee50887dc302819a8a3d0cde36b67f337ce8eee124e061f8fea8ab95f1e8f99c7edea980697449b78569ea293c3eed3b28fc3205db63b2c65e77f19ab28c632cc80d9f2f37f9ba67174fffcb5244b0c909eb8e12116bebc47cf97d2ea8acadfb34ca580b64df7c800113e53bae401cd22f50072deabf93dd4d3e626", 0x0, 0x100, 0x0, 0x296, 0x0, &(0x7f0000000000), &(0x7f0000000040)}, 0x28) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) 19:18:13 executing program 0: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000300)='./bus\x00', 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @loopback}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000540), 0x0, &(0x7f0000000200)={0x1ff}, &(0x7f0000000440)={0x0, r4+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 19:18:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x20082, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000001200)=""/241) ioctl$PPPIOCDISCONN(r0, 0x7439) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000000)='NLBL_CALIPSO\x00') pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x80000) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0xfffffffb) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000000c0)=0x14fff8e) ppoll(&(0x7f0000000140)=[{r0}], 0xb, 0x0, 0x0, 0x0) pwritev(r0, &(0x7f0000001600)=[{&(0x7f0000000100)='h', 0x1}], 0x1, 0x3a) 19:18:15 executing program 1: r0 = openat2(0xffffffffffffff9c, &(0x7f00000023c0)='./file0\x00', &(0x7f0000002400)={0x40, 0x106, 0x1}, 0x18) sendto$rxrpc(r0, &(0x7f0000002440)="af80cd2442a714cddf399398c68d491dc8575e7b3c31ad0027326048fe3d792eb7f6bedfbb90816770", 0x29, 0x4008040, &(0x7f0000002480)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @multicast2}}, 0x24) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x1a2) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x3) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000002500)={0x1, &(0x7f00000024c0)=[{0x877e}]}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000002540)='smaps_rollup\x00') getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000002580)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x44}}}, 0x3, 0x4}, &(0x7f0000002640)=0x90) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000002680)={r3, 0x8000}, &(0x7f00000026c0)=0x8) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBMODE(r4, 0x4b44, &(0x7f0000002700)) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002740)='/dev/ttyS3\x00', 0xc001, 0x0) ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000002780)={0x2, {0x2, 0x8cfd, 0x0, 0x0, 0x401, 0xf}}) r6 = syz_open_procfs(0x0, &(0x7f00000027c0)='mounts\x00') ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000002c00)={0x0, 0x0, 0x0, 0x8, 0x1e4, &(0x7f0000002800)="263a48aafe927a8529f0716b5bd917a273d9e2ff7f57003db62930ef39dc26afcec926476b4b51509fc766c7aa2f9eae5c22d74db9a48455273aef1ce60af847a4cd47c2f00cffb6aa3c4fdcba2be524a6c957c9effbaa760c3a79fca9ccd26904f9176f8a32ae81028e4ed8e9e446a620bdb5ddf6a2eedab5e47a3d4b9696e6ca3ac4839ace173837b1216fa4eb20c6c590c81387170716b2fcd2308ebd06b3e2b0eb23b333307a00d1fd81f751b96dd1124aa62d4aba216ba098bae74daf5229824a502f7dc23e222675811e6c10c82db2d0874032db487d453ad123981481b568f484a6fbdb60b6614a9af0e97c179131776d4196385e3778cd32e07042313d928592cce1e1a5115a52f113e8e18fadbb02ba65f0eced6a4ea71b047e07ce0773ac03152fb73133e0232318e95cf4d411703a154b84e4e96655afe47287fd2a9953844ee0d6e49e2677684a9e00b726605dc82a612212a13920a70986792d59ce5683a6365e5204681bc30b17e5e6e18cabde843238918ad1a80e4b8821875e759cb40cfa6309959e250eff2eb7708fb28d233e08028aa494963c80a44f400a3102c642014c76a7669cc745aaf274c9eddbed55e75bc1e22371a09ecddbdf25b3574dd20bacec9acf969b7391eff2d2e09ef0d240016a5c602b63f9a65a9df9c1be67108a761be66ca159394b1c3e6f5a507d1dcdc8be8c13f12d8f11cf0b2ef28ed3ca4e1f068c17528dc39ba935020ab165a835f41918b27cf878edced2344c2ec52f5f1e55e28321207247224c2b020954f7304bdc57727858b1bee92a3fad01e96066a3c2dc5452896cf68cbb013be8354d8a9fecae55144dc6aade26f16f0a5c5aa4e74c0313a47b812029ed063bced6dba673157b3457559f31c7b4b008d41729d682d758f098523dea377ea936c3555890508a4385bb0b18f8765b3dd7747e2f3dbeacc7f370516865c8f60a61fbf1c1ec7858b1206345931714f76ee15c662004685e4f31fb5b84e573fb9cdb914ef0c0e661d1140ce1320977b92c966438bee978391b7dd0cf4e196c1f2dc1d5457f17a02818b89c2f163ffefeee5a7d04b14d48c88f8a94e87e487ea11e7898bb1d846f8aa624d239db72eed3b74d5be1e26b7317408e339b6588b5fc8405d46ef70ba89b9b1c5445b886c8d7b41f86af50d291013ea10c69412ed57a5cb61b437f98c5db3baa8632f9af28c94d86ceb5162f30b14601472835a8398be2f32a704c4692519bab2ea9fa89ef3061b33ee40693d7a7f69f586f3ffb259cc62043e962aebb6c3dada07cc5c4e76117fdbb12362f75eeb1bbed05a919af9dbb9b9f9edf525060e6e79b7ad7e19222c461e5a127203e7cc1cce46e5d79fef6841abfe1985895f32ff73f46e4a66cd27139909d4953ca7c00f6230c0fe97a076cbabaa240c1741dcdb2ba50749e5977"}) get_mempolicy(&(0x7f0000002c40), &(0x7f0000002c80), 0x10001, &(0x7f0000ffb000/0x3000)=nil, 0xa) pipe2$9p(&(0x7f0000002cc0), 0x84000) r7 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000002d00)='/proc/capi/capi20ncci\x00', 0x8000, 0x0) ioctl$TIOCCBRK(r7, 0x5428) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000002dc0)={0x0, 0x615, 0x1000}, 0x8) [ 370.083257][ T8718] IPVS: ftp: loaded support on port[0] = 21 [ 370.304597][ T8718] chnl_net:caif_netlink_parms(): no params data found 19:18:15 executing program 0: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000000)='net/rt6_stats\x00') sendmmsg(r1, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f00000001c0)="d12afa3df3bcb58866d0b6187e7724460c9e06f13242c31223747f767ddf94ff22f6c0a797b46f9a71f2903ccbe32df9433ebc5e0ddc63cb761655715a701248e9027531b73007ccdab801f7fe796d671c5f6ff4ef5f3696d6a46cf5f98164cb4d4615663324928be63fc0a578b0d86d92acdb0d", 0x74}, {&(0x7f0000000280)="9a644fa62e49aefb3e9b6431741ef5383fc1557b62b6f4a9d04bdc0866ab81f6e61535abd137db3955e85db6a23f0a4b0ccd6f61de8849db2e625158d339d9ef61ed61778402e95864032e531b187e0e1bb5da04af3e7b7acdc4e7038ac2c740ae0c2ed6425a3184867a8948014e70da75ffd920a189dbb3675cf2e0d635efff1a429f50e70fbe8a80409261380fdb7a443c494149d01443ed30", 0x9a}, {&(0x7f0000000340)="d387f338e6ca8e3044be92c14b3423cce4fb9ed77efde57fff69c59a0a8c56f17d6657e595c34d4068393a5e2d66709df1804af6f16a8ba207aec88256782cedd4c2", 0x42}, {&(0x7f00000003c0)="3a2f23ff1e946569b97b5c45230990c130c5bda1e289183ac52de0b555efec0ca18b9f495e61442b2e78747064248389c3cd32bec9508ae6b19b2eecd7899382d149c95fbf01aafe54a6dfec4ff91f7fdee28eee66c09f3ce3ce8d5b629d3fd8b9913ab5d8e1bf29cf6d550386810796b8c9395bb816c4ecc9b891f0202f799168a550c53ea670666fc1653960f6e91940df17087844b0d2308327864a26e8a3e0c00a41a895b20ca68d6811a34ad7f916697db7f3b390467a64350cd7b1b3d4cd6ae83011d4086c1944733f6570", 0xce}, {&(0x7f00000004c0)="fb0751b6261b759bcd25779a30e44b029c2c3ce26f7b7edbe6950223c7944096e056921215d650cfc65d49bd4e87ea5ae8e38ece2299ad51b620aa894a289c8553ae9a2365a00370aaad9e08352c0540a7429d36e1ac0ffb6cc59425ef61df9ddd57827758a483e78c8550d32f9b99de3527a2d0113a8c5ce3525ef4a4644b84c94842cd261d096d49963e22e5cfc3ecd4dc0f52320de6514901b1", 0x9b}, {&(0x7f0000000580)="7f985f0aea8d45746b05ddecd99d20e6563de712e856f7b2291d3dd787285ff1ce0dca5b446f0ff14c6fd66de62f470b1ec51216f242ce2d0d89d2c332d157f45704be48541dd6f703647ac74201043838719b6b671057b7be99967db31af2678dd97ca963abdf98ef70a4063b80137c1892dd5638d63da1a4be9c1b96510f2fbd6ba325", 0x84}, {&(0x7f0000000640)="cc6d5eb21b85013d0934907eef151c925568b207d538c4018bd12ca4b8f7d2bb53de1d9389a89ec130f32bb5986d2ce5b0d4263c8fa83ce0b429eabfa7ac63d0ec3866ece92ceb0a8524", 0x4a}, {&(0x7f00000006c0)="91bdd5850bf3857d069bca210624813dd56b5368b2b94ab71420c0739f7aa7c966d7328fd784ca8fba47b3a70088aa75be996b6dd31331fe56a1dafb250b38a9694bd270a2e4", 0x46}, {&(0x7f0000000740)="fe20aaaa2470a5db39e0de63c44b2aaf11bbe2c318d62a1b45190d46f24ec2bddf4fc6ea0153017db3e20a10dc162e26d0112faee93e742135dc00c770ba7d4ec4089bf001abf6247dd54380772b869d", 0x50}, {&(0x7f00000007c0)="d0332942e70a1b4608b1d5dd6732692dbdf8aae6ce7d860fd227e62266bc39b3107e76e5cd9ca35773fbc7c3bfcfd937209d0e36e2c9acd8cfcde714adea77d6583b15d4cacbda276c2291d3ee18887dccef32074e94475a4ba24bb429d8202cb7c617fc8a1bde4ec81ffbee0df3804a1b04837058a6932555d150cf3b5523b57cef080f", 0x84}], 0xa, &(0x7f0000000940)=[{0x108, 0x113, 0x8, "f22841eccb7735ff82326898f074b8e7a7cb48aba0457a683fd9c6244602b9980362bb20c1f056582f69ca218099ba89df4b1376ed736d3a4617aa1f537507668c6019f74263237b90898de4a3af12b3bedd6354afc0c85b5addc81c145490c70df4280266aa4806a45d931b6faa5fd8d814934d1b2ffe61be4eb2affcd462919a8f6db1f6fb68b5de1fbc0dae3e88f2cf0e9c289caa9399a5eb18f4bdb191b7cfc6ca02a494a6bcedc30ac4c30711a8bb0875463a806b72664a9b2e9f5105afd5e57980aa64ca971129cd530294a110a9456bdd8c35eb19e8bee2053908de975bec1eedd5e74cad7a3b81f04bfdb4db99f4988ceafbfbd7"}, {0xb8, 0x115, 0x4, "00e1c64be31e4df2819302903b88ae8b956ed27c4c5b3c11daa478a49ea3a74e77ab7c8d7de0542905b22ecb27e67649f378f547fb4adead7065eca2a0de0a1c217eca56262785fd2ccae0c614810d55c7f129d13aa8451f43d5974ab09b5d349cfdbf1c93dc8c59346af60f799c00b65d73d4d64c2c80f1ad913c1a5483487df0cc2ef993c3ace9fec46bdf977a68c5aab3cb04415b03a0dd9c5c75298946d18b4f0aa6bb6fb0"}], 0x1c0}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000b00)="7bf543e700dfa45b17766a12cecd5ff81353b22cf31c7d01e29dece77ec2232139d917cc839cf06d7c6def9100bc2f5299ba8f13e8639b0813ff0b249f3fec185c0e40babb902c5b48753efa50c9821d51e9cfd66239c3cbc8be7154730b14", 0x5f}, {&(0x7f0000000b80)="f572ccbceeb806b020e1991c7f5c2bbbb5da29b62dc8eea7f03ab2c5a45c65baa3d9928acb559ddc4336f83279e72c69e6a2990b1b9ccd9bade8c588a11e8fe71a281983cb108f007a3e8c133dbf07aa4f4292695fd1bcdaadb7334950315766a6e03d423a84d3b5537d7b6cb0a87cfebbd61f632a2f7b964a132e2bf6a334cf5cf4de3f9c33d9db56095139724524da82bded17ee7fd1e49085804b6e28e767aa253a10d202154d78f0253c96b46d701e454eaa27abff740a8581792c37d028e70047231bdfc031509be45324b5bcc847c9c37f04a54b9b29fc3f3e452222a857b8b092f735adfe18ffe250d1a3e723d9435e4f37e948", 0xf7}, {&(0x7f0000000140)="be58db", 0x3}], 0x3, &(0x7f0000000cc0)=[{0xd8, 0x0, 0x10001, "10c40e1571751c308686c9307d73e32ebe8f06702692665fa246b0ac89f674baa43cb751d990ae7ad778d0d85e3482f6e655812001738d9507f3f975244026a67d843e36e7fcef6566ea5d82810d401c4fc66d9240be140fb5ba0ecdb4522fd8e8f3d8a6dd515ccac01bd9fdba05ac4793961ec6f233cc665f750d2806b0ffd0cbd4ae51f0dabe3466c3b9d70821e9184df35379a173e7be5196c4f128651dcafb0a861c03a7e457a4ae8f6f82e2e735b632b523cd921a25f7542bf1229bc19bceb0804e"}], 0xd8}}, {{&(0x7f0000000dc0)=@phonet={0x23, 0x9, 0x2, 0x6}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e40)="60a9ec79c558b467ce69f333a7c3574d67e5810f0005cfb04c992b0bda2203ab4e60b21e4ed01d51ef7f8b8552338ee487d31efbd86118e6499d25e2f4110d9e02f3b8c17d301380574a95840ff60268b646bbd1283660d3004bf70b9421dbd51fed0ed2affe0413383e51f763ac5061d0b26aca974b3adfad7b33a9b3b8dd1d6c9a7d631b29c0797a82226c6a7441d7a462ff086717d4344dae7c7f70dc27205df81d34b238262ebfff05688c3fe8032d10ba11cc39a1ee5abcc87a0a5d8945", 0xc0}, {&(0x7f0000001a80)="16943427d7559ea3bc34dc46900e7072a85baf6dfc53702cfc40ea1fdb7863e2edfd4f97dd333170faedf6445473ea760551c6b83f037fdd42f7f3cb7590bae2b3814e79090f79a13f6012834792453a72f911c7dd4f3513186eb7955963b55e72353d9c841dbdb87059854aafabc36a38a0c7fd552217668ccd754e6ea5b924bae02c85cea212e5eea67316b3ea9e1db500bc7536a2ffa14e35a1ee3715b45ebbb4790704ba23243b6ae358c51d2b6c119107d930ed919e670847518692e40c0abe5c5cffedc3eda9c5e43f63e79d18f14749e8507feaa9b5d2ca17888851ebf67d21bb10eb9f870d2eeab39ff0355652b6a91f7bafe00178f52247dbfca334fb3872b6262d91a3c4696fc473a277454056b183ee44e7de61d04492009fdc25c4d8339761d5fa4d7e580baa3ab5751ee89944e32efcf923a4c75356ba629cf1260521918ded546fb7002c598f2e68c2049c999c6c5c891b15261f63190b836da08fc40cd1646b39bbfdc55c44e9d23740596bf4ce39418a4a8a7e7d9eda9ce506fa3b96add671301abb0e2c2cfa4ee939c1a41724ec2486e0836d34765cd617e20db523449f953348118cef561c97c45ec1832a549de52fff5d6e8fa625d049bae2ae59c8af7917f09a972bd959b1dfe56bd743a69d13a6e1bad3824257a05e95225bca3f9a156eb8abd432cdce4423142cddf5bc5be3ab1b2e09c0d38dfe080550bbbd57ba00d765254583188e676dcc47735264a1603a577d468c310e20db606a162bfd70675348d6121b37629ee58cdcac68e50f5179bd5b802b0832d3a9d120c073a32e0161b0e4af5783ca1daebd60a610ec49b5ce79158a714f53617e5738c471f10aff4550f26cb0718a7d2bc84ffcc0604291677aa51ca1d4a8cbbf3590f1482700aa3b7741cfd3f08951a136cdb27b992db3b3270e8783bde7dc026a873aad269e8e64e7f206b4c6bb974811f3d593737ab2aea1ffa7e6520b7a09f99c5d08471155568884a81d3a699009e982df037cdf1605e466e905d0927e6bc011f1a5e5b882024c55d0866de074555f5297916c3f3b63a3599a0c47812cffd78e34e1b0e0801e15ff86cedefefa10990d29ebaae85868dfac76cb15fc9a712c29a4723f288f09003bbcaa74ce261123aa5266aae8191c2612ed9aa4884e9462ae97bc5484975ea8a80e1f1c3e8925607a403b2383307957d22c8b5426fe18e63016cc3d7dec7a38e9d9fe13c798a2d509bcb2b5d9e9611694846d4f4db04103fce75d955a9010c0865057574ac6b4597a731f4420234f02cb9789358d7b77a6585f3f68ee9c6ab4536817b226a9e19e0424a70aafbaa38a065620c04a2837d8d500a7f7deb36eab675cebcf2443bb6264902b42889ca0e0070147f8d74f970425188ddaed1030c1f39316ff1f7bb72c642816910a3f6385ba8a46e243f856631575dc30027383743048f029df468bc05bb8897f950f7f7c848f2df4af48b5f24866f29a2300490377d84f25c6db80dd036c4a1053ce70c4d3befe01142cbc347e749201bf56d2c8fb44ba68e8ac63c13fa35418382fb38db169e1ad1a468e761b3797f6245b959e9d554419bb94cb6059827b6e9eb843f87e760a0c34a3f90dec34ba221d2c323728b0bccfed323c1eb065cd6de7d44e6b40b1588a2af397d519ee174e4682d434b2221b53523b39d74d684b891ebd16803fc5b86a13a40119627515b10af50a95f6b6c8ab3e76f187d49560e988462e14c70830949be4784c54adb82bedc414e2b0dbf1d049798664b6a1b2ba8da1373f487751fddc21e63f66124fb5206e26558c6e51027a8c094a38a8e856e3b015831c179bfba4e93f281d64009bd4ec980324a2c99784b83237d24be2d2b029e5b0ec7ca9e2a3329b91cfa8520392551ac694592bdf76698b0ecc0fe0d23c23fa2b63078c3c95e784f2f5215334995645b3138047e0a72be09b9f06e1804f8c3b4215696b40b42dc0f404ccc2a3fda8b87fb429ead83346c6a36053dea23c3a534524c354451e8295eab56cb95105457cf77a60cd97135053121555119a7ebfdaa6603d7642526b226aee1aa5c97599f5ff593ed97f03b5790ad6142bee9b6b0b9f1a6306165b7f7aed6f322bba7a9807b4641e5f7a5b4f3ef3c074f2d84f3cc7e07939117e4cc120dec3f60aa057f8568ba75f2977a7bdc0ea630d1cfe6fc3f92dacac2f9b2ab164df4ae0a0c70a515b7cdf07e6c03f5f4ba4b849a6893775cca0056b9aa0e61bbc58505f25d0e2e1ead843027cc95d5a5e00b9e53a5d42f5dbd450db3c6fd8cdcda084a840e346c0982b7453306c8220a8dfaa7ea0e94418d3c9424174f7285c1d280292a105809890b21a658e321b340bc4604fdc15716e6c8b3eb32afe05ef7a4518f2549ef90e024f8adf2c3cf18243d48e0a85f181b9d22d605c0de8dda1c66f49ac4b35f6145e77fba45732d61dcc7cec69894481b9917475634b0d22fcc2653e9037481bcda2344fd633f348979d2a533ca0128ec8044766bda98a6ef32457e1d7c2385b23707903958d64ba85996d460f7f285e6e7895515fca3d1ca8d7236079bf27f47a59f0e374576d111c393974abca280d38662384109c81a4b7aca0527075934d4c577d7cf63ce4196c8073f9021ab3711a213350940058ea449ac512089a5acc684b6743a2ddb6fce21705496cfe23935b43b442104fd455c249c643aa1975d5dc1cf76c0cd8f9af5b94ef74e564522e65487d2fc4473264b7c6da6db3526f6a8c3501e46993a16890fd4655f9c590c1f43a6556171bc224757438f5e13f1e48c66ce6ada83cb513be3d66752b2c9ac2315673e067e40c609711d048ae0c87ec3939469d603c7e53e9a023b81d3373826f13c7f8a41b5275dd8253960c8ea5570abf7ea83455bcdac20539adf37241f835cad1b77ad8dfd0dcef8888ecd8f5c2536ed1d42adfcdf396b2ad388b675b9200197353ea8ab2ed8b09a86b9f6544c115edca42e38bf8d1e3ab6c144449c5cf152cd1b68d7588a6394a436a03a372abc8a6c8937a0ca716ab2efdd32f070a1ec595f713723d086861c162e6e9340975eed723bc28d08e34a1670110ea3451eaa27d216307acbf156cb3e44f9ab54634193e8c7fab8da58dc3b780c0a8109465456086dc21d96b6e353181ee95dc0b505a1fafb987839de3cd551fb795ca83371b90af27229f651131e63ff81630ad3352e371d86f9900416b5c721f25c47ef658c577fac85f416dcd2eb8150dbb2c8185be9da624e00dd4b8b2105e1cfe0f5e2a3820dab61d325ea1324fe6f829685556adc6750eacaefc9c58dcf1123159af54c7e3351f3702cab6fbf13e6fd483293535694a87ded34a8bb55ce50cb2f40cc65d5488eb6efaebf53a8d43d67da4e9408e306743f2300e3fa79152ea2c01e1235ef7285db7284fedce8f769356fc8477b5796c6ae04f24a29a350db0124242db115b3459aa7446e141b972857d829e421ff9189febc62b95e0ace66a4d2761554c8e21800477e92789c9885b03dcfdb1aca428bad7d54d853b7beeedb96f67940e61bf085cd8602c9398cad10aa0605413fcbb001b4fc0a5215b245c695f127bcf12361fa2feb80745c92672952f0a2b59aae18d69c7d26a1384b1db9d7d20bbeb15b4c2e6058249f1a8f19d3b46d5cb11e6c8176b31f19c07a77a1393eb99acca8d2d5a1a0c460e6da18bfe991d93e89a6544719d8aeb6bd9b40e71e357f33cfd2d0d65d953b1cddf4c6973b10affcc440588dda748bdf12fe880b61876dab31145aa3f23c20cfec7307e2be0ee554ff53221082babbe029b071adeeee9fc9eeb0963f61dcddb2e4a06d573f4d4572fa6533fbf517b57f14d55febc4b4d97cb13d6878e28910076d94ab08addf9ef071edf092d271a2318255df9906521a293a8c01766c340370ee8216522f62f5e3eb7cb898f96917ac72da382fe22f542dd75760468bf31bc738a71f5daa39d7851074fbec3c42fc16f8706713606fa756bb236cbbaf8d7fd04ec02198ee7eed7406aa59d3760c9d2d768a83dbc207362667b3909687c7d62d8db00beabc0c63e7c1ea2fdc65a5b78a2818dc7507d8f765860952da3b30a581a23efc2c99e65ddb1d9a452ee72ae0c63dd3d696782103437ec1fbca51006eaef4115e1a91e6dcc8779875456ee1f5e65dbb942af848f431d332a51590af561baf3d976ef62181e3107359041c96858918b30128867009ab4832f3fadba3d71927e912c7b60348e26fb7b1a79bf37d1a8082c35dc8cbe1c4dfe463dc0557607f2a79bf04f8cea99570c142bf7b6e7e2d244f5d27864380a709aeb243404dc72bb80a0290080c13762d78e16ef2febc79c2071dc430104f2c5df28cfc23bae564a391061751304ab220fdaf1a390465d3980daefd3fd4e83e6a12aadf910c0f566703279485c80c77563363925b83c238433005d270ad3420d8f54c29fc41263be6ca7ff5c7f87bbd0024122966b85756b9ed5cb6047bf20c9c68e6639f4f5f7fe0bcfdaa4ae58dc461eb43627d701a2f197bb287495b81a9715a6e16e63342ecc0766b8dbcd1877de82779cefe3f5603a6f014b5a4755541c5f159b6a957a3537def5a3c49266ccdfba0c0de7f6772ea07bff4744f23be79f6ba5ba3d3ccc3699d8865715cbe10d127f1f4e686c1478a3f9c27adf3889888460700b48c491162dd81a68c64cbc68b1c4d9ab75b05ccec0117f5c744d178c4b385e1d3f812f61a0e7d0fbb93cf10b10a4e956f6dc5ec67ba832a1c796b59754e22641b4e3c755455be5fce6025c8d3ab12bb9438b8a872309f3309c3d9e5e3dec679ff85674b0adf529da00c483244a5d4d1787ce8682ebc4dede0657f4f26d06cefc1b6e688a616eb863b24e1fff8b6e63c5c603c6cc60a6498cfb1811be577f271db2a53ada7ef25567e93bd3353939136d3ccadbd7af59ceb7356b4370d773b01a4ff93b10842931cbeabf24072ec0b2040e19a2de1374475d26d5c79eb9fe76b21dede1666fb65ca966b2bec36127c0fca85d9b3111531b36dba40efe413cd178595dcdce6c7c70b1ddf757bb8fb9f1b2d4b11c22a15deba2d0c7e770ece0038765b221ef4d513efbbda8dc3d88c652d8dc7653d76acc1cac8778593e0a57e2aaab6de4506d1798822eb1300ca4690d1df79bc6999a3b2d5d611f0ccc2726d65fbd20fe4608c333f3b05d750035cc0256cee41d10d11ed26ddc05b74804732d10533525d1bcfb2653f10a02160248f8728c61cca20a3b5d8b6101d206a0b51b5dd687f92d3c922091e87cdf87218eb84cd5efc9be0d7e4f7d71bc7ee0c48dfcb2324f2e994356582a36bd27137319964785d56fa7af5af49112a9e0edcebc26ebf80311a0eae34fec0b7eb20dbc6e349e891f90d3fd2bded03e1ecd55d908082f5fdd8b6738780bf603f41cec81b8d9c05c4ebe073d6dc8caf8324c731ba4545b484fe654009601b0353794c62af8edea7edde1c26a4c9982edf8907ba92d819014a8acecb0f123327868866cbe2aa64a16bfe6874a2f9278bab739b46d157456e288b2f372b4a4f3aa1d87bd9001d24b1019eebe578720a741c8eac13994e941d8fd45bef8a11a8caacd11c7ededc923ecb1fca179ef9dedeaa6a257f92989ac5654b712fdf038448dbd8f0cb7cc6e5fe9600f1d3730c3bccf87da1d73882db1a249a077b437595042f4e0c93e12a58381b9d2195e21345e812bb0941a4215b1b5ee60d11567bea7e032a96b5c3282edeebfcf7147336f4b041c3c0a8ce48be744c3fa0ec553", 0x1000}], 0x2, &(0x7f0000000f40)=[{0x18, 0x10e, 0x8ec, "2f41624665f460"}, {0x48, 0x3a, 0x9, "b2891d3a7a33cda86274eb2dfac948f32785fcd54dc4a1ab0bd85f445078c6f6ff35acbcf2a3692929edb0dabe40cb27ffd68667c7a98fa3"}, {0x80, 0x0, 0xfffffff7, "701172c86e5ec74907feab53515e5775ba918e739e938938fe32083b109582dd501d0672888b6dc5b82bd5af8a154ea104030c1c1ecf977591d00269b91271cb9e1ab346c0074681481cee514d2a4d9a639a89b7338e2c2c80e7a617e06a23741a458810e976dffb95c05a719686a4"}, {0xa0, 0x109, 0x7ff, "8e15847426698441b2dd12b4a21382916b0d73f31fa9b2384a21788f5874e8ec0c0367c558c7e4a45e98453061d60d82078d14d004848af218938b9fa89428d5f792193165fe895ad90df67859ff2a400e9d26004b5c6a0b083759b8a166858b17de1834ffa5380992bbf93f342b6832427c5797351e020295faab998907791712364bc22bf3f373e980"}, {0xb8, 0x102, 0x8000, "bc848d6dc2b91098ee52acea520e8cac4e58b96c8b7e0715dff47388a9186fd6e199b09f091b816e641885a1ae47c60a8a6fca46c41aad3578584c984b8a2c82d7ce215b355d280afa106106f21ef8b7ea581ab805d93c466fa5fe9f0112653c0406c2a5d2b8b8f9db7e5312b0134e0367c02ad2068f0faab549047eb2715ecd0bdc3bdb67bf0af7ca948e5b45b781dd38bff01690d778b98305233dc62395e0a201"}, {0x50, 0x116, 0x5, "e66413f96453312a390f216266413419c778b391af1e741b22a72e485ffb56765bcee17d05d5673ab947a76036f6d24b4e63391ce242967646e083f82577f8"}], 0x288}}], 0x3, 0x48000) sendfile(r1, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) sendmsg$nl_xfrm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f00000000c0)=ANY=[], 0x138}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(0xffffffffffffffff, 0x80184151, &(0x7f0000001300)={0x0, &(0x7f00000012c0)="ea53635d2727fe93cfde2833bd49256b5d04451a1752da9cfc300dcb4aad767cf9c1406e9926381ca4cf98db", 0x2c}) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r4, 0x0, 0x0, 0x0) r5 = dup2(r4, r0) ioctl$SOUND_MIXER_READ_STEREODEVS(r5, 0x80044dfb, &(0x7f00000000c0)) [ 370.587256][ T8718] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.595497][ T8718] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.604944][ T8718] device bridge_slave_0 entered promiscuous mode [ 370.664402][ T8718] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.671639][ T8718] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.705177][ T8718] device bridge_slave_1 entered promiscuous mode [ 370.801445][ T8718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.816142][ T8718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 19:18:16 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$key(0xf, 0x3, 0x2) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000007ffff000) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r6 = getpid() rt_tgsigqueueinfo(r6, r6, 0x15, &(0x7f00000000c0)) ptrace(0x10, r6) ptrace$getregset(0x4204, r6, 0x2, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000080)={0x9, 0x100, {r6}, {0xee00}, 0x1000, 0x4}) getresgid(&(0x7f00000000c0)=0x0, &(0x7f0000000140), &(0x7f0000000180)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x6}, [{0x2, 0x2, r7}], {0x4, 0x6}, [{0x8, 0x4, r8}], {0x10, 0x1}, {0x20, 0x1}}, 0x34, 0x131937a50d5cdf04) sendmsg$key(r2, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x2, 0x2, 0x0, 0x0, 0x0, {0x30, 0x33, 0xffffff03, 0x3, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) [ 370.918145][ T8718] team0: Port device team_slave_0 added [ 370.945305][ T8718] team0: Port device team_slave_1 added [ 371.030917][ T8718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.038174][ T8718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.064501][ T8718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.078734][ T8718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.086882][ T8718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.112978][ T8718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 371.211831][ T8718] device hsr_slave_0 entered promiscuous mode [ 371.254052][ T8718] device hsr_slave_1 entered promiscuous mode [ 371.283946][ T8718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 371.291596][ T8718] Cannot create hsr debugfs directory 19:18:16 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @ipv4={[], [], @remote}}}, 0x0, 0x0, 0x48, 0x0, "e0738940121de7c8aef3080b76a34c59c80b828fa37d885b8064000000000000bbc314e043701b6bd9b16393f65b2f28feb77db1a52a1b1d5d38a5cdcc244ba2b77c39e9c7450200"}, 0xd8) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/hci\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x6, 0xff00}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000380)={r7, 0xffffff90}, &(0x7f00000003c0)=0x8) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @local}}, 0x0, 0x0, 0xb, 0x0, "1551670e01952874f3ceff73c7d758dc4a9fe6909bbe152cb9b33f5ca938fe3ac35eae3184235ceca06f367490b1ef998cc11b36ab2d7d6d7cc50e2821f742d63db92f1cf454e17f6069edd2f78d9567"}, 0xd8) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa00080045000028000000000006907800002270077a811833854fdcb4c46196b45ceca621b615d07faeb1132b7b03e30bcb8fd2fd61888cc5968d703be17396d1437e1dccc77de0c76b2de81af441671e66f32303d6fc36503c686ff31c13df38cd808bbe97639abbf2398e4ff745dedb20e3d7d804758b3a06fc9263f64bd2ed4cf8ca9c881809935f8084672e7b1c5b0b64d1a187528e218f0d27b1efc92bc54c2eaee8fc8a4d35db00adcb55e3297eab944367e02c904d6d6de6cc8cc298b26e92f809a11c7d5493b62b1ed0300495d44e11ce63a9d92f63b27d040000002df0c432d762dcfdbd05a00d8560ae43c4301f307b9f18282395b7a5b1336dcd5a7a086b8e5cbf06ae6deb7e4c8b6276ad2086fa4711aaca8c26dd0d6d1e9b52574d23afcb81d8312e4886c94197b735e5efeadb29f3a993316b3c3a27a1c878c0a987a8767360ce7a0c792146ee2caca784796a62fc3373adb14bab1f4ba8b913f8022f3439c2f447ad1d169f53f9db427135a5cc36f185826f00664d4d28fc142d279b8506664c1fb8d8e61cf85785b89a2c4b14ec133b87388057d69c7df5583594943650744ea2d55f72d7bd764acad8670b9169be00cda267ff265bcb84090fc5118b6640837fde0bbd", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="40100000907800001e6b3f9ebaf420a7b4f8ac56ae6c01802421a42a2b7198bf97ac604d9ea41db6c0e272c1db4fc695d89910dc7b7a34691af056ea929ea0be04e7a672f47c18331938c11b24c29927ea49f1821bd376c4000000000000679fd2e8ddc1409121b6ada8478022c6b5de4b589f63978955bb6f35321b9188530f7bf200"/141], 0x0) [ 371.692403][ T8718] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 371.744809][ T8718] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 371.776323][ T8917] not chained 10000 origins [ 371.780880][ T8917] CPU: 0 PID: 8917 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 371.789471][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.795926][ T8718] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 371.799624][ T8917] Call Trace: [ 371.799653][ T8917] dump_stack+0x1df/0x240 [ 371.799683][ T8917] kmsan_internal_chain_origin+0x6f/0x130 [ 371.799706][ T8917] ? is_module_text_address+0x4d/0x2a0 [ 371.799723][ T8917] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 371.799764][ T8917] ? __kernel_text_address+0x171/0x2d0 [ 371.836533][ T8917] ? unwind_get_return_address+0x8c/0x130 [ 371.842275][ T8917] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 371.848362][ T8917] ? arch_stack_walk+0x2a2/0x3e0 [ 371.853328][ T8917] ? stack_trace_save+0x1a0/0x1a0 [ 371.858375][ T8917] ? kmsan_get_metadata+0x4f/0x180 [ 371.863512][ T8917] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 371.869342][ T8917] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 371.875427][ T8917] ? stack_trace_save+0x123/0x1a0 [ 371.880474][ T8917] ? kmsan_get_metadata+0x11d/0x180 [ 371.885702][ T8917] __msan_chain_origin+0x50/0x90 [ 371.890658][ T8917] rmd256_transform+0x439d/0x4440 [ 371.895744][ T8917] rmd256_update+0x343/0x4f0 [ 371.900353][ T8917] ? rmd256_init+0x260/0x260 [ 371.904960][ T8917] crypto_shash_update+0x4e9/0x550 [ 371.910087][ T8917] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 371.916271][ T8917] ? crypto_hash_walk_first+0x1fd/0x360 [ 371.921827][ T8917] ? kmsan_get_metadata+0x4f/0x180 [ 371.926955][ T8917] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 371.932773][ T8917] shash_async_update+0x113/0x1d0 [ 371.937815][ T8917] ? shash_async_init+0x1e0/0x1e0 [ 371.942847][ T8917] hash_sendpage+0x8ef/0xdf0 [ 371.947456][ T8917] ? hash_recvmsg+0xd30/0xd30 [ 371.952413][ T8917] sock_sendpage+0x1e1/0x2c0 [ 371.957037][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 371.961900][ T8917] ? sock_fasync+0x250/0x250 [ 371.966526][ T8917] __splice_from_pipe+0x565/0xf00 [ 371.971571][ T8917] ? generic_splice_sendpage+0x2d0/0x2d0 [ 371.977246][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 371.982738][ T8917] ? iter_file_splice_write+0x1800/0x1800 [ 371.988480][ T8917] direct_splice_actor+0x1fd/0x580 [ 371.993613][ T8917] ? kmsan_get_metadata+0x4f/0x180 [ 371.998747][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.004129][ T8917] ? do_splice_direct+0x580/0x580 [ 372.009187][ T8917] do_splice_direct+0x342/0x580 [ 372.014065][ T8917] do_sendfile+0x101b/0x1d40 [ 372.018694][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.023817][ T8917] ? kmsan_get_metadata+0x4f/0x180 [ 372.028940][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.033976][ T8917] do_syscall_64+0xb0/0x150 [ 372.038495][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.044400][ T8917] RIP: 0033:0x45c1d9 [ 372.048296][ T8917] Code: Bad RIP value. [ 372.052361][ T8917] RSP: 002b:00007fb8bb63ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 372.060781][ T8917] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 372.068756][ T8917] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 372.076995][ T8917] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 372.084977][ T8917] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 372.092954][ T8917] R13: 0000000000c9fb6f R14: 00007fb8bb63b9c0 R15: 000000000078bf0c [ 372.100940][ T8917] Uninit was stored to memory at: [ 372.105982][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.111711][ T8917] __msan_chain_origin+0x50/0x90 [ 372.116659][ T8917] rmd256_transform+0x439d/0x4440 [ 372.121698][ T8917] rmd256_update+0x343/0x4f0 [ 372.126360][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.131482][ T8917] shash_async_update+0x113/0x1d0 [ 372.136520][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.141118][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.145714][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.150578][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.155609][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.161075][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.166194][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.171576][ T8917] do_splice_direct+0x342/0x580 [ 372.176432][ T8917] do_sendfile+0x101b/0x1d40 [ 372.181069][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.186184][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.191229][ T8917] do_syscall_64+0xb0/0x150 [ 372.195748][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.201635][ T8917] [ 372.203961][ T8917] Uninit was stored to memory at: [ 372.208997][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.214730][ T8917] __msan_chain_origin+0x50/0x90 [ 372.219678][ T8917] rmd256_transform+0x439d/0x4440 [ 372.224709][ T8917] rmd256_update+0x343/0x4f0 [ 372.229303][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.234422][ T8917] shash_async_update+0x113/0x1d0 [ 372.239451][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.244054][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.248647][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.253507][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.258540][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.264006][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.269131][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.274510][ T8917] do_splice_direct+0x342/0x580 [ 372.279370][ T8917] do_sendfile+0x101b/0x1d40 [ 372.283967][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.289084][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.294123][ T8917] do_syscall_64+0xb0/0x150 [ 372.298638][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.304525][ T8917] [ 372.306848][ T8917] Uninit was stored to memory at: [ 372.311880][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.317611][ T8917] __msan_chain_origin+0x50/0x90 [ 372.322562][ T8917] rmd256_transform+0x439d/0x4440 [ 372.327596][ T8917] rmd256_update+0x343/0x4f0 [ 372.332194][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.337311][ T8917] shash_async_update+0x113/0x1d0 [ 372.342337][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.346939][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.351536][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.356391][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.361420][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.366888][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.372021][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.377408][ T8917] do_splice_direct+0x342/0x580 [ 372.382273][ T8917] do_sendfile+0x101b/0x1d40 [ 372.386866][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.391983][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.397025][ T8917] do_syscall_64+0xb0/0x150 [ 372.401529][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.407412][ T8917] [ 372.409731][ T8917] Uninit was stored to memory at: [ 372.414760][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.420480][ T8917] __msan_chain_origin+0x50/0x90 [ 372.425427][ T8917] rmd256_transform+0x439d/0x4440 [ 372.430459][ T8917] rmd256_update+0x343/0x4f0 [ 372.435053][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.440166][ T8917] shash_async_update+0x113/0x1d0 [ 372.445195][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.449797][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.454395][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.459253][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.464280][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.469751][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.474866][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.480242][ T8917] do_splice_direct+0x342/0x580 [ 372.485107][ T8917] do_sendfile+0x101b/0x1d40 [ 372.489703][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.494825][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.499855][ T8917] do_syscall_64+0xb0/0x150 [ 372.504369][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.510249][ T8917] [ 372.512578][ T8917] Uninit was stored to memory at: [ 372.517610][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.523337][ T8917] __msan_chain_origin+0x50/0x90 [ 372.528289][ T8917] rmd256_transform+0x439d/0x4440 [ 372.533328][ T8917] rmd256_update+0x343/0x4f0 [ 372.537925][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.543041][ T8917] shash_async_update+0x113/0x1d0 [ 372.548072][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.552670][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.557264][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.562122][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.567151][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.572613][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.577737][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.583116][ T8917] do_splice_direct+0x342/0x580 [ 372.587972][ T8917] do_sendfile+0x101b/0x1d40 [ 372.592571][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.597688][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.602721][ T8917] do_syscall_64+0xb0/0x150 [ 372.607234][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.613117][ T8917] [ 372.615438][ T8917] Uninit was stored to memory at: [ 372.620467][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.626192][ T8917] __msan_chain_origin+0x50/0x90 [ 372.631135][ T8917] rmd256_transform+0x439d/0x4440 [ 372.636166][ T8917] rmd256_update+0x227/0x4f0 [ 372.640759][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.645957][ T8917] shash_async_update+0x113/0x1d0 [ 372.650984][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.655589][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.660186][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.665044][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.670086][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.675558][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.680694][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.686085][ T8917] do_splice_direct+0x342/0x580 [ 372.690946][ T8917] do_sendfile+0x101b/0x1d40 [ 372.695543][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.700665][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.705699][ T8917] do_syscall_64+0xb0/0x150 [ 372.710219][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.716104][ T8917] [ 372.718434][ T8917] Uninit was stored to memory at: [ 372.723465][ T8917] kmsan_internal_chain_origin+0xad/0x130 [ 372.729290][ T8917] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 372.735278][ T8917] kmsan_memcpy_metadata+0xb/0x10 [ 372.740312][ T8917] __msan_memcpy+0x43/0x50 [ 372.744736][ T8917] rmd256_update+0x1fc/0x4f0 [ 372.749415][ T8917] crypto_shash_update+0x4e9/0x550 [ 372.754527][ T8917] shash_async_update+0x113/0x1d0 [ 372.759555][ T8917] hash_sendpage+0x8ef/0xdf0 [ 372.764150][ T8917] sock_sendpage+0x1e1/0x2c0 [ 372.768751][ T8917] pipe_to_sendpage+0x38c/0x4c0 [ 372.773609][ T8917] __splice_from_pipe+0x565/0xf00 [ 372.778642][ T8917] generic_splice_sendpage+0x1d5/0x2d0 [ 372.784111][ T8917] direct_splice_actor+0x1fd/0x580 [ 372.789234][ T8917] splice_direct_to_actor+0x6b2/0xf50 [ 372.794612][ T8917] do_splice_direct+0x342/0x580 [ 372.799469][ T8917] do_sendfile+0x101b/0x1d40 [ 372.804066][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.809178][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.814209][ T8917] do_syscall_64+0xb0/0x150 [ 372.818722][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.824611][ T8917] [ 372.826936][ T8917] Uninit was created at: [ 372.831183][ T8917] kmsan_save_stack_with_flags+0x3c/0x90 [ 372.836821][ T8917] kmsan_alloc_page+0xb9/0x180 [ 372.841586][ T8917] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 372.847139][ T8917] alloc_pages_current+0x672/0x990 [ 372.852254][ T8917] push_pipe+0x605/0xb70 [ 372.856501][ T8917] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 372.862226][ T8917] do_splice_to+0x4fc/0x14f0 [ 372.866827][ T8917] splice_direct_to_actor+0x45c/0xf50 [ 372.872202][ T8917] do_splice_direct+0x342/0x580 [ 372.877055][ T8917] do_sendfile+0x101b/0x1d40 [ 372.881650][ T8917] __se_sys_sendfile64+0x2bb/0x360 [ 372.886777][ T8917] __x64_sys_sendfile64+0x56/0x70 [ 372.891809][ T8917] do_syscall_64+0xb0/0x150 [ 372.896321][ T8917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 372.975927][ T8718] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 373.310550][ T8718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 373.375309][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 373.384592][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 373.410438][ T8718] 8021q: adding VLAN 0 to HW filter on device team0 [ 373.450064][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 373.461144][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 373.470449][ T8633] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.477795][ T8633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 373.557935][ T8718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 373.568630][ T8718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 373.585780][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 373.595048][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 373.604837][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 373.614627][ T8633] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.621814][ T8633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.630885][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 373.641653][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 373.652466][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 373.662922][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 373.673321][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 373.683631][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 373.693953][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 373.703597][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 373.713959][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 373.723587][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 373.741885][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 373.752282][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 19:18:19 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xe994, 0x200) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40840}, 0x4001) ioctl$KVM_RUN(r0, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x10}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0x1f1}, 0x48) [ 373.808834][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 373.817063][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 373.865178][ T8718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 373.928786][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 373.939106][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 374.002289][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 374.012141][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 374.040738][ T8718] device veth0_vlan entered promiscuous mode [ 374.071991][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 374.081174][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 374.094498][ T8718] device veth1_vlan entered promiscuous mode [ 374.155174][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 374.165001][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 374.183604][ T8718] device veth0_macvtap entered promiscuous mode [ 374.204362][ T8718] device veth1_macvtap entered promiscuous mode [ 374.242310][ T8718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 374.253058][ T8718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.266228][ T8718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 374.275509][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 374.285176][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready 19:18:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x65ea04ba00ff78ad, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000050774740000dfdbdf0300005959950081", @ANYRES32=0x0, @ANYBLOB="7fff0002818600000f0012000b0001006d616373656300e10b00020005000700010020000a000540370000000000000008000ac0040000587e27a8b0b9cad4a128c1"], 0x50}}, 0x0) [ 374.294315][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 374.304138][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 374.351166][ T8947] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 374.371141][ T8948] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 374.431512][ T8718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 374.442102][ T8718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.455505][ T8718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 374.465607][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 19:18:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket(0x1e, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c775d85fc3f040a9a681ec68d", @ANYRES32=r4, @ANYBLOB="00000800000000000c0016800820010204000c8080b05a45326a91697a83a857d45c5a7475f28853248e7723726d73525f17bc40f0f0af58d80a20c9a86770f7780c29c0d2e5f82b8a1c09245dbffc9da3fc8ad1eabf0d9976f7962e4a34101453443583938f73c9386bd59b87a93ed4d37b887f273bfee994e319f90a49f475b787419ffe63f4c24f1ecbaee5f57f752bc17d0bfaaae7b105229b296d9c9509e3f0de0e4716254e8829c0b4c542251419b2b37c12e24209ae0c1652764671b7ab661493664f9f50bf"], 0x2c}}, 0x0) [ 374.475746][ T8887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 19:18:20 executing program 1: preadv(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/246, 0xf6}], 0x1, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x80, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0x80105014, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x30882, 0x0) ioctl$PPPIOCGFLAGS(r1, 0x5403, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@ccm_128={{0x303}, "4c214904bf253e68", "faee0022a9493068d7546b5e5ce65caf", "001000", "2b421f661ff24f43"}, 0x28) sendto$inet6(r0, &(0x7f00000005c0), 0xfffffffffffffee0, 0x0, 0x0, 0xb6) sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000380)={r2, 0xdf, "c8f0cfdcaccb3c44eebe070ce9acbfda13ef65b5e486754fa1a3b9b8d11fe04dceb0a7b25b50c62357de624c74f1adee64c7665bea3535ff4478daee24b6e68f84e27be1e55efdd3d9d63ccc5c2b74534ff83712d03ff10355140efa47ef0b7e7a748c1215bf1ec090c76985c6aa2c8ca86914ae420d7902cc3e89316f5cc972adcfc1147938a37b53c44734c44ae57540b0c74e815b6a6c485478abb25c15c31e40c8e94d0b3b36acba96efb6c7177d792a994ccd78cd86fd430eacdbe45721e9f20555f93f7e91b9c704b2007e8a1707fca9ea601ac870c9f36df3234c5e"}, &(0x7f0000000080)=0xe7) r3 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000004, 0x20000005011, r3, 0x0) dup3(r1, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000140)={0x5, 0x400, 0x3, 0x66f3, 0x1f, 0x1}) 19:18:20 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000800)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d27390f6c4014ae40b8ae4f2a88e3fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad1dc4d45125d48d7206e99049fd2d633d65d81d4ecd9bef478e2a28926db37d68cd34a2da7fead390a3cc13d3f69fe4c51d78a7697fc24fee857baff032c396d3c709577e19c33a14f5f883ec17950213b66f7ce3c9e5a2e5d9ee9d7974cf15603e31bcd406d286b0b07b45eb40bc984cbf45f7ecb636afe801e593d9128fdaa6f8c299ce501a3e9d037cb7d4a11f1623089ae72c9554e12a744147b5c57da1fec40ce676016489f9b786748bd495a983139ba"], 0x99) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)={0x5, 0xffffffffffffffff}, 0x8) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)={0x2, r1}, 0x8) r2 = open(&(0x7f0000000080)='./bus\x00', 0x65142, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0x1fee00) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x28, &(0x7f0000000140)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r3}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000012c0)={r3}, 0xc) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000000c0)={0x80, r3}, 0x8) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000140)={0x6, r4}, 0x8) socket(0x0, 0x0, 0x0) [ 375.596491][ C1] sd 0:0:1:0: [sg0] tag#386 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 375.607133][ C1] sd 0:0:1:0: [sg0] tag#386 CDB: Test Unit Ready [ 375.613840][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.623580][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.633318][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.643075][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.652737][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.662497][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.672260][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.681996][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.691755][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.701721][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.711651][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.721443][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.731188][ C1] sd 0:0:1:0: [sg0] tag#386 CDB[c0]: 00 00 00 00 00 00 00 00 [ 375.740598][ T32] audit: type=1800 audit(1595186301.145:2): pid=8986 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15725 res=0 19:18:21 executing program 1: r0 = socket(0x16, 0x3, 0x7) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f00000002c0)={'netdevsim0\x00', {0x2, 0x4e21, @local}}) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x10001}, 0x10) r1 = shmget(0x3, 0xc000, 0x1000, &(0x7f0000ff4000/0xc000)=nil) shmctl$SHM_LOCK(r1, 0xb) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r4}) syz_genetlink_get_family_id$batadv(&(0x7f0000000280)='batadv\x00') r6 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x6, 0x2000) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r6, 0x810c5701, &(0x7f0000000140)) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000040)) r7 = getpid() timer_create(0x5, &(0x7f0000000340)={0x0, 0x80000001, 0x2, @tid=r7}, &(0x7f00000004c0)) ioctl$SIOCGSTAMPNS(r4, 0x8907, &(0x7f0000000300)) [ 375.912757][ C0] sd 0:0:1:0: [sg0] tag#406 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 375.923533][ C0] sd 0:0:1:0: [sg0] tag#406 CDB: Test Unit Ready [ 375.930075][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.940024][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.949808][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.959634][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.969418][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.979207][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.988982][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 375.998778][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 376.008554][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 376.018339][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 376.028219][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 376.037992][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 376.047817][ C0] sd 0:0:1:0: [sg0] tag#406 CDB[c0]: 00 00 00 00 00 00 00 00 [ 376.057374][ T32] audit: type=1800 audit(1595186301.555:3): pid=8987 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15725 res=0 19:18:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)={0x60, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x0, 0x5, 0x9}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP={0x0, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x0, 0x2, 0x1, 0x0, @remote}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x60}}, 0x8004) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="0000000010baf73e5c9b2290c000000008000a0000000000"], 0x30}}, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x2c, 0x0, 0xb, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_COMPAT_NAME={0xe, 0x1, 'bitmap:ip\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x820}, 0x48010) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x30, 0xa, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x5}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x22}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x44080) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x7, 0x1, 0x804, 0x0, 0x0, {0xc, 0x0, 0x9}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008000) r2 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt(r2, 0xdc, 0x80, &(0x7f0000000000)="c89184d5fb2e71f91a0e3244061912639b65a54c662bee0972412720e8d268ca108edc73bbb83f6336444304dd03bb03ca18ac060f8a5a2367d759a07264186297b8bd2d8a88ed67c69682cd1d0e867f84d6301ad7df25afb39fe03af7554baa458679b9d3989033e6daf7ec07fa705f3722ebf186906effe197481f3ae2f46c4f96373091262826fd1a7adec02dce9954e8b21aa8b30cd962b62e35e35fad30", 0xa0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000100)=0x1, 0x4) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) [ 376.359756][ T8997] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'. [ 376.406434][ T8997] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 376.471048][ T8997] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 19:18:22 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendfile(r0, r1, 0x0, 0x1000007ffff000) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x4) sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x800) fcntl$dupfd(r1, 0x0, r1) socket$inet_sctp(0x2, 0x5, 0x84) socket$packet(0x11, 0x3, 0x300) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) pipe(&(0x7f0000000100)) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x88, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x58, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0x48, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_INGRESS_QOS={0x28, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x80}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x88}}, 0x810) [ 376.553545][ T8997] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'. [ 376.564533][ T9000] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 19:18:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21}, 0x1c) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0xfffd, 0x0, @loopback}}, 0x0, 0x0, 0x3d, 0x0, "a3cc25cd8b71fce55c57f9175e48ffc428397f4a9dbd18410dfb81c120bfd02561190478d6fbfdc53ddf937aaf10b37198d6b03d74d942046c39507f84990c0678099971f64ac90a954914b81f9c1ecb"}, 0xd8) syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @random="f8968583fe2f", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00\x00@', 0x14, 0x6, 0x0, @local, @mcast2, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000040)={r5}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000000)={r5, 0x35, "0d57e58751b1a8ad1bf2081d172daf8241211b5d42934c3fb312001276aad1179195fb8cd8ddc9276609a188fba6cb6ac294e19420"}, &(0x7f0000000080)=0x3d) [ 376.836530][ T9012] not chained 20000 origins [ 376.841087][ T9012] CPU: 0 PID: 9012 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 376.849683][ T9012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.859743][ T9012] Call Trace: [ 376.863033][ T9012] dump_stack+0x1df/0x240 [ 376.867358][ T9012] kmsan_internal_chain_origin+0x6f/0x130 [ 376.873070][ T9012] ? is_module_text_address+0x4d/0x2a0 [ 376.878517][ T9012] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 376.884318][ T9012] ? __kernel_text_address+0x171/0x2d0 [ 376.889767][ T9012] ? unwind_get_return_address+0x8c/0x130 [ 376.895507][ T9012] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 376.901563][ T9012] ? arch_stack_walk+0x2a2/0x3e0 [ 376.906489][ T9012] ? stack_trace_save+0x1a0/0x1a0 [ 376.911505][ T9012] ? kmsan_get_metadata+0x4f/0x180 [ 376.916605][ T9012] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 376.922398][ T9012] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 376.928461][ T9012] ? stack_trace_save+0x123/0x1a0 [ 376.933479][ T9012] ? kmsan_get_metadata+0x11d/0x180 [ 376.938667][ T9012] __msan_chain_origin+0x50/0x90 [ 376.943602][ T9012] rmd256_transform+0x439d/0x4440 [ 376.948744][ T9012] rmd256_update+0x343/0x4f0 [ 376.953331][ T9012] ? rmd256_init+0x260/0x260 [ 376.957905][ T9012] crypto_shash_update+0x4e9/0x550 [ 376.963021][ T9012] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 376.969175][ T9012] ? crypto_hash_walk_first+0x1fd/0x360 [ 376.974711][ T9012] ? kmsan_get_metadata+0x4f/0x180 [ 376.979814][ T9012] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 376.985607][ T9012] shash_async_update+0x113/0x1d0 [ 376.990623][ T9012] ? shash_async_init+0x1e0/0x1e0 [ 376.995632][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.000218][ T9012] ? hash_recvmsg+0xd30/0xd30 [ 377.004884][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.009469][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.014308][ T9012] ? sock_fasync+0x250/0x250 [ 377.018891][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.023904][ T9012] ? generic_splice_sendpage+0x2d0/0x2d0 [ 377.029536][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.034991][ T9012] ? iter_file_splice_write+0x1800/0x1800 [ 377.040698][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.045801][ T9012] ? kmsan_get_metadata+0x4f/0x180 [ 377.050903][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.056262][ T9012] ? do_splice_direct+0x580/0x580 [ 377.061289][ T9012] do_splice_direct+0x342/0x580 [ 377.066139][ T9012] do_sendfile+0x101b/0x1d40 [ 377.070736][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.075837][ T9012] ? kmsan_get_metadata+0x4f/0x180 [ 377.080939][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.085956][ T9012] do_syscall_64+0xb0/0x150 [ 377.090451][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.096326][ T9012] RIP: 0033:0x45c1d9 [ 377.100204][ T9012] Code: Bad RIP value. [ 377.104253][ T9012] RSP: 002b:00007fb8bb63ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 377.112651][ T9012] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 377.120610][ T9012] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 377.128583][ T9012] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 377.137075][ T9012] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 377.145036][ T9012] R13: 0000000000c9fb6f R14: 00007fb8bb63b9c0 R15: 000000000078bf0c [ 377.153003][ T9012] Uninit was stored to memory at: [ 377.158017][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.163721][ T9012] __msan_chain_origin+0x50/0x90 [ 377.168667][ T9012] rmd256_transform+0x439d/0x4440 [ 377.173677][ T9012] rmd256_update+0x343/0x4f0 [ 377.178268][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.183365][ T9012] shash_async_update+0x113/0x1d0 [ 377.188374][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.192952][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.197528][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.202364][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.207374][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.212821][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.217917][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.223275][ T9012] do_splice_direct+0x342/0x580 [ 377.228111][ T9012] do_sendfile+0x101b/0x1d40 [ 377.232687][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.237810][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.242825][ T9012] do_syscall_64+0xb0/0x150 [ 377.247317][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.253186][ T9012] [ 377.255500][ T9012] Uninit was stored to memory at: [ 377.260512][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.266223][ T9012] __msan_chain_origin+0x50/0x90 [ 377.271149][ T9012] rmd256_transform+0x439d/0x4440 [ 377.276157][ T9012] rmd256_update+0x343/0x4f0 [ 377.280731][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.285830][ T9012] shash_async_update+0x113/0x1d0 [ 377.290839][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.295417][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.299997][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.304836][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.309844][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.315288][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.320383][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.325740][ T9012] do_splice_direct+0x342/0x580 [ 377.330576][ T9012] do_sendfile+0x101b/0x1d40 [ 377.335151][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.340244][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.345254][ T9012] do_syscall_64+0xb0/0x150 [ 377.349743][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.355611][ T9012] [ 377.357983][ T9012] Uninit was stored to memory at: [ 377.362996][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.368700][ T9012] __msan_chain_origin+0x50/0x90 [ 377.373630][ T9012] rmd256_transform+0x439d/0x4440 [ 377.378813][ T9012] rmd256_update+0x343/0x4f0 [ 377.383387][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.388483][ T9012] shash_async_update+0x113/0x1d0 [ 377.393494][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.398071][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.402648][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.407483][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.412492][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.417937][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.423033][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.428391][ T9012] do_splice_direct+0x342/0x580 [ 377.433225][ T9012] do_sendfile+0x101b/0x1d40 [ 377.437798][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.442891][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.447903][ T9012] do_syscall_64+0xb0/0x150 [ 377.452392][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.458259][ T9012] [ 377.460575][ T9012] Uninit was stored to memory at: [ 377.465586][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.471408][ T9012] __msan_chain_origin+0x50/0x90 [ 377.476342][ T9012] rmd256_transform+0x439d/0x4440 [ 377.481356][ T9012] rmd256_update+0x343/0x4f0 [ 377.485950][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.491046][ T9012] shash_async_update+0x113/0x1d0 [ 377.496056][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.500635][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.505210][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.510042][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.515050][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.520515][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.525611][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.530967][ T9012] do_splice_direct+0x342/0x580 [ 377.535825][ T9012] do_sendfile+0x101b/0x1d40 [ 377.540407][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.545502][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.550522][ T9012] do_syscall_64+0xb0/0x150 [ 377.555013][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.560888][ T9012] [ 377.563195][ T9012] Uninit was stored to memory at: [ 377.568208][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.573910][ T9012] __msan_chain_origin+0x50/0x90 [ 377.578834][ T9012] rmd256_transform+0x439d/0x4440 [ 377.583843][ T9012] rmd256_update+0x343/0x4f0 [ 377.588414][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.593510][ T9012] shash_async_update+0x113/0x1d0 [ 377.598518][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.603094][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.608192][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.613032][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.618046][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.623507][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.628603][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.633967][ T9012] do_splice_direct+0x342/0x580 [ 377.638800][ T9012] do_sendfile+0x101b/0x1d40 [ 377.643375][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.648472][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.653482][ T9012] do_syscall_64+0xb0/0x150 [ 377.657972][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.663840][ T9012] [ 377.666151][ T9012] Uninit was stored to memory at: [ 377.671163][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.676867][ T9012] __msan_chain_origin+0x50/0x90 [ 377.681790][ T9012] rmd256_transform+0x439d/0x4440 [ 377.686801][ T9012] rmd256_update+0x227/0x4f0 [ 377.691390][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.696506][ T9012] shash_async_update+0x113/0x1d0 [ 377.701519][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.706099][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.710675][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.715532][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.720551][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.725994][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.731089][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.736449][ T9012] do_splice_direct+0x342/0x580 [ 377.741282][ T9012] do_sendfile+0x101b/0x1d40 [ 377.745859][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.750954][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.755966][ T9012] do_syscall_64+0xb0/0x150 [ 377.760456][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.766328][ T9012] [ 377.768639][ T9012] Uninit was stored to memory at: [ 377.773653][ T9012] kmsan_internal_chain_origin+0xad/0x130 [ 377.779360][ T9012] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 377.785327][ T9012] kmsan_memcpy_metadata+0xb/0x10 [ 377.790334][ T9012] __msan_memcpy+0x43/0x50 [ 377.794739][ T9012] rmd256_update+0x1fc/0x4f0 [ 377.799326][ T9012] crypto_shash_update+0x4e9/0x550 [ 377.804420][ T9012] shash_async_update+0x113/0x1d0 [ 377.809427][ T9012] hash_sendpage+0x8ef/0xdf0 [ 377.814005][ T9012] sock_sendpage+0x1e1/0x2c0 [ 377.818582][ T9012] pipe_to_sendpage+0x38c/0x4c0 [ 377.823417][ T9012] __splice_from_pipe+0x565/0xf00 [ 377.828428][ T9012] generic_splice_sendpage+0x1d5/0x2d0 [ 377.833877][ T9012] direct_splice_actor+0x1fd/0x580 [ 377.838974][ T9012] splice_direct_to_actor+0x6b2/0xf50 [ 377.844333][ T9012] do_splice_direct+0x342/0x580 [ 377.849176][ T9012] do_sendfile+0x101b/0x1d40 [ 377.853751][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.858849][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.863860][ T9012] do_syscall_64+0xb0/0x150 [ 377.868349][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 377.874217][ T9012] [ 377.876526][ T9012] Uninit was created at: [ 377.880755][ T9012] kmsan_save_stack_with_flags+0x3c/0x90 [ 377.886374][ T9012] kmsan_alloc_page+0xb9/0x180 [ 377.891123][ T9012] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 377.896657][ T9012] alloc_pages_current+0x672/0x990 [ 377.901753][ T9012] push_pipe+0x605/0xb70 [ 377.905983][ T9012] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 377.911687][ T9012] do_splice_to+0x4fc/0x14f0 [ 377.916262][ T9012] splice_direct_to_actor+0x45c/0xf50 [ 377.921620][ T9012] do_splice_direct+0x342/0x580 [ 377.926455][ T9012] do_sendfile+0x101b/0x1d40 [ 377.931042][ T9012] __se_sys_sendfile64+0x2bb/0x360 [ 377.936138][ T9012] __x64_sys_sendfile64+0x56/0x70 [ 377.941157][ T9012] do_syscall_64+0xb0/0x150 [ 377.945651][ T9012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:18:23 executing program 1: openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000000), 0x0) 19:18:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x3f) clone(0x80200100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x0, 0x0, 0xd0, 0x0, 0xd0, 0x228, 0x228, 0x228, 0x228, 0x228, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x138, 0x158, 0x0, {}, [@common=@srh1={{0x90, 'srh\x00'}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @loopback, @dev}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358) 19:18:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b80)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0x4}}}]}, 0x34}}, 0x0) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000002c0)="f5", 0x1, 0xfffffffffffffffe) keyctl$update(0x2, r1, &(0x7f0000000480)="601dda7b69c02ca563f77f2c3cf38e55bed3cd14dc9d229490a67986cb67c903ef152e2cb38ea7c084b9d949b5c0ed6ceaf2bc41f1a8cf46826aaf9e876cd44e09f0a320591f61f4a8716946e5ab9aa31e106f7058a50ac4b24aa9030000004bc0566e2be1998170dc11fa3ec487d9da26fd71eb7e9c81265532b1da1ad697e9957febeb961b895eb871cb0c0b4d124a365312d3a9d51e5004475916960300ff4fe52728b55129a53623", 0xaa) r2 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000680)="945d3e2b2181049ee86dc947e0ae28a37743f33e39212923a0dba54a3928f0b7198f0753a706b4f63ac28ab0234367789421c7cd1527007608c26cbab494018d1519f1fe047ab6b163610e2f685e0f86b471a4c2cf086c8798d256b6021013a78bd7a5d7e58a6fe50e424a560f4d8ae807d1716cd90ec4c17ddd80144332882e9852b25fb62c35ca3aa47a0eda1d28d600d90208a7934c7571e92836be0e8a785a15ddeb55fd0fd7290a17ae55bfed1f583359e9f2664a1ed630f5c3ad8139dc8fecfa42509437b70cbe0db8bf303d375aa9787bbf89a23347a1fef4c434b1300eee881b95ba9f48a91449", 0x118, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xffffffffffffffc9, 0x0) r3 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$update(0x2, r3, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRES32=r6, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r9}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) r10 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r3) keyctl$instantiate(0xc, r2, &(0x7f0000000000)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '', 0x20, 0x6}, 0x2a, r10) [ 378.687251][ T9027] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 378.895524][ T9037] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 19:18:25 executing program 0: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000200)="fc0000004a000700ab092500090007000aab80ff00000000000036932100010000000000000000000000ffff00000000008656aaa79bb94b46fe0000000700020800008c0000036c6c256f1a272f2e117c22ebc205214000000080008934d07302ade01720d7d5bbc91a3e2e80772c74fb2cc56ce1f0f156272f5b00000005defd5a32e2082038f4f8b29d3ef3d92c8334b3863032301748b6e4170e5bbab2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b170083df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429dd3000175e63fb8d38a873cf10000000000f7", 0xfc) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000250800000000000000000a000000", @ANYRES32=r6, @ANYBLOB="000000000000001020137147db08000a0010000000"], 0x28}}, 0x0) connect$packet(r2, &(0x7f0000000000)={0x11, 0x1b, r6, 0x1, 0x3f, 0x6, @random="58a257b71a42"}, 0x14) [ 379.618205][ T9076] netlink: 180 bytes leftover after parsing attributes in process `syz-executor.0'. [ 379.643500][ T9071] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 379.668554][ T9071] bond2 (uninitialized): Released all slaves [ 379.716145][ T9079] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 379.897290][ T9076] netlink: 180 bytes leftover after parsing attributes in process `syz-executor.0'. [ 379.929413][ T9082] not chained 30000 origins [ 379.933968][ T9082] CPU: 1 PID: 9082 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 379.942553][ T9082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.952613][ T9082] Call Trace: [ 379.955930][ T9082] dump_stack+0x1df/0x240 [ 379.960273][ T9082] kmsan_internal_chain_origin+0x6f/0x130 [ 379.966013][ T9082] ? is_module_text_address+0x4d/0x2a0 [ 379.971475][ T9082] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 379.977296][ T9082] ? __kernel_text_address+0x171/0x2d0 [ 379.982809][ T9082] ? unwind_get_return_address+0x8c/0x130 [ 379.988569][ T9082] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 379.994660][ T9082] ? arch_stack_walk+0x2a2/0x3e0 [ 379.999615][ T9082] ? stack_trace_save+0x1a0/0x1a0 [ 380.004667][ T9082] ? kmsan_get_metadata+0x4f/0x180 [ 380.009796][ T9082] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 380.015618][ T9082] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 380.021708][ T9082] ? stack_trace_save+0x123/0x1a0 [ 380.026751][ T9082] ? kmsan_get_metadata+0x11d/0x180 [ 380.031963][ T9082] __msan_chain_origin+0x50/0x90 [ 380.036967][ T9082] rmd256_transform+0x439d/0x4440 [ 380.042025][ T9082] ? rds_send_probe+0x9e1/0xe80 [ 380.046971][ T9082] rmd256_update+0x343/0x4f0 [ 380.051591][ T9082] ? rmd256_init+0x260/0x260 [ 380.056196][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.061321][ T9082] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 380.067506][ T9082] ? crypto_hash_walk_first+0x1fd/0x360 [ 380.073067][ T9082] ? kmsan_get_metadata+0x4f/0x180 [ 380.078196][ T9082] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 380.084020][ T9082] shash_async_update+0x113/0x1d0 [ 380.089065][ T9082] ? shash_async_init+0x1e0/0x1e0 [ 380.094101][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.098708][ T9082] ? hash_recvmsg+0xd30/0xd30 [ 380.103397][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.108007][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.112868][ T9082] ? sock_fasync+0x250/0x250 [ 380.117479][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.122518][ T9082] ? generic_splice_sendpage+0x2d0/0x2d0 [ 380.128181][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.133670][ T9082] ? iter_file_splice_write+0x1800/0x1800 [ 380.139410][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.144544][ T9082] ? kmsan_get_metadata+0x4f/0x180 [ 380.149681][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.155148][ T9082] ? do_splice_direct+0x580/0x580 [ 380.160199][ T9082] do_splice_direct+0x342/0x580 [ 380.165074][ T9082] do_sendfile+0x101b/0x1d40 [ 380.169696][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.174818][ T9082] ? kmsan_get_metadata+0x4f/0x180 [ 380.179943][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.184976][ T9082] do_syscall_64+0xb0/0x150 [ 380.189497][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.195394][ T9082] RIP: 0033:0x45c1d9 [ 380.199279][ T9082] Code: Bad RIP value. [ 380.203343][ T9082] RSP: 002b:00007fb8bb5f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 380.211760][ T9082] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 380.219736][ T9082] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 380.227711][ T9082] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 380.235693][ T9082] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078c04c [ 380.243677][ T9082] R13: 0000000000c9fb6f R14: 00007fb8bb5f99c0 R15: 000000000078c04c [ 380.251662][ T9082] Uninit was stored to memory at: [ 380.256701][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.262425][ T9082] __msan_chain_origin+0x50/0x90 [ 380.267366][ T9082] rmd256_transform+0x439d/0x4440 [ 380.272387][ T9082] rmd256_update+0x343/0x4f0 [ 380.276976][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.282085][ T9082] shash_async_update+0x113/0x1d0 [ 380.287109][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.291701][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.296296][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.301149][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.306176][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.311645][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.316768][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.322143][ T9082] do_splice_direct+0x342/0x580 [ 380.326995][ T9082] do_sendfile+0x101b/0x1d40 [ 380.331595][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.336713][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.341745][ T9082] do_syscall_64+0xb0/0x150 [ 380.346258][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.352141][ T9082] [ 380.354464][ T9082] Uninit was stored to memory at: [ 380.359500][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.365223][ T9082] __msan_chain_origin+0x50/0x90 [ 380.370170][ T9082] rmd256_transform+0x439d/0x4440 [ 380.375198][ T9082] rmd256_update+0x343/0x4f0 [ 380.379789][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.384900][ T9082] shash_async_update+0x113/0x1d0 [ 380.389921][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.394511][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.399103][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.403953][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.408982][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.414491][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.419612][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.424991][ T9082] do_splice_direct+0x342/0x580 [ 380.429842][ T9082] do_sendfile+0x101b/0x1d40 [ 380.434440][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.439557][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.444590][ T9082] do_syscall_64+0xb0/0x150 [ 380.449096][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.454980][ T9082] [ 380.457304][ T9082] Uninit was stored to memory at: [ 380.462335][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.468059][ T9082] __msan_chain_origin+0x50/0x90 [ 380.473002][ T9082] rmd256_transform+0x439d/0x4440 [ 380.478036][ T9082] rmd256_update+0x343/0x4f0 [ 380.482636][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.487753][ T9082] shash_async_update+0x113/0x1d0 [ 380.492785][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.497823][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.502421][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.507285][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.512327][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.517798][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.522921][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.528306][ T9082] do_splice_direct+0x342/0x580 [ 380.533170][ T9082] do_sendfile+0x101b/0x1d40 [ 380.537768][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.542887][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.547919][ T9082] do_syscall_64+0xb0/0x150 [ 380.552436][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.558321][ T9082] [ 380.560641][ T9082] Uninit was stored to memory at: [ 380.565678][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.571402][ T9082] __msan_chain_origin+0x50/0x90 [ 380.576349][ T9082] rmd256_transform+0x439d/0x4440 [ 380.581379][ T9082] rmd256_update+0x343/0x4f0 [ 380.585974][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.591087][ T9082] shash_async_update+0x113/0x1d0 [ 380.596118][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.600722][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.605318][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.610176][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.615209][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.620675][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.625794][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.631173][ T9082] do_splice_direct+0x342/0x580 [ 380.636028][ T9082] do_sendfile+0x101b/0x1d40 [ 380.640619][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.645730][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.650760][ T9082] do_syscall_64+0xb0/0x150 [ 380.655273][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.663175][ T9082] [ 380.665513][ T9082] Uninit was stored to memory at: [ 380.670553][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.676289][ T9082] __msan_chain_origin+0x50/0x90 [ 380.681237][ T9082] rmd256_transform+0x439d/0x4440 [ 380.686273][ T9082] rmd256_update+0x343/0x4f0 [ 380.690865][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.695989][ T9082] shash_async_update+0x113/0x1d0 [ 380.701032][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.705637][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.710239][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.715098][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.720130][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.725597][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.730796][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.736169][ T9082] do_splice_direct+0x342/0x580 [ 380.741020][ T9082] do_sendfile+0x101b/0x1d40 [ 380.745614][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.750723][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.755757][ T9082] do_syscall_64+0xb0/0x150 [ 380.760268][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.766154][ T9082] [ 380.768476][ T9082] Uninit was stored to memory at: [ 380.773508][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.779231][ T9082] __msan_chain_origin+0x50/0x90 [ 380.784177][ T9082] rmd256_transform+0x439d/0x4440 [ 380.789208][ T9082] rmd256_update+0x227/0x4f0 [ 380.793802][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.798918][ T9082] shash_async_update+0x113/0x1d0 [ 380.803947][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.808543][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.813145][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.818001][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.823031][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.828501][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.833622][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.838998][ T9082] do_splice_direct+0x342/0x580 [ 380.843880][ T9082] do_sendfile+0x101b/0x1d40 [ 380.848478][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.853592][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.858623][ T9082] do_syscall_64+0xb0/0x150 [ 380.863170][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.869059][ T9082] [ 380.871382][ T9082] Uninit was stored to memory at: [ 380.876415][ T9082] kmsan_internal_chain_origin+0xad/0x130 [ 380.882143][ T9082] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 380.888129][ T9082] kmsan_memcpy_metadata+0xb/0x10 [ 380.893152][ T9082] __msan_memcpy+0x43/0x50 [ 380.897570][ T9082] rmd256_update+0x1fc/0x4f0 [ 380.902156][ T9082] crypto_shash_update+0x4e9/0x550 [ 380.907271][ T9082] shash_async_update+0x113/0x1d0 [ 380.912292][ T9082] hash_sendpage+0x8ef/0xdf0 [ 380.916890][ T9082] sock_sendpage+0x1e1/0x2c0 [ 380.921488][ T9082] pipe_to_sendpage+0x38c/0x4c0 [ 380.926350][ T9082] __splice_from_pipe+0x565/0xf00 [ 380.932338][ T9082] generic_splice_sendpage+0x1d5/0x2d0 [ 380.937807][ T9082] direct_splice_actor+0x1fd/0x580 [ 380.946244][ T9082] splice_direct_to_actor+0x6b2/0xf50 [ 380.951627][ T9082] do_splice_direct+0x342/0x580 [ 380.956485][ T9082] do_sendfile+0x101b/0x1d40 [ 380.961080][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 380.966197][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 380.971224][ T9082] do_syscall_64+0xb0/0x150 [ 380.975730][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.981613][ T9082] [ 380.983935][ T9082] Uninit was created at: [ 380.988183][ T9082] kmsan_save_stack_with_flags+0x3c/0x90 [ 380.993848][ T9082] kmsan_alloc_page+0xb9/0x180 [ 380.998619][ T9082] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 381.004172][ T9082] alloc_pages_current+0x672/0x990 [ 381.009284][ T9082] push_pipe+0x605/0xb70 [ 381.013615][ T9082] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 381.019337][ T9082] do_splice_to+0x4fc/0x14f0 [ 381.024021][ T9082] splice_direct_to_actor+0x45c/0xf50 [ 381.029399][ T9082] do_splice_direct+0x342/0x580 [ 381.034255][ T9082] do_sendfile+0x101b/0x1d40 [ 381.038845][ T9082] __se_sys_sendfile64+0x2bb/0x360 [ 381.043959][ T9082] __x64_sys_sendfile64+0x56/0x70 [ 381.048988][ T9082] do_syscall_64+0xb0/0x150 [ 381.053497][ T9082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 381.084845][ T9079] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 19:18:27 executing program 1: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='/\x00') openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x102, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r7, r8, 0x0, 0x1000007ffff000) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, 0x0, 0x400, 0x70bd25, 0x7f, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x108}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x400}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4290}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8, 0x1, r5}, {0x8, 0x1, r7}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x78}, 0x1, 0x0, 0x0, 0x4044011}, 0x1) [ 382.327454][ T9086] not chained 40000 origins [ 382.332017][ T9086] CPU: 1 PID: 9086 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 382.340604][ T9086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 382.350665][ T9086] Call Trace: [ 382.353972][ T9086] dump_stack+0x1df/0x240 [ 382.358320][ T9086] kmsan_internal_chain_origin+0x6f/0x130 [ 382.364061][ T9086] ? is_module_text_address+0x4d/0x2a0 [ 382.369530][ T9086] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 382.375398][ T9086] ? __kernel_text_address+0x171/0x2d0 [ 382.380876][ T9086] ? unwind_get_return_address+0x8c/0x130 [ 382.386614][ T9086] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 382.392700][ T9086] ? arch_stack_walk+0x2a2/0x3e0 [ 382.397653][ T9086] ? stack_trace_save+0x1a0/0x1a0 [ 382.402697][ T9086] ? kmsan_get_metadata+0x4f/0x180 [ 382.407832][ T9086] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 382.413654][ T9086] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 382.419735][ T9086] ? stack_trace_save+0x123/0x1a0 [ 382.424776][ T9086] ? kmsan_get_metadata+0x11d/0x180 [ 382.429990][ T9086] __msan_chain_origin+0x50/0x90 [ 382.434946][ T9086] rmd256_transform+0x439d/0x4440 [ 382.440038][ T9086] rmd256_update+0x343/0x4f0 [ 382.444656][ T9086] ? rmd256_init+0x260/0x260 [ 382.449258][ T9086] crypto_shash_update+0x4e9/0x550 [ 382.454390][ T9086] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 382.460568][ T9086] ? crypto_hash_walk_first+0x1fd/0x360 [ 382.466128][ T9086] ? kmsan_get_metadata+0x4f/0x180 [ 382.471250][ T9086] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 382.477074][ T9086] shash_async_update+0x113/0x1d0 [ 382.482118][ T9086] ? shash_async_init+0x1e0/0x1e0 [ 382.487150][ T9086] hash_sendpage+0x8ef/0xdf0 [ 382.491755][ T9086] ? hash_recvmsg+0xd30/0xd30 [ 382.496886][ T9086] sock_sendpage+0x1e1/0x2c0 [ 382.501497][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 382.506359][ T9086] ? sock_fasync+0x250/0x250 [ 382.510974][ T9086] __splice_from_pipe+0x565/0xf00 [ 382.516012][ T9086] ? generic_splice_sendpage+0x2d0/0x2d0 [ 382.521676][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 382.527160][ T9086] ? iter_file_splice_write+0x1800/0x1800 [ 382.532888][ T9086] direct_splice_actor+0x1fd/0x580 [ 382.538014][ T9086] ? kmsan_get_metadata+0x4f/0x180 [ 382.543148][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 382.548614][ T9086] ? do_splice_direct+0x580/0x580 [ 382.553671][ T9086] do_splice_direct+0x342/0x580 [ 382.558545][ T9086] do_sendfile+0x101b/0x1d40 [ 382.563161][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 382.568281][ T9086] ? kmsan_get_metadata+0x4f/0x180 [ 382.573406][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 382.578441][ T9086] do_syscall_64+0xb0/0x150 [ 382.582965][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 382.588864][ T9086] RIP: 0033:0x45c1d9 [ 382.592753][ T9086] Code: Bad RIP value. [ 382.596823][ T9086] RSP: 002b:00007f22a3179c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 382.605248][ T9086] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 382.613231][ T9086] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000008 [ 382.621212][ T9086] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 382.629194][ T9086] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 382.637176][ T9086] R13: 0000000000c9fb6f R14: 00007f22a317a9c0 R15: 000000000078bfac [ 382.645162][ T9086] Uninit was stored to memory at: [ 382.650202][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 382.656192][ T9086] __msan_chain_origin+0x50/0x90 [ 382.661135][ T9086] rmd256_transform+0x439d/0x4440 [ 382.666164][ T9086] rmd256_update+0x343/0x4f0 [ 382.670755][ T9086] crypto_shash_update+0x4e9/0x550 [ 382.675872][ T9086] shash_async_update+0x113/0x1d0 [ 382.680905][ T9086] hash_sendpage+0x8ef/0xdf0 [ 382.685504][ T9086] sock_sendpage+0x1e1/0x2c0 [ 382.690119][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 382.694984][ T9086] __splice_from_pipe+0x565/0xf00 [ 382.700020][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 382.705492][ T9086] direct_splice_actor+0x1fd/0x580 [ 382.710616][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 382.716171][ T9086] do_splice_direct+0x342/0x580 [ 382.721026][ T9086] do_sendfile+0x101b/0x1d40 [ 382.725626][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 382.730739][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 382.736755][ T9086] do_syscall_64+0xb0/0x150 [ 382.741269][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 382.747152][ T9086] [ 382.749568][ T9086] Uninit was stored to memory at: [ 382.754604][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 382.760337][ T9086] __msan_chain_origin+0x50/0x90 [ 382.765286][ T9086] rmd256_transform+0x439d/0x4440 [ 382.770323][ T9086] rmd256_update+0x343/0x4f0 [ 382.774916][ T9086] crypto_shash_update+0x4e9/0x550 [ 382.780029][ T9086] shash_async_update+0x113/0x1d0 [ 382.785064][ T9086] hash_sendpage+0x8ef/0xdf0 [ 382.789667][ T9086] sock_sendpage+0x1e1/0x2c0 [ 382.794264][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 382.799123][ T9086] __splice_from_pipe+0x565/0xf00 [ 382.804152][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 382.809624][ T9086] direct_splice_actor+0x1fd/0x580 [ 382.814748][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 382.820130][ T9086] do_splice_direct+0x342/0x580 [ 382.824988][ T9086] do_sendfile+0x101b/0x1d40 [ 382.829583][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 382.834709][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 382.839750][ T9086] do_syscall_64+0xb0/0x150 [ 382.844260][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 382.850145][ T9086] [ 382.852468][ T9086] Uninit was stored to memory at: [ 382.857503][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 382.863227][ T9086] __msan_chain_origin+0x50/0x90 [ 382.868177][ T9086] rmd256_transform+0x439d/0x4440 [ 382.873211][ T9086] rmd256_update+0x343/0x4f0 [ 382.877804][ T9086] crypto_shash_update+0x4e9/0x550 [ 382.882918][ T9086] shash_async_update+0x113/0x1d0 [ 382.887949][ T9086] hash_sendpage+0x8ef/0xdf0 [ 382.892553][ T9086] sock_sendpage+0x1e1/0x2c0 [ 382.897151][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 382.902007][ T9086] __splice_from_pipe+0x565/0xf00 [ 382.907040][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 382.912512][ T9086] direct_splice_actor+0x1fd/0x580 [ 382.917634][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 382.923015][ T9086] do_splice_direct+0x342/0x580 [ 382.927867][ T9086] do_sendfile+0x101b/0x1d40 [ 382.932455][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 382.937562][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 382.942585][ T9086] do_syscall_64+0xb0/0x150 [ 382.947104][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 382.952990][ T9086] [ 382.955313][ T9086] Uninit was stored to memory at: [ 382.960346][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 382.966066][ T9086] __msan_chain_origin+0x50/0x90 [ 382.971013][ T9086] rmd256_transform+0x439d/0x4440 [ 382.976045][ T9086] rmd256_update+0x343/0x4f0 [ 382.980640][ T9086] crypto_shash_update+0x4e9/0x550 [ 382.985754][ T9086] shash_async_update+0x113/0x1d0 [ 382.990785][ T9086] hash_sendpage+0x8ef/0xdf0 [ 382.995380][ T9086] sock_sendpage+0x1e1/0x2c0 [ 382.999974][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 383.004829][ T9086] __splice_from_pipe+0x565/0xf00 [ 383.009855][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 383.015324][ T9086] direct_splice_actor+0x1fd/0x580 [ 383.020445][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 383.025825][ T9086] do_splice_direct+0x342/0x580 [ 383.030676][ T9086] do_sendfile+0x101b/0x1d40 [ 383.035274][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 383.040398][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 383.045430][ T9086] do_syscall_64+0xb0/0x150 [ 383.049941][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 383.055833][ T9086] [ 383.058161][ T9086] Uninit was stored to memory at: [ 383.063190][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 383.068913][ T9086] __msan_chain_origin+0x50/0x90 [ 383.073836][ T9086] rmd256_transform+0x439d/0x4440 [ 383.078847][ T9086] rmd256_update+0x343/0x4f0 [ 383.083429][ T9086] crypto_shash_update+0x4e9/0x550 [ 383.088523][ T9086] shash_async_update+0x113/0x1d0 [ 383.093546][ T9086] hash_sendpage+0x8ef/0xdf0 [ 383.098126][ T9086] sock_sendpage+0x1e1/0x2c0 [ 383.102704][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 383.107542][ T9086] __splice_from_pipe+0x565/0xf00 [ 383.112552][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 383.117996][ T9086] direct_splice_actor+0x1fd/0x580 [ 383.123098][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 383.128455][ T9086] do_splice_direct+0x342/0x580 [ 383.133313][ T9086] do_sendfile+0x101b/0x1d40 [ 383.137886][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 383.142983][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 383.147999][ T9086] do_syscall_64+0xb0/0x150 [ 383.152490][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 383.158359][ T9086] [ 383.160670][ T9086] Uninit was stored to memory at: [ 383.165681][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 383.171405][ T9086] __msan_chain_origin+0x50/0x90 [ 383.176335][ T9086] rmd256_transform+0x439d/0x4440 [ 383.181344][ T9086] rmd256_update+0x227/0x4f0 [ 383.185920][ T9086] crypto_shash_update+0x4e9/0x550 [ 383.191037][ T9086] shash_async_update+0x113/0x1d0 [ 383.196046][ T9086] hash_sendpage+0x8ef/0xdf0 [ 383.200621][ T9086] sock_sendpage+0x1e1/0x2c0 [ 383.205205][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 383.210041][ T9086] __splice_from_pipe+0x565/0xf00 [ 383.215140][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 383.220585][ T9086] direct_splice_actor+0x1fd/0x580 [ 383.225682][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 383.231055][ T9086] do_splice_direct+0x342/0x580 [ 383.235895][ T9086] do_sendfile+0x101b/0x1d40 [ 383.240486][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 383.245581][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 383.250595][ T9086] do_syscall_64+0xb0/0x150 [ 383.255092][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 383.260965][ T9086] [ 383.263277][ T9086] Uninit was stored to memory at: [ 383.268286][ T9086] kmsan_internal_chain_origin+0xad/0x130 [ 383.273990][ T9086] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 383.279953][ T9086] kmsan_memcpy_metadata+0xb/0x10 [ 383.284961][ T9086] __msan_memcpy+0x43/0x50 [ 383.289363][ T9086] rmd256_update+0x1fc/0x4f0 [ 383.293937][ T9086] crypto_shash_update+0x4e9/0x550 [ 383.299031][ T9086] shash_async_update+0x113/0x1d0 [ 383.304037][ T9086] hash_sendpage+0x8ef/0xdf0 [ 383.308613][ T9086] sock_sendpage+0x1e1/0x2c0 [ 383.313189][ T9086] pipe_to_sendpage+0x38c/0x4c0 [ 383.318132][ T9086] __splice_from_pipe+0x565/0xf00 [ 383.323142][ T9086] generic_splice_sendpage+0x1d5/0x2d0 [ 383.328606][ T9086] direct_splice_actor+0x1fd/0x580 [ 383.333702][ T9086] splice_direct_to_actor+0x6b2/0xf50 [ 383.339056][ T9086] do_splice_direct+0x342/0x580 [ 383.343902][ T9086] do_sendfile+0x101b/0x1d40 [ 383.348476][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 383.353571][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 383.358579][ T9086] do_syscall_64+0xb0/0x150 [ 383.363075][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 383.368947][ T9086] [ 383.371257][ T9086] Uninit was created at: [ 383.375486][ T9086] kmsan_save_stack_with_flags+0x3c/0x90 [ 383.381452][ T9086] kmsan_alloc_page+0xb9/0x180 [ 383.386200][ T9086] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 383.391729][ T9086] alloc_pages_current+0x672/0x990 [ 383.396822][ T9086] push_pipe+0x605/0xb70 [ 383.401048][ T9086] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 383.406753][ T9086] do_splice_to+0x4fc/0x14f0 [ 383.411329][ T9086] splice_direct_to_actor+0x45c/0xf50 [ 383.416686][ T9086] do_splice_direct+0x342/0x580 [ 383.421521][ T9086] do_sendfile+0x101b/0x1d40 [ 383.426100][ T9086] __se_sys_sendfile64+0x2bb/0x360 [ 383.431193][ T9086] __x64_sys_sendfile64+0x56/0x70 [ 383.436202][ T9086] do_syscall_64+0xb0/0x150 [ 383.440693][ T9086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:18:29 executing program 0: r0 = epoll_create1(0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r5 = getpid() rt_tgsigqueueinfo(r5, r5, 0x15, &(0x7f00000000c0)) ptrace(0x10, r5) ptrace$getregset(0x4204, r5, 0x2, &(0x7f0000000180)={0x0}) r6 = getpid() rt_tgsigqueueinfo(r6, r6, 0x15, &(0x7f00000000c0)) ptrace(0x10, r6) ptrace$getregset(0x4204, r6, 0x2, &(0x7f0000000180)={0x0}) r7 = getpid() write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r6, @ANYRESOCT=r7, @ANYBLOB="5ddc531a7a841300e841583820829b3705316a0f60efd051b9683eecf551e47b8fbe4a4c608c35ab95b06e25eff8650e9a8be2a7070091af4959614120bdcfbd65ca840c364a4a187e83e00d6212f01774eee43daf9f2976d8ebac7bc11c72925c9d7bea871b69a255d265054d9a25c3440dda79a793b5ee310cc6a25f84735bd6ebcdf1b907b829e09b7f2d439517ac2283", @ANYRES32, @ANYRES16, @ANYRESDEC, @ANYRESDEC, @ANYRES32=r3, @ANYRESHEX], 0x12e) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x60002009}) epoll_wait(r0, &(0x7f0000000000), 0x15, 0x0) [ 383.798347][ T9092] not chained 50000 origins [ 383.802905][ T9092] CPU: 1 PID: 9092 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 383.811491][ T9092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.821551][ T9092] Call Trace: [ 383.824859][ T9092] dump_stack+0x1df/0x240 [ 383.829203][ T9092] kmsan_internal_chain_origin+0x6f/0x130 [ 383.834968][ T9092] ? is_module_text_address+0x4d/0x2a0 [ 383.840435][ T9092] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 383.846258][ T9092] ? __kernel_text_address+0x171/0x2d0 [ 383.851724][ T9092] ? unwind_get_return_address+0x8c/0x130 [ 383.857453][ T9092] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 383.863657][ T9092] ? arch_stack_walk+0x2a2/0x3e0 [ 383.868605][ T9092] ? stack_trace_save+0x1a0/0x1a0 [ 383.873650][ T9092] ? kmsan_get_metadata+0x4f/0x180 [ 383.878770][ T9092] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 383.884590][ T9092] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 383.890664][ T9092] ? stack_trace_save+0x123/0x1a0 [ 383.895698][ T9092] ? kmsan_get_metadata+0x11d/0x180 [ 383.900903][ T9092] __msan_chain_origin+0x50/0x90 [ 383.905943][ T9092] rmd256_transform+0x439d/0x4440 [ 383.911022][ T9092] rmd256_update+0x343/0x4f0 [ 383.915632][ T9092] ? rmd256_init+0x260/0x260 [ 383.920223][ T9092] crypto_shash_update+0x4e9/0x550 [ 383.925338][ T9092] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 383.931512][ T9092] ? crypto_hash_walk_first+0x1fd/0x360 [ 383.937058][ T9092] ? kmsan_get_metadata+0x4f/0x180 [ 383.942175][ T9092] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 383.947989][ T9092] shash_async_update+0x113/0x1d0 [ 383.953027][ T9092] ? shash_async_init+0x1e0/0x1e0 [ 383.958061][ T9092] hash_sendpage+0x8ef/0xdf0 [ 383.964580][ T9092] ? hash_recvmsg+0xd30/0xd30 [ 383.969271][ T9092] sock_sendpage+0x1e1/0x2c0 [ 383.973882][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 383.978746][ T9092] ? sock_fasync+0x250/0x250 [ 383.983360][ T9092] __splice_from_pipe+0x565/0xf00 [ 383.988397][ T9092] ? generic_splice_sendpage+0x2d0/0x2d0 [ 383.994065][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 383.999546][ T9092] ? iter_file_splice_write+0x1800/0x1800 [ 384.005276][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.010409][ T9092] ? kmsan_get_metadata+0x4f/0x180 [ 384.015537][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.020940][ T9092] ? do_splice_direct+0x580/0x580 [ 384.025994][ T9092] do_splice_direct+0x342/0x580 [ 384.030867][ T9092] do_sendfile+0x101b/0x1d40 [ 384.035498][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.040618][ T9092] ? kmsan_get_metadata+0x4f/0x180 [ 384.045752][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.050825][ T9092] do_syscall_64+0xb0/0x150 [ 384.055344][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.061241][ T9092] RIP: 0033:0x45c1d9 [ 384.065130][ T9092] Code: Bad RIP value. [ 384.069281][ T9092] RSP: 002b:00007fb8bb63ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 384.077699][ T9092] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 384.085675][ T9092] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 384.093656][ T9092] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 384.101638][ T9092] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 384.109619][ T9092] R13: 0000000000c9fb6f R14: 00007fb8bb63b9c0 R15: 000000000078bf0c [ 384.117611][ T9092] Uninit was stored to memory at: [ 384.122657][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.128385][ T9092] __msan_chain_origin+0x50/0x90 [ 384.133333][ T9092] rmd256_transform+0x439d/0x4440 [ 384.138361][ T9092] rmd256_update+0x343/0x4f0 [ 384.142958][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.148077][ T9092] shash_async_update+0x113/0x1d0 [ 384.153107][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.157705][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.162301][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.167157][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.172188][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.177661][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.182777][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.188164][ T9092] do_splice_direct+0x342/0x580 [ 384.193022][ T9092] do_sendfile+0x101b/0x1d40 [ 384.197617][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.202737][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.207770][ T9092] do_syscall_64+0xb0/0x150 [ 384.212281][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.218168][ T9092] [ 384.220494][ T9092] Uninit was stored to memory at: [ 384.225528][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.231253][ T9092] __msan_chain_origin+0x50/0x90 [ 384.236198][ T9092] rmd256_transform+0x439d/0x4440 [ 384.241229][ T9092] rmd256_update+0x343/0x4f0 [ 384.245822][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.250933][ T9092] shash_async_update+0x113/0x1d0 [ 384.255961][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.260557][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.265151][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.270007][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.275041][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.280505][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.285619][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.291002][ T9092] do_splice_direct+0x342/0x580 [ 384.295858][ T9092] do_sendfile+0x101b/0x1d40 [ 384.300448][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.305578][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.310613][ T9092] do_syscall_64+0xb0/0x150 [ 384.315128][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.321009][ T9092] [ 384.323332][ T9092] Uninit was stored to memory at: [ 384.328362][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.334083][ T9092] __msan_chain_origin+0x50/0x90 [ 384.339028][ T9092] rmd256_transform+0x439d/0x4440 [ 384.344059][ T9092] rmd256_update+0x343/0x4f0 [ 384.348661][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.353778][ T9092] shash_async_update+0x113/0x1d0 [ 384.358810][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.363405][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.368001][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.372857][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.377884][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.383346][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.388464][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.393839][ T9092] do_splice_direct+0x342/0x580 [ 384.398694][ T9092] do_sendfile+0x101b/0x1d40 [ 384.403290][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.408405][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.413437][ T9092] do_syscall_64+0xb0/0x150 [ 384.417955][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.423839][ T9092] [ 384.426163][ T9092] Uninit was stored to memory at: [ 384.431291][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.437019][ T9092] __msan_chain_origin+0x50/0x90 [ 384.441963][ T9092] rmd256_transform+0x439d/0x4440 [ 384.446994][ T9092] rmd256_update+0x343/0x4f0 [ 384.451599][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.456726][ T9092] shash_async_update+0x113/0x1d0 [ 384.461753][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.466354][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.470953][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.475816][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.480865][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.486333][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.491459][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.496843][ T9092] do_splice_direct+0x342/0x580 [ 384.501709][ T9092] do_sendfile+0x101b/0x1d40 [ 384.506311][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.511437][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.516474][ T9092] do_syscall_64+0xb0/0x150 [ 384.521001][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.526890][ T9092] [ 384.529217][ T9092] Uninit was stored to memory at: [ 384.534255][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.539983][ T9092] __msan_chain_origin+0x50/0x90 [ 384.544929][ T9092] rmd256_transform+0x439d/0x4440 [ 384.549961][ T9092] rmd256_update+0x343/0x4f0 [ 384.554555][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.559674][ T9092] shash_async_update+0x113/0x1d0 [ 384.564706][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.569301][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.573901][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.578761][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.583797][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.589271][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.594394][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.599781][ T9092] do_splice_direct+0x342/0x580 [ 384.604654][ T9092] do_sendfile+0x101b/0x1d40 [ 384.609251][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.614370][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.619406][ T9092] do_syscall_64+0xb0/0x150 [ 384.623920][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.629807][ T9092] [ 384.632137][ T9092] Uninit was stored to memory at: [ 384.637691][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.643420][ T9092] __msan_chain_origin+0x50/0x90 [ 384.648370][ T9092] rmd256_transform+0x439d/0x4440 [ 384.653404][ T9092] rmd256_update+0x227/0x4f0 [ 384.658012][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.663134][ T9092] shash_async_update+0x113/0x1d0 [ 384.668170][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.672780][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.677380][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.682238][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.687277][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.692755][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.697883][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.703271][ T9092] do_splice_direct+0x342/0x580 [ 384.708131][ T9092] do_sendfile+0x101b/0x1d40 [ 384.712730][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.717857][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.722894][ T9092] do_syscall_64+0xb0/0x150 [ 384.727409][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.733295][ T9092] [ 384.736238][ T9092] Uninit was stored to memory at: [ 384.741276][ T9092] kmsan_internal_chain_origin+0xad/0x130 [ 384.747008][ T9092] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 384.752996][ T9092] kmsan_memcpy_metadata+0xb/0x10 [ 384.758025][ T9092] __msan_memcpy+0x43/0x50 [ 384.762450][ T9092] rmd256_update+0x1fc/0x4f0 [ 384.767042][ T9092] crypto_shash_update+0x4e9/0x550 [ 384.772156][ T9092] shash_async_update+0x113/0x1d0 [ 384.777307][ T9092] hash_sendpage+0x8ef/0xdf0 [ 384.781906][ T9092] sock_sendpage+0x1e1/0x2c0 [ 384.786504][ T9092] pipe_to_sendpage+0x38c/0x4c0 [ 384.791367][ T9092] __splice_from_pipe+0x565/0xf00 [ 384.796398][ T9092] generic_splice_sendpage+0x1d5/0x2d0 [ 384.801957][ T9092] direct_splice_actor+0x1fd/0x580 [ 384.807078][ T9092] splice_direct_to_actor+0x6b2/0xf50 [ 384.812456][ T9092] do_splice_direct+0x342/0x580 [ 384.817313][ T9092] do_sendfile+0x101b/0x1d40 [ 384.821909][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.827028][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.832060][ T9092] do_syscall_64+0xb0/0x150 [ 384.836583][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 384.842472][ T9092] [ 384.844803][ T9092] Uninit was created at: [ 384.849053][ T9092] kmsan_save_stack_with_flags+0x3c/0x90 [ 384.854695][ T9092] kmsan_alloc_page+0xb9/0x180 [ 384.859463][ T9092] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 384.865018][ T9092] alloc_pages_current+0x672/0x990 [ 384.870132][ T9092] push_pipe+0x605/0xb70 [ 384.874380][ T9092] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 384.880110][ T9092] do_splice_to+0x4fc/0x14f0 [ 384.884708][ T9092] splice_direct_to_actor+0x45c/0xf50 [ 384.890086][ T9092] do_splice_direct+0x342/0x580 [ 384.894942][ T9092] do_sendfile+0x101b/0x1d40 [ 384.899540][ T9092] __se_sys_sendfile64+0x2bb/0x360 [ 384.904660][ T9092] __x64_sys_sendfile64+0x56/0x70 [ 384.909690][ T9092] do_syscall_64+0xb0/0x150 [ 384.914202][ T9092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:18:30 executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28081) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_GET_SPEED(r0, 0x551f) r1 = dup(r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x44, r3, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @dev={0xac, 0x44}}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}]}, 0x44}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x20000010) ioctl$USBDEVFS_SETCONFIGURATION(r0, 0x80045505, 0x0) madvise(&(0x7f00003a8000/0x2000)=nil, 0x2000, 0x10) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4020) 19:18:30 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x2, 0x15, 0x0, 0x7, 0x24, 0x0, 0x70bd28, 0x25dfdbfc, [@sadb_x_nat_t_port={0x1, 0x15, 0x4e20}, @sadb_spirange={0x2, 0x10, 0x4d2, 0x4d3}, @sadb_key={0x1f, 0x8, 0x768, 0x0, "5861d673b544a8292358efeccb080177a362fd73ec78e8f28aa0797ff1a240094a354ba03008d9ca064f93283f9a9f8e499d650b05adc8932eb4a2c364c1e010519bea36650798c4b043212c6bfb899ccacff23c7912bde3dd00adb67ed9cb9a483650b09e97cde02249f786565d9c0ebb8b54c97a46f708857379afb75e3795c4dbff1687261a74af5583e158171075802cd6752d58b6edc5ef2e0aea3bec563f2120b0d98ea92e9ad330db3e06ecc7155f2573868476990a55fe5fc33593bcf50cc7c887eaf8632691218be45b901edc852fee8d7413580f79245bd70b8247ebba90e8adface9023e504b1df"}]}, 0x120}}, 0x1) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0x3, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_x_sa2={0x2, 0x13, 0xc0}]}, 0x60}}, 0x0) 19:18:31 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x400, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x1ff) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x15, &(0x7f00000000c0)) ptrace(0x10, r3) ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000180)={0x0}) r4 = syz_open_procfs(r3, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x204, 0x6, 0x400, 0x1b, "a1970c9f984858c8"}) write(r4, &(0x7f0000000240)="fc00000048e6071f8a092504090007000aab6000000000000000e293210001c0000000000000000000008adb3e6881ffff0000000000001ec28656aaa79bf87c5d27aa2f029f000200000300f91151ffd633d4b40c0aa89c03c1ad54325950000000e51acf3d64efcab8481ac69a2d5aafd18064b1ed548d59c40a366c57c6a55e00000100d07302ad7e2685548377b6f83e2e030884bf073d054ae280fc83ab820f06f70cce190a60aa47e98839971592064e763b6f380f6dd92c83170e5bba4a463a1e00566f91cfcc15162731da08d1226b14d243f2564ea45b41577d0542ed94e0ad91bd0734babc7c737de583df0200000000000000a6b567b4d5715587e6d8a1ad0a4f0108a8835d73", 0x10c) fremovexattr(0xffffffffffffffff, &(0x7f0000000140)=@random={'trusted.', 'hash\x00'}) [ 385.787637][ T9109] Unknown ioctl 9218 [ 385.974228][ T9109] not chained 60000 origins [ 385.978801][ T9109] CPU: 0 PID: 9109 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 385.987394][ T9109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.997463][ T9109] Call Trace: [ 386.000772][ T9109] dump_stack+0x1df/0x240 [ 386.005126][ T9109] kmsan_internal_chain_origin+0x6f/0x130 [ 386.010873][ T9109] ? is_module_text_address+0x4d/0x2a0 [ 386.016351][ T9109] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 386.022182][ T9109] ? __kernel_text_address+0x171/0x2d0 [ 386.027656][ T9109] ? unwind_get_return_address+0x8c/0x130 [ 386.033398][ T9109] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.039489][ T9109] ? arch_stack_walk+0x2a2/0x3e0 [ 386.044442][ T9109] ? stack_trace_save+0x1a0/0x1a0 [ 386.049490][ T9109] ? kmsan_get_metadata+0x4f/0x180 [ 386.054618][ T9109] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 386.060436][ T9109] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 386.066518][ T9109] ? stack_trace_save+0x123/0x1a0 [ 386.071569][ T9109] ? kmsan_get_metadata+0x11d/0x180 [ 386.076782][ T9109] __msan_chain_origin+0x50/0x90 [ 386.081734][ T9109] rmd256_transform+0x439d/0x4440 [ 386.086821][ T9109] rmd256_update+0x343/0x4f0 [ 386.091429][ T9109] ? rmd256_init+0x260/0x260 [ 386.096030][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.101155][ T9109] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 386.107334][ T9109] ? crypto_hash_walk_first+0x1fd/0x360 [ 386.112891][ T9109] ? kmsan_get_metadata+0x4f/0x180 [ 386.118016][ T9109] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 386.123843][ T9109] shash_async_update+0x113/0x1d0 [ 386.128883][ T9109] ? shash_async_init+0x1e0/0x1e0 [ 386.133916][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.138525][ T9109] ? hash_recvmsg+0xd30/0xd30 [ 386.143213][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.147822][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.152682][ T9109] ? sock_fasync+0x250/0x250 [ 386.157419][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.162457][ T9109] ? generic_splice_sendpage+0x2d0/0x2d0 [ 386.168116][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.173608][ T9109] ? iter_file_splice_write+0x1800/0x1800 [ 386.179341][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.184472][ T9109] ? kmsan_get_metadata+0x4f/0x180 [ 386.189601][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.194996][ T9109] ? do_splice_direct+0x580/0x580 [ 386.200061][ T9109] do_splice_direct+0x342/0x580 [ 386.204945][ T9109] do_sendfile+0x101b/0x1d40 [ 386.209561][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.214678][ T9109] ? kmsan_get_metadata+0x4f/0x180 [ 386.219805][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.224840][ T9109] do_syscall_64+0xb0/0x150 [ 386.229358][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.235258][ T9109] RIP: 0033:0x45c1d9 [ 386.239148][ T9109] Code: Bad RIP value. [ 386.243216][ T9109] RSP: 002b:00007f22a319ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 386.251629][ T9109] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 386.259605][ T9109] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 386.267590][ T9109] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 386.275569][ T9109] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 386.283552][ T9109] R13: 0000000000c9fb6f R14: 00007f22a319b9c0 R15: 000000000078bf0c [ 386.291541][ T9109] Uninit was stored to memory at: [ 386.296579][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.302306][ T9109] __msan_chain_origin+0x50/0x90 [ 386.307261][ T9109] rmd256_transform+0x439d/0x4440 [ 386.312294][ T9109] rmd256_update+0x343/0x4f0 [ 386.316897][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.322016][ T9109] shash_async_update+0x113/0x1d0 [ 386.327047][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.331647][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.336246][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.341107][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.346135][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.351602][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.356722][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.362097][ T9109] do_splice_direct+0x342/0x580 [ 386.366951][ T9109] do_sendfile+0x101b/0x1d40 [ 386.371543][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.376657][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.381688][ T9109] do_syscall_64+0xb0/0x150 [ 386.386204][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.392089][ T9109] [ 386.394416][ T9109] Uninit was stored to memory at: [ 386.399456][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.405179][ T9109] __msan_chain_origin+0x50/0x90 [ 386.410126][ T9109] rmd256_transform+0x439d/0x4440 [ 386.415162][ T9109] rmd256_update+0x343/0x4f0 [ 386.419753][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.424871][ T9109] shash_async_update+0x113/0x1d0 [ 386.429899][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.434492][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.439094][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.443955][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.448993][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.454457][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.459839][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.465218][ T9109] do_splice_direct+0x342/0x580 [ 386.470078][ T9109] do_sendfile+0x101b/0x1d40 [ 386.474680][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.479796][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.484827][ T9109] do_syscall_64+0xb0/0x150 [ 386.489346][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.495231][ T9109] [ 386.497555][ T9109] Uninit was stored to memory at: [ 386.503198][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.508928][ T9109] __msan_chain_origin+0x50/0x90 [ 386.513874][ T9109] rmd256_transform+0x439d/0x4440 [ 386.518910][ T9109] rmd256_update+0x343/0x4f0 [ 386.523513][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.528632][ T9109] shash_async_update+0x113/0x1d0 [ 386.533678][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.538278][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.542879][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.547743][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.552781][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.558250][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.563373][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.568751][ T9109] do_splice_direct+0x342/0x580 [ 386.573608][ T9109] do_sendfile+0x101b/0x1d40 [ 386.578205][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.583322][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.588351][ T9109] do_syscall_64+0xb0/0x150 [ 386.592874][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.598750][ T9109] [ 386.601059][ T9109] Uninit was stored to memory at: [ 386.606071][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.611861][ T9109] __msan_chain_origin+0x50/0x90 [ 386.616786][ T9109] rmd256_transform+0x439d/0x4440 [ 386.621799][ T9109] rmd256_update+0x343/0x4f0 [ 386.626376][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.632097][ T9109] shash_async_update+0x113/0x1d0 [ 386.637129][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.641707][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.646400][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.651247][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.656266][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.661713][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.666811][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.672167][ T9109] do_splice_direct+0x342/0x580 [ 386.677004][ T9109] do_sendfile+0x101b/0x1d40 [ 386.681590][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.686689][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.691701][ T9109] do_syscall_64+0xb0/0x150 [ 386.696195][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.702078][ T9109] [ 386.704401][ T9109] Uninit was stored to memory at: [ 386.709554][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.715305][ T9109] __msan_chain_origin+0x50/0x90 [ 386.720247][ T9109] rmd256_transform+0x439d/0x4440 [ 386.725259][ T9109] rmd256_update+0x343/0x4f0 [ 386.729834][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.734929][ T9109] shash_async_update+0x113/0x1d0 [ 386.739960][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.744548][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.749128][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.753966][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.758991][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.764438][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.769538][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.774896][ T9109] do_splice_direct+0x342/0x580 [ 386.779730][ T9109] do_sendfile+0x101b/0x1d40 [ 386.784308][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.789405][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.794415][ T9109] do_syscall_64+0xb0/0x150 [ 386.798906][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.804802][ T9109] [ 386.807112][ T9109] Uninit was stored to memory at: [ 386.812125][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.817857][ T9109] __msan_chain_origin+0x50/0x90 [ 386.822785][ T9109] rmd256_transform+0x439d/0x4440 [ 386.827798][ T9109] rmd256_update+0x227/0x4f0 [ 386.832371][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.837466][ T9109] shash_async_update+0x113/0x1d0 [ 386.842476][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.847055][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.851632][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.856471][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.861480][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.866924][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.872023][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.877379][ T9109] do_splice_direct+0x342/0x580 [ 386.882214][ T9109] do_sendfile+0x101b/0x1d40 [ 386.886790][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.891887][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 386.896900][ T9109] do_syscall_64+0xb0/0x150 [ 386.901390][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.907259][ T9109] [ 386.909569][ T9109] Uninit was stored to memory at: [ 386.914581][ T9109] kmsan_internal_chain_origin+0xad/0x130 [ 386.920287][ T9109] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 386.926253][ T9109] kmsan_memcpy_metadata+0xb/0x10 [ 386.931261][ T9109] __msan_memcpy+0x43/0x50 [ 386.935665][ T9109] rmd256_update+0x1fc/0x4f0 [ 386.940238][ T9109] crypto_shash_update+0x4e9/0x550 [ 386.945334][ T9109] shash_async_update+0x113/0x1d0 [ 386.950372][ T9109] hash_sendpage+0x8ef/0xdf0 [ 386.954950][ T9109] sock_sendpage+0x1e1/0x2c0 [ 386.959528][ T9109] pipe_to_sendpage+0x38c/0x4c0 [ 386.964367][ T9109] __splice_from_pipe+0x565/0xf00 [ 386.969376][ T9109] generic_splice_sendpage+0x1d5/0x2d0 [ 386.974821][ T9109] direct_splice_actor+0x1fd/0x580 [ 386.979936][ T9109] splice_direct_to_actor+0x6b2/0xf50 [ 386.985293][ T9109] do_splice_direct+0x342/0x580 [ 386.990130][ T9109] do_sendfile+0x101b/0x1d40 [ 386.994705][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 386.999803][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 387.004813][ T9109] do_syscall_64+0xb0/0x150 [ 387.009323][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 387.015209][ T9109] [ 387.017523][ T9109] Uninit was created at: [ 387.021752][ T9109] kmsan_save_stack_with_flags+0x3c/0x90 [ 387.027473][ T9109] kmsan_alloc_page+0xb9/0x180 [ 387.032227][ T9109] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 387.037776][ T9109] alloc_pages_current+0x672/0x990 [ 387.042876][ T9109] push_pipe+0x605/0xb70 [ 387.047101][ T9109] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 387.052810][ T9109] do_splice_to+0x4fc/0x14f0 [ 387.057911][ T9109] splice_direct_to_actor+0x45c/0xf50 [ 387.063268][ T9109] do_splice_direct+0x342/0x580 [ 387.068104][ T9109] do_sendfile+0x101b/0x1d40 [ 387.072679][ T9109] __se_sys_sendfile64+0x2bb/0x360 [ 387.077776][ T9109] __x64_sys_sendfile64+0x56/0x70 [ 387.082793][ T9109] do_syscall_64+0xb0/0x150 [ 387.087287][ T9109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:18:33 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$MON_IOCH_MFLUSH(r3, 0x9208, 0x81) listen(r0, 0x0) 19:18:34 executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x3f9, 0x18900) read$usbfs(r0, &(0x7f0000000180)=""/24, 0x18) read$usbfs(r0, 0x0, 0xfffffcd1) 19:18:34 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x3e, 0x0) write$nbd(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000000000000000000002000000a3ef07749fa55f62d3adff7f9d5e82099cba335a2fdbede515d1978b97fffeffffb13bedfb1f8cd563af872a0a18ecf6449fe66884b33c61b3927917b2d8ef665ad9b19f55dd7d020a724232a8358e9eb39b4667c5e7bef3"], 0x68) 19:18:34 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x28c00, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000040)={r5}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="0002d600433a3e1f0929e70bee9e6aa95ffb822d5a45ec98b60405e17db2f7885ade6109dea7605a89d9a983fdb3d1c5b4d14b4d2873a52750275c83ff44142207e987c1fa41a86da0689f24b72cfc69e07979162202931cbce05bc220ebc352ee6f50ba0e367992fe30dd69ced2d6338002e56507ab1348cda53392f66beac179bed68c2b442bd96a4e9c867791331f61d4569fd54efdfd5bd1a7325b763c016c46eff878c60d4e7b97702facfe8eae61a1c8b3dbad9b34ce829424551c1d461fdef0a5a8dfbc507fa28059174bc2a88b0700f529d5b28363b86e51b76a4eb5e1132615c6deea19b2c0583e33470eb2cbdbb6012cae2683f4b6aaae4cba4c2680f30d1b1387e646256f1b6fc4cdef5177fcc6b6f2fabf325c980a2dd9bbe48b67388944e7dc28e31270385aa17246245dcd0b2316075ad582bc65e49f410e27d69c32eb0500d6b45b8ea055611eefb8bda3d885e2d0a204662306ed"], 0xde) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRESHEX=r6, @ANYRESDEC=r1], 0x3c}, 0x1, 0x0, 0x0, 0x8811}, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r10 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9, 0x1, 'vcan\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x3c}}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422e07653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3cf2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749f6c754f2781bccc42e6ef592a1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067eec438180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a43bcf1840dc8466796c04a4baa9f82bbd989477b56cda9e60dd7da5c5b437be2f2fcdd62a20b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abca5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f2410fc9448ab6c3b9fea9f2287e26b726bef21a31200b5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c972701c39c3e7a77d8dcd1ed368eaf557ad34b0c1cb8eec9c963001f3905cba6c67b6eab0fa000504e30dcf99fe07128d711b61834f3d4cb2cb47745c15fae1a2b694fe5983471b336a0829abfd46e6b5f420d723608591b372bb00"], 0x1c2) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000240)=[0xffffffffffffffff, r6], 0x2) [ 388.776008][ T9127] dlm: no locking on control device 19:18:34 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x80000, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000040)={0x4, 0x20, 0x3}) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x6a) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x20, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x100480d0}, 0x10) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x610000, 0x0) getpeername$unix(r3, &(0x7f0000000240), &(0x7f00000002c0)=0x6e) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000300)={0x8, {{0xa, 0x4e23, 0xd8, @private0={0xfc, 0x0, [], 0x1}, 0x5}}}, 0x88) r4 = syz_open_dev$media(&(0x7f00000003c0)='/dev/media#\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000000400)={0x0, @adiantum}) r5 = openat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x80, 0x104}, 0x18) ioctl$SNDRV_PCM_IOCTL_HWSYNC(r5, 0x4122, 0x0) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r6, 0xc0506617, &(0x7f00000004c0)={{0x2, 0x0, @descriptor="9084efd0a8bdc518"}, 0xcb, 0x0, [], "5b6b007aaad89767ea4656433aa41a6b20d582e1a1a9674e344118be934d10c321792458e4fe4d93a8f2090d49994a3340783160e5cf3cb02b08691d711f10cf196ee3e2dc3b1a06d5289a125517431a6af76f5a9cb251c01b8396eab09ac6d24263e0a28fe63ed0d03440149b7282ffd2bdb188fa20db621d47772ded55bca5523ae1c36dc4aec9406e8e9249e0db0451c37f6b5ad08c40e1d8b3cf0d9152cca6b6e8e4deb3f06d08d8ec824d34773af31281aeedf241cee4df0bf713b0125939c2bb5cbcceb752c4603c"}) lsetxattr$trusted_overlay_nlink(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)='trusted.overlay.nlink\x00', &(0x7f0000000680)={'L-', 0x7}, 0x16, 0x0) getpeername(r1, &(0x7f00000006c0)=@l2tp={0x2, 0x0, @private}, &(0x7f0000000740)=0x80) ioctl$TCSBRKP(r0, 0x5425, 0xffff) r7 = accept$unix(0xffffffffffffffff, &(0x7f0000000780), &(0x7f0000000800)=0x6e) sendto$unix(r7, &(0x7f0000000840)="4dc018de88e1912ad4dd5734f419fb365290836e18d723d9917385ddad5dc89c3abd442a59d383425334a2e8765428f3632cbb4d25c9a5174598c476ac1c483e28ce6b2faf01137b40f55e02ba3ce0d09051e21d7720283629101726397b79492afe", 0x62, 0x40004, &(0x7f00000008c0)=@file={0x1, './file0\x00'}, 0x6e) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f0000000940)) 19:18:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r3 = socket$bt_rfcomm(0x1f, 0x1, 0x3) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r4, 0x0, 0x0, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000340)={0x0}, &(0x7f0000000380)=0xc) fcntl$setown(r3, 0x8, r5) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\a\x00\x00\x00\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x10}}]}}]}, 0x40}}, 0x0) r6 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r6, &(0x7f0000000200), 0x4924924924926d3, 0x0) sendmsg$OSF_MSG_REMOVE(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001500)={0x1060, 0x1, 0x5, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}, [{{0x254, 0x1, {{0x3, 0x8}, 0x7f, 0x0, 0x2, 0x8, 0x7, 'syz1\x00', "947f422e33527715c7ea9a638ccff9080ab79201f98102541dd1e64785a8a471", "c6c2e44babeea089ccaaf5dd1d4860616f3009be279f7135d8ce59a1473e4543", [{0x86, 0xe2cb, {0x3, 0x9}}, {0x0, 0x4, {0x2, 0x6}}, {0x9eae, 0x6, {0x0, 0x6}}, {0x2, 0x4}, {0x883, 0x80, {0x1, 0x1}}, {0x2, 0x7, {0x0, 0x8}}, {0x3, 0x2, {0x3, 0x1ff}}, {0x5, 0x8, {0x1, 0x9}}, {0x7, 0x20, {0x1, 0x20}}, {0x40, 0xe40, {0x2, 0xffff}}, {0x6, 0x5, {0x0, 0x100}}, {0x5, 0x1, {0x1, 0x1}}, {0x6, 0x70f5, {0x3, 0xd56}}, {0x7, 0x3ff, {0x2, 0x8001}}, {0x8b1b, 0xfdab, {0x2, 0x9}}, {0x1, 0x3f, {0x2, 0x4}}, {0x2, 0x7, {0x1, 0xfff}}, {0x4, 0x0, {0x3, 0x13f73e87}}, {0x1, 0x200, {0x0, 0xff1}}, {0x54ba, 0x7fff, {0x2, 0x1}}, {0x5, 0x8000, {0x3, 0x6}}, {0x401, 0x8000, {0x2, 0x1}}, {0x3, 0x800, {0x1, 0x401}}, {0x0, 0x9, {0x3, 0x200}}, {0xde8a, 0xfffd, {0x2, 0x7d28}}, {0x7, 0x401, {0x2, 0x9}}, {0x3, 0x9000, {0x2, 0x899f}}, {0x8, 0x2, {0x0, 0x80000001}}, {0x9, 0x800, {0x2, 0x8}}, {0x20, 0x7fff, {0x2}}, {0x6, 0x9, {0x3}}, {0x8, 0x400, {0x1, 0x43ad}}, {0x9, 0x6, {0x1, 0x15}}, {0x9145, 0xfff, {0x1, 0xffffffff}}, {0x64, 0xfff9, {0x3, 0x6}}, {0x6a, 0x8, {0x3, 0x7}}, {0xa85b, 0x5c, {0x1, 0x7}}, {0x0, 0x7, {0x1, 0xe3}}, {0x4, 0x20, {0x1, 0x8000}}, {0xba8, 0x3f, {0x2, 0x1}}]}}}, {{0x254, 0x1, {{0x3, 0xfffffff7}, 0xff, 0xfc, 0x2, 0x2, 0x21, 'syz1\x00', "df51b2c07dcf24c1fa8f3dbaba99248354a9264143429160c2a117129da3ec2e", "317af48a92d336dda8159528b456363be4f1947fa11efa9fd187c14fd5bb3b70", [{0x0, 0x0, {0x3, 0x374a}}, {0x6, 0xff, {0x1, 0xfffffffb}}, {0x8001, 0x488, {0x2, 0xfffffff9}}, {0x9, 0x9, {0x0, 0x7}}, {0x8001, 0x1, {0x1, 0x6c}}, {0x7, 0x4, {0x2, 0x5c18c69e}}, {0x5, 0x40d6, {0x0, 0x7ff}}, {0x6fcf, 0x200, {0x0, 0xb33}}, {0x3, 0x2, {0x2, 0x3}}, {0x3, 0x6, {0x3, 0x638}}, {0x8, 0x2}, {0x1, 0x2, {0x0, 0x5}}, {0x5, 0xff, {0x3, 0x7}}, {0x5, 0x7ff, {0x1, 0x401}}, {0x0, 0x0, {0x2, 0x7}}, {0xfffe, 0xff00, {0x3, 0x3}}, {0xff01, 0x4, {0x0, 0x80}}, {0x800, 0xff01, {0x0, 0x8}}, {0x7884, 0x0, {0x1, 0x10001}}, {0x3, 0x7ff, {0x2, 0x4b}}, {0x20, 0x4, {0x0, 0x7f}}, {0x2, 0x40, {0x0, 0x800}}, {0x8, 0x2, {0x3, 0x10001}}, {0x4, 0x3, {0x2, 0x80000001}}, {0x1, 0x2a4, {0x2, 0x3}}, {0x800, 0x9, {0x2, 0x9}}, {0x9, 0x1000, {0x1, 0x5}}, {0x5, 0x2, {0x3, 0x51f}}, {0x7fff, 0x1, {0x0, 0x437}}, {0x8000, 0x849, {0x2, 0x5}}, {0x5, 0x7, {0x2, 0x5}}, {0x4, 0xf36a, {0x2, 0x4b4}}, {0xe9, 0x40, {0x2, 0xa512}}, {0x1, 0x3ff, {0x0, 0x6}}, {0x0, 0x3, {0x0, 0x4}}, {0x4, 0x8001, {0x1, 0x6}}, {0x101, 0x7f, {0x3, 0xfffffffa}}, {0xff80, 0x5, {0x3, 0x101}}, {0xce, 0x1, {0x2, 0x3}}, {0x6, 0x5, {0x1, 0x1}}]}}}, {{0x254, 0x1, {{0x0, 0xff}, 0xbb, 0x7, 0x73, 0x3f, 0x8, 'syz1\x00', "5ee2e349a05526389d4df134332100a2436bf30b1657ab2870f407d7d7845423", "9c4daffc14003a79da91ebaefb6eaaaa996dc3ac2eb45a5bebe7191c354ac3a1", [{0xfff8, 0x9, {0x83d3fe85c1447dd2, 0x1000}}, {0x0, 0x1, {0x3, 0x3}}, {0x8001, 0x1, {0x2, 0x94a3}}, {0x0, 0x9aa, {0x3, 0x4d}}, {0xb98, 0x8000, {0x2, 0x4}}, {0x9, 0x1, {0x2, 0x8}}, {0x73, 0x40, {0x1, 0x3}}, {0x9, 0x1, {0x0, 0xc5c}}, {0xd9e, 0x2, {0x1, 0x7}}, {0x400, 0x8, {0x1, 0x7fff}}, {0x80, 0x3, {0x0, 0x875bf38}}, {0x4, 0x2, {0x0, 0xfffffffc}}, {0x7, 0x401, {0x3, 0x1ff}}, {0xc9c, 0x6, {0x1, 0x3}}, {0x9, 0x28, {0x2}}, {0xffff, 0x4, {0x2, 0x4852}}, {0x3, 0x81, {0x3, 0x3ff}}, {0x0, 0x2, {0x1, 0x101}}, {0x0, 0x1f, {0x0, 0x3ff}}, {0xff, 0x4dac, {0x1, 0x8001}}, {0xc79, 0x8000, {0x0, 0x6}}, {0x8000, 0xfffa, {0x1, 0x38000}}, {0x80, 0xfffc, {0x2, 0x401}}, {0x100, 0xfbf, {0x1, 0xe05}}, {0x967, 0x6, {0x3, 0xbd}}, {0x7ff, 0x0, {0x1, 0x4}}, {0x5, 0x3ff, {0x2, 0x1b}}, {0x4c6f, 0x98b, {0x3, 0x1000}}, {0x3, 0x30, {0x2, 0xffff}}, {0x5, 0x800, {0x1, 0x9}}, {0x9, 0x30, {0x1, 0x6e}}, {0x8, 0x3, {0x2}}, {0x9e6, 0x20, {0x2}}, {0x6, 0x0, {0x0, 0x7}}, {0x5, 0x6, {0x3, 0x7}}, {0xfff8, 0xfffa, {0x1}}, {0x7, 0x6, {0x1, 0x8}}, {0x5, 0xa82, {0x2, 0x2}}, {0x470e, 0x3, {0x0, 0x5}}, {0x8, 0x4, {0x3, 0x101}}]}}}, {{0x254, 0x1, {{0x1, 0x7d1}, 0x72, 0x1, 0x1, 0x0, 0xd, 'syz0\x00', "078bee2b87a58a9f67b8e2c679c53ec29659ed52ee49df41ea99ead005621cb7", "e34e912ca651063262ce24bd5776d9f72ab43cb1d045e09b634e340a75b7cd12", [{0x1000, 0x0, {0x2, 0x8}}, {0xfbd2, 0x2e, {0x1, 0x3}}, {0x8000, 0xa044, {0x0, 0x7}}, {0x8, 0x100, {0x0, 0x1}}, {0x4, 0x1ff, {0x1, 0x6}}, {0x2, 0x9, {0x3, 0x9}}, {0x4, 0x8001, {0x3, 0x1}}, {0x1ff, 0x9, {0x2, 0x2}}, {0x2, 0x7f, {0x0, 0xfff}}, {0xfffe, 0x1, {0x3, 0x80000001}}, {0x7, 0x9, {0x0, 0x4}}, {0x5, 0x400, {0x1, 0x4}}, {0x3f, 0x620f, {0x0, 0x7fff}}, {0x8, 0x77a, {0x3, 0x1}}, {0xfff, 0x1, {0x2, 0x4}}, {0x8, 0x1, {0x1, 0x40}}, {0xff, 0x8, {0x1, 0x1f}}, {0x401, 0x3, {0x3, 0x8}}, {0x81, 0x6, {0x1, 0x1}}, {0x7, 0x4, {0x0, 0x2}}, {0x4, 0xae7, {0x0, 0x6}}, {0x1, 0x6e, {0x1, 0x400}}, {0x2d, 0x4, {0x0, 0x5}}, {0x6, 0x1, {0x3, 0x2}}, {0x0, 0x5ae, {0x3, 0x7}}, {0x1, 0x800, {0x3, 0x1f}}, {0x3, 0x1ff, {0x2, 0x9b6}}, {0x7fff, 0x0, {0x2, 0x1}}, {0x1, 0x3, {0x3}}, {0x51ed, 0xd2, {0x2, 0x3}}, {0xfff8, 0x0, {0x1, 0x3}}, {0x4, 0x8, {0x1, 0x8}}, {0x2000, 0x5, {0x3, 0x1000}}, {0x0, 0x1, {0x2, 0xb5c}}, {0x800, 0xd0e, {0x1, 0x537deba1}}, {0x1, 0x3, {0x1, 0x24a8}}, {0x5, 0x1ff, {0x2, 0x1}}, {0x6, 0x3, {0x0, 0xfff}}, {0x7, 0x9, {0x3, 0x8}}, {0x7, 0x7229, {0x2, 0xfffffffd}}]}}}, {{0x254, 0x1, {{0x1, 0x100}, 0x41, 0x5, 0x3ff, 0x800, 0xc, 'syz0\x00', "717511e019f944cc59a5e1cd30e3461aabb981d4761d275e4f1af68441e46535", "f0c9527df56de3c3776d8d17aa029a40f7fc7586ccdace0edbe8ba2093823ec6", [{0x7, 0x8, {0x2, 0x2}}, {0x3f42, 0x5, {0x1, 0x4}}, {0x1, 0xdc5, {0x2, 0xfffffc00}}, {0x5, 0x5, {0x0, 0x1}}, {0x8, 0x8000, {0x3, 0x5}}, {0x1, 0x7, {0x0, 0x3f}}, {0x3, 0x6, {0x2, 0x40000000}}, {0x0, 0x5, {0x0, 0x1}}, {0x3f, 0x0, {0x0, 0x8}}, {0x8, 0x1, {0x3}}, {0x3f, 0x0, {0x2, 0x2}}, {0x1ff, 0x1, {0x0, 0x4}}, {0x1, 0x6, {0x3, 0x6}}, {0xbdf, 0x5, {0x3, 0x4}}, {0x2, 0xff, {0x2, 0xe9473162}}, {0x400, 0x1, {0x2, 0x6}}, {0xfffe, 0x1, {0x1, 0x1}}, {0x5, 0x45, {0x0, 0x9}}, {0x7, 0x5, {0x2, 0x2}}, {0x3, 0x80, {0x3, 0x40000}}, {0x4, 0x5, {0x2, 0x6}}, {0x1f, 0x6, {0x0, 0x6}}, {0x3, 0x81, {0x1, 0x6}}, {0x2, 0x2000, {0x1, 0x5}}, {0xfff8, 0x1, {0x0, 0x70a4}}, {0x80, 0x1bca, {0x2, 0x2}}, {0x2, 0x401, {0x1, 0x81}}, {0x7fff, 0xcbcf, {0x1}}, {0x8, 0xfffc, {0x2, 0xff}}, {0x9, 0x6, {0x3, 0x9}}, {0x4e91, 0x8c, {0x0, 0x1ff}}, {0x3ff, 0xbfff, {0x1, 0x7}}, {0x1020, 0x6, {0x2, 0x1}}, {0x2, 0x6a1, {0x2, 0x401}}, {0x1, 0x1, {0x3, 0x2}}, {0x4, 0x8, {0x2, 0x7}}, {0x43e9, 0x80, {0x2, 0x80000001}}, {0x1f, 0x0, {0x3, 0x5}}, {0x200, 0x401, {0x3, 0x7}}, {0x4, 0x1f, {0x2, 0x8}}]}}}, {{0x254, 0x1, {{0x0, 0x1}, 0x7, 0x4, 0x7f, 0x0, 0x28, 'syz1\x00', "37759b6e44e5cc5f800ae3dad16e11c71dcafcd67cfed47397b05edfe5662225", "d13ee833ccd7f09a5ea550d5dac6d159f449cf8095736c703a88ca9978c74656", [{0x7, 0x9, {0x2, 0x5}}, {0x9, 0x5, {0x2, 0x2737}}, {0x5, 0x8000, {0x0, 0x2}}, {0xfff7, 0x5, {0x3, 0x68b4}}, {0x2, 0x2d, {0x1, 0x70e}}, {0xa14, 0x1, {0x2, 0x5}}, {0x8000, 0x5, {0x2, 0x5}}, {0x4000, 0x6, {0x1, 0xae70}}, {0xfa33, 0x1, {0x1, 0x6}}, {0xfff, 0xa7, {0x2, 0x10001}}, {0xffff, 0x4, {0x2, 0x400}}, {0x7f, 0x5, {0x1, 0x81}}, {0x8, 0x80, {0x1, 0x10000}}, {0x7f, 0xfff, {0x3, 0x2}}, {0xfff, 0x0, {0x2, 0x1}}, {0x65, 0x200, {0x0, 0xff}}, {0x401, 0x4, {0x1, 0x4}}, {0x5, 0x7fff, {0x1, 0x6}}, {0x3, 0x3, {0x0, 0xaa}}, {0x1ff, 0x4, {0x1, 0x1}}, {0xff, 0x8000, {0x0, 0x2}}, {0x9, 0x6, {0xc63a6476384b6bba, 0x1000}}, {0x81, 0x45, {0x3, 0x7}}, {0x927b, 0x7f, {0x1, 0xffff076d}}, {0x6, 0x80, {0x2, 0x48000000}}, {0xfb, 0x6, {0x1, 0xf245}}, {0x0, 0x0, {0x2, 0x8}}, {0x9, 0x80, {0x3, 0x7}}, {0x5, 0x9, {0x2, 0x2}}, {0x0, 0x1ff, {0x0, 0xfffffffc}}, {0x5, 0x7fff, {0x2, 0xffffffff}}, {0x9, 0x6}, {0x5, 0x7f, {0x0, 0x4}}, {0x80, 0x2, {0x1, 0x80000001}}, {0x6, 0x3ff, {0x1, 0x1}}, {0x20, 0x4, {0x1, 0xe1e8}}, {0x0, 0xfff, {0x1a2774399a987b38, 0x1}}, {0x0, 0x6, {0x0, 0xc000}}, {0x0, 0x5, {0x2, 0x20000000}}, {0xa90, 0x7f, {0x1}}]}}}, {{0x254, 0x1, {{0x0, 0x3}, 0x1, 0x1f, 0x7, 0x1ff, 0x24, 'syz0\x00', "67252aa545f6886205f34541697f397a4154449fe74436c65959b8aed3fa0331", "51c5ebb1d1398e1ec3b05f72e11ea91868baeda5b018db5a16504233f9eb0b41", [{0x5, 0x100, {0x2, 0x3}}, {0x3, 0x1, {0x2, 0x6}}, {0x2, 0x67, {0x2, 0x5}}, {0x1, 0x3fc5, {0x1, 0x6}}, {0x1ff, 0x3c10, {0x1, 0x8000}}, {0x3, 0x8000, {0x0, 0x9}}, {0x2, 0x7, {0x0, 0xffffffff}}, {0xfff8, 0xfff, {0x1, 0x200}}, {0xc4a, 0xb5, {0x2, 0x81}}, {0x1, 0x1b, {0x1, 0x1}}, {0xffff, 0x5, {0x2, 0x80000001}}, {0x9, 0x3, {0x1}}, {0xda6, 0x1, {0x0, 0x90000000}}, {0x6, 0x8, {0x3, 0xa6}}, {0x7, 0x9, {0x1, 0xad65}}, {0x1f, 0xfff9, {0x2, 0xce8}}, {0x9, 0x8, {0x3, 0x7f}}, {0xffff, 0x7fff, {0x1, 0xd4}}, {0x1f, 0x200, {0x2, 0x5}}, {0x3f, 0x3, {0x1, 0x4}}, {0xfa60, 0xffff, {0x1, 0x9}}, {0x97, 0x9, {0x3, 0x3}}, {0x29ef, 0x3e, {0x0, 0x7ad}}, {0x0, 0x9, {0x0, 0x100}}, {0x3, 0x1, {0x0, 0x5}}, {0x0, 0xfc01, {0x1, 0x7}}, {0x3, 0x37c3, {0x1, 0x6}}, {0xea, 0x6, {0x2, 0x8}}, {0x20, 0x1, {0x1, 0xfffffffc}}, {0x400, 0x3, {0x0, 0xdc5a}}, {0x9, 0x2, {0x1, 0x8}}, {0x4, 0xeb8, {0x1, 0x9}}, {0x2, 0x9a7, {0x3, 0x9}}, {0x3f, 0x200, {0x1, 0x7}}, {0x5, 0xfdf4, {0x0, 0x40}}, {0x0, 0xa42, {0x2, 0x5}}, {0x1f, 0x20, {0x0, 0x7ff}}, {0x3f, 0x6b58, {0x0, 0x20}}, {0x8000, 0x4, {0x0, 0x10000}}, {0x2, 0x401, {0x3, 0x7}}]}}}]}, 0x1060}, 0x1, 0x0, 0x0, 0x4000000}, 0x40040) [ 388.992534][ T9138] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. 19:18:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000000)=0x1722, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [0x0, 0x7]}, 0x2}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xffffffff}, 0x7c) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r6, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r6, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r7, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @local, 0x2}, 0x1c) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r8, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r8, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r9 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r9, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @ipv4={[], [], @private=0xa010101}, 0x2}, 0x1c) r10 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r10, 0x1, 0x2, &(0x7f0000000040)=0x6, 0x4) bind$inet6(r10, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @private2, 0x2}, 0x1c) r11 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r11, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) 19:18:34 executing program 1: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x4, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x1, @perf_bp={0x0}, 0x4810, 0x0, 0x0, 0x0, 0x3ffffff, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000019940)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999191ca8f7adf1e8bbb53a7b0ee051f6d243b406a14e3b038317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878c5d9c2a5c74633a687a1353b8e49ce118c81517ac7bb299454d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000001c00000000009a583b79ab00f70d85463c57c5bb"], 0x1a3) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0xa2b02, 0x0) write$P9_RSTATu(r1, &(0x7f00000001c0)={0x16b, 0x7d, 0x0, {{0x500, 0xfc, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{evbox%\xff\xff\xff\x81\x02\x00'/31, 0x34, 'p\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde1@\x00\x00\x00\x00\x18{\x82\xd9\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x11, '\xb0\x9b\xf4r\x91\xc7cgro\x98ppppP\x97', 0x65, '\xf8\xf6i\xfbqm\xcf1^\xc2\xf3\x85@\x9a\xc6[\x94\b\x039\xc0\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf14\xa6f\xa8RH&\xb2\xb4\xa8\x8e\x01zwW\xb2\x06\xf8\xb0\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\r\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7'}, 0x5a, '/dev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xb99\x0e\xa8O\x93C\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x981\x9f0\x11\x84G\xaa\x9a\xa5~\xb0\xa0{t'}}, 0x16b) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000080)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82032, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, 0x0) ioctl$VIDIOC_ENUMINPUT(0xffffffffffffffff, 0xc050561a, &(0x7f0000000380)={0xac1, "014d54c33c3daf5179b8bfcfa94a189d3af96143c5a9a3b1fd3976353b43b99d", 0x3, 0x2, 0x1, 0x0, 0x6010500, 0x4}) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000440)) add_key(&(0x7f0000000940)='big_key\x00', 0x0, &(0x7f0000000a00)='F', 0x1, 0x0) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=@gcm_128={{0x7}, "b8fb319c6fc17e06", "33e3b4b3da4c1ffdb79474f53d8abda6", "0e6bb51a", "8dc32e66b34f4677"}, 0x28) [ 389.598844][ C1] sd 0:0:1:0: [sg0] tag#417 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 389.609407][ C1] sd 0:0:1:0: [sg0] tag#417 CDB: Test Unit Ready [ 389.616091][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.625880][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.635654][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.645386][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.655119][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.664875][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.674624][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.684364][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.694108][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.703890][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.713607][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.723361][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 389.733105][ C1] sd 0:0:1:0: [sg0] tag#417 CDB[c0]: 00 00 00 00 00 00 00 00 [ 389.760249][ C1] hrtimer: interrupt took 59044 ns [ 389.820573][ T9151] IPVS: ftp: loaded support on port[0] = 21 [ 390.043564][ T9154] IPVS: ftp: loaded support on port[0] = 21 [ 390.233478][ T9134] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 390.263522][ T9155] sg_write: process 63 (syz-executor.1) changed security contexts after opening file descriptor, this is not allowed. [ 390.289718][ T9153] IPVS: ftp: loaded support on port[0] = 21 19:18:35 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c4000000130001000000000000000000ff01000000004b310000000000000001fc020000000000000000006670c739d100000000000000000000000000020000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000335fb4e03a4ce9cb52a07d3726aad9a1000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000010cddbd50000000000000000000000000000000000000000000000000000000000000000000002000000000c0008000800080000000200"], 0xc4}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x9}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000800}, 0x4004) 19:18:36 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000100)=0xffffffff80000001, 0x4) bind$inet(r1, &(0x7f0000738ff0)={0x2, 0x4e21, @empty}, 0x35) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @timestamp, @sack_perm, @mss, @sack_perm, @timestamp, @window, @timestamp], 0x8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x40004007fff, 0x32fe3cf0}, 0x14) sendfile(r1, r0, 0x0, 0xedbe) socket$inet6_tcp(0xa, 0x1, 0x0) [ 390.586805][ T1636] tipc: TX() has been purged, node left! [ 390.615378][ T9263] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 390.777078][ T9154] chnl_net:caif_netlink_parms(): no params data found [ 390.818683][ T9289] not chained 70000 origins [ 390.823254][ T9289] CPU: 1 PID: 9289 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 390.831842][ T9289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.841902][ T9289] Call Trace: [ 390.845210][ T9289] dump_stack+0x1df/0x240 [ 390.849563][ T9289] kmsan_internal_chain_origin+0x6f/0x130 [ 390.855295][ T9289] ? is_module_text_address+0x4d/0x2a0 [ 390.860756][ T9289] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 390.866557][ T9289] ? __kernel_text_address+0x171/0x2d0 [ 390.872006][ T9289] ? unwind_get_return_address+0x8c/0x130 [ 390.877737][ T9289] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 390.883798][ T9289] ? arch_stack_walk+0x2a2/0x3e0 [ 390.888726][ T9289] ? stack_trace_save+0x1a0/0x1a0 [ 390.893745][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 390.898870][ T9289] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 390.904680][ T9289] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 390.910743][ T9289] ? stack_trace_save+0x123/0x1a0 [ 390.915761][ T9289] ? kmsan_get_metadata+0x11d/0x180 [ 390.920949][ T9289] __msan_chain_origin+0x50/0x90 [ 390.925880][ T9289] rmd256_transform+0x439d/0x4440 [ 390.930936][ T9289] rmd256_update+0x343/0x4f0 [ 390.935519][ T9289] ? rmd256_init+0x260/0x260 [ 390.940100][ T9289] crypto_shash_update+0x4e9/0x550 [ 390.948413][ T9289] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 390.954569][ T9289] ? crypto_hash_walk_first+0x1fd/0x360 [ 390.960100][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 390.965199][ T9289] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 390.970993][ T9289] shash_async_update+0x113/0x1d0 [ 390.976009][ T9289] ? shash_async_init+0x1e0/0x1e0 [ 390.981019][ T9289] hash_sendpage+0x8ef/0xdf0 [ 390.985605][ T9289] ? hash_recvmsg+0xd30/0xd30 [ 390.990273][ T9289] sock_sendpage+0x1e1/0x2c0 [ 390.994860][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 390.999702][ T9289] ? sock_fasync+0x250/0x250 [ 391.004288][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.009320][ T9289] ? generic_splice_sendpage+0x2d0/0x2d0 [ 391.014952][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.020405][ T9289] ? iter_file_splice_write+0x1800/0x1800 [ 391.026112][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.031214][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 391.036317][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.041673][ T9289] ? do_splice_direct+0x580/0x580 [ 391.046706][ T9289] do_splice_direct+0x342/0x580 [ 391.051556][ T9289] do_sendfile+0x101b/0x1d40 [ 391.056153][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.061254][ T9289] ? kmsan_get_metadata+0x4f/0x180 [ 391.066356][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.071368][ T9289] do_syscall_64+0xb0/0x150 [ 391.075861][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.082083][ T9289] RIP: 0033:0x45c1d9 [ 391.085956][ T9289] Code: Bad RIP value. [ 391.090007][ T9289] RSP: 002b:00007f22a3179c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 391.098404][ T9289] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 391.106362][ T9289] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 391.114318][ T9289] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 391.122275][ T9289] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 391.130231][ T9289] R13: 0000000000c9fb6f R14: 00007f22a317a9c0 R15: 000000000078bfac [ 391.138203][ T9289] Uninit was stored to memory at: [ 391.143217][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.148923][ T9289] __msan_chain_origin+0x50/0x90 [ 391.153847][ T9289] rmd256_transform+0x439d/0x4440 [ 391.158857][ T9289] rmd256_update+0x343/0x4f0 [ 391.163432][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.168527][ T9289] shash_async_update+0x113/0x1d0 [ 391.173538][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.178118][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.182695][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.187620][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.192652][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.198097][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.203195][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.208550][ T9289] do_splice_direct+0x342/0x580 [ 391.213390][ T9289] do_sendfile+0x101b/0x1d40 [ 391.217969][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.223068][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.228081][ T9289] do_syscall_64+0xb0/0x150 [ 391.232571][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.238441][ T9289] [ 391.240754][ T9289] Uninit was stored to memory at: [ 391.245765][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.251469][ T9289] __msan_chain_origin+0x50/0x90 [ 391.256392][ T9289] rmd256_transform+0x439d/0x4440 [ 391.261401][ T9289] rmd256_update+0x343/0x4f0 [ 391.265974][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.271070][ T9289] shash_async_update+0x113/0x1d0 [ 391.276086][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.280660][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.285235][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.290074][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.295084][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.300526][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.305625][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.310983][ T9289] do_splice_direct+0x342/0x580 [ 391.315821][ T9289] do_sendfile+0x101b/0x1d40 [ 391.320401][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.325499][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.330514][ T9289] do_syscall_64+0xb0/0x150 [ 391.335005][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.340874][ T9289] [ 391.343186][ T9289] Uninit was stored to memory at: [ 391.348199][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.353903][ T9289] __msan_chain_origin+0x50/0x90 [ 391.358828][ T9289] rmd256_transform+0x439d/0x4440 [ 391.363840][ T9289] rmd256_update+0x343/0x4f0 [ 391.368413][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.373506][ T9289] shash_async_update+0x113/0x1d0 [ 391.378514][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.383092][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.387669][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.392504][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.397516][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.402961][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.408060][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.413418][ T9289] do_splice_direct+0x342/0x580 [ 391.418255][ T9289] do_sendfile+0x101b/0x1d40 [ 391.422838][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.427934][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.432946][ T9289] do_syscall_64+0xb0/0x150 [ 391.437436][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.443304][ T9289] [ 391.445613][ T9289] Uninit was stored to memory at: [ 391.450624][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.456333][ T9289] __msan_chain_origin+0x50/0x90 [ 391.461256][ T9289] rmd256_transform+0x439d/0x4440 [ 391.466268][ T9289] rmd256_update+0x343/0x4f0 [ 391.470844][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.475939][ T9289] shash_async_update+0x113/0x1d0 [ 391.480947][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.485523][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.490099][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.494935][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.499945][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.505394][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.510497][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.516095][ T9289] do_splice_direct+0x342/0x580 [ 391.520938][ T9289] do_sendfile+0x101b/0x1d40 [ 391.525612][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.530711][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.535721][ T9289] do_syscall_64+0xb0/0x150 [ 391.540211][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.546168][ T9289] [ 391.548479][ T9289] Uninit was stored to memory at: [ 391.553493][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.559199][ T9289] __msan_chain_origin+0x50/0x90 [ 391.564124][ T9289] rmd256_transform+0x439d/0x4440 [ 391.569135][ T9289] rmd256_update+0x227/0x4f0 [ 391.573709][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.578805][ T9289] shash_async_update+0x113/0x1d0 [ 391.583816][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.588393][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.593234][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.598070][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.603102][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.608548][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.613647][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.619006][ T9289] do_splice_direct+0x342/0x580 [ 391.623849][ T9289] do_sendfile+0x101b/0x1d40 [ 391.628424][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.633536][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.638545][ T9289] do_syscall_64+0xb0/0x150 [ 391.643034][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.648904][ T9289] [ 391.651232][ T9289] Uninit was stored to memory at: [ 391.656243][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.661964][ T9289] __msan_chain_origin+0x50/0x90 [ 391.666914][ T9289] rmd256_transform+0x439d/0x4440 [ 391.672553][ T9289] rmd256_update+0x227/0x4f0 [ 391.677138][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.682255][ T9289] shash_async_update+0x113/0x1d0 [ 391.687278][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.691862][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.696439][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.701293][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.706303][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.711747][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.716870][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.722274][ T9289] do_splice_direct+0x342/0x580 [ 391.727117][ T9289] do_sendfile+0x101b/0x1d40 [ 391.731693][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.736790][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.741803][ T9289] do_syscall_64+0xb0/0x150 [ 391.746293][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.752161][ T9289] [ 391.754471][ T9289] Uninit was stored to memory at: [ 391.759482][ T9289] kmsan_internal_chain_origin+0xad/0x130 [ 391.765188][ T9289] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 391.771154][ T9289] kmsan_memcpy_metadata+0xb/0x10 [ 391.776162][ T9289] __msan_memcpy+0x43/0x50 [ 391.780565][ T9289] rmd256_update+0x1fc/0x4f0 [ 391.785140][ T9289] crypto_shash_update+0x4e9/0x550 [ 391.790237][ T9289] shash_async_update+0x113/0x1d0 [ 391.795248][ T9289] hash_sendpage+0x8ef/0xdf0 [ 391.799827][ T9289] sock_sendpage+0x1e1/0x2c0 [ 391.804404][ T9289] pipe_to_sendpage+0x38c/0x4c0 [ 391.809245][ T9289] __splice_from_pipe+0x565/0xf00 [ 391.814255][ T9289] generic_splice_sendpage+0x1d5/0x2d0 [ 391.819697][ T9289] direct_splice_actor+0x1fd/0x580 [ 391.824794][ T9289] splice_direct_to_actor+0x6b2/0xf50 [ 391.830149][ T9289] do_splice_direct+0x342/0x580 [ 391.834991][ T9289] do_sendfile+0x101b/0x1d40 [ 391.839577][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.844672][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.849683][ T9289] do_syscall_64+0xb0/0x150 [ 391.854173][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.860040][ T9289] [ 391.862364][ T9289] Uninit was created at: [ 391.866610][ T9289] kmsan_save_stack_with_flags+0x3c/0x90 [ 391.872236][ T9289] kmsan_alloc_page+0xb9/0x180 [ 391.876986][ T9289] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 391.882515][ T9289] alloc_pages_current+0x672/0x990 [ 391.887611][ T9289] push_pipe+0x605/0xb70 [ 391.891844][ T9289] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 391.897546][ T9289] do_splice_to+0x4fc/0x14f0 [ 391.902119][ T9289] splice_direct_to_actor+0x45c/0xf50 [ 391.907474][ T9289] do_splice_direct+0x342/0x580 [ 391.912308][ T9289] do_sendfile+0x101b/0x1d40 [ 391.916885][ T9289] __se_sys_sendfile64+0x2bb/0x360 [ 391.921980][ T9289] __x64_sys_sendfile64+0x56/0x70 [ 391.926991][ T9289] do_syscall_64+0xb0/0x150 [ 391.931479][ T9289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 391.948993][ T9263] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 392.363296][ T9154] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.370556][ T9154] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.380044][ T9154] device bridge_slave_0 entered promiscuous mode [ 392.413936][ T9154] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.421178][ T9154] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.430842][ T9154] device bridge_slave_1 entered promiscuous mode [ 392.532609][ T9154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.573258][ T9154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 392.648459][ T9154] team0: Port device team_slave_0 added [ 392.668316][ T9154] team0: Port device team_slave_1 added [ 392.754477][ T9154] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 392.761559][ T9154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.787664][ T9154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 392.863840][ T9154] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 392.870919][ T9154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.897034][ T9154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 393.099768][ T9154] device hsr_slave_0 entered promiscuous mode [ 393.136414][ T9154] device hsr_slave_1 entered promiscuous mode [ 393.173155][ T9154] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 393.180869][ T9154] Cannot create hsr debugfs directory [ 393.627026][ T9154] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 393.671020][ T9154] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 393.705638][ T9154] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 393.760457][ T9154] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 394.106738][ T9154] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.159489][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 394.168834][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 394.198330][ T9154] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.232660][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 394.242684][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 394.253234][ T8633] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.260429][ T8633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.338656][ T9154] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 394.349702][ T9154] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 394.370228][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 394.379787][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 394.389729][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 394.399121][ T8633] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.406381][ T8633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.415413][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 394.426216][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:18:39 executing program 1: socket$netlink(0x10, 0x3, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000140)={0x4, 0x20, 0x3, 0x400, 0x16, "a1970c9f984858c8"}) bind$vsock_stream(r2, &(0x7f00000000c0)={0x28, 0x0, 0x2710}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x100000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r4, 0xc0bc5310, &(0x7f0000000200)) io_setup(0x39, &(0x7f0000000180)) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000000000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7, @ANYBLOB], 0x44}}, 0x0) [ 394.437057][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 394.447494][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 394.457829][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 394.468188][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 394.478576][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 394.488164][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 394.498405][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 394.508047][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 394.556692][ T9154] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.627860][ T9154] device veth0_vlan entered promiscuous mode [ 394.649570][ T9154] device veth1_vlan entered promiscuous mode [ 394.689437][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 394.699231][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 394.708217][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 394.717076][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 394.724954][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 394.734980][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 394.744905][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 394.754357][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 394.764646][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 394.774037][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 394.850171][ T9154] device veth0_macvtap entered promiscuous mode [ 394.894524][ T9154] device veth1_macvtap entered promiscuous mode [ 394.929123][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 394.940880][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.953771][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 394.964367][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.977746][ T9154] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 394.996949][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 395.006350][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 395.015366][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 395.025122][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 395.034743][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 395.043971][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 395.053803][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 395.081512][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 395.128036][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 395.138642][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.149586][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 395.160161][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 19:18:40 executing program 1: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="00ff03000076657c6800"/20], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x3}}, [@filter_kind_options=@f_flow={{0x9, 0x1, 'flow\x00'}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x4930}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0x4}}]}}]}, 0x44}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 395.173658][ T9154] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.194945][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 395.204891][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 19:18:40 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000180)={0x0}) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x15, &(0x7f00000000c0)) ptrace(0x10, r3) ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000180)={0x0}) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749f6c754f2781bccc42e6ef592a1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067eec438180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a43bcf1840dc8466796c04a4baa9f82bbd989477b56cda9e60dd7da5c5b437be2f2fcdd62a224360b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abcb5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f0000fc9448ab6c3b9fea9f2287e2a0b83beee2c77a6bb5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c972701c39c3e7a77d8dcd1ed368eaf557ad34b1c1cb8eec9c963001f3905cba6c67b6eab0fa040004e30dc799fe07128d711b61834f3d4cb2cb47745c15fae1a2b694fe5983471b336a0829abfd460500f420d723608591b3"], 0x1c2) r5 = socket$alg(0x26, 0x5, 0x0) kcmp(0x0, r3, 0x1, r4, r5) sendfile(r1, r2, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$BLKGETSIZE64(r2, 0x80081272, &(0x7f0000000000)) r6 = socket$inet(0x2, 0x2000080001, 0x84) sendmsg(r6, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1a000}], 0x1}, 0x0) recvmmsg(r6, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2120, 0x0) [ 395.319636][ T9423] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 395.391062][ T9423] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 395.427025][ C0] sd 0:0:1:0: [sg0] tag#434 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 395.437596][ C0] sd 0:0:1:0: [sg0] tag#434 CDB: Test Unit Ready [ 395.444259][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.454022][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.464234][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.474016][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.483802][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.493544][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.503283][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.513033][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.522689][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.532476][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.542250][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.552028][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 395.561798][ C0] sd 0:0:1:0: [sg0] tag#434 CDB[c0]: 00 00 00 00 00 00 00 00 19:18:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0, 0x2b}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ipv6_route\x00') preadv(r1, &(0x7f00000017c0), 0x3da, 0x14b) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r3 = dup(r2) r4 = socket$inet(0x2, 0x0, 0x5) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000090ac9df00020000000000000000000008000540000000200900010073797a300000000008000a40000000000900020073797a310000000008000c40000000000c000b"], 0x78}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x43, 0x0) [ 395.682076][ T9426] not chained 80000 origins [ 395.686648][ T9426] CPU: 0 PID: 9426 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 395.695246][ T9426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.705313][ T9426] Call Trace: [ 395.708628][ T9426] dump_stack+0x1df/0x240 [ 395.712981][ T9426] kmsan_internal_chain_origin+0x6f/0x130 [ 395.718723][ T9426] ? is_module_text_address+0x4d/0x2a0 [ 395.724198][ T9426] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 395.730035][ T9426] ? __kernel_text_address+0x171/0x2d0 [ 395.735516][ T9426] ? unwind_get_return_address+0x8c/0x130 [ 395.741271][ T9426] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 395.747359][ T9426] ? arch_stack_walk+0x2a2/0x3e0 [ 395.752321][ T9426] ? stack_trace_save+0x1a0/0x1a0 [ 395.757479][ T9426] ? kmsan_get_metadata+0x4f/0x180 [ 395.762620][ T9426] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 395.768452][ T9426] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 395.774540][ T9426] ? stack_trace_save+0x123/0x1a0 [ 395.779594][ T9426] ? kmsan_get_metadata+0x11d/0x180 [ 395.784813][ T9426] __msan_chain_origin+0x50/0x90 [ 395.789768][ T9426] rmd256_transform+0x434e/0x4440 [ 395.794835][ T9426] rmd256_update+0x343/0x4f0 [ 395.799423][ T9426] ? rmd256_init+0x260/0x260 [ 395.804002][ T9426] crypto_shash_update+0x4e9/0x550 [ 395.809106][ T9426] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 395.815259][ T9426] ? crypto_hash_walk_first+0x1fd/0x360 [ 395.820795][ T9426] ? kmsan_get_metadata+0x4f/0x180 [ 395.825904][ T9426] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 395.831699][ T9426] shash_async_update+0x113/0x1d0 [ 395.836718][ T9426] ? shash_async_init+0x1e0/0x1e0 [ 395.841732][ T9426] hash_sendpage+0x8ef/0xdf0 [ 395.846348][ T9426] ? hash_recvmsg+0xd30/0xd30 [ 395.851019][ T9426] sock_sendpage+0x1e1/0x2c0 [ 395.855610][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 395.860449][ T9426] ? sock_fasync+0x250/0x250 [ 395.865041][ T9426] __splice_from_pipe+0x565/0xf00 [ 395.870058][ T9426] ? generic_splice_sendpage+0x2d0/0x2d0 [ 395.875727][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 395.881186][ T9426] ? iter_file_splice_write+0x1800/0x1800 [ 395.886895][ T9426] direct_splice_actor+0x1fd/0x580 [ 395.892009][ T9426] ? kmsan_get_metadata+0x4f/0x180 [ 395.897144][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 395.902503][ T9426] ? do_splice_direct+0x580/0x580 [ 395.907539][ T9426] do_splice_direct+0x342/0x580 [ 395.912393][ T9426] do_sendfile+0x101b/0x1d40 [ 395.916990][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 395.922088][ T9426] ? kmsan_get_metadata+0x4f/0x180 [ 395.927206][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 395.932223][ T9426] do_syscall_64+0xb0/0x150 [ 395.936719][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 395.942602][ T9426] RIP: 0033:0x45c1d9 [ 395.946475][ T9426] Code: Bad RIP value. [ 395.950525][ T9426] RSP: 002b:00007fb8bb63ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 395.958951][ T9426] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 395.966910][ T9426] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 395.974867][ T9426] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 395.982827][ T9426] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 395.990800][ T9426] R13: 0000000000c9fb6f R14: 00007fb8bb63b9c0 R15: 000000000078bf0c [ 395.998767][ T9426] Uninit was stored to memory at: [ 396.003799][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.009503][ T9426] __msan_chain_origin+0x50/0x90 [ 396.014431][ T9426] rmd256_transform+0x434e/0x4440 [ 396.019443][ T9426] rmd256_update+0x343/0x4f0 [ 396.024018][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.029118][ T9426] shash_async_update+0x113/0x1d0 [ 396.034125][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.038702][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.043301][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.048136][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.053146][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.058589][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.063700][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.069068][ T9426] do_splice_direct+0x342/0x580 [ 396.073915][ T9426] do_sendfile+0x101b/0x1d40 [ 396.078580][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.083674][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.088684][ T9426] do_syscall_64+0xb0/0x150 [ 396.093174][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.099049][ T9426] [ 396.101362][ T9426] Uninit was stored to memory at: [ 396.106389][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.112092][ T9426] __msan_chain_origin+0x50/0x90 [ 396.117035][ T9426] rmd256_transform+0x434e/0x4440 [ 396.122046][ T9426] rmd256_update+0x343/0x4f0 [ 396.126624][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.131741][ T9426] shash_async_update+0x113/0x1d0 [ 396.136753][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.141331][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.145907][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.150746][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.155755][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.161201][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.166308][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.171669][ T9426] do_splice_direct+0x342/0x580 [ 396.176507][ T9426] do_sendfile+0x101b/0x1d40 [ 396.181100][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.186196][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.191211][ T9426] do_syscall_64+0xb0/0x150 [ 396.195704][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.201573][ T9426] [ 396.203888][ T9426] Uninit was stored to memory at: [ 396.208902][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.214606][ T9426] __msan_chain_origin+0x50/0x90 [ 396.219533][ T9426] rmd256_transform+0x434e/0x4440 [ 396.224562][ T9426] rmd256_update+0x343/0x4f0 [ 396.229134][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.234232][ T9426] shash_async_update+0x113/0x1d0 [ 396.239243][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.243819][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.248393][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.253227][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.258238][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.263681][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.268776][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.274132][ T9426] do_splice_direct+0x342/0x580 [ 396.278969][ T9426] do_sendfile+0x101b/0x1d40 [ 396.283546][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.288643][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.293655][ T9426] do_syscall_64+0xb0/0x150 [ 396.298162][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.304030][ T9426] [ 396.306340][ T9426] Uninit was stored to memory at: [ 396.311350][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.317054][ T9426] __msan_chain_origin+0x50/0x90 [ 396.321977][ T9426] rmd256_transform+0x434e/0x4440 [ 396.326987][ T9426] rmd256_update+0x343/0x4f0 [ 396.331655][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.336749][ T9426] shash_async_update+0x113/0x1d0 [ 396.341757][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.346334][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.350916][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.355752][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.360767][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.366212][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.371325][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.376681][ T9426] do_splice_direct+0x342/0x580 [ 396.381515][ T9426] do_sendfile+0x101b/0x1d40 [ 396.386088][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.391183][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.396193][ T9426] do_syscall_64+0xb0/0x150 [ 396.400690][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.406558][ T9426] [ 396.408870][ T9426] Uninit was stored to memory at: [ 396.413888][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.419594][ T9426] __msan_chain_origin+0x50/0x90 [ 396.424521][ T9426] rmd256_transform+0x434e/0x4440 [ 396.429530][ T9426] rmd256_update+0x343/0x4f0 [ 396.434104][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.439201][ T9426] shash_async_update+0x113/0x1d0 [ 396.444212][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.448789][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.453366][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.458203][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.463214][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.468657][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.473754][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.479112][ T9426] do_splice_direct+0x342/0x580 [ 396.484035][ T9426] do_sendfile+0x101b/0x1d40 [ 396.488626][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.494703][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.499721][ T9426] do_syscall_64+0xb0/0x150 [ 396.504218][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.510089][ T9426] [ 396.512398][ T9426] Uninit was stored to memory at: [ 396.517410][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.523115][ T9426] __msan_chain_origin+0x50/0x90 [ 396.528040][ T9426] rmd256_transform+0x434e/0x4440 [ 396.533053][ T9426] rmd256_update+0x227/0x4f0 [ 396.537629][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.542812][ T9426] shash_async_update+0x113/0x1d0 [ 396.547823][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.552403][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.556980][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.561820][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.566835][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.572283][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.577381][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.582754][ T9426] do_splice_direct+0x342/0x580 [ 396.587594][ T9426] do_sendfile+0x101b/0x1d40 [ 396.592171][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.597268][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.602282][ T9426] do_syscall_64+0xb0/0x150 [ 396.606773][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.612682][ T9426] [ 396.614995][ T9426] Uninit was stored to memory at: [ 396.620112][ T9426] kmsan_internal_chain_origin+0xad/0x130 [ 396.625836][ T9426] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 396.631803][ T9426] kmsan_memcpy_metadata+0xb/0x10 [ 396.636817][ T9426] __msan_memcpy+0x43/0x50 [ 396.641229][ T9426] rmd256_update+0x1fc/0x4f0 [ 396.645804][ T9426] crypto_shash_update+0x4e9/0x550 [ 396.650898][ T9426] shash_async_update+0x113/0x1d0 [ 396.655904][ T9426] hash_sendpage+0x8ef/0xdf0 [ 396.660482][ T9426] sock_sendpage+0x1e1/0x2c0 [ 396.665145][ T9426] pipe_to_sendpage+0x38c/0x4c0 [ 396.669984][ T9426] __splice_from_pipe+0x565/0xf00 [ 396.675012][ T9426] generic_splice_sendpage+0x1d5/0x2d0 [ 396.680457][ T9426] direct_splice_actor+0x1fd/0x580 [ 396.685576][ T9426] splice_direct_to_actor+0x6b2/0xf50 [ 396.690955][ T9426] do_splice_direct+0x342/0x580 [ 396.695798][ T9426] do_sendfile+0x101b/0x1d40 [ 396.700373][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.705473][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.710502][ T9426] do_syscall_64+0xb0/0x150 [ 396.714995][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.720869][ T9426] [ 396.723180][ T9426] Uninit was created at: [ 396.727413][ T9426] kmsan_save_stack_with_flags+0x3c/0x90 [ 396.733030][ T9426] kmsan_alloc_page+0xb9/0x180 [ 396.737778][ T9426] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 396.743310][ T9426] alloc_pages_current+0x672/0x990 [ 396.748405][ T9426] push_pipe+0x605/0xb70 [ 396.752637][ T9426] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 396.758344][ T9426] do_splice_to+0x4fc/0x14f0 [ 396.762921][ T9426] splice_direct_to_actor+0x45c/0xf50 [ 396.768279][ T9426] do_splice_direct+0x342/0x580 [ 396.773114][ T9426] do_sendfile+0x101b/0x1d40 [ 396.777687][ T9426] __se_sys_sendfile64+0x2bb/0x360 [ 396.782783][ T9426] __x64_sys_sendfile64+0x56/0x70 [ 396.787799][ T9426] do_syscall_64+0xb0/0x150 [ 396.792305][ T9426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 396.835442][ C1] sd 0:0:1:0: [sg0] tag#435 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 396.846193][ C1] sd 0:0:1:0: [sg0] tag#435 CDB: Test Unit Ready [ 396.852746][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.862487][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.872289][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.882118][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.891923][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.901735][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.911543][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.921356][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.931259][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.941106][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.950911][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.960706][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 396.970500][ C1] sd 0:0:1:0: [sg0] tag#435 CDB[c0]: 00 00 00 00 00 00 00 00 19:18:43 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x44}}, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000180)=0x2c) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x63) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000040)=@buf={0x0, &(0x7f0000000000)}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) connect$can_bcm(r4, &(0x7f0000000000), 0x10) syz_emit_ethernet(0x300cce, &(0x7f0000000080)={@local, @empty, @val, {@ipv6}}, 0x0) 19:18:44 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000040)={0x0, 0x10, 0x1f}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x80000001, 0x228300) sendmsg$IPSET_CMD_PROTOCOL(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000010603000000000000000000010000090500010007000000000000000000010007bc80e30e00010007000000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x8001) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r6, r7, 0x0, 0x1000007ffff000) socketpair(0x2a, 0x3, 0x8, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000400)=0xc0, 0x4) sendmsg$AUDIT_USER_AVC(r8, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="a40000005304000326bd7000fbdbdf25d183edd4ab037671690ad06064d376ad12fed85dacabfe91f506f8dbe2860ea381e05e28372d44a8eda04fe4a84e42dcaf5cc602fd5c4b3769c096fe212844230a9d52053075b0c88e7528c91d781bfc4bf884e1f75067216d960e373363caa351d657c9bb344849abc8cf698d6dddbcd522d91ec3930e4e65ea5b05fb4f8b7f8cba8fbc6cbd868ed7cc768000000016bc63b8e60e2feb09bcef1b00b0c67b1c060906eafb978630b7a3dc667dcb4b9cd2b214b704045885446d48f08ec98c9bc5ccf4e39cb3f08181eabd00"/234], 0xa4}}, 0x8800) ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4) [ 398.797009][ T9453] not chained 90000 origins [ 398.801590][ T9453] CPU: 1 PID: 9453 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 398.810179][ T9453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.820270][ T9453] Call Trace: [ 398.823577][ T9453] dump_stack+0x1df/0x240 [ 398.827936][ T9453] kmsan_internal_chain_origin+0x6f/0x130 [ 398.833671][ T9453] ? is_module_text_address+0x4d/0x2a0 [ 398.839145][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 398.844973][ T9453] ? __kernel_text_address+0x171/0x2d0 [ 398.850443][ T9453] ? unwind_get_return_address+0x8c/0x130 [ 398.856178][ T9453] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 398.862250][ T9453] ? arch_stack_walk+0x2a2/0x3e0 [ 398.867201][ T9453] ? stack_trace_save+0x1a0/0x1a0 [ 398.872236][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 398.877342][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 398.883140][ T9453] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 398.889198][ T9453] ? stack_trace_save+0x123/0x1a0 [ 398.894215][ T9453] ? kmsan_get_metadata+0x11d/0x180 [ 398.899404][ T9453] __msan_chain_origin+0x50/0x90 [ 398.904334][ T9453] rmd256_transform+0x4328/0x4440 [ 398.909391][ T9453] rmd256_update+0x343/0x4f0 [ 398.913985][ T9453] ? rmd256_init+0x260/0x260 [ 398.918660][ T9453] crypto_shash_update+0x4e9/0x550 [ 398.923774][ T9453] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 398.929937][ T9453] ? crypto_hash_walk_first+0x1fd/0x360 [ 398.935473][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 398.940576][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 398.946373][ T9453] shash_async_update+0x113/0x1d0 [ 398.951390][ T9453] ? shash_async_init+0x1e0/0x1e0 [ 398.956402][ T9453] hash_sendpage+0x8ef/0xdf0 [ 398.960988][ T9453] ? hash_recvmsg+0xd30/0xd30 [ 398.965654][ T9453] sock_sendpage+0x1e1/0x2c0 [ 398.970241][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 398.975081][ T9453] ? sock_fasync+0x250/0x250 [ 398.979670][ T9453] __splice_from_pipe+0x565/0xf00 [ 398.984689][ T9453] ? generic_splice_sendpage+0x2d0/0x2d0 [ 398.990325][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 398.995784][ T9453] ? iter_file_splice_write+0x1800/0x1800 [ 399.006201][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.011308][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 399.016413][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.021774][ T9453] ? do_splice_direct+0x580/0x580 [ 399.026804][ T9453] do_splice_direct+0x342/0x580 [ 399.031656][ T9453] do_sendfile+0x101b/0x1d40 [ 399.036251][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.041372][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 399.046474][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.051491][ T9453] do_syscall_64+0xb0/0x150 [ 399.055990][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.061866][ T9453] RIP: 0033:0x45c1d9 [ 399.065740][ T9453] Code: Bad RIP value. [ 399.069788][ T9453] RSP: 002b:00007f22a319ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 399.078185][ T9453] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 399.086145][ T9453] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 399.094105][ T9453] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 399.102069][ T9453] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 399.110028][ T9453] R13: 0000000000c9fb6f R14: 00007f22a319b9c0 R15: 000000000078bf0c [ 399.118009][ T9453] Uninit was stored to memory at: [ 399.123044][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.129189][ T9453] __msan_chain_origin+0x50/0x90 [ 399.134113][ T9453] rmd256_transform+0x4328/0x4440 [ 399.139138][ T9453] rmd256_update+0x343/0x4f0 [ 399.143728][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.148847][ T9453] shash_async_update+0x113/0x1d0 [ 399.153856][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.158435][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.163035][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.167872][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.172883][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.178342][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.183441][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.188800][ T9453] do_splice_direct+0x342/0x580 [ 399.193634][ T9453] do_sendfile+0x101b/0x1d40 [ 399.198208][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.203311][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.208325][ T9453] do_syscall_64+0xb0/0x150 [ 399.212818][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.218690][ T9453] [ 399.221000][ T9453] Uninit was stored to memory at: [ 399.226015][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.231721][ T9453] __msan_chain_origin+0x50/0x90 [ 399.236645][ T9453] rmd256_transform+0x4328/0x4440 [ 399.241659][ T9453] rmd256_update+0x343/0x4f0 [ 399.246232][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.251333][ T9453] shash_async_update+0x113/0x1d0 [ 399.256345][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.260924][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.265503][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.270344][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.275358][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.280806][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.285907][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.291267][ T9453] do_splice_direct+0x342/0x580 [ 399.296105][ T9453] do_sendfile+0x101b/0x1d40 [ 399.300681][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.305778][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.310790][ T9453] do_syscall_64+0xb0/0x150 [ 399.315283][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.321151][ T9453] [ 399.323461][ T9453] Uninit was stored to memory at: [ 399.328474][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.334179][ T9453] __msan_chain_origin+0x50/0x90 [ 399.339103][ T9453] rmd256_transform+0x4328/0x4440 [ 399.344116][ T9453] rmd256_update+0x343/0x4f0 [ 399.348691][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.353786][ T9453] shash_async_update+0x113/0x1d0 [ 399.358795][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.363374][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.367951][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.372795][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.377810][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.383258][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.388359][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.393721][ T9453] do_splice_direct+0x342/0x580 [ 399.398556][ T9453] do_sendfile+0x101b/0x1d40 [ 399.403133][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.408228][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.413238][ T9453] do_syscall_64+0xb0/0x150 [ 399.417725][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.423594][ T9453] [ 399.425907][ T9453] Uninit was stored to memory at: [ 399.430919][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.436641][ T9453] __msan_chain_origin+0x50/0x90 [ 399.441566][ T9453] rmd256_transform+0x4328/0x4440 [ 399.446582][ T9453] rmd256_update+0x343/0x4f0 [ 399.451188][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.456300][ T9453] shash_async_update+0x113/0x1d0 [ 399.461330][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.465907][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.470483][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.475334][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.480359][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.485804][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.490901][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.496261][ T9453] do_splice_direct+0x342/0x580 [ 399.501096][ T9453] do_sendfile+0x101b/0x1d40 [ 399.505674][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.510893][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.515927][ T9453] do_syscall_64+0xb0/0x150 [ 399.520423][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.526294][ T9453] [ 399.528603][ T9453] Uninit was stored to memory at: [ 399.533614][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.539316][ T9453] __msan_chain_origin+0x50/0x90 [ 399.544243][ T9453] rmd256_transform+0x4328/0x4440 [ 399.549267][ T9453] rmd256_update+0x343/0x4f0 [ 399.553843][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.558970][ T9453] shash_async_update+0x113/0x1d0 [ 399.563980][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.568558][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.573139][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.577982][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.582994][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.588438][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.593534][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.598907][ T9453] do_splice_direct+0x342/0x580 [ 399.603756][ T9453] do_sendfile+0x101b/0x1d40 [ 399.608330][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.613429][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.618441][ T9453] do_syscall_64+0xb0/0x150 [ 399.622932][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.628803][ T9453] [ 399.631113][ T9453] Uninit was stored to memory at: [ 399.636134][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.641839][ T9453] __msan_chain_origin+0x50/0x90 [ 399.646772][ T9453] rmd256_transform+0x4328/0x4440 [ 399.651790][ T9453] rmd256_update+0x227/0x4f0 [ 399.656368][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.661472][ T9453] shash_async_update+0x113/0x1d0 [ 399.666501][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.671079][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.675797][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.680663][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.685684][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.691134][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.696231][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.701590][ T9453] do_splice_direct+0x342/0x580 [ 399.706862][ T9453] do_sendfile+0x101b/0x1d40 [ 399.711438][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.716535][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.721547][ T9453] do_syscall_64+0xb0/0x150 [ 399.726043][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.731919][ T9453] [ 399.734232][ T9453] Uninit was stored to memory at: [ 399.739246][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 399.745386][ T9453] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 399.751352][ T9453] kmsan_memcpy_metadata+0xb/0x10 [ 399.756361][ T9453] __msan_memcpy+0x43/0x50 [ 399.760764][ T9453] rmd256_update+0x1fc/0x4f0 [ 399.765340][ T9453] crypto_shash_update+0x4e9/0x550 [ 399.770436][ T9453] shash_async_update+0x113/0x1d0 [ 399.775446][ T9453] hash_sendpage+0x8ef/0xdf0 [ 399.780024][ T9453] sock_sendpage+0x1e1/0x2c0 [ 399.784601][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 399.789526][ T9453] __splice_from_pipe+0x565/0xf00 [ 399.794536][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 399.799977][ T9453] direct_splice_actor+0x1fd/0x580 [ 399.805075][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 399.810432][ T9453] do_splice_direct+0x342/0x580 [ 399.815268][ T9453] do_sendfile+0x101b/0x1d40 [ 399.819842][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.824934][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.829948][ T9453] do_syscall_64+0xb0/0x150 [ 399.834440][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 399.840310][ T9453] [ 399.842620][ T9453] Uninit was created at: [ 399.846854][ T9453] kmsan_save_stack_with_flags+0x3c/0x90 [ 399.852473][ T9453] kmsan_alloc_page+0xb9/0x180 [ 399.857227][ T9453] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 399.862759][ T9453] alloc_pages_current+0x672/0x990 [ 399.867860][ T9453] push_pipe+0x605/0xb70 [ 399.872089][ T9453] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 399.877804][ T9453] do_splice_to+0x4fc/0x14f0 [ 399.882381][ T9453] splice_direct_to_actor+0x45c/0xf50 [ 399.887740][ T9453] do_splice_direct+0x342/0x580 [ 399.892577][ T9453] do_sendfile+0x101b/0x1d40 [ 399.897154][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 399.902253][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 399.907265][ T9453] do_syscall_64+0xb0/0x150 [ 399.911755][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:18:45 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x15, &(0x7f00000000c0)) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000180)={0x0}) r2 = fcntl$getown(0xffffffffffffffff, 0x9) rt_tgsigqueueinfo(r0, r2, 0xe, &(0x7f00000000c0)={0x28, 0x4}) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000180)={0x0}) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x15, &(0x7f00000000c0)) ptrace(0x10, r3) ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000180)={0x0}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r3], 0x80}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400024c, 0x0) 19:18:45 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000)=""/27, &(0x7f0000000040)=0x1b) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) write$evdev(r6, &(0x7f00000000c0)=[{{0x77359400}, 0x16, 0x4, 0x3}], 0x18) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(r4, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8) sendfile(r0, r4, 0x0, 0x80001d00c0d0) 19:18:46 executing program 2: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc60948ddd3b049f3fc65d61c2b3c65f2f80a61ea6e453473c9297322e30933e97ebc93981b20e03b86d4e99923e6000000000000e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2d4845421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000000000000000009a583b79ab00f783b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fb4579e27cf148248155b7da4a67280d4b6b4eeed958d53b1c488d9dc4a2eb3a40194b9a7c186f9ae102000000b32049874f7962b3eb48ee45c6f3c756a57de500eadd498c9277070980897ccd058ca9006bc77d6c3945800101bc8efcbbbf0fb28392c5730fef0f6a3daa39ee394adc13e75edd163898a9925a972cb361bc1a5e49dfd07418d1d5093b881948a8ab945692d5ee0f726d36a81d8bb82ba889b74efd00d8f5f8b0fd9474a5a8e9136192c1fb0ba6863456fd43bc0a70a2c50bfc697d6275c04af6c2e3f3ea5c67c4927942c74c6a998fa588dc921f1a941635e43f2116bdc4da2431bdea70a700"/664], 0x1a3) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000400)={0x0, 0x1, 0x6, @random="e180bae0ed0d"}, 0x10) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5e818f916164d9b1e42e7c50372a07b0d79f00000000000000000000000000000000475c61effb313e1752c7c60bc8e3f7f84aa90bbd1900000000", @ANYRES16=0x0, @ANYBLOB="29000027546751b34dcc0004000500050002000a000000"], 0x20}}, 0x0) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[@ANYBLOB="91fe48a1", @ANYRES16=0x0], 0x34}}, 0x404c884) readv(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000180)=""/139, 0x8b}], 0x1) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000002c0)={0x0, 0x0, [], @raw_data=[0x1, 0x2, 0x3, 0x0, 0x0, 0xa44, 0x100, 0x4, 0xffffffe0, 0x6, 0x7ff, 0x0, 0x3, 0x1, 0x1000, 0x80000001, 0x2, 0xa, 0x800, 0x10001, 0x820e, 0x1, 0x9, 0x54cd, 0x4, 0x7, 0x8, 0x7ff, 0x0, 0x80, 0x5, 0xffffffff]}) shmat(0x0, &(0x7f0000a00000/0x600000)=nil, 0x4000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0xb, 0x10800, 0x8}, 0x40) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001180)={r1, &(0x7f0000000040), &(0x7f00000021c0)=""/4096}, 0x18) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001140)={r1, &(0x7f00000011c0)="d2", &(0x7f00000031c0)=""/246}, 0x20) ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)=0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r3, r2) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000040)=""/149) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) [ 400.649224][ C0] sd 0:0:1:0: [sg0] tag#442 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 400.659851][ C0] sd 0:0:1:0: [sg0] tag#442 CDB: Test Unit Ready [ 400.666516][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.676275][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.686023][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.695775][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.705656][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.715420][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.725188][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.725410][ T9470] IPVS: ftp: loaded support on port[0] = 21 [ 400.734914][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.750485][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.760318][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.770139][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.779946][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 400.789760][ C0] sd 0:0:1:0: [sg0] tag#442 CDB[c0]: 00 00 00 00 00 00 00 00 [ 401.010361][ T9469] IPVS: ftp: loaded support on port[0] = 21 19:18:46 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0xa8c01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001a40)={'bridge_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001a80)={0x34, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x34}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800000000000000000a000000", @ANYRES32=r8, @ANYBLOB='\a'], 0x28}}, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000028c0)=0x0, &(0x7f0000002900)=0x4) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r11 = accept4(r10, 0x0, 0x0, 0x0) r12 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r11, r12, 0x0, 0x1000007ffff000) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r11, 0x89f0, &(0x7f00000029c0)={'ip6gre0\x00', &(0x7f0000002940)={'syztnl0\x00', 0x0, 0x2f, 0x40, 0x6, 0x40, 0x9, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @empty, 0x7840, 0x10, 0xe51f, 0x9}}) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000002b00)={&(0x7f0000000080), 0xc, &(0x7f0000002ac0)={&(0x7f0000002a00)={0xb4, r2, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x50040}, 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@ldst={0x3, 0x0, 0x3, 0xa, 0x1, 0xfffffffffffffff4}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 19:18:46 executing program 2: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe2c5e16d87cebd96a909d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000000)={0x0, 'veth0\x00', {0x3}, 0xadc}) r4 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0x0, 0x400400) ioctl$VFIO_IOMMU_UNMAP_DMA(r4, 0x3b72, &(0x7f0000000140)={0xad, 0x2, 0xe7f, 0xff, "6b4a91b02d782e18de50328c20c4bcd9fae1374e6c9dec67f04d4709f7a1e540dafe6bbfd87a481d62ce51fbbaad4364111b561b2808ed4f60bf34059fa46e469c6117d8973bf6d4e9ae1ab9708ff05e5f356b123237a74da5e2f30304da73f5b81eae023a21bd3e1f24e6030be95812c78d91b77a4466635524b3d9a2c2744590f7764a622f753b168de1241693185b571f685116"}) ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0x9) r5 = add_key$user(&(0x7f0000000540)='user\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000100), 0x26, 0xfffffffffffffffe) r6 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$update(0x2, r6, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000200)='.dead\x00', &(0x7f0000000280)=@builtin='builtin_trusted\x00') keyctl$dh_compute(0x17, &(0x7f00000002c0)={r5, r0, r5}, &(0x7f0000000580)=""/249, 0xf9, &(0x7f0000000240)={&(0x7f0000000040)={'streebog256\x00\x00\x00\x00\x00\x03\x00'}}) [ 401.218596][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 401.337730][ C0] sd 0:0:1:0: [sg0] tag#443 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 401.348314][ C0] sd 0:0:1:0: [sg0] tag#443 CDB: Test Unit Ready [ 401.354964][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.364728][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.374487][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.384239][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.394054][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.403892][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.413709][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.423528][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.433359][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.443177][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.453011][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.462688][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 401.472498][ C0] sd 0:0:1:0: [sg0] tag#443 CDB[c0]: 00 00 00 00 00 00 00 00 [ 401.563801][ T9453] not chained 100000 origins [ 401.568444][ T9453] CPU: 0 PID: 9453 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 401.577032][ T9453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.587268][ T9453] Call Trace: [ 401.590756][ T9453] dump_stack+0x1df/0x240 [ 401.595110][ T9453] kmsan_internal_chain_origin+0x6f/0x130 [ 401.600912][ T9453] ? is_module_text_address+0x4d/0x2a0 [ 401.606396][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 401.612930][ T9453] ? __kernel_text_address+0x171/0x2d0 [ 401.618415][ T9453] ? unwind_get_return_address+0x8c/0x130 [ 401.624241][ T9453] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 401.630335][ T9453] ? arch_stack_walk+0x2a2/0x3e0 [ 401.635287][ T9453] ? stack_trace_save+0x1a0/0x1a0 [ 401.640336][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 401.645462][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 401.651282][ T9453] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 401.657369][ T9453] ? stack_trace_save+0x123/0x1a0 [ 401.662419][ T9453] ? kmsan_get_metadata+0x11d/0x180 [ 401.667635][ T9453] __msan_chain_origin+0x50/0x90 [ 401.672672][ T9453] rmd256_transform+0x4328/0x4440 [ 401.677759][ T9453] rmd256_update+0x343/0x4f0 [ 401.682371][ T9453] ? rmd256_init+0x260/0x260 [ 401.687024][ T9453] crypto_shash_update+0x4e9/0x550 [ 401.692157][ T9453] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 401.698342][ T9453] ? crypto_hash_walk_first+0x1fd/0x360 [ 401.703880][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 401.708981][ T9453] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 401.714777][ T9453] shash_async_update+0x113/0x1d0 [ 401.719793][ T9453] ? shash_async_init+0x1e0/0x1e0 [ 401.724803][ T9453] hash_sendpage+0x8ef/0xdf0 [ 401.729386][ T9453] ? hash_recvmsg+0xd30/0xd30 [ 401.734052][ T9453] sock_sendpage+0x1e1/0x2c0 [ 401.738640][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 401.743478][ T9453] ? sock_fasync+0x250/0x250 [ 401.748067][ T9453] __splice_from_pipe+0x565/0xf00 [ 401.753088][ T9453] ? generic_splice_sendpage+0x2d0/0x2d0 [ 401.758736][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 401.764191][ T9453] ? iter_file_splice_write+0x1800/0x1800 [ 401.769897][ T9453] direct_splice_actor+0x1fd/0x580 [ 401.775007][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 401.780113][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 401.785502][ T9453] ? do_splice_direct+0x580/0x580 [ 401.790530][ T9453] do_splice_direct+0x342/0x580 [ 401.795381][ T9453] do_sendfile+0x101b/0x1d40 [ 401.799978][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 401.805077][ T9453] ? kmsan_get_metadata+0x4f/0x180 [ 401.810183][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 401.815201][ T9453] do_syscall_64+0xb0/0x150 [ 401.819698][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 401.825576][ T9453] RIP: 0033:0x45c1d9 [ 401.829450][ T9453] Code: Bad RIP value. [ 401.833502][ T9453] RSP: 002b:00007f22a319ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 401.841916][ T9453] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 401.849871][ T9453] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 401.857829][ T9453] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 401.865785][ T9453] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 401.873744][ T9453] R13: 0000000000c9fb6f R14: 00007f22a319b9c0 R15: 000000000078bf0c [ 401.881730][ T9453] Uninit was stored to memory at: [ 401.886920][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 401.892641][ T9453] __msan_chain_origin+0x50/0x90 [ 401.897567][ T9453] rmd256_transform+0x4328/0x4440 [ 401.902576][ T9453] rmd256_update+0x343/0x4f0 [ 401.907154][ T9453] crypto_shash_update+0x4e9/0x550 [ 401.912249][ T9453] shash_async_update+0x113/0x1d0 [ 401.917259][ T9453] hash_sendpage+0x8ef/0xdf0 [ 401.921844][ T9453] sock_sendpage+0x1e1/0x2c0 [ 401.926420][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 401.931255][ T9453] __splice_from_pipe+0x565/0xf00 [ 401.936264][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 401.941708][ T9453] direct_splice_actor+0x1fd/0x580 [ 401.946808][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 401.952165][ T9453] do_splice_direct+0x342/0x580 [ 401.957000][ T9453] do_sendfile+0x101b/0x1d40 [ 401.961574][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 401.966671][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 401.971681][ T9453] do_syscall_64+0xb0/0x150 [ 401.976172][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 401.982058][ T9453] [ 401.984367][ T9453] Uninit was stored to memory at: [ 401.989376][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 401.995081][ T9453] __msan_chain_origin+0x50/0x90 [ 402.000008][ T9453] rmd256_transform+0x4328/0x4440 [ 402.005020][ T9453] rmd256_update+0x343/0x4f0 [ 402.009597][ T9453] crypto_shash_update+0x4e9/0x550 [ 402.014692][ T9453] shash_async_update+0x113/0x1d0 [ 402.019701][ T9453] hash_sendpage+0x8ef/0xdf0 [ 402.024304][ T9453] sock_sendpage+0x1e1/0x2c0 [ 402.028883][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 402.033718][ T9453] __splice_from_pipe+0x565/0xf00 [ 402.038732][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 402.044177][ T9453] direct_splice_actor+0x1fd/0x580 [ 402.049275][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 402.054633][ T9453] do_splice_direct+0x342/0x580 [ 402.059467][ T9453] do_sendfile+0x101b/0x1d40 [ 402.064051][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.069148][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.074168][ T9453] do_syscall_64+0xb0/0x150 [ 402.078657][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.084525][ T9453] [ 402.086837][ T9453] Uninit was stored to memory at: [ 402.091846][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 402.097550][ T9453] __msan_chain_origin+0x50/0x90 [ 402.102473][ T9453] rmd256_transform+0x4328/0x4440 [ 402.107487][ T9453] rmd256_update+0x343/0x4f0 [ 402.112060][ T9453] crypto_shash_update+0x4e9/0x550 [ 402.117154][ T9453] shash_async_update+0x113/0x1d0 [ 402.122161][ T9453] hash_sendpage+0x8ef/0xdf0 [ 402.126765][ T9453] sock_sendpage+0x1e1/0x2c0 [ 402.132992][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 402.137833][ T9453] __splice_from_pipe+0x565/0xf00 [ 402.142850][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 402.148295][ T9453] direct_splice_actor+0x1fd/0x580 [ 402.153394][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 402.158749][ T9453] do_splice_direct+0x342/0x580 [ 402.163586][ T9453] do_sendfile+0x101b/0x1d40 [ 402.168164][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.173261][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.178273][ T9453] do_syscall_64+0xb0/0x150 [ 402.182768][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.188643][ T9453] [ 402.190957][ T9453] Uninit was stored to memory at: [ 402.195994][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 402.201699][ T9453] __msan_chain_origin+0x50/0x90 [ 402.206627][ T9453] rmd256_transform+0x4328/0x4440 [ 402.211640][ T9453] rmd256_update+0x343/0x4f0 [ 402.216215][ T9453] crypto_shash_update+0x4e9/0x550 [ 402.221319][ T9453] shash_async_update+0x113/0x1d0 [ 402.226333][ T9453] hash_sendpage+0x8ef/0xdf0 [ 402.230917][ T9453] sock_sendpage+0x1e1/0x2c0 [ 402.235496][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 402.240337][ T9453] __splice_from_pipe+0x565/0xf00 [ 402.245365][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 402.250811][ T9453] direct_splice_actor+0x1fd/0x580 [ 402.255909][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 402.261265][ T9453] do_splice_direct+0x342/0x580 [ 402.266109][ T9453] do_sendfile+0x101b/0x1d40 [ 402.270685][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.275785][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.280798][ T9453] do_syscall_64+0xb0/0x150 [ 402.285287][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.291156][ T9453] [ 402.293466][ T9453] Uninit was stored to memory at: [ 402.298476][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 402.304179][ T9453] __msan_chain_origin+0x50/0x90 [ 402.309109][ T9453] rmd256_transform+0x4328/0x4440 [ 402.314122][ T9453] rmd256_update+0x343/0x4f0 [ 402.318714][ T9453] crypto_shash_update+0x4e9/0x550 [ 402.323809][ T9453] shash_async_update+0x113/0x1d0 [ 402.328820][ T9453] hash_sendpage+0x8ef/0xdf0 [ 402.333418][ T9453] sock_sendpage+0x1e1/0x2c0 [ 402.337994][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 402.342832][ T9453] __splice_from_pipe+0x565/0xf00 [ 402.347843][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 402.353288][ T9453] direct_splice_actor+0x1fd/0x580 [ 402.358389][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 402.363758][ T9453] do_splice_direct+0x342/0x580 [ 402.368594][ T9453] do_sendfile+0x101b/0x1d40 [ 402.373168][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.378264][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.383276][ T9453] do_syscall_64+0xb0/0x150 [ 402.387768][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.393639][ T9453] [ 402.395950][ T9453] Uninit was stored to memory at: [ 402.400961][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 402.406668][ T9453] __msan_chain_origin+0x50/0x90 [ 402.411595][ T9453] rmd256_transform+0x4328/0x4440 [ 402.416692][ T9453] rmd256_update+0x227/0x4f0 [ 402.421277][ T9453] crypto_shash_update+0x4e9/0x550 [ 402.426390][ T9453] shash_async_update+0x113/0x1d0 [ 402.431398][ T9453] hash_sendpage+0x8ef/0xdf0 [ 402.435976][ T9453] sock_sendpage+0x1e1/0x2c0 [ 402.440554][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 402.445388][ T9453] __splice_from_pipe+0x565/0xf00 [ 402.450486][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 402.455930][ T9453] direct_splice_actor+0x1fd/0x580 [ 402.461026][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 402.466385][ T9453] do_splice_direct+0x342/0x580 [ 402.471218][ T9453] do_sendfile+0x101b/0x1d40 [ 402.475791][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.480885][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.485896][ T9453] do_syscall_64+0xb0/0x150 [ 402.490403][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.496273][ T9453] [ 402.498582][ T9453] Uninit was stored to memory at: [ 402.503726][ T9453] kmsan_internal_chain_origin+0xad/0x130 [ 402.509472][ T9453] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 402.515454][ T9453] kmsan_memcpy_metadata+0xb/0x10 [ 402.520555][ T9453] __msan_memcpy+0x43/0x50 [ 402.524972][ T9453] rmd256_update+0x1fc/0x4f0 [ 402.529546][ T9453] crypto_shash_update+0x4e9/0x550 [ 402.534640][ T9453] shash_async_update+0x113/0x1d0 [ 402.539651][ T9453] hash_sendpage+0x8ef/0xdf0 [ 402.544228][ T9453] sock_sendpage+0x1e1/0x2c0 [ 402.548808][ T9453] pipe_to_sendpage+0x38c/0x4c0 [ 402.553643][ T9453] __splice_from_pipe+0x565/0xf00 [ 402.558656][ T9453] generic_splice_sendpage+0x1d5/0x2d0 [ 402.564107][ T9453] direct_splice_actor+0x1fd/0x580 [ 402.569207][ T9453] splice_direct_to_actor+0x6b2/0xf50 [ 402.574564][ T9453] do_splice_direct+0x342/0x580 [ 402.579401][ T9453] do_sendfile+0x101b/0x1d40 [ 402.583988][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.589091][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.594110][ T9453] do_syscall_64+0xb0/0x150 [ 402.598602][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.604473][ T9453] [ 402.606786][ T9453] Uninit was created at: [ 402.611014][ T9453] kmsan_save_stack_with_flags+0x3c/0x90 [ 402.616631][ T9453] kmsan_alloc_page+0xb9/0x180 [ 402.621388][ T9453] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 402.626938][ T9453] alloc_pages_current+0x672/0x990 [ 402.632034][ T9453] push_pipe+0x605/0xb70 [ 402.636262][ T9453] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 402.641968][ T9453] do_splice_to+0x4fc/0x14f0 [ 402.646544][ T9453] splice_direct_to_actor+0x45c/0xf50 [ 402.651903][ T9453] do_splice_direct+0x342/0x580 [ 402.656737][ T9453] do_sendfile+0x101b/0x1d40 [ 402.661309][ T9453] __se_sys_sendfile64+0x2bb/0x360 [ 402.666407][ T9453] __x64_sys_sendfile64+0x56/0x70 [ 402.671530][ T9453] do_syscall_64+0xb0/0x150 [ 402.676043][ T9453] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 402.723917][ T9517] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 402.791861][ T963] tipc: TX() has been purged, node left! 19:18:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB="022e9a5ebbf4f75a5bdcb9e3cb34d50051", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000040)={r7}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f00000000c0)={r7, 0x1ff}, 0x8) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r8 = accept4(r3, 0x0, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r8, r9, 0x0, 0x1000007ffff000) getsockopt$SO_TIMESTAMP(r8, 0x1, 0x23, &(0x7f0000000000), &(0x7f0000000080)=0x4) process_vm_writev(r2, &(0x7f0000002540)=[{&(0x7f00000025c0)=""/233}, {}, {&(0x7f00000011c0)=""/120}, {&(0x7f00000012c0)=""/179}, {&(0x7f0000001380)=""/136}, {&(0x7f0000001440)=""/123}, {&(0x7f00000014c0)=""/109}, {&(0x7f0000001540)=""/4096}], 0x0, &(0x7f0000003500)=[{&(0x7f0000000180)=""/4100, 0x1053}], 0x1, 0x0) 19:18:48 executing program 2: connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x800000000000401) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = fsopen(0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000ff0200000000000000000000000000010000000000000000000000000000000000000000000000000002000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="feffffff000000009c001100ff010000000000000000000000000001ffffffff00000000000000000000000020010000000000000000000000000000ac141429000000000000000000000000000000000000000000000200ff010000000000000000000000000001ffffffff000000000000000000000000fe8000000000000000000000000000bb20010000000000000000000000000000000300"/164], 0xec}}, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000380)={0x79e9, 0x0, 0x4, 0x40000000, 0xb00d, {0x77359400}, {0x3, 0xc, 0x5, 0x6a, 0x40, 0x6, "63122a3c"}, 0x0, 0x4, @userptr=0x800, 0x0, 0x0, r1}) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x48) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000000)) sendfile(0xffffffffffffffff, r0, &(0x7f0000000080)=0x1, 0x620d99d) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) setsockopt$sock_timeval(r2, 0x1, 0x2f, &(0x7f0000abaff9)={0x77359400}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f00000000c0)={0x0, 0x40400000}, &(0x7f0000000100)=0x8) socket$inet(0x2, 0x6, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) set_mempolicy(0x4002, &(0x7f0000000140)=0x10000101, 0x2) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) [ 403.340513][ T9530] IPVS: ftp: loaded support on port[0] = 21 19:18:49 executing program 1: r0 = socket(0x10, 0x803, 0x0) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={r4, 0xf6ad, 0x7}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000280)={r5, 0xfff8, 0x7}, 0x8) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="480000001000050700000000000000e3ff000000", @ANYRES32=r10, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4000000010010104000015ab5be833ddc0f433fb4445dcdfe11200000000000080000000", @ANYRES32=r10, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32, @ANYBLOB="08000200", @ANYRES32=r6, @ANYBLOB], 0x40}}, 0x0) [ 403.772618][ T9534] IPVS: ftp: loaded support on port[0] = 21 [ 403.834735][ T9546] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 19:18:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000009c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x478, 0x2b0, 0x150, 0x150, 0x2b0, 0x0, 0x3a8, 0x238, 0x238, 0x3a8, 0x238, 0x3, 0x0, {[{{@ipv6={@ipv4={[], [], @broadcast}, @mcast2, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x248, 0x2b0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth1_virt_wifi\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x10001, 0x4}}}, @common=@inet=@sctp={{0x148, 'sctp\x00'}, {[], [], [], 0x0, [], 0x0, 0x0, 0x4}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8) 19:18:49 executing program 2: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x1002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x401, 0x9, 0x0, 0x0, 0x3, 0x8, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000800)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c60100000045c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f024e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e600000000000000000038ed92e1000000000000f390d71cc6092cddd3b0490b0a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996db18e3e6905117c97a12f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e05cd3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000000004000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea880059400aea28904ffa9155bf6409b065a980528827de08737cf643db6de62f250000000000000000004d0ef2570b4ee56e5106a4329f3242e4cf649d6d52795f1d87638619c7805ef9eae6dc335c357e78ba75cb13355ef284ba1d5d803a885b0c366c93170b91868d7e064ba60310e9ea40fb61d1503ea71d2b0cabd1f33d0fcbb611c17dc9fed38f31478e26b67d7f81e57a0e0800a9a619e88aaeda0990cba93fab783b0de0fcec8b0d9da5c29ed8b40e32a1570b220f9613120da3381db8ac9aa39a62e0a8a485affebf00000000000004001c18722896fcd9455cbdf95939b1515b429a0f2768275bcb2360a2fd2472c79516e800"/617], 0x197) openat$nullb(0xffffffffffffff9c, 0x0, 0x80000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x26d1e3c4bbfc931f) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305839, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x13e06, 0x0) chdir(&(0x7f0000000240)='./file0\x00') ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r1, 0x110, 0x5, &(0x7f00000000c0)=[0x1, 0x1], 0x2) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, 0x0, 0x2004480e) write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000002c0), &(0x7f0000000300)=0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="2ab35bace8ae75efc095cd17604a7f532eca1abb2a880bb4e46d1678f81cb682070e543c0e632c0ceb7a7fbaf1d2447faaf322243a2bfb96c74b86163483bc9151ac67b6a222a790baf5a8f60ddb5c9d13c7ec59f2b568b4c613bccac6b5aa882f2ccd1f35ef733c7fee1b717a47559a19e631120b42e035a51cafb651", @ANYBLOB="58018447", @ANYBLOB], 0xfffffdef) [ 404.347152][ T9591] not chained 110000 origins [ 404.351798][ T9591] CPU: 1 PID: 9591 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 404.360386][ T9591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.370453][ T9591] Call Trace: [ 404.373767][ T9591] dump_stack+0x1df/0x240 [ 404.378119][ T9591] kmsan_internal_chain_origin+0x6f/0x130 [ 404.383862][ T9591] ? is_module_text_address+0x4d/0x2a0 [ 404.389339][ T9591] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 404.395151][ T9591] ? __kernel_text_address+0x171/0x2d0 [ 404.400600][ T9591] ? unwind_get_return_address+0x8c/0x130 [ 404.406309][ T9591] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 404.412362][ T9591] ? arch_stack_walk+0x2a2/0x3e0 [ 404.417288][ T9591] ? stack_trace_save+0x1a0/0x1a0 [ 404.422339][ T9591] ? kmsan_get_metadata+0x4f/0x180 [ 404.427445][ T9591] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 404.433245][ T9591] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 404.439303][ T9591] ? stack_trace_save+0x123/0x1a0 [ 404.444322][ T9591] ? kmsan_get_metadata+0x11d/0x180 [ 404.449511][ T9591] __msan_chain_origin+0x50/0x90 [ 404.454448][ T9591] rmd256_transform+0x4328/0x4440 [ 404.459478][ T9591] ? pci_fintek_rs485_config+0x294/0x5c0 [ 404.465125][ T9591] rmd256_update+0x343/0x4f0 [ 404.469713][ T9591] ? rmd256_init+0x260/0x260 [ 404.474293][ T9591] crypto_shash_update+0x4e9/0x550 [ 404.479394][ T9591] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 404.485552][ T9591] ? crypto_hash_walk_first+0x1fd/0x360 [ 404.491093][ T9591] ? kmsan_get_metadata+0x4f/0x180 [ 404.496211][ T9591] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 404.502005][ T9591] shash_async_update+0x113/0x1d0 [ 404.507569][ T9591] ? shash_async_init+0x1e0/0x1e0 [ 404.512585][ T9591] hash_sendpage+0x8ef/0xdf0 [ 404.517191][ T9591] ? hash_recvmsg+0xd30/0xd30 [ 404.521871][ T9591] sock_sendpage+0x1e1/0x2c0 [ 404.526467][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 404.531310][ T9591] ? sock_fasync+0x250/0x250 [ 404.535897][ T9591] __splice_from_pipe+0x565/0xf00 [ 404.540911][ T9591] ? generic_splice_sendpage+0x2d0/0x2d0 [ 404.546548][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 404.552015][ T9591] ? iter_file_splice_write+0x1800/0x1800 [ 404.557724][ T9591] direct_splice_actor+0x1fd/0x580 [ 404.562848][ T9591] ? kmsan_get_metadata+0x4f/0x180 [ 404.567959][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 404.573343][ T9591] ? do_splice_direct+0x580/0x580 [ 404.578373][ T9591] do_splice_direct+0x342/0x580 [ 404.583248][ T9591] do_sendfile+0x101b/0x1d40 [ 404.587843][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 404.592945][ T9591] ? kmsan_get_metadata+0x4f/0x180 [ 404.598049][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 404.603066][ T9591] do_syscall_64+0xb0/0x150 [ 404.607584][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 404.613462][ T9591] RIP: 0033:0x45c1d9 [ 404.617334][ T9591] Code: Bad RIP value. [ 404.621385][ T9591] RSP: 002b:00007fb8bb63ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 404.629802][ T9591] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 404.637764][ T9591] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 404.645722][ T9591] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 404.653693][ T9591] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 404.661666][ T9591] R13: 0000000000c9fb6f R14: 00007fb8bb63b9c0 R15: 000000000078bf0c [ 404.669648][ T9591] Uninit was stored to memory at: [ 404.674689][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 404.680409][ T9591] __msan_chain_origin+0x50/0x90 [ 404.685338][ T9591] rmd256_transform+0x4328/0x4440 [ 404.690363][ T9591] rmd256_update+0x343/0x4f0 [ 404.695023][ T9591] crypto_shash_update+0x4e9/0x550 [ 404.700119][ T9591] shash_async_update+0x113/0x1d0 [ 404.705137][ T9591] hash_sendpage+0x8ef/0xdf0 [ 404.709714][ T9591] sock_sendpage+0x1e1/0x2c0 [ 404.714290][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 404.719127][ T9591] __splice_from_pipe+0x565/0xf00 [ 404.724139][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 404.729583][ T9591] direct_splice_actor+0x1fd/0x580 [ 404.736506][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 404.741860][ T9591] do_splice_direct+0x342/0x580 [ 404.746695][ T9591] do_sendfile+0x101b/0x1d40 [ 404.751270][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 404.756390][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 404.761399][ T9591] do_syscall_64+0xb0/0x150 [ 404.765918][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 404.771787][ T9591] [ 404.774097][ T9591] Uninit was stored to memory at: [ 404.779108][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 404.784811][ T9591] __msan_chain_origin+0x50/0x90 [ 404.789737][ T9591] rmd256_transform+0x4328/0x4440 [ 404.794748][ T9591] rmd256_update+0x343/0x4f0 [ 404.799320][ T9591] crypto_shash_update+0x4e9/0x550 [ 404.804418][ T9591] shash_async_update+0x113/0x1d0 [ 404.809429][ T9591] hash_sendpage+0x8ef/0xdf0 [ 404.814008][ T9591] sock_sendpage+0x1e1/0x2c0 [ 404.818586][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 404.823422][ T9591] __splice_from_pipe+0x565/0xf00 [ 404.828437][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 404.833909][ T9591] direct_splice_actor+0x1fd/0x580 [ 404.839006][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 404.844362][ T9591] do_splice_direct+0x342/0x580 [ 404.849198][ T9591] do_sendfile+0x101b/0x1d40 [ 404.853783][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 404.858875][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 404.863890][ T9591] do_syscall_64+0xb0/0x150 [ 404.868379][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 404.874248][ T9591] [ 404.876558][ T9591] Uninit was stored to memory at: [ 404.881571][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 404.887285][ T9591] __msan_chain_origin+0x50/0x90 [ 404.892208][ T9591] rmd256_transform+0x4328/0x4440 [ 404.897221][ T9591] rmd256_update+0x343/0x4f0 [ 404.901797][ T9591] crypto_shash_update+0x4e9/0x550 [ 404.906890][ T9591] shash_async_update+0x113/0x1d0 [ 404.911898][ T9591] hash_sendpage+0x8ef/0xdf0 [ 404.916472][ T9591] sock_sendpage+0x1e1/0x2c0 [ 404.921047][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 404.925884][ T9591] __splice_from_pipe+0x565/0xf00 [ 404.930897][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 404.936339][ T9591] direct_splice_actor+0x1fd/0x580 [ 404.941436][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 404.946794][ T9591] do_splice_direct+0x342/0x580 [ 404.951629][ T9591] do_sendfile+0x101b/0x1d40 [ 404.956229][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 404.961672][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 404.966686][ T9591] do_syscall_64+0xb0/0x150 [ 404.971176][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 404.977043][ T9591] [ 404.979365][ T9591] Uninit was stored to memory at: [ 404.984378][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 404.990082][ T9591] __msan_chain_origin+0x50/0x90 [ 404.995008][ T9591] rmd256_transform+0x4328/0x4440 [ 405.000018][ T9591] rmd256_update+0x343/0x4f0 [ 405.004590][ T9591] crypto_shash_update+0x4e9/0x550 [ 405.009682][ T9591] shash_async_update+0x113/0x1d0 [ 405.014688][ T9591] hash_sendpage+0x8ef/0xdf0 [ 405.019264][ T9591] sock_sendpage+0x1e1/0x2c0 [ 405.023840][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 405.028676][ T9591] __splice_from_pipe+0x565/0xf00 [ 405.033683][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 405.039124][ T9591] direct_splice_actor+0x1fd/0x580 [ 405.044222][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 405.049689][ T9591] do_splice_direct+0x342/0x580 [ 405.054525][ T9591] do_sendfile+0x101b/0x1d40 [ 405.059100][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 405.064198][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 405.069209][ T9591] do_syscall_64+0xb0/0x150 [ 405.073700][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 405.079575][ T9591] [ 405.081881][ T9591] Uninit was stored to memory at: [ 405.086909][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 405.092614][ T9591] __msan_chain_origin+0x50/0x90 [ 405.097538][ T9591] rmd256_transform+0x4328/0x4440 [ 405.102547][ T9591] rmd256_update+0x343/0x4f0 [ 405.107134][ T9591] crypto_shash_update+0x4e9/0x550 [ 405.112229][ T9591] shash_async_update+0x113/0x1d0 [ 405.117349][ T9591] hash_sendpage+0x8ef/0xdf0 [ 405.121931][ T9591] sock_sendpage+0x1e1/0x2c0 [ 405.126508][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 405.131343][ T9591] __splice_from_pipe+0x565/0xf00 [ 405.136350][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 405.141793][ T9591] direct_splice_actor+0x1fd/0x580 [ 405.146890][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 405.152248][ T9591] do_splice_direct+0x342/0x580 [ 405.157080][ T9591] do_sendfile+0x101b/0x1d40 [ 405.161659][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 405.166756][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 405.171884][ T9591] do_syscall_64+0xb0/0x150 [ 405.176376][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 405.182247][ T9591] [ 405.184566][ T9591] Uninit was stored to memory at: [ 405.189579][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 405.195286][ T9591] __msan_chain_origin+0x50/0x90 [ 405.200227][ T9591] rmd256_transform+0x4328/0x4440 [ 405.205242][ T9591] rmd256_update+0x227/0x4f0 [ 405.209822][ T9591] crypto_shash_update+0x4e9/0x550 [ 405.214918][ T9591] shash_async_update+0x113/0x1d0 [ 405.219989][ T9591] hash_sendpage+0x8ef/0xdf0 [ 405.224579][ T9591] sock_sendpage+0x1e1/0x2c0 [ 405.229157][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 405.234101][ T9591] __splice_from_pipe+0x565/0xf00 [ 405.239114][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 405.244559][ T9591] direct_splice_actor+0x1fd/0x580 [ 405.249662][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 405.255038][ T9591] do_splice_direct+0x342/0x580 [ 405.259873][ T9591] do_sendfile+0x101b/0x1d40 [ 405.264448][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 405.269543][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 405.274554][ T9591] do_syscall_64+0xb0/0x150 [ 405.279045][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 405.284914][ T9591] [ 405.287223][ T9591] Uninit was stored to memory at: [ 405.292234][ T9591] kmsan_internal_chain_origin+0xad/0x130 [ 405.297941][ T9591] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 405.303903][ T9591] kmsan_memcpy_metadata+0xb/0x10 [ 405.308909][ T9591] __msan_memcpy+0x43/0x50 [ 405.313312][ T9591] rmd256_update+0x1fc/0x4f0 [ 405.317884][ T9591] crypto_shash_update+0x4e9/0x550 [ 405.322977][ T9591] shash_async_update+0x113/0x1d0 [ 405.327998][ T9591] hash_sendpage+0x8ef/0xdf0 [ 405.332573][ T9591] sock_sendpage+0x1e1/0x2c0 [ 405.337151][ T9591] pipe_to_sendpage+0x38c/0x4c0 [ 405.342001][ T9591] __splice_from_pipe+0x565/0xf00 [ 405.347037][ T9591] generic_splice_sendpage+0x1d5/0x2d0 [ 405.352478][ T9591] direct_splice_actor+0x1fd/0x580 [ 405.357574][ T9591] splice_direct_to_actor+0x6b2/0xf50 [ 405.363897][ T9591] do_splice_direct+0x342/0x580 [ 405.368732][ T9591] do_sendfile+0x101b/0x1d40 [ 405.373306][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 405.378416][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 405.383430][ T9591] do_syscall_64+0xb0/0x150 [ 405.387921][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 405.393792][ T9591] [ 405.396103][ T9591] Uninit was created at: [ 405.400329][ T9591] kmsan_save_stack_with_flags+0x3c/0x90 [ 405.405945][ T9591] kmsan_alloc_page+0xb9/0x180 [ 405.410691][ T9591] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 405.416221][ T9591] alloc_pages_current+0x672/0x990 [ 405.421317][ T9591] push_pipe+0x605/0xb70 [ 405.425542][ T9591] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 405.431247][ T9591] do_splice_to+0x4fc/0x14f0 [ 405.435822][ T9591] splice_direct_to_actor+0x45c/0xf50 [ 405.441177][ T9591] do_splice_direct+0x342/0x580 [ 405.446099][ T9591] do_sendfile+0x101b/0x1d40 [ 405.450675][ T9591] __se_sys_sendfile64+0x2bb/0x360 [ 405.455774][ T9591] __x64_sys_sendfile64+0x56/0x70 [ 405.460785][ T9591] do_syscall_64+0xb0/0x150 [ 405.465275][ T9591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 405.496540][ T9545] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 405.607741][ C1] sd 0:0:1:0: [sg0] tag#445 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 405.618300][ C1] sd 0:0:1:0: [sg0] tag#445 CDB: Test Unit Ready [ 405.624947][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.634681][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.644426][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.654176][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.663938][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.673692][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.683442][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.693186][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.702936][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.712604][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.722345][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.732166][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.741987][ C1] sd 0:0:1:0: [sg0] tag#445 CDB[c0]: 00 00 00 00 00 00 00 00 [ 405.893073][ C1] sd 0:0:1:0: [sg0] tag#446 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 405.903662][ C1] sd 0:0:1:0: [sg0] tag#446 CDB: Test Unit Ready [ 405.910213][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.920004][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.929829][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.939667][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.949465][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.959215][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.968964][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.978707][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.988471][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 405.998226][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 406.007972][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 406.017748][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 406.027501][ C1] sd 0:0:1:0: [sg0] tag#446 CDB[c0]: 00 00 00 00 00 00 00 00 19:18:51 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) syz_open_dev$radio(&(0x7f0000000180)='/dev/radio#\x00', 0x3, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002e80)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) r3 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000280)={r4, 0x5, 0x4}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000300)={r5, 0x6000, 0xc3}, &(0x7f0000000340)=0x8) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r6 = accept4(r3, 0x0, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r6, r7, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r7, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, 0x2, 0x8, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a2}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x100}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80000000}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x8880}, 0x10) ioctl$KVM_ARM_SET_DEVICE_ADDR(r7, 0x4010aeab, &(0x7f0000000200)={0x6, 0x5000}) sendmsg$netlink(r2, &(0x7f0000028fc8)={0x0, 0x0, &(0x7f0000019000)=[{0x0, 0x1}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="01"], 0x14}, 0x0) r8 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x480, 0x0) syz_open_dev$vivid(&(0x7f0000000240)='/dev/video#\x00', 0x1, 0x2) ioctl$UI_BEGIN_FF_ERASE(r8, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x14d, 0x80000000}) 19:18:52 executing program 1: r0 = socket(0x10, 0x3, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x68bc2, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400001, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r6 = dup(r5) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800000000000000000a000000", @ANYRES32=r9, @ANYBLOB='\a'], 0x28}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'syztnl1\x00', r9, 0x29, 0x40, 0x6, 0x238, 0x64, @mcast1, @private0={0xfc, 0x0, [], 0x1}, 0x80, 0x7800, 0x6, 0x401}}) r10 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r10) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x7ff, 0x0, 0x0, 0x63}, 0x10) write(r0, &(0x7f0000000000)="240000005a001f040000000700ac5fbfc7b5640904000200ff100c0004003adc22965511", 0x24) 19:18:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0xbf, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000380)={0x1, 0x1, 0xe8ca, 0x3fd, 0x1b, "b3000000ac4858c8"}) ioctl$VIDIOC_QUERYSTD(r3, 0x8008563f, &(0x7f0000000040)) setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x1, 0x4) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xfffffffffffffee0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) recvmmsg(r0, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000034c0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/158, 0x9e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000400)=""/32, 0x20}, {&(0x7f00000044c0)=""/4108, 0x100c}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f0000000540)=""/109, 0x6d}, {&(0x7f00000005c0)=""/100, 0x64}], 0x5}}, {{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000480)=""/102, 0x66}, {&(0x7f0000000180)=""/200, 0xc8}], 0x3}}], 0x3, 0x0, 0x0) [ 406.791389][ T9609] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 406.892006][ T9611] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 406.960619][ T9609] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 407.106209][ T9616] not chained 120000 origins [ 407.110856][ T9616] CPU: 1 PID: 9616 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 407.119445][ T9616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.129601][ T9616] Call Trace: [ 407.133012][ T9616] dump_stack+0x1df/0x240 [ 407.137369][ T9616] kmsan_internal_chain_origin+0x6f/0x130 [ 407.143142][ T9616] ? is_module_text_address+0x4d/0x2a0 [ 407.148627][ T9616] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 407.154492][ T9616] ? __kernel_text_address+0x171/0x2d0 [ 407.159957][ T9616] ? unwind_get_return_address+0x8c/0x130 [ 407.165680][ T9616] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.171735][ T9616] ? arch_stack_walk+0x2a2/0x3e0 [ 407.176671][ T9616] ? stack_trace_save+0x1a0/0x1a0 [ 407.181687][ T9616] ? kmsan_get_metadata+0x4f/0x180 [ 407.186795][ T9616] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 407.192591][ T9616] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 407.198649][ T9616] ? stack_trace_save+0x123/0x1a0 [ 407.203839][ T9616] ? kmsan_get_metadata+0x11d/0x180 [ 407.209025][ T9616] __msan_chain_origin+0x50/0x90 [ 407.213953][ T9616] rmd256_transform+0x4328/0x4440 [ 407.219005][ T9616] rmd256_update+0x343/0x4f0 [ 407.223592][ T9616] ? rmd256_init+0x260/0x260 [ 407.228175][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.233278][ T9616] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 407.239432][ T9616] ? crypto_hash_walk_first+0x1fd/0x360 [ 407.244963][ T9616] ? kmsan_get_metadata+0x4f/0x180 [ 407.250065][ T9616] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 407.255859][ T9616] shash_async_update+0x113/0x1d0 [ 407.260877][ T9616] ? shash_async_init+0x1e0/0x1e0 [ 407.265887][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.270472][ T9616] ? hash_recvmsg+0xd30/0xd30 [ 407.275139][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.279725][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.284562][ T9616] ? sock_fasync+0x250/0x250 [ 407.289148][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.294161][ T9616] ? generic_splice_sendpage+0x2d0/0x2d0 [ 407.299797][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.305250][ T9616] ? iter_file_splice_write+0x1800/0x1800 [ 407.310958][ T9616] direct_splice_actor+0x1fd/0x580 [ 407.316078][ T9616] ? kmsan_get_metadata+0x4f/0x180 [ 407.321181][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 407.326540][ T9616] ? do_splice_direct+0x580/0x580 [ 407.331565][ T9616] do_splice_direct+0x342/0x580 [ 407.336416][ T9616] do_sendfile+0x101b/0x1d40 [ 407.341010][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 407.346108][ T9616] ? kmsan_get_metadata+0x4f/0x180 [ 407.351212][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 407.356229][ T9616] do_syscall_64+0xb0/0x150 [ 407.360723][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.366615][ T9616] RIP: 0033:0x45c1d9 [ 407.370485][ T9616] Code: Bad RIP value. [ 407.374532][ T9616] RSP: 002b:00007fe8d5c8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 407.383015][ T9616] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 407.390973][ T9616] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 407.398931][ T9616] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 407.406904][ T9616] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 407.414862][ T9616] R13: 0000000000c9fb6f R14: 00007fe8d5c8d9c0 R15: 000000000078bf0c [ 407.422831][ T9616] Uninit was stored to memory at: [ 407.427866][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 407.433571][ T9616] __msan_chain_origin+0x50/0x90 [ 407.438499][ T9616] rmd256_transform+0x4328/0x4440 [ 407.443523][ T9616] rmd256_update+0x343/0x4f0 [ 407.448184][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.453279][ T9616] shash_async_update+0x113/0x1d0 [ 407.458286][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.462863][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.467437][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.472272][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.477280][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.482736][ T9616] direct_splice_actor+0x1fd/0x580 [ 407.487830][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 407.493212][ T9616] do_splice_direct+0x342/0x580 [ 407.498066][ T9616] do_sendfile+0x101b/0x1d40 [ 407.502673][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 407.507955][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 407.512969][ T9616] do_syscall_64+0xb0/0x150 [ 407.517464][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.523335][ T9616] [ 407.525645][ T9616] Uninit was stored to memory at: [ 407.530655][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 407.536377][ T9616] __msan_chain_origin+0x50/0x90 [ 407.541305][ T9616] rmd256_transform+0x4328/0x4440 [ 407.546324][ T9616] rmd256_update+0x343/0x4f0 [ 407.550900][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.555994][ T9616] shash_async_update+0x113/0x1d0 [ 407.561174][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.565770][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.570343][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.575178][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.580189][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.585632][ T9616] direct_splice_actor+0x1fd/0x580 [ 407.590727][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 407.596102][ T9616] do_splice_direct+0x342/0x580 [ 407.600936][ T9616] do_sendfile+0x101b/0x1d40 [ 407.605510][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 407.610606][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 407.615616][ T9616] do_syscall_64+0xb0/0x150 [ 407.620106][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.625976][ T9616] [ 407.628286][ T9616] Uninit was stored to memory at: [ 407.633295][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 407.638996][ T9616] __msan_chain_origin+0x50/0x90 [ 407.643916][ T9616] rmd256_transform+0x4328/0x4440 [ 407.648924][ T9616] rmd256_update+0x343/0x4f0 [ 407.653495][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.658586][ T9616] shash_async_update+0x113/0x1d0 [ 407.663592][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.668174][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.672751][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.677585][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.682592][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.688051][ T9616] direct_splice_actor+0x1fd/0x580 [ 407.693158][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 407.698529][ T9616] do_splice_direct+0x342/0x580 [ 407.703369][ T9616] do_sendfile+0x101b/0x1d40 [ 407.707944][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 407.713035][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 407.718049][ T9616] do_syscall_64+0xb0/0x150 [ 407.722539][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.728410][ T9616] [ 407.730722][ T9616] Uninit was stored to memory at: [ 407.735733][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 407.741435][ T9616] __msan_chain_origin+0x50/0x90 [ 407.746361][ T9616] rmd256_transform+0x4328/0x4440 [ 407.751632][ T9616] rmd256_update+0x343/0x4f0 [ 407.756206][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.761298][ T9616] shash_async_update+0x113/0x1d0 [ 407.766304][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.770880][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.775455][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.780289][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.785299][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.790742][ T9616] direct_splice_actor+0x1fd/0x580 [ 407.795839][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 407.801223][ T9616] do_splice_direct+0x342/0x580 [ 407.806064][ T9616] do_sendfile+0x101b/0x1d40 [ 407.810654][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 407.815748][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 407.820762][ T9616] do_syscall_64+0xb0/0x150 [ 407.825266][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.831134][ T9616] [ 407.833444][ T9616] Uninit was stored to memory at: [ 407.838476][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 407.844178][ T9616] __msan_chain_origin+0x50/0x90 [ 407.849120][ T9616] rmd256_transform+0x4328/0x4440 [ 407.854135][ T9616] rmd256_update+0x343/0x4f0 [ 407.858716][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.863809][ T9616] shash_async_update+0x113/0x1d0 [ 407.868836][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.873410][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.877986][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.882825][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.887838][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.893280][ T9616] direct_splice_actor+0x1fd/0x580 [ 407.898374][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 407.903731][ T9616] do_splice_direct+0x342/0x580 [ 407.908581][ T9616] do_sendfile+0x101b/0x1d40 [ 407.913162][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 407.918256][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 407.923267][ T9616] do_syscall_64+0xb0/0x150 [ 407.927786][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 407.933653][ T9616] [ 407.935961][ T9616] Uninit was stored to memory at: [ 407.940971][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 407.946675][ T9616] __msan_chain_origin+0x50/0x90 [ 407.951691][ T9616] rmd256_transform+0x4328/0x4440 [ 407.956699][ T9616] rmd256_update+0x227/0x4f0 [ 407.961270][ T9616] crypto_shash_update+0x4e9/0x550 [ 407.966360][ T9616] shash_async_update+0x113/0x1d0 [ 407.971368][ T9616] hash_sendpage+0x8ef/0xdf0 [ 407.975945][ T9616] sock_sendpage+0x1e1/0x2c0 [ 407.980520][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 407.985353][ T9616] __splice_from_pipe+0x565/0xf00 [ 407.990362][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 407.995818][ T9616] direct_splice_actor+0x1fd/0x580 [ 408.000910][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 408.006268][ T9616] do_splice_direct+0x342/0x580 [ 408.011195][ T9616] do_sendfile+0x101b/0x1d40 [ 408.015768][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 408.020862][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 408.025871][ T9616] do_syscall_64+0xb0/0x150 [ 408.030360][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 408.036226][ T9616] [ 408.038534][ T9616] Uninit was stored to memory at: [ 408.043541][ T9616] kmsan_internal_chain_origin+0xad/0x130 [ 408.049244][ T9616] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 408.055224][ T9616] kmsan_memcpy_metadata+0xb/0x10 [ 408.060229][ T9616] __msan_memcpy+0x43/0x50 [ 408.064634][ T9616] rmd256_update+0x1fc/0x4f0 [ 408.069221][ T9616] crypto_shash_update+0x4e9/0x550 [ 408.074343][ T9616] shash_async_update+0x113/0x1d0 [ 408.079404][ T9616] hash_sendpage+0x8ef/0xdf0 [ 408.083993][ T9616] sock_sendpage+0x1e1/0x2c0 [ 408.088609][ T9616] pipe_to_sendpage+0x38c/0x4c0 [ 408.093443][ T9616] __splice_from_pipe+0x565/0xf00 [ 408.098452][ T9616] generic_splice_sendpage+0x1d5/0x2d0 [ 408.103909][ T9616] direct_splice_actor+0x1fd/0x580 [ 408.109003][ T9616] splice_direct_to_actor+0x6b2/0xf50 [ 408.114373][ T9616] do_splice_direct+0x342/0x580 [ 408.119222][ T9616] do_sendfile+0x101b/0x1d40 [ 408.123798][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 408.128891][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 408.133902][ T9616] do_syscall_64+0xb0/0x150 [ 408.138395][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 408.144265][ T9616] [ 408.146572][ T9616] Uninit was created at: [ 408.150799][ T9616] kmsan_save_stack_with_flags+0x3c/0x90 [ 408.156416][ T9616] kmsan_alloc_page+0xb9/0x180 [ 408.161161][ T9616] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 408.166692][ T9616] alloc_pages_current+0x672/0x990 [ 408.171785][ T9616] push_pipe+0x605/0xb70 [ 408.176012][ T9616] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 408.181717][ T9616] do_splice_to+0x4fc/0x14f0 [ 408.186293][ T9616] splice_direct_to_actor+0x45c/0xf50 [ 408.191650][ T9616] do_splice_direct+0x342/0x580 [ 408.196485][ T9616] do_sendfile+0x101b/0x1d40 [ 408.201059][ T9616] __se_sys_sendfile64+0x2bb/0x360 [ 408.206159][ T9616] __x64_sys_sendfile64+0x56/0x70 [ 408.211187][ T9616] do_syscall_64+0xb0/0x150 [ 408.215677][ T9616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:18:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004580)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r6, @ANYBLOB="0001000000000000240012000c000100627269646765"], 0x44}}, 0x0) bind$can_raw(r3, &(0x7f0000000100)={0x1d, r6}, 0x10) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000000)=0x9, 0x4) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="600000000206010000000000000000000000000013000300686153683a6e65742c696661636500000900020073797a31000000226c354f4700149f3f370f9a6ba34d0000000800080000000000050001000700000005000400000000000500050002000000"], 0x60}}, 0x0) [ 408.947206][ T9631] not chained 130000 origins [ 408.951849][ T9631] CPU: 0 PID: 9631 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 408.960434][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.970497][ T9631] Call Trace: [ 408.973801][ T9631] dump_stack+0x1df/0x240 [ 408.978150][ T9631] kmsan_internal_chain_origin+0x6f/0x130 [ 408.983883][ T9631] ? is_module_text_address+0x4d/0x2a0 [ 408.989354][ T9631] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 408.995175][ T9631] ? __kernel_text_address+0x171/0x2d0 [ 409.000644][ T9631] ? unwind_get_return_address+0x8c/0x130 [ 409.006381][ T9631] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.012459][ T9631] ? arch_stack_walk+0x2a2/0x3e0 [ 409.017409][ T9631] ? stack_trace_save+0x1a0/0x1a0 [ 409.022535][ T9631] ? kmsan_get_metadata+0x4f/0x180 [ 409.027662][ T9631] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 409.033530][ T9631] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 409.039608][ T9631] ? stack_trace_save+0x123/0x1a0 [ 409.044647][ T9631] ? kmsan_get_metadata+0x11d/0x180 [ 409.049863][ T9631] __msan_chain_origin+0x50/0x90 [ 409.054814][ T9631] rmd256_transform+0x4328/0x4440 [ 409.059892][ T9631] rmd256_update+0x343/0x4f0 [ 409.064587][ T9631] ? rmd256_init+0x260/0x260 [ 409.069185][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.074304][ T9631] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 409.080482][ T9631] ? crypto_hash_walk_first+0x1fd/0x360 [ 409.086060][ T9631] ? kmsan_get_metadata+0x4f/0x180 [ 409.091189][ T9631] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 409.097016][ T9631] shash_async_update+0x113/0x1d0 [ 409.102060][ T9631] ? shash_async_init+0x1e0/0x1e0 [ 409.107093][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.111706][ T9631] ? hash_recvmsg+0xd30/0xd30 [ 409.116396][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.121010][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.125871][ T9631] ? sock_fasync+0x250/0x250 [ 409.130497][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.135543][ T9631] ? generic_splice_sendpage+0x2d0/0x2d0 [ 409.141208][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.146689][ T9631] ? iter_file_splice_write+0x1800/0x1800 [ 409.152422][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.157555][ T9631] ? kmsan_get_metadata+0x4f/0x180 [ 409.162688][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.168072][ T9631] ? do_splice_direct+0x580/0x580 [ 409.173133][ T9631] do_splice_direct+0x342/0x580 [ 409.178000][ T9631] do_sendfile+0x101b/0x1d40 [ 409.182620][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.187741][ T9631] ? kmsan_get_metadata+0x4f/0x180 [ 409.192870][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.197911][ T9631] do_syscall_64+0xb0/0x150 [ 409.202426][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.208348][ T9631] RIP: 0033:0x45c1d9 [ 409.212234][ T9631] Code: Bad RIP value. [ 409.216293][ T9631] RSP: 002b:00007f22a319ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 409.224705][ T9631] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 409.232677][ T9631] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 409.240653][ T9631] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 409.248630][ T9631] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 409.256646][ T9631] R13: 0000000000c9fb6f R14: 00007f22a319b9c0 R15: 000000000078bf0c [ 409.264630][ T9631] Uninit was stored to memory at: [ 409.269666][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.275490][ T9631] __msan_chain_origin+0x50/0x90 [ 409.280437][ T9631] rmd256_transform+0x4328/0x4440 [ 409.285469][ T9631] rmd256_update+0x343/0x4f0 [ 409.290157][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.295277][ T9631] shash_async_update+0x113/0x1d0 [ 409.300305][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.307333][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.311928][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.316793][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.321910][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.327386][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.332517][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.337921][ T9631] do_splice_direct+0x342/0x580 [ 409.342777][ T9631] do_sendfile+0x101b/0x1d40 [ 409.347368][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.352481][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.357514][ T9631] do_syscall_64+0xb0/0x150 [ 409.362024][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.367904][ T9631] [ 409.370224][ T9631] Uninit was stored to memory at: [ 409.375253][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.380988][ T9631] __msan_chain_origin+0x50/0x90 [ 409.385929][ T9631] rmd256_transform+0x4328/0x4440 [ 409.390957][ T9631] rmd256_update+0x343/0x4f0 [ 409.395553][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.400660][ T9631] shash_async_update+0x113/0x1d0 [ 409.405693][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.410299][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.414896][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.419752][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.424783][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.430252][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.435369][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.440743][ T9631] do_splice_direct+0x342/0x580 [ 409.445594][ T9631] do_sendfile+0x101b/0x1d40 [ 409.450184][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.455301][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.460332][ T9631] do_syscall_64+0xb0/0x150 [ 409.464843][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.470776][ T9631] [ 409.473101][ T9631] Uninit was stored to memory at: [ 409.478141][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.483866][ T9631] __msan_chain_origin+0x50/0x90 [ 409.488843][ T9631] rmd256_transform+0x4328/0x4440 [ 409.493998][ T9631] rmd256_update+0x343/0x4f0 [ 409.498597][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.503718][ T9631] shash_async_update+0x113/0x1d0 [ 409.508773][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.513372][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.517972][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.522843][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.527886][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.533359][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.538472][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.543856][ T9631] do_splice_direct+0x342/0x580 [ 409.548709][ T9631] do_sendfile+0x101b/0x1d40 [ 409.553304][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.558426][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.563456][ T9631] do_syscall_64+0xb0/0x150 [ 409.567964][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.573843][ T9631] [ 409.576162][ T9631] Uninit was stored to memory at: [ 409.581199][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.586931][ T9631] __msan_chain_origin+0x50/0x90 [ 409.591875][ T9631] rmd256_transform+0x4328/0x4440 [ 409.596901][ T9631] rmd256_update+0x343/0x4f0 [ 409.601491][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.606607][ T9631] shash_async_update+0x113/0x1d0 [ 409.611645][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.616250][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.620848][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.625700][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.630730][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.636203][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.641327][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.646719][ T9631] do_splice_direct+0x342/0x580 [ 409.651582][ T9631] do_sendfile+0x101b/0x1d40 [ 409.656178][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.661308][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.666425][ T9631] do_syscall_64+0xb0/0x150 [ 409.670936][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.676827][ T9631] [ 409.679153][ T9631] Uninit was stored to memory at: [ 409.684191][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.689920][ T9631] __msan_chain_origin+0x50/0x90 [ 409.694869][ T9631] rmd256_transform+0x4328/0x4440 [ 409.699908][ T9631] rmd256_update+0x343/0x4f0 [ 409.704509][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.709639][ T9631] shash_async_update+0x113/0x1d0 [ 409.714674][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.719286][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.723884][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.728747][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.733781][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.739250][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.744368][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.749743][ T9631] do_splice_direct+0x342/0x580 [ 409.754609][ T9631] do_sendfile+0x101b/0x1d40 [ 409.759200][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.764314][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.769478][ T9631] do_syscall_64+0xb0/0x150 [ 409.774079][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.779963][ T9631] [ 409.782286][ T9631] Uninit was stored to memory at: [ 409.787314][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.793038][ T9631] __msan_chain_origin+0x50/0x90 [ 409.797978][ T9631] rmd256_transform+0x4328/0x4440 [ 409.803010][ T9631] rmd256_update+0x227/0x4f0 [ 409.807606][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.812805][ T9631] shash_async_update+0x113/0x1d0 [ 409.817835][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.822429][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.827023][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.831891][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.836920][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.842381][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.847495][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.852872][ T9631] do_splice_direct+0x342/0x580 [ 409.857725][ T9631] do_sendfile+0x101b/0x1d40 [ 409.862316][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.867433][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.872552][ T9631] do_syscall_64+0xb0/0x150 [ 409.877073][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.882959][ T9631] [ 409.885288][ T9631] Uninit was stored to memory at: [ 409.890324][ T9631] kmsan_internal_chain_origin+0xad/0x130 [ 409.896139][ T9631] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 409.902126][ T9631] kmsan_memcpy_metadata+0xb/0x10 [ 409.907157][ T9631] __msan_memcpy+0x43/0x50 [ 409.911585][ T9631] rmd256_update+0x1fc/0x4f0 [ 409.916183][ T9631] crypto_shash_update+0x4e9/0x550 [ 409.921306][ T9631] shash_async_update+0x113/0x1d0 [ 409.926423][ T9631] hash_sendpage+0x8ef/0xdf0 [ 409.931019][ T9631] sock_sendpage+0x1e1/0x2c0 [ 409.935629][ T9631] pipe_to_sendpage+0x38c/0x4c0 [ 409.940487][ T9631] __splice_from_pipe+0x565/0xf00 [ 409.945523][ T9631] generic_splice_sendpage+0x1d5/0x2d0 [ 409.950992][ T9631] direct_splice_actor+0x1fd/0x580 [ 409.956114][ T9631] splice_direct_to_actor+0x6b2/0xf50 [ 409.961492][ T9631] do_splice_direct+0x342/0x580 [ 409.966350][ T9631] do_sendfile+0x101b/0x1d40 [ 409.970943][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 409.976061][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 409.981096][ T9631] do_syscall_64+0xb0/0x150 [ 409.985608][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 409.991488][ T9631] [ 409.993809][ T9631] Uninit was created at: [ 409.998054][ T9631] kmsan_save_stack_with_flags+0x3c/0x90 [ 410.003686][ T9631] kmsan_alloc_page+0xb9/0x180 [ 410.008453][ T9631] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 410.014003][ T9631] alloc_pages_current+0x672/0x990 [ 410.019111][ T9631] push_pipe+0x605/0xb70 [ 410.023356][ T9631] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 410.029082][ T9631] do_splice_to+0x4fc/0x14f0 [ 410.033671][ T9631] splice_direct_to_actor+0x45c/0xf50 [ 410.039044][ T9631] do_splice_direct+0x342/0x580 [ 410.043893][ T9631] do_sendfile+0x101b/0x1d40 [ 410.048481][ T9631] __se_sys_sendfile64+0x2bb/0x360 [ 410.053587][ T9631] __x64_sys_sendfile64+0x56/0x70 [ 410.058621][ T9631] do_syscall_64+0xb0/0x150 [ 410.063130][ T9631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.139881][ T9632] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 410.157495][ T9632] device bridge1 entered promiscuous mode [ 410.182990][ T963] tipc: TX() has been purged, node left! [ 410.192421][ T9631] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:18:55 executing program 2: ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000040)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xffff}, 0x0, 0x3, 0x6710, 0x4, 0x0, 0xc, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0xa, 0x6) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000200)={0x80000000, 0x1, {0xffffffffffffffff, 0x2, 0x0, 0x2, 0x1}, 0x1}) write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749f6c754f2781bccc42e6ef592a1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067eec438180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a439cf1840dc8466796c04a4baa9f82bbd989477b56d1a9e60dd7da5c5b437be2f2fcdd62a20b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abcb5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f2410fc9448ab6c3b9fea9f2287e2a0b83beee2c77a6bb5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c972701c39c3e7a77d8dcd1ed368eaf557ad34b0c1cb8eec9c963001f3905cba6c67b6eab0fae90504e30dc799fe07128d"], 0x1c2) socket$inet_udplite(0x2, 0x2, 0x88) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r5, 0xc04064aa, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}, {}], 0x6, 0x0, [], 0x3, 0x7}) r6 = dup2(r2, r2) accept4$inet6(r6, 0x0, &(0x7f0000000280), 0x80800) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x1c, 0x23, 0x829, 0x4, 0x0, {0x2804, 0xe00000000000000}, [@typed={0x5, 0x7, 0x0, 0x0, @str='\x00'}]}, 0x1c}, 0x1, 0x60}, 0x0) [ 410.304806][ T9635] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 410.345871][ T9635] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:18:55 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r1, 0x0) getsockopt$packet_int(r0, 0x107, 0xf, 0x0, &(0x7f0000000040)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) r6 = fcntl$dupfd(0xffffffffffffffff, 0x203, r4) ioctl$VIDIOC_S_FREQUENCY(r6, 0x402c5639, &(0x7f0000000280)={0xffffffff, 0x1, 0x7}) r7 = accept4(r2, 0x0, 0x0, 0x0) r8 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140)='NLBL_CALIPSO\x00') sendmsg$NLBL_CALIPSO_C_ADD(r7, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r8, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x4804) sendfile(r7, 0xffffffffffffffff, 0x0, 0x1000007ffff000) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) getsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f00000002c0), &(0x7f00000000c0)=0x4) [ 410.495708][ T9638] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) [ 410.526265][ C1] sd 0:0:1:0: [sg0] tag#385 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 410.536819][ C1] sd 0:0:1:0: [sg0] tag#385 CDB: Test Unit Ready [ 410.543467][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.553260][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.563296][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.573156][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.582951][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.592633][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.602369][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.612470][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.622228][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.631959][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19:18:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004580)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r6, @ANYBLOB="0001000000000000240012000c000100627269646765"], 0x44}}, 0x0) bind$can_raw(r3, &(0x7f0000000100)={0x1d, r6}, 0x10) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000000)=0x9, 0x4) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="600000000206010000000000000000000000000013000300686153683a6e65742c696661636500000900020073797a31000000226c354f4700149f3f370f9a6ba34d0000000800080000000000050001000700000005000400000000000500050002000000"], 0x60}}, 0x0) [ 410.642065][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.651829][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 410.661577][ C1] sd 0:0:1:0: [sg0] tag#385 CDB[c0]: 00 00 00 00 00 00 00 00 [ 410.691444][ T9644] not chained 140000 origins [ 410.696093][ T9644] CPU: 1 PID: 9644 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 410.704674][ T9644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.704681][ T9644] Call Trace: [ 410.704706][ T9644] dump_stack+0x1df/0x240 [ 410.704729][ T9644] kmsan_internal_chain_origin+0x6f/0x130 [ 410.704750][ T9644] ? is_module_text_address+0x4d/0x2a0 [ 410.704768][ T9644] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 410.704793][ T9644] ? __kernel_text_address+0x171/0x2d0 [ 410.704814][ T9644] ? unwind_get_return_address+0x8c/0x130 [ 410.704834][ T9644] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.704850][ T9644] ? arch_stack_walk+0x2a2/0x3e0 [ 410.704867][ T9644] ? stack_trace_save+0x1a0/0x1a0 [ 410.704890][ T9644] ? kmsan_get_metadata+0x4f/0x180 [ 410.704908][ T9644] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 410.704924][ T9644] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 410.704942][ T9644] ? stack_trace_save+0x123/0x1a0 [ 410.704959][ T9644] ? kmsan_get_metadata+0x11d/0x180 [ 410.704977][ T9644] __msan_chain_origin+0x50/0x90 [ 410.705025][ T9644] rmd256_transform+0x434e/0x4440 [ 410.804159][ T9644] rmd256_update+0x343/0x4f0 [ 410.808746][ T9644] ? rmd256_init+0x260/0x260 [ 410.813322][ T9644] crypto_shash_update+0x4e9/0x550 [ 410.818428][ T9644] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 410.824667][ T9644] ? crypto_hash_walk_first+0x1fd/0x360 [ 410.830210][ T9644] ? kmsan_get_metadata+0x4f/0x180 [ 410.835331][ T9644] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 410.841125][ T9644] shash_async_update+0x113/0x1d0 [ 410.846151][ T9644] ? shash_async_init+0x1e0/0x1e0 [ 410.851164][ T9644] hash_sendpage+0x8ef/0xdf0 [ 410.855748][ T9644] ? hash_recvmsg+0xd30/0xd30 [ 410.860586][ T9644] sock_sendpage+0x1e1/0x2c0 [ 410.865175][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 410.870014][ T9644] ? sock_fasync+0x250/0x250 [ 410.874597][ T9644] __splice_from_pipe+0x565/0xf00 [ 410.879697][ T9644] ? generic_splice_sendpage+0x2d0/0x2d0 [ 410.885334][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 410.890788][ T9644] ? iter_file_splice_write+0x1800/0x1800 [ 410.896498][ T9644] direct_splice_actor+0x1fd/0x580 [ 410.901605][ T9644] ? kmsan_get_metadata+0x4f/0x180 [ 410.906706][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 410.912067][ T9644] ? do_splice_direct+0x580/0x580 [ 410.917097][ T9644] do_splice_direct+0x342/0x580 [ 410.921951][ T9644] do_sendfile+0x101b/0x1d40 [ 410.926563][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 410.931661][ T9644] ? kmsan_get_metadata+0x4f/0x180 [ 410.936796][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 410.941811][ T9644] do_syscall_64+0xb0/0x150 [ 410.946326][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 410.952202][ T9644] RIP: 0033:0x45c1d9 [ 410.956074][ T9644] Code: Bad RIP value. [ 410.960124][ T9644] RSP: 002b:00007fb8bb5f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 410.968522][ T9644] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 410.977259][ T9644] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 410.985239][ T9644] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 410.993998][ T9644] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078c04c [ 411.001968][ T9644] R13: 0000000000c9fb6f R14: 00007fb8bb5f99c0 R15: 000000000078c04c [ 411.010034][ T9644] Uninit was stored to memory at: [ 411.015051][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.020772][ T9644] __msan_chain_origin+0x50/0x90 [ 411.025717][ T9644] rmd256_transform+0x434e/0x4440 [ 411.030746][ T9644] rmd256_update+0x343/0x4f0 [ 411.035322][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.040418][ T9644] shash_async_update+0x113/0x1d0 [ 411.045425][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.050004][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.054580][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.059414][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.064424][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.069865][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.074959][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.080334][ T9644] do_splice_direct+0x342/0x580 [ 411.085168][ T9644] do_sendfile+0x101b/0x1d40 [ 411.089745][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.094837][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.099860][ T9644] do_syscall_64+0xb0/0x150 [ 411.104376][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.110244][ T9644] [ 411.112556][ T9644] Uninit was stored to memory at: [ 411.117569][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.123289][ T9644] __msan_chain_origin+0x50/0x90 [ 411.128385][ T9644] rmd256_transform+0x434e/0x4440 [ 411.133393][ T9644] rmd256_update+0x343/0x4f0 [ 411.137985][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.143079][ T9644] shash_async_update+0x113/0x1d0 [ 411.148086][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.152660][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.159307][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.164142][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.169151][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.174597][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.179690][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.185051][ T9644] do_splice_direct+0x342/0x580 [ 411.189886][ T9644] do_sendfile+0x101b/0x1d40 [ 411.194478][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.199573][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.204603][ T9644] do_syscall_64+0xb0/0x150 [ 411.209111][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.214979][ T9644] [ 411.217288][ T9644] Uninit was stored to memory at: [ 411.222298][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.228014][ T9644] __msan_chain_origin+0x50/0x90 [ 411.232938][ T9644] rmd256_transform+0x434e/0x4440 [ 411.237959][ T9644] rmd256_update+0x343/0x4f0 [ 411.242532][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.247631][ T9644] shash_async_update+0x113/0x1d0 [ 411.252640][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.257234][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.261833][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.266682][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.271694][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.277140][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.282239][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.287699][ T9644] do_splice_direct+0x342/0x580 [ 411.292534][ T9644] do_sendfile+0x101b/0x1d40 [ 411.297108][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.302250][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.307262][ T9644] do_syscall_64+0xb0/0x150 [ 411.311751][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.317618][ T9644] [ 411.319931][ T9644] Uninit was stored to memory at: [ 411.324942][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.330644][ T9644] __msan_chain_origin+0x50/0x90 [ 411.335565][ T9644] rmd256_transform+0x434e/0x4440 [ 411.340575][ T9644] rmd256_update+0x343/0x4f0 [ 411.345149][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.350244][ T9644] shash_async_update+0x113/0x1d0 [ 411.355262][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.360793][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.365367][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.370202][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.375213][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.380654][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.385751][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.391107][ T9644] do_splice_direct+0x342/0x580 [ 411.395942][ T9644] do_sendfile+0x101b/0x1d40 [ 411.400513][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.405605][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.410616][ T9644] do_syscall_64+0xb0/0x150 [ 411.415111][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.420979][ T9644] [ 411.423285][ T9644] Uninit was stored to memory at: [ 411.428297][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.434004][ T9644] __msan_chain_origin+0x50/0x90 [ 411.438929][ T9644] rmd256_transform+0x434e/0x4440 [ 411.443940][ T9644] rmd256_update+0x343/0x4f0 [ 411.448546][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.453657][ T9644] shash_async_update+0x113/0x1d0 [ 411.458665][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.463244][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.467824][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.472664][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.477673][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.483121][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.488221][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.493576][ T9644] do_splice_direct+0x342/0x580 [ 411.498414][ T9644] do_sendfile+0x101b/0x1d40 [ 411.503009][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.508111][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.513127][ T9644] do_syscall_64+0xb0/0x150 [ 411.517618][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.523501][ T9644] [ 411.525823][ T9644] Uninit was stored to memory at: [ 411.530850][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.536561][ T9644] __msan_chain_origin+0x50/0x90 [ 411.541484][ T9644] rmd256_transform+0x434e/0x4440 [ 411.546496][ T9644] rmd256_update+0x227/0x4f0 [ 411.551072][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.556169][ T9644] shash_async_update+0x113/0x1d0 [ 411.561178][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.565755][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.570335][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.575175][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.580185][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.585632][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.591329][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.596684][ T9644] do_splice_direct+0x342/0x580 [ 411.601521][ T9644] do_sendfile+0x101b/0x1d40 [ 411.606094][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.611214][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.616228][ T9644] do_syscall_64+0xb0/0x150 [ 411.620734][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.626602][ T9644] [ 411.628913][ T9644] Uninit was stored to memory at: [ 411.633926][ T9644] kmsan_internal_chain_origin+0xad/0x130 [ 411.639630][ T9644] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 411.645595][ T9644] kmsan_memcpy_metadata+0xb/0x10 [ 411.650623][ T9644] __msan_memcpy+0x43/0x50 [ 411.655049][ T9644] rmd256_update+0x1fc/0x4f0 [ 411.659642][ T9644] crypto_shash_update+0x4e9/0x550 [ 411.664756][ T9644] shash_async_update+0x113/0x1d0 [ 411.669771][ T9644] hash_sendpage+0x8ef/0xdf0 [ 411.674534][ T9644] sock_sendpage+0x1e1/0x2c0 [ 411.679111][ T9644] pipe_to_sendpage+0x38c/0x4c0 [ 411.683947][ T9644] __splice_from_pipe+0x565/0xf00 [ 411.688976][ T9644] generic_splice_sendpage+0x1d5/0x2d0 [ 411.694423][ T9644] direct_splice_actor+0x1fd/0x580 [ 411.699521][ T9644] splice_direct_to_actor+0x6b2/0xf50 [ 411.704877][ T9644] do_splice_direct+0x342/0x580 [ 411.709711][ T9644] do_sendfile+0x101b/0x1d40 [ 411.714306][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.719423][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.724444][ T9644] do_syscall_64+0xb0/0x150 [ 411.728935][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.734804][ T9644] [ 411.737112][ T9644] Uninit was created at: [ 411.741340][ T9644] kmsan_save_stack_with_flags+0x3c/0x90 [ 411.746957][ T9644] kmsan_alloc_page+0xb9/0x180 [ 411.751707][ T9644] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 411.757244][ T9644] alloc_pages_current+0x672/0x990 [ 411.762358][ T9644] push_pipe+0x605/0xb70 [ 411.766606][ T9644] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 411.772317][ T9644] do_splice_to+0x4fc/0x14f0 [ 411.776894][ T9644] splice_direct_to_actor+0x45c/0xf50 [ 411.782250][ T9644] do_splice_direct+0x342/0x580 [ 411.787085][ T9644] do_sendfile+0x101b/0x1d40 [ 411.791659][ T9644] __se_sys_sendfile64+0x2bb/0x360 [ 411.796757][ T9644] __x64_sys_sendfile64+0x56/0x70 [ 411.801770][ T9644] do_syscall_64+0xb0/0x150 [ 411.806258][ T9644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 412.031023][ C0] sd 0:0:1:0: [sg0] tag#386 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 412.041611][ C0] sd 0:0:1:0: [sg0] tag#386 CDB: Test Unit Ready [ 412.048325][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.058143][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.068012][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.069501][ T9661] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 412.077841][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.094165][ T9661] device bridge2 entered promiscuous mode [ 412.096879][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.112682][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.122510][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.132299][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.142084][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.151861][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.161640][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.171426][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 412.181182][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[c0]: 00 00 00 00 00 00 00 00 [ 412.185033][ T9665] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 19:18:57 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000400)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) getsockopt$inet6_int(r3, 0x29, 0x11, 0x0, &(0x7f0000013000)) mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0) close(r2) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x8c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb, 0x1, 'taprio\x00'}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x1, [], 0x0, [0x8]}}]}}]}, 0x8c}}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r6, r7, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r8 = open(&(0x7f0000000000)='./file0\x00', 0x40, 0x52) ioctl$LOOP_SET_FD(r7, 0x4c00, r8) 19:18:57 executing program 2: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc60948ddd3b049f3fc65d61c2b3c65f2f80a61ea6e453473c9297322e30933e97ebc93981b20e03b86d4e99923e6000000000000e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2d4845421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000000000000000009a583b79ab00f783b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fb4579e27cf148248155b7da4a67280d4b6b4eeed958d53b1c488d9dc4a2eb3a40194b9a7c186f9ae102000000b32049874f7962b3eb48ee45c6f3c756a57de500eadd498c9277070980897ccd058ca900"], 0x1a3) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000400)={0x0, 0x1, 0x6, @random="e180bae0ed0d"}, 0x10) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="5e818f916164d9b1e42e7c50372a07b0d79f00000000000000000000000000000000475c61effb313e1752c7c60bc8e3f7f84aa90bbd1900000000", @ANYRES16=0x0, @ANYBLOB="29000027544551b34dcc0004000500050002000a0000003a91934196f2a6b0356f2bc5d7f7d1a9e34249f538c969e70281b7bee07827098827ac4faeb70f87df14c46cbb39c36604e7da3d14c2a3e6694e0f17da"], 0x20}}, 0x0) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[@ANYBLOB="91fe48a1", @ANYRES16=0x0], 0x34}}, 0x404c884) readv(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000180)=""/139, 0x8b}], 0x1) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000002c0)={0x0, 0x0, [], @raw_data=[0x1, 0x2, 0x3, 0x0, 0x0, 0xa44, 0x100, 0x4, 0xffffffe0, 0x6, 0x7ff, 0x0, 0x3, 0x1, 0x1000, 0x80000001, 0x2, 0xa, 0x800, 0x10001, 0x820e, 0x1, 0x9, 0x54cd, 0x4, 0x7, 0x8, 0x7ff, 0x0, 0x80, 0x5, 0xffffffff]}) shmat(0x0, &(0x7f0000a00000/0x600000)=nil, 0x4000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0xb, 0x800, 0x8, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001180)={r1, &(0x7f0000000040), &(0x7f00000021c0)=""/4096}, 0x18) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001140)={r1, &(0x7f00000011c0)="d2", &(0x7f00000031c0)=""/246}, 0x20) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r4, r2) clone(0x4412c500, 0x0, 0x0, 0x0, 0x0) getsockopt$PNPIPE_IFINDEX(r4, 0x113, 0x2, &(0x7f0000000380)=0x0, &(0x7f0000000440)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x6}, [@map={0x18, 0x6}, @map_val={0x18, 0x6, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4064}, @map_val={0x18, 0xb, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x9, 0xff, &(0x7f0000000680)=""/255, 0x41100, 0x2, [], r5, 0x16, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000580)={0x0, 0x6, 0x798a, 0x80000001}, 0x10, 0x0, r4}, 0x78) [ 412.661725][ T9678] IPVS: ftp: loaded support on port[0] = 21 [ 412.744998][ T9677] not chained 150000 origins [ 412.749643][ T9677] CPU: 0 PID: 9677 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 412.758239][ T9677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.768304][ T9677] Call Trace: [ 412.771612][ T9677] dump_stack+0x1df/0x240 [ 412.775967][ T9677] kmsan_internal_chain_origin+0x6f/0x130 [ 412.781708][ T9677] ? is_module_text_address+0x4d/0x2a0 [ 412.787193][ T9677] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 412.793025][ T9677] ? __kernel_text_address+0x171/0x2d0 [ 412.798505][ T9677] ? unwind_get_return_address+0x8c/0x130 [ 412.804252][ T9677] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 412.810337][ T9677] ? arch_stack_walk+0x2a2/0x3e0 [ 412.815293][ T9677] ? stack_trace_save+0x1a0/0x1a0 [ 412.820341][ T9677] ? kmsan_get_metadata+0x4f/0x180 [ 412.825469][ T9677] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 412.831300][ T9677] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 412.837386][ T9677] ? stack_trace_save+0x123/0x1a0 [ 412.842604][ T9677] ? kmsan_get_metadata+0x11d/0x180 [ 412.847821][ T9677] __msan_chain_origin+0x50/0x90 [ 412.852931][ T9677] rmd256_transform+0x434e/0x4440 [ 412.858032][ T9677] rmd256_update+0x343/0x4f0 [ 412.862655][ T9677] ? rmd256_init+0x260/0x260 [ 412.867267][ T9677] crypto_shash_update+0x4e9/0x550 [ 412.872493][ T9677] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 412.878685][ T9677] ? crypto_hash_walk_first+0x1fd/0x360 [ 412.884248][ T9677] ? kmsan_get_metadata+0x4f/0x180 [ 412.889358][ T9677] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 412.895158][ T9677] shash_async_update+0x113/0x1d0 [ 412.900178][ T9677] ? shash_async_init+0x1e0/0x1e0 [ 412.905196][ T9677] hash_sendpage+0x8ef/0xdf0 [ 412.909796][ T9677] ? hash_recvmsg+0xd30/0xd30 [ 412.914472][ T9677] sock_sendpage+0x1e1/0x2c0 [ 412.919060][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 412.923904][ T9677] ? sock_fasync+0x250/0x250 [ 412.928491][ T9677] __splice_from_pipe+0x565/0xf00 [ 412.933527][ T9677] ? generic_splice_sendpage+0x2d0/0x2d0 [ 412.939171][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 412.944715][ T9677] ? iter_file_splice_write+0x1800/0x1800 [ 412.950508][ T9677] direct_splice_actor+0x1fd/0x580 [ 412.955616][ T9677] ? kmsan_get_metadata+0x4f/0x180 [ 412.960720][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 412.966080][ T9677] ? do_splice_direct+0x580/0x580 [ 412.971111][ T9677] do_splice_direct+0x342/0x580 [ 412.975963][ T9677] do_sendfile+0x101b/0x1d40 [ 412.980559][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 412.985677][ T9677] ? kmsan_get_metadata+0x4f/0x180 [ 412.990782][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 412.995795][ T9677] do_syscall_64+0xb0/0x150 [ 413.000289][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.006166][ T9677] RIP: 0033:0x45c1d9 [ 413.010043][ T9677] Code: Bad RIP value. [ 413.014091][ T9677] RSP: 002b:00007f22a319ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 413.022489][ T9677] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 413.030449][ T9677] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 413.038407][ T9677] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 413.046368][ T9677] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 413.054326][ T9677] R13: 0000000000c9fb6f R14: 00007f22a319b9c0 R15: 000000000078bf0c [ 413.062295][ T9677] Uninit was stored to memory at: [ 413.067319][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.073029][ T9677] __msan_chain_origin+0x50/0x90 [ 413.077963][ T9677] rmd256_transform+0x434e/0x4440 [ 413.083005][ T9677] rmd256_update+0x343/0x4f0 [ 413.087583][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.092679][ T9677] shash_async_update+0x113/0x1d0 [ 413.097861][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.102441][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.107019][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.111854][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.116881][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.122336][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.127450][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.132821][ T9677] do_splice_direct+0x342/0x580 [ 413.137658][ T9677] do_sendfile+0x101b/0x1d40 [ 413.142233][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.147335][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.152359][ T9677] do_syscall_64+0xb0/0x150 [ 413.156850][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.162720][ T9677] [ 413.165032][ T9677] Uninit was stored to memory at: [ 413.170053][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.175756][ T9677] __msan_chain_origin+0x50/0x90 [ 413.180682][ T9677] rmd256_transform+0x434e/0x4440 [ 413.185694][ T9677] rmd256_update+0x343/0x4f0 [ 413.190270][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.195378][ T9677] shash_async_update+0x113/0x1d0 [ 413.200387][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.204967][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.209545][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.214387][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.219398][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.224844][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.229943][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.235298][ T9677] do_splice_direct+0x342/0x580 [ 413.240131][ T9677] do_sendfile+0x101b/0x1d40 [ 413.244708][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.249825][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.254838][ T9677] do_syscall_64+0xb0/0x150 [ 413.259344][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.265218][ T9677] [ 413.267533][ T9677] Uninit was stored to memory at: [ 413.272546][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.278249][ T9677] __msan_chain_origin+0x50/0x90 [ 413.283174][ T9677] rmd256_transform+0x434e/0x4440 [ 413.288182][ T9677] rmd256_update+0x343/0x4f0 [ 413.292755][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.297851][ T9677] shash_async_update+0x113/0x1d0 [ 413.302862][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.307440][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.312033][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.316874][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.321909][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.327357][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.332454][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.337813][ T9677] do_splice_direct+0x342/0x580 [ 413.342653][ T9677] do_sendfile+0x101b/0x1d40 [ 413.347232][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.352326][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.357347][ T9677] do_syscall_64+0xb0/0x150 [ 413.361839][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.367708][ T9677] [ 413.370021][ T9677] Uninit was stored to memory at: [ 413.375035][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.380737][ T9677] __msan_chain_origin+0x50/0x90 [ 413.385663][ T9677] rmd256_transform+0x434e/0x4440 [ 413.390672][ T9677] rmd256_update+0x343/0x4f0 [ 413.395247][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.400350][ T9677] shash_async_update+0x113/0x1d0 [ 413.405360][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.409941][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.414533][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.419368][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.424378][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.429821][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.434919][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.440276][ T9677] do_splice_direct+0x342/0x580 [ 413.445112][ T9677] do_sendfile+0x101b/0x1d40 [ 413.449689][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.454786][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.459798][ T9677] do_syscall_64+0xb0/0x150 [ 413.464433][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.470312][ T9677] [ 413.472629][ T9677] Uninit was stored to memory at: [ 413.477649][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.483355][ T9677] __msan_chain_origin+0x50/0x90 [ 413.488281][ T9677] rmd256_transform+0x434e/0x4440 [ 413.493293][ T9677] rmd256_update+0x343/0x4f0 [ 413.497886][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.502982][ T9677] shash_async_update+0x113/0x1d0 [ 413.507994][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.512572][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.517154][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.521992][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.527008][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.532454][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.537552][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.542921][ T9677] do_splice_direct+0x342/0x580 [ 413.547757][ T9677] do_sendfile+0x101b/0x1d40 [ 413.552335][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.557440][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.562451][ T9677] do_syscall_64+0xb0/0x150 [ 413.566942][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.572814][ T9677] [ 413.575123][ T9677] Uninit was stored to memory at: [ 413.580151][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.585863][ T9677] __msan_chain_origin+0x50/0x90 [ 413.590811][ T9677] rmd256_transform+0x434e/0x4440 [ 413.595827][ T9677] rmd256_update+0x227/0x4f0 [ 413.600401][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.605495][ T9677] shash_async_update+0x113/0x1d0 [ 413.610502][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.615079][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.619656][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.624514][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.629527][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.634970][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.640067][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.645427][ T9677] do_splice_direct+0x342/0x580 [ 413.650263][ T9677] do_sendfile+0x101b/0x1d40 [ 413.654838][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.659936][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.664948][ T9677] do_syscall_64+0xb0/0x150 [ 413.669438][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.675309][ T9677] [ 413.677727][ T9677] Uninit was stored to memory at: [ 413.682756][ T9677] kmsan_internal_chain_origin+0xad/0x130 [ 413.688471][ T9677] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 413.694440][ T9677] kmsan_memcpy_metadata+0xb/0x10 [ 413.699450][ T9677] __msan_memcpy+0x43/0x50 [ 413.703876][ T9677] rmd256_update+0x1fc/0x4f0 [ 413.708457][ T9677] crypto_shash_update+0x4e9/0x550 [ 413.713557][ T9677] shash_async_update+0x113/0x1d0 [ 413.718566][ T9677] hash_sendpage+0x8ef/0xdf0 [ 413.723143][ T9677] sock_sendpage+0x1e1/0x2c0 [ 413.727720][ T9677] pipe_to_sendpage+0x38c/0x4c0 [ 413.732561][ T9677] __splice_from_pipe+0x565/0xf00 [ 413.737575][ T9677] generic_splice_sendpage+0x1d5/0x2d0 [ 413.743021][ T9677] direct_splice_actor+0x1fd/0x580 [ 413.748117][ T9677] splice_direct_to_actor+0x6b2/0xf50 [ 413.753492][ T9677] do_splice_direct+0x342/0x580 [ 413.758330][ T9677] do_sendfile+0x101b/0x1d40 [ 413.762905][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.768004][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.773013][ T9677] do_syscall_64+0xb0/0x150 [ 413.777503][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.783371][ T9677] [ 413.785681][ T9677] Uninit was created at: [ 413.789913][ T9677] kmsan_save_stack_with_flags+0x3c/0x90 [ 413.795539][ T9677] kmsan_alloc_page+0xb9/0x180 [ 413.800290][ T9677] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 413.805830][ T9677] alloc_pages_current+0x672/0x990 [ 413.810927][ T9677] push_pipe+0x605/0xb70 [ 413.815154][ T9677] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 413.820864][ T9677] do_splice_to+0x4fc/0x14f0 [ 413.825446][ T9677] splice_direct_to_actor+0x45c/0xf50 [ 413.830807][ T9677] do_splice_direct+0x342/0x580 [ 413.835643][ T9677] do_sendfile+0x101b/0x1d40 [ 413.840217][ T9677] __se_sys_sendfile64+0x2bb/0x360 [ 413.845315][ T9677] __x64_sys_sendfile64+0x56/0x70 [ 413.850325][ T9677] do_syscall_64+0xb0/0x150 [ 413.854824][ T9677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 413.904506][ C1] sd 0:0:1:0: [sg0] tag#388 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 413.915041][ C1] sd 0:0:1:0: [sg0] tag#388 CDB: Test Unit Ready [ 413.921568][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.925435][ C0] sd 0:0:1:0: [sg0] tag#387 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=1s [ 413.931320][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.941571][ C0] sd 0:0:1:0: [sg0] tag#387 CDB: Test Unit Ready [ 413.951182][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.957650][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.967215][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.979059][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.988642][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.998226][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.007801][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.017382][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.026944][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.036527][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.046105][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.055687][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.065261][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.074846][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.084421][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.094001][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.103577][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.113170][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.122785][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.132268][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.141762][ C1] sd 0:0:1:0: [sg0] tag#388 CDB[c0]: 00 00 00 00 00 00 00 00 [ 414.151350][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.168492][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 414.178267][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[c0]: 00 00 00 00 00 00 00 00 [ 414.260385][ T9682] IPVS: ftp: loaded support on port[0] = 21 19:19:00 executing program 2: unshare(0x20000400) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGKBLED(r0, 0xc0045103, &(0x7f0000a07fff)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGKBLED(r1, 0xc0045103, &(0x7f0000a07fff)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) r5 = socket(0x400000010, 0x802, 0x0) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r6, 0xb07}, 0x14}}, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, r6, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fffffff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000340)='net_prio.ifpriomap\x00', 0x2, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f0000000380)={0x0, r8, 0x7, 0xda0, 0x24, 0x1f}) gettid() sendto(r1, &(0x7f00000000c0)="e11c94e637b980b99f65412c65af98edb3a4d48ff5c0f24a21a68e3c80e43922fa3d97a020d4063715bea1a7726eb5016c23de2ff1dffc68a679698472437c6016647be5e61ac007a1e22bad81603844aef2ab3c4e12409404ef22ad0d1c9fc3268b52b43348260ad207eedccacf63e774e5ebc4ffb71013caf987889631ad186613e940f37709c49ac714f2bda418f4415a4b9b6a6ad054b4303989b4aa0d1da5cd652bfc69d75bcc6db8709d856f3a081ca3f17be80763cbb60fe13111d7b081514f8c8773ac33b68111cf53be6dc130b93d67fb29c9219e6b7c6506cc278b68e9db6d", 0xe4, 0x4000800, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x1, @local, 'veth1_to_hsr\x00'}}, 0x80) 19:19:00 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff000000003f040000000000002d400300000000006504000001ed00007b130000000000006c440000000000007b0a00fe000000007b13000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3ee654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fc152b7b9da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33d39000d06a59ff61622cfd9aa58fe8d485ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfe0e669e51731b2875353193f82ade6950540059fe6c7fe7c00007502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c55318294270a1ad10c80fef7c24b78b29d83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae037f27feeb744ddcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0602a5948177556c2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb20000eb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e078b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1bb5916b9671b7000000000040f4bee5ad2dea2d14e195265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879c8e7dc00624726042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b25393f7536bcda9f64b7c5640bf89d4a74d51dc233dee628c1dfbb55669f8478c174b34eb234481547e484c6af101396b6977dd668b401391c1d2e242edccf1cabe6be9868d383eb937efdfd9ade01810600"/1610], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x78) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000100)=r5, 0x4) r6 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self\x00', 0x6200, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r6, 0x40286608, &(0x7f00000000c0)={0x3, 0x3, 0x800, 0x2, 0x7, 0x4a4}) 19:19:00 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x8, 0x70bd2d, 0x7fff, {{}, {}, {0x8, 0x11, 0x8001}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20000854) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f00000012c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001280)={&(0x7f0000000200)={0x1060, 0x1, 0x5, 0x201, 0x0, 0x0, {0x5, 0x0, 0x1}, [{{0x254, 0x1, {{0x0, 0x58e}, 0xb3, 0x8, 0x8001, 0x0, 0x16, 'syz1\x00', "46f2dd187575e4b16ce9ceba2f5daa7886b204418339742edf8c13a5a41166ed", "52c9c70b5aa32c0c749619968174e0b4231e2c3a621bc39efa746031fee76096", [{0x4, 0x9, {0x3, 0x7}}, {0xfff, 0x7, {0x0, 0x3}}, {0x6, 0x143, {0x2, 0x81}}, {0x8000, 0x3ff, {0x3, 0x9}}, {0x1, 0x8, {0x3, 0x4}}, {0xfff9, 0xa1, {0x0, 0xfff}}, {0x1, 0x2, {0x2, 0x8}}, {0x9, 0x100, {0x1, 0x4}}, {0x100, 0x7, {0x1, 0x3}}, {0xb369, 0x6, {0x3, 0xff}}, {0xd410, 0xf65f, {0x3, 0x5}}, {0x7ff, 0x3, {0x0, 0xf8b8}}, {0x8c, 0x5, {0x0, 0x20}}, {0x2, 0x3ff, {0x3, 0xfc90}}, {0x20, 0x6, {0x3, 0x2}}, {0x3, 0x3, {0x3}}, {0x7, 0x400, {0x0, 0x5}}, {0x4, 0xfffc, {0x2, 0xffffff48}}, {0x3, 0x4, {0x2, 0x2a8}}, {0x31c, 0x100, {0x0, 0x81}}, {0x1, 0x2, {0x2, 0xf16}}, {0x0, 0x40, {0x1, 0x6}}, {0x7f, 0x400, {0x3}}, {0x198, 0x7ee6, {0x1, 0x8}}, {0x9, 0xb2, {0x1, 0x3}}, {0x1f, 0x7, {0x2, 0x5}}, {0xfff, 0xffff, {0x2, 0xffffff4c}}, {0x5, 0x2, {0x1, 0x2}}, {0x1000, 0x3ff, {0x2, 0x401}}, {0x8, 0x400, {0x2, 0x1}}, {0x1ff, 0x8, {0x1, 0xffffffff}}, {0xf802, 0x6, {0x2, 0x5}}, {0x0, 0xfbf9, {0x1, 0xe4}}, {0x9, 0x4, {0x0, 0x7}}, {0xea, 0x3, {0x1}}, {0xfffb, 0x7ff, {0x2}}, {0x4, 0x84d, {0x2, 0x3f}}, {0x5, 0x8a7, {0x0, 0x8000}}, {0x51, 0x3, {0x2, 0x7f}}, {0x3, 0x1000, {0x0, 0xf6}}]}}}, {{0x254, 0x1, {{0x2, 0x91de}, 0x4, 0x7, 0x8, 0x2, 0x9, 'syz0\x00', "807c2b24d7f263ddd89f668c6e796cbc8c70e222665ed2ed68453e61410b6bd6", "b8c2eaf60eb068280ea49aade8bc30fe4e2bd1f97561889a240ac27a3b3ee6b5", [{0x0, 0x101, {0x2, 0x49a}}, {0x3f, 0xbc, {0x1, 0x7}}, {0x40, 0x9, {0x1, 0x1}}, {0x6, 0x3, {0x2, 0x8000}}, {0x0, 0x7fff, {0x3, 0xffff}}, {0x5, 0x0, {0x2, 0x8}}, {0x3, 0xf29, {0x1, 0x80000001}}, {0x8, 0x0, {0x2, 0xedbf}}, {0xff7f, 0x4, {0x0, 0x10000}}, {0x0, 0x1, {0x0, 0x1}}, {0xf94e, 0x1, {0x0, 0x4}}, {0x1f, 0x7202, {0x2, 0x9ffe}}, {0x0, 0x5, {0x0, 0x2b}}, {0x6fcf, 0x3, {0x1, 0x80000000}}, {0x1, 0xffce, {0x3, 0xffffffff}}, {0xd9, 0x0, {0x3, 0x9}}, {0x8, 0x3, {0x2, 0x8001}}, {0x1, 0x3f, {0x3, 0x800}}, {0xca2, 0x1000, {0x0, 0x80}}, {0x1, 0x0, {0x0, 0x7ff}}, {0x5, 0xbb78, {0x0, 0x3}}, {0x9, 0x5000, {0x1, 0x1}}, {0x50b9, 0x0, {0x2, 0x5}}, {0x6caf, 0xfffc, {0x1, 0xd8}}, {0x4, 0x9, {0x1, 0x7e0}}, {0x57a, 0x7f, {0x1, 0x2}}, {0x5f6, 0x2, {0x1, 0x8}}, {0x45, 0x101, {0x3, 0x8}}, {0x8, 0x9, {0x0, 0x800}}, {0x3, 0x81, {0x3, 0x7}}, {0x6, 0xffff, {0x3, 0x2}}, {0x9, 0x2, {0x0, 0x1}}, {0x3, 0x2, {0x1}}, {0x9, 0x4825, {0x1, 0x5}}, {0x9, 0x1, {0x0, 0x7}}, {0x6, 0x4, {0x3, 0x2}}, {0x5, 0x9000, {0x3, 0x4}}, {0x6, 0x7f, {0x3}}, {0x81, 0x100, {0x0, 0x9}}, {0x8, 0x4, {0x1, 0x35}}]}}}, {{0x254, 0x1, {{0x2, 0x4}, 0x9c, 0x8, 0x2, 0x7, 0xb, 'syz0\x00', "ff2d8c68400a6eeab78bf22cdf7c4c2dfdc5dff61a8d3734e46efbf1616a4fdd", "c8884f5b24ec73014772c73b118014dc8cf593e2f2d8d5f86b04287143921a5c", [{0x1, 0xfff, {0x1, 0x7}}, {0x2, 0x4, {0x0, 0x1}}, {0x2, 0x9, {0x1, 0xfffffff9}}, {0xfb, 0x4b0a, {0x1, 0x9}}, {0x8, 0x2, {0x2, 0xa77}}, {0x800, 0x8000, {0x3, 0x4}}, {0x9, 0x5, {0x2, 0x8}}, {0x3, 0xffff, {0x1, 0x3}}, {0x0, 0xdfa8, {0x0, 0x4}}, {0x9, 0x5, {0x3, 0xc16}}, {0xf66d, 0xfc, {0x1, 0x7fff}}, {0x7ff, 0x1f, {0x2, 0x800}}, {0x0, 0xbe5f, {0x0, 0xfffffffe}}, {0x8, 0x4, {0x1, 0xe8b}}, {0x7f, 0x1, {0x2, 0x9}}, {0x8, 0x6, {0x3, 0x9cc2000}}, {0x3, 0x0, {0x3, 0x8}}, {0x9, 0x65, {0xd478d2bc17a2153b, 0x46}}, {0x6, 0x1e1a, {0x1, 0xffffff13}}, {0x0, 0x7, {0x2, 0x3}}, {0x3739, 0x3, {0x0, 0x8001}}, {0xfffb, 0x4, {0x1, 0x495e7070}}, {0x1, 0x9, {0x2, 0xc0000}}, {0x0, 0x3, {0x0, 0xb0d}}, {0x9, 0x9, {0x0, 0x1f}}, {0x101, 0x45, {0x2, 0x6}}, {0x7, 0x8000}, {0x7f, 0x2, {0x1, 0x2}}, {0x3ff, 0x3, {0x1, 0x7}}, {0x4, 0x40, {0x0, 0x1}}, {0x4, 0x7, {0x3, 0x6}}, {0x6c, 0x5, {0x2, 0xfff}}, {0x9, 0x5, {0x2, 0x1}}, {0x9, 0x4, {0x3, 0x3}}, {0xff, 0x14e, {0x2}}, {0x101, 0x0, {0x2, 0x4}}, {0x800, 0x3f, {0x0, 0xffffffca}}, {0x5, 0x7, {0x1}}, {0x34, 0xfc01, {0x3, 0x2}}, {0x4, 0x3, {0x3, 0x8}}]}}}, {{0x254, 0x1, {{0x1, 0x7}, 0xf6, 0x1f, 0xcee, 0x8, 0xe, 'syz0\x00', "d95e734dfd5610b768ad0e53c15952b2a921d964ad61070d70717ba552b29ace", "a5d24d04f1a0d3a1b310c45ba312d3fb175db46e9c929e39708c50639efdc149", [{0x6, 0x1f, {0x2, 0xd89}}, {0x0, 0x1, {0x0, 0x21e}}, {0x100, 0x1f, {0x3, 0xff}}, {0x1136, 0x5b, {0x1, 0xfff}}, {0x0, 0xfff, {0x0, 0x300000}}, {0x1, 0xfffe, {0x3, 0x400}}, {0x2, 0x2, {0x0, 0xea}}, {0xfffa, 0x53, {0x2}}, {0x1, 0x79c3, {0x3, 0x5}}, {0x2a3, 0x3, {0x1, 0x3d}}, {0x7, 0x1f, {0x3, 0x2}}, {0x7, 0x0, {0x0, 0xfffffff7}}, {0x52, 0x1ff, {0x1, 0x5}}, {0x4, 0x4, {0x2, 0x1}}, {0x0, 0x100, {0x0, 0x1f}}, {0xc492, 0x1, {0x3, 0x9}}, {0x0, 0x0, {0x3, 0x1c00}}, {0x1, 0x4, {0x0, 0x3}}, {0x1, 0x7fff, {0x2, 0x8001}}, {0x3, 0xa, {0x0, 0x5a}}, {0xff, 0x2, {0x1, 0x2bc4cd1c}}, {0xfff9, 0x7, {0x0, 0x9b0}}, {0x4, 0x0, {0x0, 0x66}}, {0x8, 0x0, {0x0, 0xb03}}, {0xffff, 0x3, {0x1, 0x80000000}}, {0x3, 0x1, {0x0, 0x2}}, {0x5, 0x6538, {0x1, 0x1f}}, {0x1, 0x5, {0x2, 0xfffffffb}}, {0xfff, 0x401, {0x2, 0xfde4}}, {0x0, 0x0, {0x2, 0x800}}, {0xce3, 0x2, {0x2}}, {0x80, 0x20, {0x2, 0xbe2}}, {0x7, 0x9, {0x1, 0x7fffffff}}, {0x80, 0x100, {0x2, 0x2}}, {0x8001, 0xa1f, {0x3, 0x7}}, {0xb1c0, 0x1ff}, {0x9, 0x5}, {0x4, 0x100, {0x1, 0xc5c}}, {0xfff8, 0x0, {0x2, 0x20}}, {0x979, 0x2, {0x0, 0x36}}]}}}, {{0x254, 0x1, {{0x0, 0x4}, 0x7, 0x1, 0xf800, 0x7ff, 0x18, 'syz0\x00', "b4b414084e2f0a3b97b1d178aff1aff6a3c9f60c5fa698e9ed7ab006aefe3fa6", "ed22c34e5b44e5f4d66206da80fc4795ddb9f28f532b9cd24f6c664da6afceac", [{0x20, 0x0, {0x0, 0x3}}, {0x6, 0x200, {0x2, 0x87}}, {0x0, 0x7, {0x2, 0x6}}, {0x73, 0x8001, {0x2, 0x2}}, {0x101, 0xec, {0x2, 0x8}}, {0x91, 0x7f, {0x1, 0x6}}, {0x7f, 0x0, {0x0, 0x3}}, {0x4, 0x8b, {0x3, 0x7fff}}, {0x8, 0x5a, {0x0, 0x1}}, {0x3, 0x2, {0x3, 0x9}}, {0x1, 0x0, {0x2, 0xffffffbf}}, {0x5, 0x4, {0x2, 0x1}}, {0x0, 0x8, {0x3, 0x3}}, {0x6, 0x1, {0x0, 0x1}}, {0x6, 0x0, {0x0, 0x3fc0000}}, {0x4, 0x2, {0x3}}, {0xaf9, 0x0, {0x0, 0x7}}, {0x6, 0x1, {0x1, 0xed}}, {0x7f, 0x1ff, {0x3, 0x4}}, {0x81, 0xfff9, {0x0, 0x3}}, {0xfffb, 0x3ff, {0x1, 0x3}}, {0x3, 0x2, {0x2, 0x4}}, {0x101, 0xffff, {0x0, 0x7fffffff}}, {0x200, 0xfeff, {0x0, 0x4}}, {0xe9d, 0x7fff, {0x3, 0x6}}, {0x9, 0x3, {0x2, 0x2}}, {0x0, 0x9, {0x1, 0xff}}, {0x3f, 0x4, {0x3, 0x1}}, {0x0, 0x57, {0x2, 0xb3}}, {0x6, 0x8, {0x0, 0x10c7}}, {0xe98, 0x0, {0x0, 0x7f}}, {0x5, 0x3ff, {0x2, 0x8}}, {0xdd, 0x1ff, {0x1, 0x9}}, {0x401, 0xf4b4, {0x2, 0x7f}}, {0x7, 0x7, {0x2}}, {0x8, 0x6, {0x2, 0x1000}}, {0x6, 0x7, {0x3, 0x2}}, {0x1ff, 0xf67e, {0x1, 0x1}}, {0x2, 0xfbff, {0x3, 0x72}}, {0x1, 0x1000, {0x0, 0x8001}}]}}}, {{0x254, 0x1, {{0x1, 0x81d9}, 0x9, 0xff, 0x8, 0xfffb, 0x18, 'syz0\x00', "c2975096de87b960e91b369de6682a9b84e241134fafd02639cc4f25e63bf245", "f1eed2f96cf0a090e65dc591c8b82d816fe0e4f29633c66e81baaedb174515d8", [{0x40, 0x7, {0x2, 0xfffffc01}}, {0x0, 0x5, {0x1, 0x7ff}}, {0x0, 0x1, {0x1, 0xfff}}, {0x7fff, 0x0, {0x3, 0x600000}}, {0x101, 0x6, {0x0, 0x8}}, {0x5, 0x7, {0x1, 0x101}}, {0x9, 0x0, {0x1}}, {0x5, 0x8, {0x3, 0x1ff}}, {0x7, 0x81, {0x0, 0x8}}, {0xff, 0x7fff, {0x3}}, {0x6, 0x0, {0x1, 0x8}}, {0x7, 0x100, {0x1, 0xe0a4}}, {0x60, 0x3, {0x0, 0x45d}}, {0xfff, 0x5, {0x3, 0x3}}, {0x7fff, 0x4, {0x2, 0x8}}, {0x1, 0x800, {0x3, 0x8}}, {0x0, 0xb, {0x1, 0x2}}, {0x1, 0x1000, {0x1, 0x8}}, {0xfff, 0x1, {0x2, 0xff}}, {0x3, 0x2, {0x1, 0x80}}, {0x7, 0x8, {0x1, 0x81}}, {0x6, 0x401, {0x3, 0x3f00000}}, {0x4, 0x3, {0x0, 0x1ff}}, {0x9, 0x7, {0x3, 0xff}}, {0x1000, 0x1ff, {0x3, 0x11a6}}, {0x3f, 0x1, {0x2, 0x1fe0000}}, {0x4, 0x4, {0x1, 0x7f}}, {0x24, 0x3, {0x2, 0x3}}, {0x7ff, 0x6ac, {0x0, 0x7}}, {0xa49, 0x9, {0x3, 0x7}}, {0x6, 0x48, {0x2, 0x7}}, {0x3, 0x1, {0x0, 0x7}}, {0x8000, 0xb4, {0x3, 0x7}}, {0x81, 0xca4, {0x2, 0xec5}}, {0x6, 0x2, {0x2, 0x1}}, {0x6, 0x9, {0x0, 0x6}}, {0x6, 0x1bf, {0x0, 0x4}}, {0x401, 0x8, {0x3, 0x9}}, {0xae7a, 0x29, {0x0, 0xffffffb4}}, {0x7, 0xfffd, {0x1, 0x2d0}}]}}}, {{0x254, 0x1, {{0x0, 0x20}, 0x0, 0x7, 0xbbd, 0x47b, 0xf, 'syz0\x00', "5656750a66fc1567e0970c1985548fc027c8c87d4f522225f686143f7d493fd9", "64aa56895c297d63e3807006a30ab40a6ebb65a638e57bede51341b9c9fb9ab8", [{0x6, 0x8, {0x0, 0x7}}, {0x8, 0x7, {0x3, 0x8}}, {0x4, 0x1, {0x0, 0x3}}, {0x1, 0x1, {0x1, 0x4}}, {0x6, 0x0, {0x2, 0x1}}, {0x9, 0x9bf, {0x1, 0x7}}, {0x1, 0xf190, {0x2, 0x1f}}, {0x1, 0x6, {0x3, 0x3f}}, {0x3, 0x1f46, {0x2, 0xffffffff}}, {0x8, 0x9, {0x2, 0x1}}, {0x9, 0x7ff, {0x3, 0x200000}}, {0x1, 0x4, {0x3, 0x9}}, {0xfff8, 0x81, {0x3, 0xfff}}, {0x1, 0xa6, {0x2, 0x400}}, {0x3, 0x800, {0x3, 0x5}}, {0x1ff}, {0x9a, 0x8, {0x0, 0x1}}, {0x71, 0x1000, {0x3, 0x200}}, {0x81, 0x5b0, {0x2, 0x3ff}}, {0xff, 0x1, {0x0, 0x4}}, {0x9, 0xfffd, {0x0, 0xffff}}, {0x3, 0x4, {0x1, 0x1c2}}, {0xa0, 0x4485, {0x2, 0x8000}}, {0x100, 0x3ff, {0x3, 0x7}}, {0x800, 0x74, {0x0, 0x5}}, {0xff00, 0x92, {0x2}}, {0x9, 0xef0, {0x0, 0x44}}, {0x7, 0x3ff, {0x2, 0x9}}, {0x8, 0x7, {0x1, 0x9e69}}, {0x7fff, 0x0, {0x1, 0x9f}}, {0x3, 0xfffd, {0x0, 0xffffffff}}, {0x1f, 0x7ff, {0x0, 0xffffffff}}, {0x1, 0x1, {0x0, 0x4}}, {0x7, 0x2, {0x1, 0x10000}}, {0x1, 0xfffb, {0x1, 0x5bb}}, {0x1, 0x5, {0x2, 0x7ff}}, {0x0, 0x4, {0x1, 0x81}}, {0x40, 0x2bdf, {0x3, 0x3}}, {0x7, 0x4, {0x1, 0x9}}, {0x800, 0xa08b, {0x3, 0xffff}}]}}}]}, 0x1060}, 0x1, 0x0, 0x0, 0x20004045}, 0x0) ioctl$NBD_SET_TIMEOUT(r1, 0xab09, 0x5e42550e) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001300)='/dev/sequencer2\x00', 0x20040, 0x0) write$9p(r2, &(0x7f0000001340)="1e60c591f6f7b83c805a69d84a792041391c001bba208ef98413b03e10e6b6fdbb4e5659503e7564827f99b31856ed5a0abd899e4c443f", 0x37) r3 = syz_open_dev$vcsa(&(0x7f0000001380)='/dev/vcsa#\x00', 0xffffffff, 0x20040) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000001400)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000001480)={0x16, 0x98, 0xfa00, {&(0x7f00000013c0), 0x3, r4, 0x14, 0x1, @ib={0x1b, 0x40, 0x0, {"32e1decb8aca93fb6c358c08f4081d98"}, 0x1, 0x100000001, 0xff}}}, 0xa0) r5 = syz_open_dev$vcsu(&(0x7f0000001540)='/dev/vcsu#\x00', 0x8, 0x404000) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000001580)={"3216cf22f8c80c2c4a91219c0d36f7470025bf27effd7154af8544f685d88d0b251a98e6a1cfc96a7a70971a6fc80ba013054f102576cf9d36e5fc3eee581f093738c0caf74eee2dfe5ddc483d01eb67cb398ee3427d209f3cc217e7667fc2d1ba7916037a8c247f1a2b8b56023e19f214f1d9582dd426799acc31c89f1536049c6f3d2af97d60afcbeead8266f9555eee0da98d79b262bd42deda3bc4500bee370887932038eee54664a3bf38a28da1c88daaeca09594004148431d399ae5ae1ee8525ef8afcbadb2cd652785360646127a7e2650a1dbb1d108554c2a9fd364ac1c22e175402272f2473d25b8e70e72fc121baeba345a48694c26165159735a9f3efaf95f77c4b233e5ad82b1b1f8ad8a0e458f5a25b47a05ee8877537c2b9887a3fe4d209f0da8aaf8f8232975582aad084dfd14ec66826211ee409bf29dd06bbc896798c887ca7534a466f3587112d72f2d8dcd22ee24b55ef6e60a675822852cfe20da3a355d1f972cef32dfa0040ad77a32be9a1a1d032edbc966e9f516ae624732a96c498bfb1a66e4e0f603900f5af9db763dbce0903569bf5543bf23c1a45bef499bae05aa3422c869667bb709456b27eab4caf816b1a850eaae90039399c4f79c994b47cb5992b502760c520572054dc8c174a4c6943296bbc3c184cf8adf8dd70febbb7250d43ee2f1c1d76e28c1dc5520ddd432a508ad8a499ce79fd78493cb453e3b5a65ee8634accdba9d0440c0e0e3028633a50b4deaa1e3da8c55980f235692ea070ee39195ece2fc0cccd7d1dfd32c505c205a5d98428d7b4a564feea8242b1ebe7f9723e5429149bb712eece768ae93e4d123ab2f5c3ba429a6512555da4f38b5d6fb031d02ae59474554ed1d4b8ee5e3648db1c8bfebc61ea2bd1b018705958e9a484b927289081cfd726da8790a8070f858553dffff3ac9d025f02a656bba3d6d7da7c141aa8b5d50879d6c6a3aebc8c21b89482c3836302049e6b40e33e423a107aa8f04a1a4f56cf1f1ccc312e614fc2131ca387aa8c2439cffca297140927417988f1022b0917918583f3acc2e994c8b988eede0f9e0f5bbe21444052438d664414f17ea647549c4252860467f839d8228201a5aeba2f0623870ac90b45398cd9184f0e8f5540a7ce8b1ff0764f35d5b0e3068508f182fae4d1101451f9799461244a6b5898d65050922026c946be496e97c589c3187b56a8e64ac1be2789254d45c270ac5b26e36ac4b0a5555273e4e4f80489b36fc4692748d2bf439dddb88b72720ea99ce6ba0d108680a67a77ddae43e2f42f5c4a5640b36304380b5155e4cadae12d76af65df213188921193453880e196330b75b7061d8a2c85a82f4b14d69e830420daa520780cf2c3613ff6b6e93841b4f073c9e9b5d164e0e007be10128cec98a02bb1f123d86090176fc336cdc4e34e4"}) syz_genetlink_get_family_id$mptcp(&(0x7f0000001980)='mptcp_pm\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000019c0)) ioctl$BLKBSZGET(r5, 0x80081270, &(0x7f0000001a00)) r6 = dup(0xffffffffffffffff) fcntl$setlease(r6, 0x400, 0x1) r7 = openat2(0xffffffffffffff9c, &(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80)={0x942202, 0x0, 0x4}, 0x18) sendmsg$nl_netfilter(r7, &(0x7f00000031c0)={&(0x7f0000001ac0)={0x10, 0x0, 0x0, 0xc120000}, 0xc, &(0x7f0000003180)={&(0x7f0000001f40)={0x120c, 0x3, 0x8, 0x201, 0x70bd2a, 0x25dfdbfb, {0x2, 0x0, 0x3}, [@generic="48f53387c8e73ea0c026cf78fd67f3914c74e5c42751d8c08da8e8533b7dbc1bb3cd62503ef81438718bbd72ab750b498ead6787abbf10a6790d54af4ee5cac6548f8664bad15c4afde01d8d374c79aa47146796bf0658d01e", @nested={0x71, 0x3c, 0x0, 0x1, [@typed={0x8, 0x1f, 0x0, 0x0, @fd=r5}, @generic="223740d60a8832d1b4c9c360bddd8bb653918410eaef2a0d24d15abd0ef9481dbd1ad52fa3f9a708546b26e3cb601fbd9977f60731988dd78ec5ca54c640612a2adfec21b473bc1f4873130f4e29e196e84645039d2537203195e0c064", @typed={0x8, 0x54, 0x0, 0x0, @u32}]}, @nested={0x111f, 0x11, 0x0, 0x1, [@typed={0x2d, 0x79, 0x0, 0x0, @binary="738dd813eaa04b7dc7af3e2999f4277b4b62c7f2ac7d271c18c30100b3d181f5f88fc73cbaa6ad1cb5"}, @generic="67be23b8787d4763b8b927f36ff20880d7b9a1a0658747c7ce9af7ed7db9859ccebc99ed0b38ac40882d221351dcb185e07857e74bd465a57dcd14fe7389b71abf6101ca597cc27db20e11b791eda43e6378958a5cfcebccae46527a4e815d8fb3a0e100d760294b", @generic="e08b4d898a882372df5a38effb70eb87a4d7ebc20ce48e5e6c9cdfffcdfb0ccd5b4cf49afb81c6ce3c2d10db366035d0c92b6dd21953fe858fe9f07578d17603c4423cdf86f695daa6b8d7b60022b75151925d68c2facc4758640c15dd6ba9a416b58b38eb2ccc1383f7b055fc19f28d4baa38e3b58e194a059db33171a75e55049f3b91c576dc8829c04c1747bd662bfe36c72a1df35c2add4fc199e5235cb749c851290e6a45b37f1c834c2b9f1cffcff7430a7ac89134f1fa9ec068c183362bdd9a13ce92014462d44ad86c6758a6207a446efdf9c63c7f392394f24e6520507c2fa56be822b140c26eb533086f81bc2d9d3632ebca00414a6ca265d903f5a15f1847b11e39059bd133ab262b3cc8a62d05f7d19ff0ba32e6b3080dfd97f319feff970b848ecfa6db9183f47a82e65e8f287f70c8b1a0d576ac5638589875a6d4b49fa3ce1cc2e64dc67b2bcc63fa13af3267ecaac7ef98b4b21fd4be3c8c81f48c05711765f32a24c52cd376e2a0ac484e181079f297674937117f27f8dfae001ef503fe022d5953c695c759eda358a1c573b2f70bbc498d3ccfa22cad9be129cec81114f577b0c4a4d7fc1482920eea6085586774879b39db9c4c772c0e5da7a86434ee556a47dc9ae93e3070c260c4d1c28f19f4c9360f5172f5852b59a6d44bc664f6898d7939dfd0b1a8001325fa30970c290bda2abd09d26eed3063f0ae351e0eec8d6a65c9913371ffd0f0725be5b5166eb82711d37e7434534e4f1a83df8ad849f6d805064b5986db119667a3b61a576d865829229d0e36028b3a784b3467e2e85e3cfcd26178047eaa12c42731445344af1d9a4776129a673b44856038bdef101da74ad1a4ae8fbf46e0646cb798eaff75d28f0a239227e0433deca0e2499ad6472ec578246d72b4f7c20b1cd238480284911649c83f663e5db2e695814b6a48d2b27520443df1597dfe2d3f9291c2de5c4edcbdda8142a6b9994799224bb2257bf87e4c8ed8b53f0578b8958a5ef24d385a07fb0d0c909c8674619c5697386ba11e8a8226992f5bb12a906efe68b9c02067dd3bd3c5f40e5f49dc77233f0251dd8af6ad0934728aecff5a33b8afe7a0217f64048afaf5f436fcce0d6eb34718b21afb5caceadc8cfa6fc95ff1dc849e867611299b3ea7ebfb611296482102791fc61a97d8d116a584486716826753ace8a0866874c65207734b72dd6fe3628c4a4befcdf29d3ed630e1718b58095ce0ca4f8efedab2ab27b35fdf6304c31d78cf1cad208e170caac7a1cd152053124b761da571ce5dc50a2a9e96bfbc760665c46adeddc5f40cca38706118fc6df631386a67273f18fc2ee5fff3ba4403a828d18772a1e9adf7244765e196b233c5a4bce342b65d0d00ae1fb379d78b8d5cf57a92aece90d4657e40de16270f098e4428eaabc652c8c5ddf792535f36107dae38d12c8112d0d977a06e333cfd7ca677d979c3d24a56ac9e984aa70397ec9e3c0a685bffedc82a66b696c19fcffdcc3ce1e9294dcea16f08e6a043152555d20e2c00aff1fa4de6a8ff215c432d544b0d544983246a46bf470974f79c349053e0164e69179ce6c622f8e5a6579285521ab35b1f6d4226f08c264a645015315352b8cf56da57608dbdbd1a03957d5b30a3d0f93f4b2fc41a98e53fed027c023b708773ef06ead3db701deec5c8030fbab6825fb154ef605b470ebed199d5ec7e14d9823b0bd6cfd7420f496cab522f031efb61919534118d3b623306c4df4c0a0cd3825b6723cfc1f8702acf4b0fd38fe08691db760ef712c23126749872795160f79d0bf004442143dc25d1e6f0f9eed9fc158f060354769310e8085687afa2226f58c551abff96b11751df32628a3ad6971263680b7e65b0da1832173708696d5a6b6c50e7fefd2032770f427edf16f3750a3b83b6ef5b46f1db98808230a629984bf68d58dcd1ab4764a7b04c1b30745f7b52f31191dafd1fc7f3150ad99d0535afb7cb571eb3ebfcefa9562d9acfdac9caf9f118fe4c881ed0b04bb780d54f69eb90171c456a9ee14c566f69cfae24100ddc64cd3cdb4fbc8fcb34ac669b0402722ca4f12d378c2880492aa331cc4863688115be81f68aa2eead706f70a7d23aa88120ad41bc54dc30482617f298812a78f329c4e9daec9607e98bc21639544b646ea16a1ac14b33923f700569ab8acb5ec54a0800720742d0df16e99921bf606eb779b3fb79bdf9f27eba8a4c545f05b10e225fabaeb56590296ac0be7fb56845e1f43d71fda58ff13f4221c54d92580632be18acdbf4b386d64552fb8d4fc5a18c4d539066fcb4251795fd29a780a25c1d40e3057b6af5ee683f9dea583bddbb7b40bb3cf79194e067c212d7157fee5efd866dc7269a8b3f05cfac00a8fcda79bcf43effa64ba97b14dea0038e2999ed10fb5edb8d7413d8e98a00bdafc5737a25784a945fd33563e75dbafe814e6021df6ecae2ba5dd78dd15f5bf6848518ba42d8754b3eb4a5a5842bcba01478cb7af4b0e5c7daa194ca32c529536320f4197fdefc9f5af7da5ccfed9b7dccbcb3fdb95e01c661cf0a052c145c837d850c066a9c19e0428151ae7c3245ecb71d20f204eb8a4036dcf1ffb65e07945928e1601832f221a31fe035dc383e509f054744bcefeb50342ecb0389b2bc7326442f63f636033af0b81a846cc63f40d58a6455a88fa2ca2376e4bc7c9f459f4b16d867aec8407ab693bcd521cac9d7c1f04d412487be20edd2a9c7f89ecb7c4470eb5bafe4846ae859119a8283aec2f41d0615fc73e39a45982642fc970e462c27748f7a68d72f87d4d8ba8935a631320f41c66d370a25917e9b2878f1375803b6fe18ec378d7dcdb64d80e3fef92bd04d5011ab5ad7c1d35d8555f03baba1f07e645c9110f64f66bbedea399c94d877732ed07e4d1ad7ee1687a6917b543682ce2ee0a1ab8b38538a505330cf4629cce1ed8e1c291d106be570fe1feba2edbef2c6a213b12c4795130c3a26ce509f1683a1d58adc1ccd0d3a26cac09e4e78a4eb6ab5e62609ac9c68c00a748f1b67fdf1a3f5aeff3776413288f99a5560610036f91bce5b8b1c881c69637707eb9afe51c8e68a0d74ee301b23e540e189498d29362f3561f8bcc67cc4e9091964180e9d761e1ac7915f5f9bdfe8e0d47f3c12b9bf92634f034996f9be3ed7f9c0b5c7cf8392d05e6d53997dc240fa2620ff6c10cbbc06297401b6255e02eb8bc84cd8f215fb9e5afeb41859f652508fffa128abc70c06ea597e0d7dd99933913f3aca896b7457efec84c37994d675395a449eeaee5449c8e17aab23796e044b7ad585e2f00d4f6c8d45962a1821b38bc6cbafe49b2f6791745cc4108af42aeb8bb6668a6cba53f87906e829dd3fff4f21b4c00a9d21b3877c76c4e796f6b75c1c1b3458e82413e7ed6b7ca66eed1fd11398ed0af80e91c8df7af892e1042be041177e2128fd07599cc1f8791c1fc17e9b44c3dfb2e1197d2f180d1050001d7f31284fd46ef21e20b22dea91804e9cc58d8a5d3e016d551d01811879204cae1f1555c6760f6722051927c07bb63bdd1d990ccc9f36325b10d824e65553e40bc3fee1efba52ef43c54a61d460ec56a0b6070dbcc34dc4df22c5e70d29f478d6fe52f3bf2ec0c37fe9849f1633bfd53142d86c613e18e5dd2f1f74589c341d0c1c6a8d54dfb05b8b53ed72f9464cf1603ba47e8c83fadd44ddea5bfbe3abfb20acb79719fff6478a3e5348ba49667b30d58c7c34cae7fecb4a47e0c2d51417db94289828eedb1b6ece5f6b8c4c8e27720b929eea62398acf9f2040f6ccfa9ebd66fadf79db981437afd84b5f689100efcdcd000a44c43caf34a031d504b443ed121eb2c864b43cbd354a3c5234da119f6cf7d613b98a541928cd4e96ab9cf4deb72d8b7c0034b06c8c9343b4a073baa10e80168bbf92dec3ad21a14429de2d42c8b8975d9586c140cfff083f0a3b94c5940d8b0a25e987513c8110de994af67004cf15ab33e2678c71822482ed11d44c563a64ad7fc1241283331b98d57297cff2f89f3be5d0e9444b82b8f11bdc2f442c1bd79d1f9bb7850055a4975749377c29887c71a17e9837439102b4f136fb8b1f4edf43e00bfc31e4bd61c693e3990c6f105605a03f3eedb7ce0b5a57ac895136d9c683164324e44f480b8e06bb9272ede11781da7088f65de4b66a0eeead2a8432a9c4150bffa6ab0c9c5bea5cbbeb7b84338b77fe1834293a885bb344b4930ec6dfbc658568c43aac0f24e82b926dbb872b2ffcde9e3c069449f50498bcc5f1501b95750fc5784c078bd696a49e9be326fe37b4bd99375f6f1a1b6049a0acde0d7b770f769f3e6fe70d19900a5813f6bc5c60781808a803696ca25ee7e6bbfe8f2c53ada037858ef29a9ea239c0f462ac01dbbce6e32a2cabf3964f114fb568fec43e72172bf91c6f690e45ffe7f2420e0b91f00fde7dd0612a0484aee9ee84374540bf665ebbfc2a9f2ba96a0cfadd130e0e04a48be5b683d495866815dce5db71941e851c6e0d2c26a78f74b9a5bcc32ea53472cf78d1c14251daf81cce166b6d9b7bb7b565e1b9e09a15090e5ae11b4ba8ba5c953efaf4c6e6c1668c9177f8b9fe7275c9627b09fd5e6fca2048bba7efcd9880f33623a5385cb20f9d9e0059718e6886ae3d5d478a16efa35522c0d1caf62e894675519767f36797946c68e43143fcf06ccdd891441fcfa336b3cb90d5df2c4c33d589ab3a41f3a2a9c50acdd016eacd3130765200173e53c59ee9890b2d875d0cc418d1a73a115ddbcf747837c06d9aa9904cceef1d757d53176d005c59c53357fbf925af7349d9c47cffce18317b78601affe03fc34e7a1fedbd99e3782226f2cf3d21ad8c3d7db6633442c08dcf28b70f19d11ca9071d3807d48417566507ca67f1c51e4284beb9e5c193614e40ebf7cfcd76599a9a1275465693dc0f1914eef8f7e36ed2d011952da9c15f2cb4b68e7afb5bba59ca5b73fca1cefd593db16381318764540bf91b5622812a0511bd64437f2e343f1745828a7f17da4cfef17d0b2113b198049ccdd9546995df012e2ff281eef35150228210f09c6fa8411424950860edf7638336457aaa4d3a6595106d8198d0226c860f644d36fccdf4880937c5bf4705b0fa19b7ee041e803c4dd659cba4a73ddfaff8bff673b0ec7d07d209ff66ea5066152a3225e8786ccf6572c6e3063f407da2ecbb395c2e9149832064846b839eaa35361e7ceaed901959ac81c2d7bf50c6fe71190f361d7d74b352e3ba0c686bba56d3a10599c3896e9101e6d75ad463416cb1fbf3cc25515d1f68c730f77bde498400f97d9cd39b7678cfea23960f173cdc0b7240b7d063d0409c44fdcff040c2df3758d813631cdf5a1f70ae582ef4c8c49fd81a51275e77e0353605c1800f37341399f6edb35603b4575ec402aec7a212f6aff5a0124f3b976d29e647d4b5b7ddb4fa08aa9be21e0b77a09f05bf5dc283ccf2ed6978e5bb59cb3313baf482320a240fbebfc46553a2c5667e4fd536a8051dd988b9fb4d0a83c328f032980fd4741c61a327b6acddead5aa9b4485b9f49dc9f5c2fbc8a4b8033afb721d4832e22667f7890a72185f7ab496b78582c2f270d31fa7881775ee251ec5526a12d1ada2cde69147f68b181e449eb2aa2adee90e6e40a162f388bcc58cfa0c87cd1d3c05e8b1c90cfea0c9be3a67a870bac9586872bd936115f6c269470d0bd0234d94f34040b50145a08b874fb5161a79f75efae60cdcef6ac824a9c11036cc9ab3b281aa", @generic="9f684a6faf03ac5e5c1b21ac7a6a2dd3fccc6bf1ac4e4133d47ed83740a07154cdc706c9116885a1a19f102ad955c80603d893818da828045aca56ded9ef74176e89a21f9c4b6147fa0cc8b595a327990bc356d1aee77a30e8dad376df72431e98fc7b3a764516e484e83257850cfe13d0f8c0027fde0b883ce83d", @typed={0x8, 0x1a, 0x0, 0x0, @fd}]}, @typed={0x8, 0x6c, 0x0, 0x0, @fd}]}, 0x120c}, 0x1, 0x0, 0x0, 0x40010}, 0x80) [ 415.578017][ T9736] not chained 160000 origins [ 415.582731][ T9736] CPU: 0 PID: 9736 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 415.591334][ T9736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.601394][ T9736] Call Trace: [ 415.604712][ T9736] dump_stack+0x1df/0x240 [ 415.609069][ T9736] kmsan_internal_chain_origin+0x6f/0x130 [ 415.614809][ T9736] ? is_module_text_address+0x4d/0x2a0 [ 415.620283][ T9736] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 415.626089][ T9736] ? __kernel_text_address+0x171/0x2d0 [ 415.631540][ T9736] ? unwind_get_return_address+0x8c/0x130 [ 415.637252][ T9736] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 415.643310][ T9736] ? arch_stack_walk+0x2a2/0x3e0 [ 415.648237][ T9736] ? stack_trace_save+0x1a0/0x1a0 [ 415.653264][ T9736] ? kmsan_get_metadata+0x4f/0x180 [ 415.658388][ T9736] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 415.664313][ T9736] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 415.670378][ T9736] ? stack_trace_save+0x123/0x1a0 [ 415.675396][ T9736] ? kmsan_get_metadata+0x11d/0x180 [ 415.680652][ T9736] __msan_chain_origin+0x50/0x90 [ 415.685606][ T9736] rmd256_transform+0x434e/0x4440 [ 415.690670][ T9736] rmd256_update+0x343/0x4f0 [ 415.695259][ T9736] ? rmd256_init+0x260/0x260 [ 415.699839][ T9736] crypto_shash_update+0x4e9/0x550 [ 415.704944][ T9736] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 415.711103][ T9736] ? crypto_hash_walk_first+0x1fd/0x360 [ 415.716653][ T9736] ? kmsan_get_metadata+0x4f/0x180 [ 415.721775][ T9736] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 415.727587][ T9736] shash_async_update+0x113/0x1d0 [ 415.732610][ T9736] ? shash_async_init+0x1e0/0x1e0 [ 415.737625][ T9736] hash_sendpage+0x8ef/0xdf0 [ 415.742222][ T9736] ? hash_recvmsg+0xd30/0xd30 [ 415.746891][ T9736] sock_sendpage+0x1e1/0x2c0 [ 415.751480][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 415.756320][ T9736] ? sock_fasync+0x250/0x250 [ 415.760906][ T9736] __splice_from_pipe+0x565/0xf00 [ 415.765922][ T9736] ? generic_splice_sendpage+0x2d0/0x2d0 [ 415.771559][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 415.777104][ T9736] ? iter_file_splice_write+0x1800/0x1800 [ 415.782826][ T9736] direct_splice_actor+0x1fd/0x580 [ 415.787933][ T9736] ? kmsan_get_metadata+0x4f/0x180 [ 415.793047][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 415.798409][ T9736] ? do_splice_direct+0x580/0x580 [ 415.803437][ T9736] do_splice_direct+0x342/0x580 [ 415.808286][ T9736] do_sendfile+0x101b/0x1d40 [ 415.812882][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 415.818068][ T9736] ? kmsan_get_metadata+0x4f/0x180 [ 415.823170][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 415.828190][ T9736] do_syscall_64+0xb0/0x150 [ 415.832706][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 415.838584][ T9736] RIP: 0033:0x45c1d9 [ 415.842466][ T9736] Code: Bad RIP value. [ 415.846526][ T9736] RSP: 002b:00007fe8d5c6bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 415.855359][ T9736] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 415.863317][ T9736] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 415.871273][ T9736] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 415.879235][ T9736] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 415.887193][ T9736] R13: 0000000000c9fb6f R14: 00007fe8d5c6c9c0 R15: 000000000078bfac [ 415.895162][ T9736] Uninit was stored to memory at: [ 415.900181][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 415.905885][ T9736] __msan_chain_origin+0x50/0x90 [ 415.910811][ T9736] rmd256_transform+0x434e/0x4440 [ 415.915822][ T9736] rmd256_update+0x343/0x4f0 [ 415.920399][ T9736] crypto_shash_update+0x4e9/0x550 [ 415.925493][ T9736] shash_async_update+0x113/0x1d0 [ 415.930501][ T9736] hash_sendpage+0x8ef/0xdf0 [ 415.935079][ T9736] sock_sendpage+0x1e1/0x2c0 [ 415.939655][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 415.944492][ T9736] __splice_from_pipe+0x565/0xf00 [ 415.949504][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 415.954950][ T9736] direct_splice_actor+0x1fd/0x580 [ 415.960045][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 415.965412][ T9736] do_splice_direct+0x342/0x580 [ 415.970336][ T9736] do_sendfile+0x101b/0x1d40 [ 415.974922][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 415.980024][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 415.985043][ T9736] do_syscall_64+0xb0/0x150 [ 415.989535][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 415.995403][ T9736] [ 415.997710][ T9736] Uninit was stored to memory at: [ 416.002720][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 416.009378][ T9736] __msan_chain_origin+0x50/0x90 [ 416.014308][ T9736] rmd256_transform+0x434e/0x4440 [ 416.019404][ T9736] rmd256_update+0x343/0x4f0 [ 416.023975][ T9736] crypto_shash_update+0x4e9/0x550 [ 416.029161][ T9736] shash_async_update+0x113/0x1d0 [ 416.034169][ T9736] hash_sendpage+0x8ef/0xdf0 [ 416.038747][ T9736] sock_sendpage+0x1e1/0x2c0 [ 416.043331][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 416.048169][ T9736] __splice_from_pipe+0x565/0xf00 [ 416.053179][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 416.058620][ T9736] direct_splice_actor+0x1fd/0x580 [ 416.063715][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 416.069081][ T9736] do_splice_direct+0x342/0x580 [ 416.073916][ T9736] do_sendfile+0x101b/0x1d40 [ 416.078489][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.083584][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.088593][ T9736] do_syscall_64+0xb0/0x150 [ 416.093083][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.098953][ T9736] [ 416.101265][ T9736] Uninit was stored to memory at: [ 416.106298][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 416.112002][ T9736] __msan_chain_origin+0x50/0x90 [ 416.117031][ T9736] rmd256_transform+0x434e/0x4440 [ 416.122042][ T9736] rmd256_update+0x343/0x4f0 [ 416.126618][ T9736] crypto_shash_update+0x4e9/0x550 [ 416.131801][ T9736] shash_async_update+0x113/0x1d0 [ 416.136816][ T9736] hash_sendpage+0x8ef/0xdf0 [ 416.141392][ T9736] sock_sendpage+0x1e1/0x2c0 [ 416.145974][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 416.150812][ T9736] __splice_from_pipe+0x565/0xf00 [ 416.155827][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 416.161272][ T9736] direct_splice_actor+0x1fd/0x580 [ 416.166371][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 416.171744][ T9736] do_splice_direct+0x342/0x580 [ 416.176579][ T9736] do_sendfile+0x101b/0x1d40 [ 416.181150][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.186244][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.191251][ T9736] do_syscall_64+0xb0/0x150 [ 416.195739][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.201607][ T9736] [ 416.203917][ T9736] Uninit was stored to memory at: [ 416.208940][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 416.214643][ T9736] __msan_chain_origin+0x50/0x90 [ 416.219565][ T9736] rmd256_transform+0x434e/0x4440 [ 416.224574][ T9736] rmd256_update+0x343/0x4f0 [ 416.229151][ T9736] crypto_shash_update+0x4e9/0x550 [ 416.234241][ T9736] shash_async_update+0x113/0x1d0 [ 416.239352][ T9736] hash_sendpage+0x8ef/0xdf0 [ 416.243929][ T9736] sock_sendpage+0x1e1/0x2c0 [ 416.248507][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 416.253343][ T9736] __splice_from_pipe+0x565/0xf00 [ 416.258352][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 416.263808][ T9736] direct_splice_actor+0x1fd/0x580 [ 416.268905][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 416.274266][ T9736] do_splice_direct+0x342/0x580 [ 416.279102][ T9736] do_sendfile+0x101b/0x1d40 [ 416.283689][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.288799][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.293820][ T9736] do_syscall_64+0xb0/0x150 [ 416.298310][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.304176][ T9736] [ 416.306484][ T9736] Uninit was stored to memory at: [ 416.311494][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 416.317193][ T9736] __msan_chain_origin+0x50/0x90 [ 416.322114][ T9736] rmd256_transform+0x434e/0x4440 [ 416.327137][ T9736] rmd256_update+0x343/0x4f0 [ 416.331708][ T9736] crypto_shash_update+0x4e9/0x550 [ 416.336801][ T9736] shash_async_update+0x113/0x1d0 [ 416.341817][ T9736] hash_sendpage+0x8ef/0xdf0 [ 416.346394][ T9736] sock_sendpage+0x1e1/0x2c0 [ 416.350968][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 416.355893][ T9736] __splice_from_pipe+0x565/0xf00 [ 416.360903][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 416.366350][ T9736] direct_splice_actor+0x1fd/0x580 [ 416.371447][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 416.376801][ T9736] do_splice_direct+0x342/0x580 [ 416.381636][ T9736] do_sendfile+0x101b/0x1d40 [ 416.386213][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.391311][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.396338][ T9736] do_syscall_64+0xb0/0x150 [ 416.400840][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.406706][ T9736] [ 416.409017][ T9736] Uninit was stored to memory at: [ 416.414029][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 416.419731][ T9736] __msan_chain_origin+0x50/0x90 [ 416.424663][ T9736] rmd256_transform+0x434e/0x4440 [ 416.429673][ T9736] rmd256_update+0x227/0x4f0 [ 416.434258][ T9736] crypto_shash_update+0x4e9/0x550 [ 416.439353][ T9736] shash_async_update+0x113/0x1d0 [ 416.444362][ T9736] hash_sendpage+0x8ef/0xdf0 [ 416.448938][ T9736] sock_sendpage+0x1e1/0x2c0 [ 416.453514][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 416.458363][ T9736] __splice_from_pipe+0x565/0xf00 [ 416.463461][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 416.468918][ T9736] direct_splice_actor+0x1fd/0x580 [ 416.474188][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 416.479553][ T9736] do_splice_direct+0x342/0x580 [ 416.484389][ T9736] do_sendfile+0x101b/0x1d40 [ 416.488959][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.494054][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.499063][ T9736] do_syscall_64+0xb0/0x150 [ 416.503556][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.510730][ T9736] [ 416.513041][ T9736] Uninit was stored to memory at: [ 416.518075][ T9736] kmsan_internal_chain_origin+0xad/0x130 [ 416.523789][ T9736] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 416.529755][ T9736] kmsan_memcpy_metadata+0xb/0x10 [ 416.534765][ T9736] __msan_memcpy+0x43/0x50 [ 416.539167][ T9736] rmd256_update+0x1fc/0x4f0 [ 416.543754][ T9736] crypto_shash_update+0x4e9/0x550 [ 416.548849][ T9736] shash_async_update+0x113/0x1d0 [ 416.553858][ T9736] hash_sendpage+0x8ef/0xdf0 [ 416.558432][ T9736] sock_sendpage+0x1e1/0x2c0 [ 416.563020][ T9736] pipe_to_sendpage+0x38c/0x4c0 [ 416.567857][ T9736] __splice_from_pipe+0x565/0xf00 [ 416.572865][ T9736] generic_splice_sendpage+0x1d5/0x2d0 [ 416.578321][ T9736] direct_splice_actor+0x1fd/0x580 [ 416.583418][ T9736] splice_direct_to_actor+0x6b2/0xf50 [ 416.588775][ T9736] do_splice_direct+0x342/0x580 [ 416.593607][ T9736] do_sendfile+0x101b/0x1d40 [ 416.598177][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.603272][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.608280][ T9736] do_syscall_64+0xb0/0x150 [ 416.612861][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 416.618742][ T9736] [ 416.621053][ T9736] Uninit was created at: [ 416.625290][ T9736] kmsan_save_stack_with_flags+0x3c/0x90 [ 416.630909][ T9736] kmsan_alloc_page+0xb9/0x180 [ 416.635656][ T9736] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 416.641184][ T9736] alloc_pages_current+0x672/0x990 [ 416.646277][ T9736] push_pipe+0x605/0xb70 [ 416.650502][ T9736] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 416.656206][ T9736] do_splice_to+0x4fc/0x14f0 [ 416.660777][ T9736] splice_direct_to_actor+0x45c/0xf50 [ 416.666134][ T9736] do_splice_direct+0x342/0x580 [ 416.670969][ T9736] do_sendfile+0x101b/0x1d40 [ 416.675541][ T9736] __se_sys_sendfile64+0x2bb/0x360 [ 416.680655][ T9736] __x64_sys_sendfile64+0x56/0x70 [ 416.685678][ T9736] do_syscall_64+0xb0/0x150 [ 416.690175][ T9736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:02 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$NS_GET_NSTYPE(r2, 0xb703, 0x0) mount(0x0, 0x0, &(0x7f00005f7ffa)='fuse\x00', 0x0, 0x0) mlock(&(0x7f0000400000/0x4000)=nil, 0x4000) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(streebog512-generic,xts-cast6-avx)\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='net/llc/core\x00') sendfile(r6, r7, 0x0, 0x1000007ffff000) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}, {0x1, @remote}, 0x32, {0x2, 0xce22, @dev={0xac, 0x14, 0x14, 0x76}}, 'batadv_slave_0\x00'}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000402000/0x2000)=nil, 0x2000) [ 417.458755][ T9741] not chained 170000 origins [ 417.463400][ T9741] CPU: 1 PID: 9741 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 417.471984][ T9741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 417.482047][ T9741] Call Trace: [ 417.485354][ T9741] dump_stack+0x1df/0x240 [ 417.489697][ T9741] kmsan_internal_chain_origin+0x6f/0x130 [ 417.495501][ T9741] ? is_module_text_address+0x4d/0x2a0 [ 417.500950][ T9741] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 417.506748][ T9741] ? __kernel_text_address+0x171/0x2d0 [ 417.512200][ T9741] ? unwind_get_return_address+0x8c/0x130 [ 417.517926][ T9741] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 417.523992][ T9741] ? arch_stack_walk+0x2a2/0x3e0 [ 417.528927][ T9741] ? stack_trace_save+0x1a0/0x1a0 [ 417.533945][ T9741] ? kmsan_get_metadata+0x4f/0x180 [ 417.539136][ T9741] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 417.544930][ T9741] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 417.550981][ T9741] ? stack_trace_save+0x123/0x1a0 [ 417.555994][ T9741] ? kmsan_get_metadata+0x11d/0x180 [ 417.562231][ T9741] __msan_chain_origin+0x50/0x90 [ 417.567163][ T9741] rmd256_transform+0x434e/0x4440 [ 417.572216][ T9741] rmd256_update+0x343/0x4f0 [ 417.576801][ T9741] ? rmd256_init+0x260/0x260 [ 417.581386][ T9741] crypto_shash_update+0x4e9/0x550 [ 417.586487][ T9741] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 417.592639][ T9741] ? crypto_hash_walk_first+0x1fd/0x360 [ 417.598257][ T9741] ? kmsan_get_metadata+0x4f/0x180 [ 417.603356][ T9741] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 417.609251][ T9741] shash_async_update+0x113/0x1d0 [ 417.614284][ T9741] ? shash_async_init+0x1e0/0x1e0 [ 417.619295][ T9741] hash_sendpage+0x8ef/0xdf0 [ 417.623888][ T9741] ? hash_recvmsg+0xd30/0xd30 [ 417.628553][ T9741] sock_sendpage+0x1e1/0x2c0 [ 417.633138][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 417.637976][ T9741] ? sock_fasync+0x250/0x250 [ 417.642560][ T9741] __splice_from_pipe+0x565/0xf00 [ 417.647572][ T9741] ? generic_splice_sendpage+0x2d0/0x2d0 [ 417.653206][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 417.658660][ T9741] ? iter_file_splice_write+0x1800/0x1800 [ 417.664365][ T9741] direct_splice_actor+0x1fd/0x580 [ 417.669467][ T9741] ? kmsan_get_metadata+0x4f/0x180 [ 417.674572][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 417.679951][ T9741] ? do_splice_direct+0x580/0x580 [ 417.685003][ T9741] do_splice_direct+0x342/0x580 [ 417.689867][ T9741] do_sendfile+0x101b/0x1d40 [ 417.694466][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 417.699564][ T9741] ? kmsan_get_metadata+0x4f/0x180 [ 417.704670][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 417.709687][ T9741] do_syscall_64+0xb0/0x150 [ 417.714188][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 417.720063][ T9741] RIP: 0033:0x45c1d9 [ 417.723935][ T9741] Code: Bad RIP value. [ 417.727981][ T9741] RSP: 002b:00007fb8bb63ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 417.736395][ T9741] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 417.744370][ T9741] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 417.752418][ T9741] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 417.760377][ T9741] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 417.768337][ T9741] R13: 0000000000c9fb6f R14: 00007fb8bb63b9c0 R15: 000000000078bf0c [ 417.776303][ T9741] Uninit was stored to memory at: [ 417.781319][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 417.787024][ T9741] __msan_chain_origin+0x50/0x90 [ 417.791952][ T9741] rmd256_transform+0x434e/0x4440 [ 417.796964][ T9741] rmd256_update+0x343/0x4f0 [ 417.801553][ T9741] crypto_shash_update+0x4e9/0x550 [ 417.806649][ T9741] shash_async_update+0x113/0x1d0 [ 417.811659][ T9741] hash_sendpage+0x8ef/0xdf0 [ 417.816236][ T9741] sock_sendpage+0x1e1/0x2c0 [ 417.820810][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 417.825645][ T9741] __splice_from_pipe+0x565/0xf00 [ 417.830654][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 417.836197][ T9741] direct_splice_actor+0x1fd/0x580 [ 417.841292][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 417.846648][ T9741] do_splice_direct+0x342/0x580 [ 417.851496][ T9741] do_sendfile+0x101b/0x1d40 [ 417.856072][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 417.861163][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 417.866180][ T9741] do_syscall_64+0xb0/0x150 [ 417.870668][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 417.876538][ T9741] [ 417.878851][ T9741] Uninit was stored to memory at: [ 417.883861][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 417.889564][ T9741] __msan_chain_origin+0x50/0x90 [ 417.894487][ T9741] rmd256_transform+0x434e/0x4440 [ 417.899496][ T9741] rmd256_update+0x343/0x4f0 [ 417.904080][ T9741] crypto_shash_update+0x4e9/0x550 [ 417.909179][ T9741] shash_async_update+0x113/0x1d0 [ 417.914190][ T9741] hash_sendpage+0x8ef/0xdf0 [ 417.918769][ T9741] sock_sendpage+0x1e1/0x2c0 [ 417.923350][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 417.928195][ T9741] __splice_from_pipe+0x565/0xf00 [ 417.933214][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 417.938655][ T9741] direct_splice_actor+0x1fd/0x580 [ 417.943767][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 417.949126][ T9741] do_splice_direct+0x342/0x580 [ 417.953963][ T9741] do_sendfile+0x101b/0x1d40 [ 417.958538][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 417.963630][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 417.968648][ T9741] do_syscall_64+0xb0/0x150 [ 417.973138][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 417.979007][ T9741] [ 417.981319][ T9741] Uninit was stored to memory at: [ 417.986330][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 417.992036][ T9741] __msan_chain_origin+0x50/0x90 [ 417.996959][ T9741] rmd256_transform+0x434e/0x4440 [ 418.001968][ T9741] rmd256_update+0x343/0x4f0 [ 418.006541][ T9741] crypto_shash_update+0x4e9/0x550 [ 418.011636][ T9741] shash_async_update+0x113/0x1d0 [ 418.016643][ T9741] hash_sendpage+0x8ef/0xdf0 [ 418.021221][ T9741] sock_sendpage+0x1e1/0x2c0 [ 418.025799][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 418.030653][ T9741] __splice_from_pipe+0x565/0xf00 [ 418.035662][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 418.041106][ T9741] direct_splice_actor+0x1fd/0x580 [ 418.046201][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 418.051559][ T9741] do_splice_direct+0x342/0x580 [ 418.056392][ T9741] do_sendfile+0x101b/0x1d40 [ 418.060963][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 418.066072][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 418.071273][ T9741] do_syscall_64+0xb0/0x150 [ 418.075763][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 418.081630][ T9741] [ 418.083937][ T9741] Uninit was stored to memory at: [ 418.088946][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 418.094647][ T9741] __msan_chain_origin+0x50/0x90 [ 418.099572][ T9741] rmd256_transform+0x434e/0x4440 [ 418.104581][ T9741] rmd256_update+0x343/0x4f0 [ 418.109179][ T9741] crypto_shash_update+0x4e9/0x550 [ 418.114272][ T9741] shash_async_update+0x113/0x1d0 [ 418.119278][ T9741] hash_sendpage+0x8ef/0xdf0 [ 418.123855][ T9741] sock_sendpage+0x1e1/0x2c0 [ 418.128449][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 418.133288][ T9741] __splice_from_pipe+0x565/0xf00 [ 418.138293][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 418.143736][ T9741] direct_splice_actor+0x1fd/0x580 [ 418.148847][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 418.154290][ T9741] do_splice_direct+0x342/0x580 [ 418.159123][ T9741] do_sendfile+0x101b/0x1d40 [ 418.163698][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 418.168792][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 418.173802][ T9741] do_syscall_64+0xb0/0x150 [ 418.178305][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 418.184177][ T9741] [ 418.186484][ T9741] Uninit was stored to memory at: [ 418.191515][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 418.197220][ T9741] __msan_chain_origin+0x50/0x90 [ 418.202164][ T9741] rmd256_transform+0x434e/0x4440 [ 418.207192][ T9741] rmd256_update+0x343/0x4f0 [ 418.211766][ T9741] crypto_shash_update+0x4e9/0x550 [ 418.216951][ T9741] shash_async_update+0x113/0x1d0 [ 418.221961][ T9741] hash_sendpage+0x8ef/0xdf0 [ 418.226536][ T9741] sock_sendpage+0x1e1/0x2c0 [ 418.231110][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 418.235946][ T9741] __splice_from_pipe+0x565/0xf00 [ 418.240955][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 418.246398][ T9741] direct_splice_actor+0x1fd/0x580 [ 418.251495][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 418.256850][ T9741] do_splice_direct+0x342/0x580 [ 418.261686][ T9741] do_sendfile+0x101b/0x1d40 [ 418.266261][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 418.271354][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 418.276362][ T9741] do_syscall_64+0xb0/0x150 [ 418.280854][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 418.286721][ T9741] [ 418.289031][ T9741] Uninit was stored to memory at: [ 418.294042][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 418.299745][ T9741] __msan_chain_origin+0x50/0x90 [ 418.304671][ T9741] rmd256_transform+0x434e/0x4440 [ 418.309682][ T9741] rmd256_update+0x227/0x4f0 [ 418.314261][ T9741] crypto_shash_update+0x4e9/0x550 [ 418.319354][ T9741] shash_async_update+0x113/0x1d0 [ 418.324376][ T9741] hash_sendpage+0x8ef/0xdf0 [ 418.328951][ T9741] sock_sendpage+0x1e1/0x2c0 [ 418.333528][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 418.338366][ T9741] __splice_from_pipe+0x565/0xf00 [ 418.343379][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 418.348825][ T9741] direct_splice_actor+0x1fd/0x580 [ 418.353934][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 418.359291][ T9741] do_splice_direct+0x342/0x580 [ 418.364127][ T9741] do_sendfile+0x101b/0x1d40 [ 418.368701][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 418.373796][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 418.378806][ T9741] do_syscall_64+0xb0/0x150 [ 418.383307][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 418.389179][ T9741] [ 418.391510][ T9741] Uninit was stored to memory at: [ 418.396535][ T9741] kmsan_internal_chain_origin+0xad/0x130 [ 418.402246][ T9741] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 418.408210][ T9741] kmsan_memcpy_metadata+0xb/0x10 [ 418.413219][ T9741] __msan_memcpy+0x43/0x50 [ 418.417620][ T9741] rmd256_update+0x1fc/0x4f0 [ 418.422201][ T9741] crypto_shash_update+0x4e9/0x550 [ 418.427304][ T9741] shash_async_update+0x113/0x1d0 [ 418.432309][ T9741] hash_sendpage+0x8ef/0xdf0 [ 418.436885][ T9741] sock_sendpage+0x1e1/0x2c0 [ 418.441461][ T9741] pipe_to_sendpage+0x38c/0x4c0 [ 418.446296][ T9741] __splice_from_pipe+0x565/0xf00 [ 418.451303][ T9741] generic_splice_sendpage+0x1d5/0x2d0 [ 418.456750][ T9741] direct_splice_actor+0x1fd/0x580 [ 418.461845][ T9741] splice_direct_to_actor+0x6b2/0xf50 [ 418.467202][ T9741] do_splice_direct+0x342/0x580 [ 418.472037][ T9741] do_sendfile+0x101b/0x1d40 [ 418.476622][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 418.481730][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 418.486758][ T9741] do_syscall_64+0xb0/0x150 [ 418.491270][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 418.497238][ T9741] [ 418.499554][ T9741] Uninit was created at: [ 418.503794][ T9741] kmsan_save_stack_with_flags+0x3c/0x90 [ 418.509428][ T9741] kmsan_alloc_page+0xb9/0x180 [ 418.514178][ T9741] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 418.519710][ T9741] alloc_pages_current+0x672/0x990 [ 418.524809][ T9741] push_pipe+0x605/0xb70 [ 418.529212][ T9741] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 418.534918][ T9741] do_splice_to+0x4fc/0x14f0 [ 418.539616][ T9741] splice_direct_to_actor+0x45c/0xf50 [ 418.544990][ T9741] do_splice_direct+0x342/0x580 [ 418.549830][ T9741] do_sendfile+0x101b/0x1d40 [ 418.554416][ T9741] __se_sys_sendfile64+0x2bb/0x360 [ 418.559510][ T9741] __x64_sys_sendfile64+0x56/0x70 [ 418.564523][ T9741] do_syscall_64+0xb0/0x150 [ 418.569012][ T9741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x2480, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x47) r3 = accept4(r1, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$FIOCLEX(r3, 0x5451) sendmsg$nl_route(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800e00010069703665727370616e00000010200280080015004000000004001200"], 0x44}}, 0x0) [ 418.799754][ T9751] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 418.841123][ T9752] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 19:19:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)) write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="08013f00b4010000cf0100000100000044f3ffff0800000000000000000000004cc656bb54673ed5d8d8b9903c4059e87b0b0f684087658db869c9c46e0a6b685d73915fe771fd94a2493d0db2de0a4071b7772e930106d87f0b42072b91f69fa0f1797ec6e5d935905d3b7bb203844760793a7fd57c20008d366df7895ef09c4a282c7631c679c290227a63fccb3ec2b39fcf2e7ea410316957803a58f3dcac233d974bc946fde2d1d790fdd4aa59a23755c2cd48484a7500000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000f255b9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d340007704fc04a50697a3b95405891d5a9d933b97fd86b8fcacc8cf6ff257395d6b7811d30560c6a5385e744ae777e7eeb337923c66eb476c4c6c063f5c5e9"], 0x2b8) dup3(r3, r1, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}]}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[], 0x0, 0x7b603}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000700)={0x0, 0x0, @pic={0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c}}) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f00000000c0)={0x10bc0000, 0x2}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 419.273017][ T9757] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 419.363042][ T963] tipc: TX() has been purged, node left! [ 419.364302][ T9757] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 419.524676][ T963] tipc: TX() has been purged, node left! 19:19:05 executing program 1: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a80)=ANY=[@ANYBLOB="5001000010000307ebfff40606c6000040041200", @ANYRES32=0x0, @ANYBLOB="000000000000000008000a00100000002500120008000100766574680000"], 0x200}}, 0x0) r0 = socket(0x10, 0x800000000080002, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x401}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20800}, 0x40000) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6815, 0xd2efff7f00000000, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x492492492492a3e, 0x0) r1 = getpid() sched_setscheduler(r1, 0x0, &(0x7f0000000000)) ptrace$setregs(0xd, r1, 0xa3, &(0x7f00000006c0)="de99c4a94936a1e88ad744d2af1035042e0fdf814d008000002cb9392d71c19a429516465071e5c3c4745ef0b3da2a6f7242864889ae393168279141150e033003be8fa81015c58ff5fdfda2f9dfbb6f0e51f51c6c786dd46b14463628d79fb03ec7fc94f11e1e8abe83da11d1f1c7f79d365d41d3ff37f26d86895db07188c5c2429e9a3047a5336878063c3c740d2e398cb086") bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r2 = add_key(&(0x7f0000000340)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='\b', 0x29a, 0xfffffffffffffffb) request_key(&(0x7f0000000040)='encrypted\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='/dev/cuse\x00', r2) request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)='/dev/cuse\x00', r2) keyctl$restrict_keyring(0x1d, r2, &(0x7f0000000180)='ceph\x00', &(0x7f00000001c0)='udp\x00') ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x18, 0x0, 0x100000000, 0xed73) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="e16cedb90db1140016c9", @ANYRES16=r3, @ANYBLOB="010700000000000000000700ffff"], 0x14}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1010000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x198, r3, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9ae}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_LINK={0x88, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfae}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x401}]}, @TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0xad, @empty, 0x7}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MEDIA={0x88, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x996}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x40}, 0x20000010) [ 419.827070][ T9778] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.1'. [ 419.837585][ T9778] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.1'. [ 420.156739][ T9778] team0: Port device veth5 added 19:19:06 executing program 1: madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xe) move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000075000/0x4000)=nil], &(0x7f000026bfec), &(0x7f0000002000), 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) set_mempolicy(0x1, &(0x7f0000000140)=0xfd, 0x2) r0 = gettid() r1 = syz_open_dev$sg(&(0x7f00000001c0)='/dev/sg#\x00', 0x6, 0x400) fcntl$setownex(r1, 0xf, &(0x7f0000000200)={0x2, r0}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000007ffff000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x1c, r3, 0x31905e13403123b7, 0x0, 0x0, {0x5, 0x0, 0xf000}, [@BATADV_ATTR_MULTICAST_FANOUT]}, 0x1c}, 0x1, 0x50000}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r6}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r3, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0xa0}, 0x48045) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)=""/247, 0xf7}], 0x1, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/223, 0xdf}], 0x1, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="459e81123973836821c64be75f27aab14be7c9b6e9dc1a9d3f515ca2b1a47206f9f99477", 0x10a73, 0x884, 0x0, 0xffffffffffffffc3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000180)) socket(0x1000000010, 0x80002, 0x0) 19:19:06 executing program 1: r0 = socket(0xa, 0x1, 0x3) close(r0) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x0) dup(r1) sendmmsg$inet_sctp(r0, &(0x7f0000004700)=[{&(0x7f0000000380)=@in6={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000640)=[{&(0x7f00000003c0)="f1", 0x1}], 0x1, &(0x7f0000000680)=[@init={0x18, 0x84, 0x0, {0x0, 0x0, 0x9}}], 0x18}], 0x1, 0x240088c1) [ 421.110523][ T9791] IPVS: ftp: loaded support on port[0] = 21 19:19:07 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="9000000010001fff0000000020000000365cf2f5", @ANYRES32=0x0, @ANYBLOB="ed01060000000000680012800b0001697036746e6c000058000280080008002c00000004001300060012000001000014000200fe8000000000000000000000000000aa0800080001000000080014002000000014000300ff0200000000000000000000000000010800010000c0bb80cdae48ea31aaad2edb17199a042462bcca897ee5a195045dfd0a3b8c8d02100da87a27020c1baf78219e6c87a199a6b031c2975bb76e4e400431bbb947f21f577f27b24058e8172bd9f674f63e", @ANYRES32, @ANYBLOB='\b\x00\n\x00'], 0x90}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000000), 0xb, 0x75be0100) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = dup(r1) r3 = socket$unix(0x1, 0x1, 0x0) dup2(r3, 0xffffffffffffffff) r4 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(r5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 19:19:07 executing program 2: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="24000000020101"], 0x24}}, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="24000000070a07051dfffd946ff20c0020200a0005000240021d8568031baba20400ff7e", 0x24}], 0x14}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x131082, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000001080)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x38, r3, 0x29, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @ipv4={[], [], @empty}}]}, 0x38}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00'/20, @ANYRES32=r6, @ANYBLOB='\a'], 0x28}}, 0x0) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x54, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @local}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @initdev={0xac, 0x1e, 0x1, 0x0}}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2c}, @FOU_ATTR_IFINDEX={0x8, 0xb, r6}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) [ 421.768545][ T9829] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 421.778944][ T9829] netlink: 88 bytes leftover after parsing attributes in process `syz-executor.1'. 19:19:07 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x101240, 0x34) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000040)) ftruncate(r2, 0x200006) sendfile(r1, r2, 0x0, 0x80001d00c0d0) r3 = socket$inet6(0xa, 0x5, 0x0) close(r3) open(&(0x7f00000000c0)='./file0\x00', 0x10d002, 0x140) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x80001d00c0d0) socket$inet_udplite(0x2, 0x2, 0x88) socket$alg(0x26, 0x5, 0x0) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 421.834220][ T9864] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 421.844286][ T9864] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 421.983614][ T9791] chnl_net:caif_netlink_parms(): no params data found [ 422.070728][ T32] audit: type=1804 audit(1595186347.565:4): pid=9909 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/newroot/29/file0/bus" dev="sda1" ino=15740 res=1 19:19:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) syz_open_procfs(r1, &(0x7f0000000140)='smaps_rollup\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r2) r3 = memfd_create(&(0x7f0000000000)='6e~\xe6\xe1d;\x8f\xfd', 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') write(r5, &(0x7f00000002c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de58d6f156c9c8a28c4677b00000000000000001a00200000f8bf54bd33fae9cccbf80a4c7c6bcfe8be804afa0793e663a786c9b8635283131112e7bfa290f5e52360f9dbe4beac06060000000000000082d27b205155d267fcf24d09a0ddeeeb83c46196be14f69a571386ec02bf2e07bab0a57a31bed505fd77006f3a16fabad87053149c5089eb2c519b2225940ec129fcf1295c027230567820036b86c8b54fc95a644249d13d04413a6a775bec3c31ddf9a494db6a55f1cd64355ae5151f18f7e5d1b5e93422f551af796a1b787c459126e5d45f9b316aa30ada584ba17b9072f490bec1da866154896b81054b3614bfbfaf0617ed2a85a7482be6aa52fd90effb3814c66c49e538e8e2974f9eff5489a45506ad7fcad9a48eb1a4380df6ac357e03cbdcbb3ef275f6739dacd7d254b149855c709a8c5b86b66a8c256cd7d3114f48eb25d677c38bd534bc6ed7804d", 0x165) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f0000000040)='./file0\x00', 0xa4000960) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 422.205395][ T32] audit: type=1804 audit(1595186347.625:5): pid=9909 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/newroot/29/file0/file0/bus" dev="sda1" ino=15742 res=1 19:19:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000040)=0x10000, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb], 0x0, 0x8000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0}}, 0x24) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 422.666393][ T9791] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.673863][ T9791] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.683365][ T9791] device bridge_slave_0 entered promiscuous mode [ 422.784351][ T9791] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.791670][ T9791] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.801173][ T9791] device bridge_slave_1 entered promiscuous mode [ 422.985766][ T9791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.068705][ T9791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 423.190336][ T9791] team0: Port device team_slave_0 added [ 423.220368][ T9791] team0: Port device team_slave_1 added [ 423.336317][ T9791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 423.343559][ T9791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.369864][ T9791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 423.459636][ T9791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 423.467177][ T9791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.494278][ T9791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 423.641089][ T9791] device hsr_slave_0 entered promiscuous mode [ 423.675281][ T9791] device hsr_slave_1 entered promiscuous mode [ 423.744854][ T9791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 423.752489][ T9791] Cannot create hsr debugfs directory [ 424.216113][ T9791] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 424.300559][ T9791] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 424.423048][ T9791] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 424.482741][ T9791] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 424.770248][ T9791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.798770][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 424.810332][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 424.828618][ T9791] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.851334][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 424.861494][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 424.871816][ T2303] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.879091][ T2303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.947680][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 424.956986][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 424.967350][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 424.976754][ T2303] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.984037][ T2303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.993110][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 425.004078][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 425.014949][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 425.025394][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 425.035707][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 425.046146][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 425.057635][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 425.067232][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 425.086418][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 425.097269][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 425.107008][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 425.122176][ T9791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 425.206026][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 425.214010][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 425.243837][ T9791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 425.322631][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 425.333265][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 425.396814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 425.406504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 425.423857][ T9791] device veth0_vlan entered promiscuous mode [ 425.446263][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 425.456301][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 425.468449][ T9791] device veth1_vlan entered promiscuous mode [ 425.527901][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 425.537747][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 425.547248][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 425.557204][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 425.576679][ T9791] device veth0_macvtap entered promiscuous mode [ 425.592603][ T9791] device veth1_macvtap entered promiscuous mode [ 425.634097][ T9791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 425.644697][ T9791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.654765][ T9791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 425.665328][ T9791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.675472][ T9791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 425.686042][ T9791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.700050][ T9791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.712146][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 425.722067][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 425.731506][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 425.741617][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 425.793584][ T9791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 425.804225][ T9791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.814271][ T9791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 425.824842][ T9791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.834845][ T9791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 425.845426][ T9791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.859216][ T9791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.868342][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 425.878370][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 19:19:11 executing program 3: open(0x0, 0x17e, 0x0) creat(0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000003b00)=0x10) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x0, 0x0, 0x4, 0x102000}, 0x0, 0x3, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x242380, 0x0) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20000054) ioctl$FIOCLEX(r1, 0x5451) write$binfmt_misc(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff63"], 0x9b) open(&(0x7f0000000280)='./file0\x00', 0x101000, 0x100) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$FITHAW(r2, 0xc0045878) r3 = memfd_create(&(0x7f0000000300)='\xfb\xe0\xd9\x15\x9a\x13e\xbd\xa3.\x99\x87E/\xcf,Y\xa1b\xb7h?>-N#D}\x95L)\x89/\x0e\xb0\x8dy\xa7\xfeW=u\xa1\xa4\x1e\xbd8\xe73\f\xa21\xd2\xfc\xcf\xea\xce\'\t\xfd\x03\"\xf0\x86\x05\x00\x00\x00\x00\x00\x00\x00\x8da\xb1C}\xa1\xfe\x98\xe06\a(\xd8C\xa6\xf4\"\xfa\t\xf2\xb2\xdd\xad\xac\x89\x85\xdb\xb0\xa2+\r\x1e\xfa\xb8\xe3w\x01\xbem\bQz\x1fR\xb9\xe5\xd8\xe2Yc\xb9\xb0\xa4\xaa\x93-~O\xd5\xb4\xd3^\xe4$\xd9F{\x99\x10\xe0X-l[\x16\xac}\xf3T\xc2\x98\xcd\aZ\xa4\x17n\x13\xee\x11\xce\x1b\xf0\xba.>\xd4\xcc6\xa5%\xa4\xba9I=v\xd3b\xd2z\xbcZ\x9f\x84\x01\xa7\xbd\r\vX\xd6\x99rt\x94\x1fUP+\xa3\x80\x15\xce.\xee\x12xG\\\xb0\xba\x83s(\xf3\xee>x\xdb\xfc\xe3<\xb1\xe6\xb7Q\x8a\xb6\x9c\x9d\a\n*w\x13\xbe\xb2t\x8f\xef', 0x0) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 19:19:11 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10032, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x60483, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) dup2(0xffffffffffffffff, r4) r5 = dup2(r1, r0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x20000, 0x0) ioctl$TIOCGDEV(r8, 0x80045432, &(0x7f0000000080)) ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f00000000c0)={0x0, 0x2f2c, 0x3f, 0x7, 0x8}) dup3(r5, r2, 0x0) 19:19:11 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0xae82, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="09000000000040000000609eef7b00303a00fe8000000000000000000000000000bbff02000000000000000000000000000193", @ANYRES16, @ANYRESDEC=0x0], 0xfca) 19:19:11 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 426.480785][ C0] sd 0:0:1:0: [sg0] tag#401 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 426.491591][ C0] sd 0:0:1:0: [sg0] tag#401 CDB: Test Unit Ready [ 426.498264][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.508183][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.517976][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.527870][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.537661][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.547439][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.557234][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.567061][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.576896][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.586724][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.596547][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.606382][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 426.616200][ C0] sd 0:0:1:0: [sg0] tag#401 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:12 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x1000007ffff000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8776, 0x204, 0x8, 0x400, 0x10, "00df1100"}) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000340)=0x0) tkill(r5, 0x31) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x128, 0x0, 0x0, 0x128, 0x128, 0x210, 0x210, 0x210, 0x210, 0x210, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x48], 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@ecn={{0x28, 'ecn\x00'}, {0x10}}, @common=@inet=@tcp={{0x30, 'tcp\x00'}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00'}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x340) 19:19:12 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:13 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 427.983399][T10075] not chained 180000 origins [ 427.988053][T10075] CPU: 0 PID: 10075 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 427.996912][T10075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.006981][T10075] Call Trace: [ 428.010299][T10075] dump_stack+0x1df/0x240 [ 428.014655][T10075] kmsan_internal_chain_origin+0x6f/0x130 [ 428.020397][T10075] ? is_module_text_address+0x4d/0x2a0 [ 428.025881][T10075] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 428.032331][T10075] ? __kernel_text_address+0x171/0x2d0 [ 428.037814][T10075] ? unwind_get_return_address+0x8c/0x130 [ 428.043560][T10075] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.050291][T10075] ? arch_stack_walk+0x2a2/0x3e0 [ 428.055250][T10075] ? stack_trace_save+0x1a0/0x1a0 [ 428.060303][T10075] ? kmsan_get_metadata+0x4f/0x180 [ 428.065522][T10075] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 428.071351][T10075] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 428.077524][T10075] ? stack_trace_save+0x123/0x1a0 [ 428.082569][T10075] ? kmsan_get_metadata+0x11d/0x180 [ 428.087794][T10075] __msan_chain_origin+0x50/0x90 [ 428.092750][T10075] rmd256_transform+0x434e/0x4440 [ 428.097845][T10075] rmd256_update+0x343/0x4f0 [ 428.102465][T10075] ? rmd256_init+0x260/0x260 [ 428.107076][T10075] crypto_shash_update+0x4e9/0x550 [ 428.112209][T10075] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 428.118387][T10075] ? crypto_hash_walk_first+0x1fd/0x360 [ 428.123947][T10075] ? kmsan_get_metadata+0x4f/0x180 [ 428.129079][T10075] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 428.134899][T10075] shash_async_update+0x113/0x1d0 [ 428.139946][T10075] ? shash_async_init+0x1e0/0x1e0 [ 428.144986][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.149605][T10075] ? hash_recvmsg+0xd30/0xd30 [ 428.154299][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.158918][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.163803][T10075] ? sock_fasync+0x250/0x250 [ 428.168420][T10075] __splice_from_pipe+0x565/0xf00 [ 428.173463][T10075] ? generic_splice_sendpage+0x2d0/0x2d0 [ 428.179131][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.184622][T10075] ? iter_file_splice_write+0x1800/0x1800 [ 428.190355][T10075] direct_splice_actor+0x1fd/0x580 [ 428.195490][T10075] ? kmsan_get_metadata+0x4f/0x180 [ 428.200635][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.206024][T10075] ? do_splice_direct+0x580/0x580 [ 428.211085][T10075] do_splice_direct+0x342/0x580 [ 428.216050][T10075] do_sendfile+0x101b/0x1d40 [ 428.220675][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.225806][T10075] ? kmsan_get_metadata+0x4f/0x180 [ 428.230933][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.235978][T10075] do_syscall_64+0xb0/0x150 [ 428.240500][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.246399][T10075] RIP: 0033:0x45c1d9 [ 428.250290][T10075] Code: Bad RIP value. [ 428.254356][T10075] RSP: 002b:00007f22a3179c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 428.263038][T10075] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 428.271018][T10075] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 428.278995][T10075] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 428.286971][T10075] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 428.294947][T10075] R13: 0000000000c9fb6f R14: 00007f22a317a9c0 R15: 000000000078bfac [ 428.302913][T10075] Uninit was stored to memory at: [ 428.307927][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.313627][T10075] __msan_chain_origin+0x50/0x90 [ 428.318549][T10075] rmd256_transform+0x434e/0x4440 [ 428.323556][T10075] rmd256_update+0x343/0x4f0 [ 428.328132][T10075] crypto_shash_update+0x4e9/0x550 [ 428.333224][T10075] shash_async_update+0x113/0x1d0 [ 428.338232][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.342813][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.347392][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.352226][T10075] __splice_from_pipe+0x565/0xf00 [ 428.357233][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.362673][T10075] direct_splice_actor+0x1fd/0x580 [ 428.367767][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.373121][T10075] do_splice_direct+0x342/0x580 [ 428.377956][T10075] do_sendfile+0x101b/0x1d40 [ 428.382528][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.387622][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.392636][T10075] do_syscall_64+0xb0/0x150 [ 428.397126][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.403082][T10075] [ 428.405394][T10075] Uninit was stored to memory at: [ 428.410416][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.416119][T10075] __msan_chain_origin+0x50/0x90 [ 428.421043][T10075] rmd256_transform+0x434e/0x4440 [ 428.426052][T10075] rmd256_update+0x343/0x4f0 [ 428.430635][T10075] crypto_shash_update+0x4e9/0x550 [ 428.435742][T10075] shash_async_update+0x113/0x1d0 [ 428.440762][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.445339][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.449914][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.454749][T10075] __splice_from_pipe+0x565/0xf00 [ 428.459784][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.465228][T10075] direct_splice_actor+0x1fd/0x580 [ 428.470327][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.475684][T10075] do_splice_direct+0x342/0x580 [ 428.480520][T10075] do_sendfile+0x101b/0x1d40 [ 428.485092][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.490186][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.495199][T10075] do_syscall_64+0xb0/0x150 [ 428.499688][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.505556][T10075] [ 428.507864][T10075] Uninit was stored to memory at: [ 428.512894][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.518606][T10075] __msan_chain_origin+0x50/0x90 [ 428.523532][T10075] rmd256_transform+0x434e/0x4440 [ 428.528542][T10075] rmd256_update+0x343/0x4f0 [ 428.533117][T10075] crypto_shash_update+0x4e9/0x550 [ 428.538211][T10075] shash_async_update+0x113/0x1d0 [ 428.543232][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.547809][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.552381][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.557216][T10075] __splice_from_pipe+0x565/0xf00 [ 428.562228][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.567670][T10075] direct_splice_actor+0x1fd/0x580 [ 428.572767][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.578123][T10075] do_splice_direct+0x342/0x580 [ 428.582958][T10075] do_sendfile+0x101b/0x1d40 [ 428.587532][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.592628][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.597637][T10075] do_syscall_64+0xb0/0x150 [ 428.602130][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.607999][T10075] [ 428.610310][T10075] Uninit was stored to memory at: [ 428.615323][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.621031][T10075] __msan_chain_origin+0x50/0x90 [ 428.625954][T10075] rmd256_transform+0x434e/0x4440 [ 428.630965][T10075] rmd256_update+0x343/0x4f0 [ 428.635540][T10075] crypto_shash_update+0x4e9/0x550 [ 428.640636][T10075] shash_async_update+0x113/0x1d0 [ 428.645641][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.650217][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.654796][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.659629][T10075] __splice_from_pipe+0x565/0xf00 [ 428.664638][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.670080][T10075] direct_splice_actor+0x1fd/0x580 [ 428.675180][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.680562][T10075] do_splice_direct+0x342/0x580 [ 428.685416][T10075] do_sendfile+0x101b/0x1d40 [ 428.689997][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.695093][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.700115][T10075] do_syscall_64+0xb0/0x150 [ 428.704606][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.710475][T10075] [ 428.713221][T10075] Uninit was stored to memory at: [ 428.718233][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.723936][T10075] __msan_chain_origin+0x50/0x90 [ 428.728970][T10075] rmd256_transform+0x434e/0x4440 [ 428.733981][T10075] rmd256_update+0x343/0x4f0 [ 428.738556][T10075] crypto_shash_update+0x4e9/0x550 [ 428.743655][T10075] shash_async_update+0x113/0x1d0 [ 428.748664][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.753242][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.757823][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.762657][T10075] __splice_from_pipe+0x565/0xf00 [ 428.767668][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.774152][T10075] direct_splice_actor+0x1fd/0x580 [ 428.779265][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.784623][T10075] do_splice_direct+0x342/0x580 [ 428.789460][T10075] do_sendfile+0x101b/0x1d40 [ 428.794048][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.799141][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.804151][T10075] do_syscall_64+0xb0/0x150 [ 428.808641][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.814526][T10075] [ 428.816838][T10075] Uninit was stored to memory at: [ 428.821868][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.827572][T10075] __msan_chain_origin+0x50/0x90 [ 428.832513][T10075] rmd256_transform+0x434e/0x4440 [ 428.837522][T10075] rmd256_update+0x227/0x4f0 [ 428.842098][T10075] crypto_shash_update+0x4e9/0x550 [ 428.847194][T10075] shash_async_update+0x113/0x1d0 [ 428.852222][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.856802][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.861380][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.866219][T10075] __splice_from_pipe+0x565/0xf00 [ 428.871233][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.876675][T10075] direct_splice_actor+0x1fd/0x580 [ 428.881772][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.887127][T10075] do_splice_direct+0x342/0x580 [ 428.891961][T10075] do_sendfile+0x101b/0x1d40 [ 428.896709][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 428.901808][T10075] __x64_sys_sendfile64+0x56/0x70 [ 428.906836][T10075] do_syscall_64+0xb0/0x150 [ 428.911330][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 428.917197][T10075] [ 428.919511][T10075] Uninit was stored to memory at: [ 428.924790][T10075] kmsan_internal_chain_origin+0xad/0x130 [ 428.930506][T10075] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 428.936482][T10075] kmsan_memcpy_metadata+0xb/0x10 [ 428.941487][T10075] __msan_memcpy+0x43/0x50 [ 428.945889][T10075] rmd256_update+0x1fc/0x4f0 [ 428.950489][T10075] crypto_shash_update+0x4e9/0x550 [ 428.955583][T10075] shash_async_update+0x113/0x1d0 [ 428.960623][T10075] hash_sendpage+0x8ef/0xdf0 [ 428.965199][T10075] sock_sendpage+0x1e1/0x2c0 [ 428.969781][T10075] pipe_to_sendpage+0x38c/0x4c0 [ 428.974617][T10075] __splice_from_pipe+0x565/0xf00 [ 428.979626][T10075] generic_splice_sendpage+0x1d5/0x2d0 [ 428.985085][T10075] direct_splice_actor+0x1fd/0x580 [ 428.990182][T10075] splice_direct_to_actor+0x6b2/0xf50 [ 428.995544][T10075] do_splice_direct+0x342/0x580 [ 429.000381][T10075] do_sendfile+0x101b/0x1d40 [ 429.004955][T10075] __se_sys_sendfile64+0x2bb/0x360 [ 429.010049][T10075] __x64_sys_sendfile64+0x56/0x70 [ 429.015077][T10075] do_syscall_64+0xb0/0x150 [ 429.019826][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 429.025697][T10075] [ 429.028008][T10075] Uninit was created at: [ 429.032233][T10075] kmsan_save_stack_with_flags+0x3c/0x90 [ 429.037851][T10075] kmsan_alloc_page+0xb9/0x180 [ 429.042613][T10075] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 429.048143][T10075] alloc_pages_current+0x672/0x990 [ 429.053583][T10075] push_pipe+0x605/0xb70 [ 429.057811][T10075] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 429.063514][T10075] do_splice_to+0x4fc/0x14f0 [ 429.068089][T10075] splice_direct_to_actor+0x45c/0xf50 [ 429.073446][T10075] do_splice_direct+0x342/0x580 [ 429.078281][T10075] do_sendfile+0x101b/0x1d40 [ 429.082853][T10075] __se_sys_sendfile64+0x2bb/0x360 19:19:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x1000000010, 0x80002, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="380000dd2300ffff0000000000003c0005000000", @ANYRESHEX, @ANYBLOB="00000000fffffffd00000000090001006866736300000000080002ebe217fbe37194c4442c96516dfd3d2af194e0dbfb03fbd4c1478b439d020b114edec23c6e1a8b6e7aa0f44192e0365a2ef73534e6f5645591e6e6dc68cfc07ce8bf2c99acab9f1fae55ede7cb7c8a6fbfd0f596162643d8023b74903f83bbe6c9dc16df5bb32c970a0d4dc145d65409d62ea313540100000000000000f2d2f028edacb3ef65d690f5b887409f7fca94d843ef0a31540e1a8708973bb03abf1c7d6e96da95e75dd9b54036c17975536ce74e238d4fb872eda5dbe5d68f2c6eab7e2fff94db62b4371eb779146ee81e8d00"/249], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xe}}, [@filter_kind_options=@f_rsvp={{0x9, 0x1, 'rsvp\x00'}, {0x58, 0x2, [@TCA_RSVP_ACT={0x54, 0x6, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd, 0x1, 'connmark\x00'}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x5}}]}, 0x90}}, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000100)={0x18, 0x0, {0xffff, @broadcast, 'veth0_to_bond\x00'}}, 0x1e) r6 = socket$nl_route(0x10, 0x3, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x202, 0x4000000000dc) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000003740)='SMC_PNETID\x00') sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="20002dbd7000fddbdf25040000000500040006000000140002007665746845000000000000d7ca7bde1ddcba7e0073797a3200000000050000010073797a3200000000"], 0x50}, 0x1, 0x0, 0x0, 0x24000814}, 0x4005) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r7, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4) sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x40, r7, 0x200, 0x70bd26, 0x25dfdbff, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'hsr0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x840}, 0x40000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8937, &(0x7f0000000080)={'veth0_to_bond\x00', r8}) [ 429.087961][T10075] __x64_sys_sendfile64+0x56/0x70 [ 429.092974][T10075] do_syscall_64+0xb0/0x150 [ 429.097471][T10075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:14 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:14 executing program 1: io_setup(0xfffffffd, &(0x7f0000000180)=0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000200)='/dev/nvram\x00', 0x600, 0x0) ioctl$SNDRV_PCM_IOCTL_START(r1, 0x4142, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="d808b0e929b5657e3a535b", @ANYRES16=0x0, @ANYBLOB="08002cbd7000fddbdf254b0000001c022a00e0e4bc139734f71be89225cf5ac42fdf44346a02222001adbda19c9fe8abf2bf3f4657d242a6561d6fa7036c2b6c983c06faf8c44cbab398be964ce2ea3d57bc614710a61ef764bf0b57c9c7d144580a79b9759ae8f6af98c3230199c4ccb57a753d63fe2327e1dbff2966c3ac7686bf008866e1ccca400f02e35974df16a1e1fdcccc335f26c4b7a819643435abdfb61f5fe085789d01a466ced61461abf90b490f174e6ddeaf0112e8f276dccc520fe0dd0fdcfe4e5541461fd350b05670d2d2dc4d118915d37fe79125e0ee06b75fd6437977482b0669f1872f60488fe1e426eb6be797d2ee1ffceff924c295571145e72c46f65ea4087266ed002353d9c97b2d6571e384bb56b314224a2ae22da8c38a04a90e4faa6e6a85f0d3ea0db23938de33b62ff087b518436a52eeb206e024f931518d27780c07a3caf9bedbe603587f763e5573a088f85ac7b685f518b00702c3a01812872281e5de2a1c5ab0d910c5ef8a59a8a5b6b0b14d87400cf89b24c73af3ed1e60f5a16c724bfb94591d0e9f87bb6b711f47bc82ae33186ec8461a0ac27869dd298f94645856aa2b1f7c62f6323437c2235e15015b329b17168531b5e7ea5fbc269a26e85fb602b2010f7db75d5cb23d687b1a6f03e35eabf095183c831082beaadbd135072f2faf40f3df62e032ba408cc23af0f78a40a93b6e28f938f841c67ddb1f25c3259ae38ab15bc04fbc87410a6cc83c2a41b0c81dfb66e73c49868d664f"], 0x230}, 0x1, 0x0, 0x0, 0x11}, 0x4004) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x2, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) getpeername$netlink(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0xc) 19:19:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000200)=ANY=[@ANYBLOB="fc000000190001000000000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000200000000000000b5d3e681"], 0xfc}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0xffff, 0x2, 0x10000, 0x80, 0x7ff, 0x7, 0x3, 0x0, 0x7f, 0x5, 0x7, 0x4, 0xfff, 0x2, 0x1, 0xffffffffffffff81], 0x6000, 0x140110}) ioctl$VIDIOC_DBG_S_REGISTER(r3, 0x4038564f, &(0x7f0000000000)={{0x1, @name="af3de23cf55384981b7f6ccb63b719fa9fca3f4beeb6188a929dd7cf95a4e590"}, 0x8, 0x2}) [ 430.008765][T10089] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. [ 430.087200][T10089] not chained 190000 origins [ 430.091851][T10089] CPU: 1 PID: 10089 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 430.100522][T10089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.110608][T10089] Call Trace: [ 430.113902][T10089] dump_stack+0x1df/0x240 [ 430.118232][T10089] kmsan_internal_chain_origin+0x6f/0x130 [ 430.123963][T10089] ? is_module_text_address+0x4d/0x2a0 [ 430.129412][T10089] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 430.135216][T10089] ? __kernel_text_address+0x171/0x2d0 [ 430.140664][T10089] ? unwind_get_return_address+0x8c/0x130 [ 430.146376][T10089] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.152446][T10089] ? arch_stack_walk+0x2a2/0x3e0 [ 430.157392][T10089] ? stack_trace_save+0x1a0/0x1a0 [ 430.162410][T10089] ? kmsan_get_metadata+0x4f/0x180 [ 430.167537][T10089] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 430.174120][T10089] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 430.180193][T10089] ? stack_trace_save+0x123/0x1a0 [ 430.185210][T10089] ? kmsan_get_metadata+0x11d/0x180 [ 430.190397][T10089] __msan_chain_origin+0x50/0x90 [ 430.195333][T10089] rmd256_transform+0x434e/0x4440 [ 430.200391][T10089] rmd256_update+0x343/0x4f0 [ 430.204979][T10089] ? rmd256_init+0x260/0x260 [ 430.209557][T10089] crypto_shash_update+0x4e9/0x550 [ 430.214659][T10089] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 430.220815][T10089] ? crypto_hash_walk_first+0x1fd/0x360 [ 430.226351][T10089] ? kmsan_get_metadata+0x4f/0x180 [ 430.231462][T10089] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 430.237274][T10089] shash_async_update+0x113/0x1d0 [ 430.242306][T10089] ? shash_async_init+0x1e0/0x1e0 [ 430.247319][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.251908][T10089] ? hash_recvmsg+0xd30/0xd30 [ 430.256675][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.261277][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.266131][T10089] ? sock_fasync+0x250/0x250 [ 430.270719][T10089] __splice_from_pipe+0x565/0xf00 [ 430.275734][T10089] ? generic_splice_sendpage+0x2d0/0x2d0 [ 430.281368][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.286829][T10089] ? iter_file_splice_write+0x1800/0x1800 [ 430.292537][T10089] direct_splice_actor+0x1fd/0x580 [ 430.297666][T10089] ? kmsan_get_metadata+0x4f/0x180 [ 430.302768][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.308129][T10089] ? do_splice_direct+0x580/0x580 [ 430.313157][T10089] do_splice_direct+0x342/0x580 [ 430.318008][T10089] do_sendfile+0x101b/0x1d40 [ 430.322606][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 430.327709][T10089] ? kmsan_get_metadata+0x4f/0x180 [ 430.332816][T10089] __x64_sys_sendfile64+0x56/0x70 [ 430.337839][T10089] do_syscall_64+0xb0/0x150 [ 430.342335][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.348211][T10089] RIP: 0033:0x45c1d9 [ 430.352081][T10089] Code: Bad RIP value. [ 430.356132][T10089] RSP: 002b:00007f22a319ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 430.364528][T10089] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 430.372486][T10089] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 430.380440][T10089] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 430.388400][T10089] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 430.396441][T10089] R13: 0000000000c9fb6f R14: 00007f22a319b9c0 R15: 000000000078bf0c [ 430.404406][T10089] Uninit was stored to memory at: [ 430.409422][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 430.415136][T10089] __msan_chain_origin+0x50/0x90 [ 430.420061][T10089] rmd256_transform+0x434e/0x4440 [ 430.425071][T10089] rmd256_update+0x343/0x4f0 [ 430.429644][T10089] crypto_shash_update+0x4e9/0x550 [ 430.434737][T10089] shash_async_update+0x113/0x1d0 [ 430.439744][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.444323][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.448898][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.453731][T10089] __splice_from_pipe+0x565/0xf00 [ 430.458739][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.464183][T10089] direct_splice_actor+0x1fd/0x580 [ 430.469275][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.474633][T10089] do_splice_direct+0x342/0x580 [ 430.479471][T10089] do_sendfile+0x101b/0x1d40 [ 430.484043][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 430.489137][T10089] __x64_sys_sendfile64+0x56/0x70 [ 430.494154][T10089] do_syscall_64+0xb0/0x150 [ 430.498647][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.504515][T10089] [ 430.506826][T10089] Uninit was stored to memory at: [ 430.511861][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 430.517574][T10089] __msan_chain_origin+0x50/0x90 [ 430.522533][T10089] rmd256_transform+0x434e/0x4440 [ 430.527546][T10089] rmd256_update+0x343/0x4f0 [ 430.532169][T10089] crypto_shash_update+0x4e9/0x550 [ 430.537281][T10089] shash_async_update+0x113/0x1d0 [ 430.542303][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.546881][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.551455][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.556289][T10089] __splice_from_pipe+0x565/0xf00 [ 430.561298][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.566743][T10089] direct_splice_actor+0x1fd/0x580 [ 430.571842][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.577197][T10089] do_splice_direct+0x342/0x580 [ 430.582027][T10089] do_sendfile+0x101b/0x1d40 [ 430.587125][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 430.592221][T10089] __x64_sys_sendfile64+0x56/0x70 [ 430.597231][T10089] do_syscall_64+0xb0/0x150 [ 430.601720][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.607591][T10089] [ 430.609900][T10089] Uninit was stored to memory at: [ 430.614909][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 430.620613][T10089] __msan_chain_origin+0x50/0x90 [ 430.625565][T10089] rmd256_transform+0x434e/0x4440 [ 430.630576][T10089] rmd256_update+0x343/0x4f0 [ 430.635148][T10089] crypto_shash_update+0x4e9/0x550 [ 430.640242][T10089] shash_async_update+0x113/0x1d0 [ 430.645249][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.649832][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.654406][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.659256][T10089] __splice_from_pipe+0x565/0xf00 [ 430.664263][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.669719][T10089] direct_splice_actor+0x1fd/0x580 [ 430.674818][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.680171][T10089] do_splice_direct+0x342/0x580 [ 430.685005][T10089] do_sendfile+0x101b/0x1d40 [ 430.689580][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 430.694680][T10089] __x64_sys_sendfile64+0x56/0x70 [ 430.699835][T10089] do_syscall_64+0xb0/0x150 [ 430.704334][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.710208][T10089] [ 430.712516][T10089] Uninit was stored to memory at: [ 430.717542][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 430.723257][T10089] __msan_chain_origin+0x50/0x90 [ 430.728190][T10089] rmd256_transform+0x434e/0x4440 [ 430.733200][T10089] rmd256_update+0x343/0x4f0 [ 430.737773][T10089] crypto_shash_update+0x4e9/0x550 [ 430.742866][T10089] shash_async_update+0x113/0x1d0 [ 430.747873][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.752448][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.757022][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.761858][T10089] __splice_from_pipe+0x565/0xf00 [ 430.766869][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.772329][T10089] direct_splice_actor+0x1fd/0x580 [ 430.777424][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.782783][T10089] do_splice_direct+0x342/0x580 [ 430.788315][T10089] do_sendfile+0x101b/0x1d40 [ 430.792888][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 430.797981][T10089] __x64_sys_sendfile64+0x56/0x70 [ 430.802991][T10089] do_syscall_64+0xb0/0x150 [ 430.807482][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.813351][T10089] [ 430.815661][T10089] Uninit was stored to memory at: [ 430.820674][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 430.826376][T10089] __msan_chain_origin+0x50/0x90 [ 430.831300][T10089] rmd256_transform+0x434e/0x4440 [ 430.836309][T10089] rmd256_update+0x343/0x4f0 [ 430.840887][T10089] crypto_shash_update+0x4e9/0x550 [ 430.845983][T10089] shash_async_update+0x113/0x1d0 [ 430.851013][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.855593][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.860170][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.865020][T10089] __splice_from_pipe+0x565/0xf00 [ 430.870042][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.875488][T10089] direct_splice_actor+0x1fd/0x580 [ 430.880586][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.885939][T10089] do_splice_direct+0x342/0x580 [ 430.890775][T10089] do_sendfile+0x101b/0x1d40 [ 430.895351][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 430.900446][T10089] __x64_sys_sendfile64+0x56/0x70 [ 430.905459][T10089] do_syscall_64+0xb0/0x150 [ 430.909950][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 430.915818][T10089] [ 430.918127][T10089] Uninit was stored to memory at: [ 430.923138][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 430.928840][T10089] __msan_chain_origin+0x50/0x90 [ 430.933764][T10089] rmd256_transform+0x434e/0x4440 [ 430.938771][T10089] rmd256_update+0x227/0x4f0 [ 430.943358][T10089] crypto_shash_update+0x4e9/0x550 [ 430.948463][T10089] shash_async_update+0x113/0x1d0 [ 430.953470][T10089] hash_sendpage+0x8ef/0xdf0 [ 430.958061][T10089] sock_sendpage+0x1e1/0x2c0 [ 430.962637][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 430.967472][T10089] __splice_from_pipe+0x565/0xf00 [ 430.972505][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 430.977949][T10089] direct_splice_actor+0x1fd/0x580 [ 430.983046][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 430.988401][T10089] do_splice_direct+0x342/0x580 [ 430.993235][T10089] do_sendfile+0x101b/0x1d40 [ 430.997808][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 431.002901][T10089] __x64_sys_sendfile64+0x56/0x70 [ 431.007911][T10089] do_syscall_64+0xb0/0x150 [ 431.012424][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 431.018295][T10089] [ 431.020603][T10089] Uninit was stored to memory at: [ 431.025611][T10089] kmsan_internal_chain_origin+0xad/0x130 [ 431.031312][T10089] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 431.037710][T10089] kmsan_memcpy_metadata+0xb/0x10 [ 431.042714][T10089] __msan_memcpy+0x43/0x50 [ 431.047117][T10089] rmd256_update+0x1fc/0x4f0 [ 431.051792][T10089] crypto_shash_update+0x4e9/0x550 [ 431.056886][T10089] shash_async_update+0x113/0x1d0 [ 431.061891][T10089] hash_sendpage+0x8ef/0xdf0 [ 431.066467][T10089] sock_sendpage+0x1e1/0x2c0 [ 431.071041][T10089] pipe_to_sendpage+0x38c/0x4c0 [ 431.075875][T10089] __splice_from_pipe+0x565/0xf00 [ 431.080883][T10089] generic_splice_sendpage+0x1d5/0x2d0 [ 431.086327][T10089] direct_splice_actor+0x1fd/0x580 [ 431.091420][T10089] splice_direct_to_actor+0x6b2/0xf50 [ 431.096773][T10089] do_splice_direct+0x342/0x580 [ 431.101623][T10089] do_sendfile+0x101b/0x1d40 [ 431.106200][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 431.111294][T10089] __x64_sys_sendfile64+0x56/0x70 [ 431.116306][T10089] do_syscall_64+0xb0/0x150 [ 431.120797][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 431.126667][T10089] [ 431.128978][T10089] Uninit was created at: [ 431.133205][T10089] kmsan_save_stack_with_flags+0x3c/0x90 [ 431.138823][T10089] kmsan_alloc_page+0xb9/0x180 [ 431.143570][T10089] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 431.149106][T10089] alloc_pages_current+0x672/0x990 [ 431.154201][T10089] push_pipe+0x605/0xb70 [ 431.158427][T10089] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 431.164127][T10089] do_splice_to+0x4fc/0x14f0 [ 431.168700][T10089] splice_direct_to_actor+0x45c/0xf50 [ 431.174059][T10089] do_splice_direct+0x342/0x580 [ 431.178896][T10089] do_sendfile+0x101b/0x1d40 [ 431.183471][T10089] __se_sys_sendfile64+0x2bb/0x360 [ 431.188566][T10089] __x64_sys_sendfile64+0x56/0x70 [ 431.193583][T10089] do_syscall_64+0xb0/0x150 [ 431.198072][T10089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:17 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:17 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749f6c754f2781bccc42e6ef592a1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067eec438180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a43bcf1840dc8466796c04a4baa9f82bbd989477b56cda9e60dd7da5c5b437be2f2fcdd62a20b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abcb5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f2410fc9448ab6c3b9fea9f2287e2a0b83beee2c77a6bb5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c972701c39c3e7a77d8dcd1ed368eaf557ad34b0c1cb8eec9c963001f3905cba6c67b6eab0fae90504e30dc799fe07128d711b61834f3d4cb2cb47745c15fae1a2b694fe5983471b336a0829abfd46e6b5f420d723608591b372bb"], 0x1c2) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040)=0x1) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x7f, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007ad, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000003c0), 0x4) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0x2bcf) shutdown(r1, 0x1) recvmsg(r1, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf9b3}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100) [ 432.606291][ C0] sd 0:0:1:0: [sg0] tag#420 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 432.617015][ C0] sd 0:0:1:0: [sg0] tag#420 CDB: Test Unit Ready [ 432.623720][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.636732][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.646643][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.656472][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.666306][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.676085][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.685873][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.695750][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.705521][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.715294][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.725060][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.734814][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.744580][ C0] sd 0:0:1:0: [sg0] tag#420 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:18 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:18 executing program 1: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f00000000c0)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000180)={0x0}) getpgid(r0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x15, &(0x7f00000000c0)) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000180)={0x0}) timer_create(0x2, &(0x7f0000000140)={0x0, 0x6, 0x2, @thr={&(0x7f00000002c0)="d9111a4e1206872f10d43cec22354d24165e206ef9e62322ab151386e9e31f6811ea314bca44dcba0a9d2d923f0a45f50b9f910e5cec00d7457e4b2ec4ea5188aeca79253cdb4fd0e500b7d957649924aa92b5cfbe63fb70ca9edb4bcabf5ccfc3dd6fd6e15a9f6fd1639794712a93065f198f189ec921a5719477fdb92ffc90f7681df62e4a15872574c016f33b4916b71e61e30715fad8127b728bffd86c1ed1a0ce7272bf78ee72b89427a916cd2819bcb0c52ecdcda7472577282b", &(0x7f0000000380)="ccbcab2f3c9b335b358b52ed78206b927aab843ff57a2c76b8bb5a3bb0721786a56300c970509299d18d03c35c80efb8fbd51678c10e0c2d91b7beef5c6a9b315b138a4f8bc0fc5b0fafa770ca6b4904a1ac565a59b7e003a24aa36275a2c50b6fb0c580e0c6951bd7c648f867a5953c8f42336169c626b1c1daef5d338f546246f577f6d072498d0ef227dc65e92879a9939d88c17cb086489fcfd24ebe4f2e7fffe9fa6cf827c9f2cc02d81b614a92edfd9a395bd149e35a027241e479f92ba1e81c3726b838341d266cdaddea45c82063a6a62f051f41985eeda2a4ba36cbfb17e97c0278cf238549e3f247989516c45febdcf6b69479bb7a557c42b728007030ca891b3e7f10a23b0a8755a99bcf53f83793d72a74c8b143f2d46cca08942deef59db5beaae9ebb14f546f358f42ac0b2b80a4b7a955d17c1b4ad45c4926539fbd0feda882cf01ac26f0a4ba35f99159ccbabe779acabd9753fcb6f19e8a5f37a0af9caa374ecf8d17e68f436daf77feb28382f84f40f86ffc91fca645445c4178716bd00d09f7e12c02a7fbf2225b160a22efe8db1aa7ecf4a013d7a6018ac4e2af8e49abc05b848cf2089ce3658c9f6de2e0901bd3de0552ebbc3bc95b7c1f49647d378b54818795b24b296f05cb32f6792426907eb2685430c52e73f4929989e2817fd50442503745073ddee05db0e6a8dffee999c16094aeb2a36758f33436cd36962565dc520fc6a7d6be8719004969533ce4f1a51939c4b75139933871ee66ddecb1993c7259e60fb6e0c0b28ed2fdb3af96bc655d3c4e2cdb5461e37a7d9e401ca61c0e65a3c460a28563e30465ebddbb50caf479d5519e79fc01b63d880855f2d3cf551085cc1c22841936e377952ac920f0092ac8c858a6ca131378c822d4159121cefb325811eb5e401a72ba397f77fd9fc1b5d1896c422d4e36e56696e2eb44eaca4f5dbe0c5ddb47ade01f3c676e4d4e0bffe60194cea75215521f4da875acf39927feb9915177599eb080b22aa4e94d2e71e4c842a08cb5fa4329c6eb6db49e70da45ba19eda71c8830214a5e31051ea411238603566b5edf47aa53a007c7db66c339af0ffc3655558e6d919f80797f674e93f340a1025f6f36386f228c71011711f416affc195af6de171d6cfd2d4af82a14fda04582dbd79c0ad57582d21c05495084e7c2f218c1ce577454d495619763e1e67c89a3f694ad8d802a5cccf305ff002afb3a4950faedd06032caba841248e5f29625b7b1072b812d54d5b30ca1587e37fde8e9761e3ef96cd97e6a639de94607b55b12b2e0d781a7e20246ff4be7a67544a23cbfa7039f240d7cb602821d4b14b0aae83b7f4e90bce69fbd1cdb23e57545027e1f51c7d5a245f8b6a46296b8fa60d696d39a1621eb8238aee02f5b738cc434c2e7cb056518afc6885c8b647a5891c0ee31e16adfb0940af161a231042c22e6bbf8fd4d298ae4bcdaa6e1b8aff5ead958b2749ff2ebc92ad5fb06fc00df1dafa6cd9166b05d96b20a246a6c41b94422f0abf47fc1989c4202709b2f6f1b3b7f26e08cbe44ead35e1c947c9af702284e1ae54cf79c8e0a793971b4a62a89bc3a10bdf6dd17e0bd0e4d720d3ec4b87b34ce82c1e853ae4ce464f7f66b2ef4a877e56940da2834dceb911869dea7ab135249ccf19cdd3988809a78c841ada6a93abef5b645c35e6333cc3b78203945ef41a4f2fc300cf517e04c0c1207e9683635c31e1ff6e4ba85078fc646a4eb3e1c0f16919719e9a9b7d71984a094eecae5be17b0465450a16280d76f9600e4e0cff282f9cc319b4804f3b152ace82387b66d089c1200a7461fe158fd60883299fac939d04a1d9ad20090af74cedf7140476232f662f4511d8fb278036cebc4437fa965a010ba2c9bca4a507bffaf265ba6ec3f78db16ca20c9a260a781beb57371a6dd06273611e5f19b398257b64907fe5ea47074ba893b0e84f8a1c0489a6a2abe9980f32f4d396d2e0f6583015573b4948fc561d906c0ac7a2f5c220b69cf3a2a53bd064aaf9db7af079762b9638e6d056b0a9b4811320e1ee231dbaa2729304d3053a343c5edbb3026d23b794a348038919fe0cd903ec0d2655e54f7f9808eede6cb4aa023398f3813301fc5dce926058635d09086c328213ab76de69ca325f871f787c7fc33a3a97f22573c7629830bb129fc6c56a9c4baf5336ff8fdd3319ea887eba2bd8de6dcfd342046fe789c79e98b9820bfe0cab634120a86d9d217dd36cc0d84e0d4563e93a75fe0778977429131a575d3dc6252a6dbe07908b71b951d20e3bbc65e2abb0302d886ebd8592d9edb5450c1f5a1cc421a3a07ab34e05711180f66a65266e47fff9dc127b71ad08c2be6a38ce3eb77537ad1c5ba9996a54083452271a202aeeaca8c9126a44e610bdf7b4a3582fbd343843159bc8bdd87ebb70137d61cac489096d80533e464400a2730ba2482fb09a23310ff31c5694ebb5387347cdc2324ca5cca83eca2f7735727a572d4002421517d0fc770ef3b6fd177d2aeca0f44c29a03f81b8d46dde4ee273c4b26606770e4f7439181656a28feae5908626e8a11c6083b59603408f5bdc87dd05d429575a244d90b841b87b20a80a582ca76b8e33ad4a7f850bf902e8e7c215e2643552dad29a744c0467bf93b5e6341bed7cf13a553c40401be25233230218a02e53f83b9648b0b1fe5a293fee9f9ef23c285514010f9ac47f396124d740d61843605dee8ebea6204a66180719ce5133f572d3cf35229f7216185d51d1c990f423b4562566c894104984b2c6832158c30261e35569b3a7b61bbea81f75f728b72e5a0a5e950de72705ea3fdc0fd567df492b10b6f26356673e55af8141c2c8ef428565280ec67345227cd4a305e7154108baf2cb9b3377256ddf5a67a6cc0e3e0d92d26f476ad2045bd930e37916b0238e2908e4220718dc5019efbc7de7ce9472240ef701b0035daef22efc00768a109ed7aa9a5c209b5f4ab200de7db112b45f298f29ba8ba439c76b7022616441d92caecd45005661e6d44522d2337cabaea8392c447144bc1d7325dceaa1dd2de18e8c13db8d9aa8a83bc5f8b1f9609b8cfed78ba634b96d37e5fd1cddf5bf8ed36da74998547cb62ec7ce9f2b11612b9efa1a9d417d3cc32af3cf7a3f601d85f6e6df749642ef274195ec6ea08bc83d782d1f3604f91a2e6af4112fb9a07c618ded9c920a4871205298a2e2f29a7a1e360df09058540ecefff098a9a7c593e9e31f6d7411d0c7d8ed9a188d829aba8a7d70c5ff3b0eb0df3fd3365e15e7ca497ff8c21bdbccc7ce105a9fd9d35684c908433ec33c2531fa2532f50594e4f12f8c66a460a4c3b9eecd7d1627916667a3da12d0fcc27b48a7aa5301bf285b989dc3b89b433f693c347897a5aa52963616b7ef93ad1cc9396e783d76c50db7c402d28759459cc836eabf5e0281a9628ee3020ae5d648291e42fa50a6e6a0cc418d32f87d1b38e0a44e7920f8d5f4900b91e308b0822c22d8b8ca8677524501558d090beb54f27dbd8cdf1d45f29d3178cda45aef0b0adef3a125abcf2c4d301aba69908233371493dead94654606fa7684b4ee3b7b10c8fea16ac8a0b9fcc0ebae13a8e1bfd57af380d5185dea8b7156981d976582dada64e822724cdf00a3f38d9cdf642b58fea666eafe7b55d41d007177ca0320b0e9a3eed3fa8a7be9b8ce54122363f5b59f7b99287ae2765757bdd06211dbdc7f7b36ff113a51c93d788ba8ac9515ac87f5e27e0589bd6955e469d69b568afa9aaa4b408051c8892379565994d0e877cf13d215ce922d3342e5866874f69650474ccb8499a17d0e821fec9f71e9b5803278c46d9dbc51856451df05ec5c87a6c5b494ee05d4a11b4758e1e4be81d605827284bf8d0fa94995c1bcf43542383fd63729daf004ea20947a6f6a4c306eba98a5879bdceb947115adcba7b9312c2877f071dbc49aa1433bb68959f26c37c3cf9d7f1d693967dbcb6dec8a983e46333d124e2e8494828d5a98f75d8efd1bfbd5c9f1a68e1ed0ed6ad8e16bbaac056924631d016b0c1e34f6408e9e5f046c0d69320a067786ed8d0663c6f46212c3bc59c45e6b99c1249a3beb4190ffdf95edbd4754248929b7e463f802f929728440ab38c522414bd7c351203dd9cf6d6266c752685b9b102b9befa8425eacd394149cf11df758b3a7b228341512cf29674b13f12b9901afd91e74f9b3b6a252d677fb8b106eb09f6b79e10cef92be87afb70001f91d75bb8f03b17d6f99c4523ef2cecbe10ced03d4a70159c48f8b8e87c5080d21e93902868383235d71753206b6d3a6e881ec83d2353d672b0ea0264c55191c3eeb0ccd70a5d347587c62a2ee53f698464993e08bacdd10eaf586838338b0fa9f1d3bca972fcec3669ba86e0826dac97b27424d3b1e2d75834b0c4cef4c8db841ca95d042152f7cd5338c9a8f8cc667d374df2830da4df201eaad53d299375d453383e7bbb00b92836f38555270b8123f7696d608c89857859fd88d9ded3f41afb020cc91abe06191a5a3c28e23407b313c56159c1544ae0c648210c959b4089a36723b39ff19d61477249b05e6b64af04cc353791696f0a2604bc7ff5e7dedf925e86e08c16e5ad38ae949824a515b42796f3e34a28d07d7047abcc9fe0690e1bfaf1a37279c87c2498611dedf01d381bb9aa61118a37fb2df5b3ab2492f9814763e4e1936871c7d176b27dd1219adfa34cfade8c7feb53c16fe38a870c67b47d3594d2a217e9a052037beb3697fdad59f2225fb3baa3e3da2dc171890cc62654802e6be50bbf92d3c7c2875573cff94166547138ddba8c6c7afb46e4f1a45754cae36f3fc483a7caa18e3870fab757bc9d806750658f2e0025c4451284ab9c8bd8567c3639179c3304bedf6b2505c430abc3ef197fc6efff0ba0fdff7554a81b8b3339292791b927e7745cd131e12742407a6c575ea5b670456ba78b32e0a7f79668b37dd0ea9f9cbe2d0089a9733104a61b03159f19c24a2f85ba0499cc9a6ed999ada145adf6673d80ed166ff14983a6356cc5f6ba19a8162fd6cf2c03d6c936b73c486026726652221b2adc43ff6d515a9b80a4376af3b9f1aeeed1402cb7fe04eb1aa356e5ef0693d2b673cb78834d73de42b7b432980becf83bb66a1c40e91b8b98e5f07afa2d4d2cdfc37b4f451dbd51bfbb7e6f7cd62c88d8e736bea90e3e5ecf6d52415297a8e0854e7508f192d39e3c11d3320032dac1c380a3a92b7946f3643d9bf9e9860547b3bf1b5d11b0ac085e0e924b4df8d3b2a747aa226e8db0e541104d1a28c8b398c965f38bf50d0e41de0848af63fc249df04705345f80bb356d1087dcaaf69a93b30c55d81065f7f53c0349449c25970bd47ec36f33117036c11bb8341d875867ee0b4de05fd0335a02ec25733e884a168857f895b1a759d45e6257028cf2c68d4133db07a3ff6e48a5b86a4c7722d1180209bcd65ef331e7b26552701987511554038668c2aae24e13ea21c62c9bd332b32082e67274f0e5580a33d8cafa29d9e858ef86d5eb4b2c15cfe11d6fadd872bed845c2b229ff51ba30834fe52f54feaa73c7da0aa3edcadebbc013b136212feded03f23e856575b626b225367c1e1059c12dfd9b4dd9f9ad07207526aaf88e5379e670dd3f1c91141da06613107f28267740ec88c3ffe8c3fc9dba94230e98896dbc4856d97d4e0561af1251f2359598a89ec2d1e0e80b9afd3f87016e3cad175ea9e1b167e12d2f54a07d485b050331da43f31af70089b6880bb8"}}, &(0x7f00000000c0)) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000000005) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r2, 0x0) r5 = gettid() r6 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x2, 0x3) getsockname$packet(r6, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) tkill(r5, 0x1004000000013) [ 432.928971][ C0] sd 0:0:1:0: [sg0] tag#421 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 432.939617][ C0] sd 0:0:1:0: [sg0] tag#421 CDB: Test Unit Ready [ 432.946296][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.956406][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.966188][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.975994][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.985764][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 432.995547][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.005318][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.015064][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.024827][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.034610][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.044389][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.054182][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 433.063964][ C0] sd 0:0:1:0: [sg0] tag#421 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:18 executing program 2: r0 = socket$inet6(0x10, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000540)="9000000018001f0236ccfb0d1b849ac00200a578020006050610030043000b00030000000000c5ac27a6c5a168d0bf46d32345653600648dcaaf6c26c2912145497e5ade4a460c89b6ec0cff3959547f509058ba86c902000000000025000400300012000a000000000000005e58324413a075afa17124c8e73ec4471f000001000000731ae9e086ceb6cf62bb944cf2", 0x90, 0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f00000001c0)={0x2}) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r5, 0x0, 0x1000007ffff000) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_REMOVE(r7, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r8, 0x4, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000800) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x800) sendmsg$NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2001400}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xd4, r8, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSCATLST={0xa8, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x51cff907}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7ed55fbe}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb46f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6dc00de4}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x54821265}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38d4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x285ad693}]}, {0x4}, {0x4}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2881}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9fb2}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x33ef343b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7046dd18}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1c12}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x56721479}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3e70c6a1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2b2e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7597}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8ae2}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_DOI={0x8}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20004804}, 0x1) [ 433.125638][T10106] not chained 200000 origins [ 433.130262][T10106] CPU: 0 PID: 10106 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 433.138940][T10106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.149128][T10106] Call Trace: [ 433.152437][T10106] dump_stack+0x1df/0x240 [ 433.156794][T10106] kmsan_internal_chain_origin+0x6f/0x130 [ 433.162541][T10106] ? is_module_text_address+0x4d/0x2a0 [ 433.168019][T10106] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 433.173844][T10106] ? __kernel_text_address+0x171/0x2d0 [ 433.179300][T10106] ? unwind_get_return_address+0x8c/0x130 [ 433.185012][T10106] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.191076][T10106] ? arch_stack_walk+0x2a2/0x3e0 [ 433.196004][T10106] ? stack_trace_save+0x1a0/0x1a0 [ 433.201021][T10106] ? kmsan_get_metadata+0x4f/0x180 [ 433.206122][T10106] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 433.211918][T10106] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 433.217979][T10106] ? stack_trace_save+0x123/0x1a0 [ 433.222994][T10106] ? kmsan_get_metadata+0x11d/0x180 [ 433.228185][T10106] __msan_chain_origin+0x50/0x90 [ 433.233115][T10106] rmd256_transform+0x434e/0x4440 [ 433.238136][T10106] ? mac80211_hwsim_get_radio+0x2f4/0xcb0 [ 433.243882][T10106] rmd256_update+0x227/0x4f0 [ 433.248472][T10106] ? rmd256_init+0x260/0x260 [ 433.253049][T10106] crypto_shash_update+0x4e9/0x550 [ 433.258154][T10106] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 433.264319][T10106] ? crypto_hash_walk_first+0x1fd/0x360 [ 433.269871][T10106] ? kmsan_get_metadata+0x4f/0x180 [ 433.274975][T10106] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 433.280770][T10106] shash_async_update+0x113/0x1d0 [ 433.285787][T10106] ? shash_async_init+0x1e0/0x1e0 [ 433.290800][T10106] hash_sendpage+0x8ef/0xdf0 [ 433.295385][T10106] ? hash_recvmsg+0xd30/0xd30 [ 433.300224][T10106] sock_sendpage+0x1e1/0x2c0 [ 433.304826][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 433.309673][T10106] ? sock_fasync+0x250/0x250 [ 433.314274][T10106] __splice_from_pipe+0x565/0xf00 [ 433.319295][T10106] ? generic_splice_sendpage+0x2d0/0x2d0 [ 433.324932][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 433.330387][T10106] ? iter_file_splice_write+0x1800/0x1800 [ 433.336100][T10106] direct_splice_actor+0x1fd/0x580 [ 433.341206][T10106] ? kmsan_get_metadata+0x4f/0x180 [ 433.346312][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 433.352454][T10106] ? do_splice_direct+0x580/0x580 [ 433.357480][T10106] do_splice_direct+0x342/0x580 [ 433.362501][T10106] do_sendfile+0x101b/0x1d40 [ 433.367100][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 433.372284][T10106] ? kmsan_get_metadata+0x4f/0x180 [ 433.377387][T10106] __x64_sys_sendfile64+0x56/0x70 [ 433.382408][T10106] do_syscall_64+0xb0/0x150 [ 433.386920][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.392799][T10106] RIP: 0033:0x45c1d9 [ 433.396763][T10106] Code: Bad RIP value. [ 433.400815][T10106] RSP: 002b:00007fb8bb5f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 433.409301][T10106] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 433.417258][T10106] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 433.425214][T10106] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 433.433184][T10106] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078c04c [ 433.441142][T10106] R13: 0000000000c9fb6f R14: 00007fb8bb5f99c0 R15: 000000000078c04c [ 433.449108][T10106] Uninit was stored to memory at: [ 433.454146][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 433.459853][T10106] __msan_chain_origin+0x50/0x90 [ 433.464776][T10106] rmd256_transform+0x434e/0x4440 [ 433.469787][T10106] rmd256_update+0x343/0x4f0 [ 433.474359][T10106] crypto_shash_update+0x4e9/0x550 [ 433.479468][T10106] shash_async_update+0x113/0x1d0 [ 433.484475][T10106] hash_sendpage+0x8ef/0xdf0 [ 433.489050][T10106] sock_sendpage+0x1e1/0x2c0 [ 433.493627][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 433.498461][T10106] __splice_from_pipe+0x565/0xf00 [ 433.503469][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 433.508911][T10106] direct_splice_actor+0x1fd/0x580 [ 433.514002][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 433.519379][T10106] do_splice_direct+0x342/0x580 [ 433.524220][T10106] do_sendfile+0x101b/0x1d40 [ 433.528793][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 433.533889][T10106] __x64_sys_sendfile64+0x56/0x70 [ 433.538901][T10106] do_syscall_64+0xb0/0x150 [ 433.543392][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.549260][T10106] [ 433.551571][T10106] Uninit was stored to memory at: [ 433.556578][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 433.562278][T10106] __msan_chain_origin+0x50/0x90 [ 433.567200][T10106] rmd256_transform+0x434e/0x4440 [ 433.572207][T10106] rmd256_update+0x343/0x4f0 [ 433.576784][T10106] crypto_shash_update+0x4e9/0x550 [ 433.581875][T10106] shash_async_update+0x113/0x1d0 [ 433.586880][T10106] hash_sendpage+0x8ef/0xdf0 [ 433.591455][T10106] sock_sendpage+0x1e1/0x2c0 [ 433.596030][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 433.600863][T10106] __splice_from_pipe+0x565/0xf00 [ 433.605873][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 433.611314][T10106] direct_splice_actor+0x1fd/0x580 [ 433.616408][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 433.621780][T10106] do_splice_direct+0x342/0x580 [ 433.626616][T10106] do_sendfile+0x101b/0x1d40 [ 433.631191][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 433.636285][T10106] __x64_sys_sendfile64+0x56/0x70 [ 433.641293][T10106] do_syscall_64+0xb0/0x150 [ 433.645802][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.651677][T10106] [ 433.654011][T10106] Uninit was stored to memory at: [ 433.659029][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 433.664734][T10106] __msan_chain_origin+0x50/0x90 [ 433.669672][T10106] rmd256_transform+0x434e/0x4440 [ 433.674696][T10106] rmd256_update+0x343/0x4f0 [ 433.679287][T10106] crypto_shash_update+0x4e9/0x550 [ 433.684410][T10106] shash_async_update+0x113/0x1d0 [ 433.689423][T10106] hash_sendpage+0x8ef/0xdf0 [ 433.693998][T10106] sock_sendpage+0x1e1/0x2c0 [ 433.698668][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 433.703502][T10106] __splice_from_pipe+0x565/0xf00 [ 433.708510][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 433.713952][T10106] direct_splice_actor+0x1fd/0x580 [ 433.719048][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 433.724405][T10106] do_splice_direct+0x342/0x580 [ 433.729239][T10106] do_sendfile+0x101b/0x1d40 [ 433.733813][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 433.738907][T10106] __x64_sys_sendfile64+0x56/0x70 [ 433.743918][T10106] do_syscall_64+0xb0/0x150 [ 433.748408][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.754276][T10106] [ 433.756587][T10106] Uninit was stored to memory at: [ 433.761595][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 433.767382][T10106] __msan_chain_origin+0x50/0x90 [ 433.772405][T10106] rmd256_transform+0x434e/0x4440 [ 433.777412][T10106] rmd256_update+0x343/0x4f0 [ 433.781985][T10106] crypto_shash_update+0x4e9/0x550 [ 433.787078][T10106] shash_async_update+0x113/0x1d0 [ 433.792109][T10106] hash_sendpage+0x8ef/0xdf0 [ 433.796715][T10106] sock_sendpage+0x1e1/0x2c0 [ 433.801296][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 433.806132][T10106] __splice_from_pipe+0x565/0xf00 [ 433.811156][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 433.816612][T10106] direct_splice_actor+0x1fd/0x580 [ 433.822009][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 433.827367][T10106] do_splice_direct+0x342/0x580 [ 433.832220][T10106] do_sendfile+0x101b/0x1d40 [ 433.836792][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 433.841900][T10106] __x64_sys_sendfile64+0x56/0x70 [ 433.846910][T10106] do_syscall_64+0xb0/0x150 [ 433.851397][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.857264][T10106] [ 433.859571][T10106] Uninit was stored to memory at: [ 433.864582][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 433.870288][T10106] __msan_chain_origin+0x50/0x90 [ 433.875214][T10106] rmd256_transform+0x434e/0x4440 [ 433.880223][T10106] rmd256_update+0x343/0x4f0 [ 433.884884][T10106] crypto_shash_update+0x4e9/0x550 [ 433.889976][T10106] shash_async_update+0x113/0x1d0 [ 433.894986][T10106] hash_sendpage+0x8ef/0xdf0 [ 433.899563][T10106] sock_sendpage+0x1e1/0x2c0 [ 433.904138][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 433.908974][T10106] __splice_from_pipe+0x565/0xf00 [ 433.913982][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 433.919425][T10106] direct_splice_actor+0x1fd/0x580 [ 433.924524][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 433.929971][T10106] do_splice_direct+0x342/0x580 [ 433.934805][T10106] do_sendfile+0x101b/0x1d40 [ 433.939377][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 433.944559][T10106] __x64_sys_sendfile64+0x56/0x70 [ 433.949564][T10106] do_syscall_64+0xb0/0x150 [ 433.954053][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.959920][T10106] [ 433.962228][T10106] Uninit was stored to memory at: [ 433.967237][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 433.972941][T10106] __msan_chain_origin+0x50/0x90 [ 433.977864][T10106] rmd256_transform+0x434e/0x4440 [ 433.982872][T10106] rmd256_update+0x227/0x4f0 [ 433.987446][T10106] crypto_shash_update+0x4e9/0x550 [ 433.992539][T10106] shash_async_update+0x113/0x1d0 [ 433.997547][T10106] hash_sendpage+0x8ef/0xdf0 [ 434.002126][T10106] sock_sendpage+0x1e1/0x2c0 [ 434.006702][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 434.011537][T10106] __splice_from_pipe+0x565/0xf00 [ 434.016548][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 434.021991][T10106] direct_splice_actor+0x1fd/0x580 [ 434.027083][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 434.032441][T10106] do_splice_direct+0x342/0x580 [ 434.037272][T10106] do_sendfile+0x101b/0x1d40 [ 434.041847][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 434.046945][T10106] __x64_sys_sendfile64+0x56/0x70 [ 434.051953][T10106] do_syscall_64+0xb0/0x150 [ 434.056441][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.062323][T10106] [ 434.064630][T10106] Uninit was stored to memory at: [ 434.069642][T10106] kmsan_internal_chain_origin+0xad/0x130 [ 434.075347][T10106] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 434.081309][T10106] kmsan_memcpy_metadata+0xb/0x10 [ 434.086316][T10106] __msan_memcpy+0x43/0x50 [ 434.090718][T10106] rmd256_update+0x1fc/0x4f0 [ 434.095289][T10106] crypto_shash_update+0x4e9/0x550 [ 434.100382][T10106] shash_async_update+0x113/0x1d0 [ 434.105392][T10106] hash_sendpage+0x8ef/0xdf0 [ 434.109965][T10106] sock_sendpage+0x1e1/0x2c0 [ 434.114537][T10106] pipe_to_sendpage+0x38c/0x4c0 [ 434.119374][T10106] __splice_from_pipe+0x565/0xf00 [ 434.124386][T10106] generic_splice_sendpage+0x1d5/0x2d0 [ 434.129841][T10106] direct_splice_actor+0x1fd/0x580 [ 434.134938][T10106] splice_direct_to_actor+0x6b2/0xf50 [ 434.140295][T10106] do_splice_direct+0x342/0x580 [ 434.145135][T10106] do_sendfile+0x101b/0x1d40 [ 434.149709][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 434.154802][T10106] __x64_sys_sendfile64+0x56/0x70 [ 434.159812][T10106] do_syscall_64+0xb0/0x150 [ 434.164303][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.170172][T10106] [ 434.172567][T10106] Uninit was created at: [ 434.176795][T10106] kmsan_save_stack_with_flags+0x3c/0x90 [ 434.182412][T10106] kmsan_alloc_page+0xb9/0x180 [ 434.187177][T10106] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 434.192705][T10106] alloc_pages_current+0x672/0x990 [ 434.197800][T10106] push_pipe+0x605/0xb70 [ 434.202025][T10106] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 434.207744][T10106] do_splice_to+0x4fc/0x14f0 [ 434.212324][T10106] splice_direct_to_actor+0x45c/0xf50 [ 434.217678][T10106] do_splice_direct+0x342/0x580 [ 434.222598][T10106] do_sendfile+0x101b/0x1d40 [ 434.227186][T10106] __se_sys_sendfile64+0x2bb/0x360 [ 434.232277][T10106] __x64_sys_sendfile64+0x56/0x70 [ 434.237287][T10106] do_syscall_64+0xb0/0x150 [ 434.241775][T10106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:19 executing program 3: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f00000000c0)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000180)={0x0}) r1 = syz_open_procfs(r0, &(0x7f0000000000)='gid_map\x00') getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) lseek(r1, 0x5, 0x0) 19:19:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@newlink={0x48, 0x10, 0xffffff1f, 0x20002, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb, 0x1, 'gretap\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @private=0x81}]}}}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x48}}, 0x0) 19:19:20 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/237) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000040)=0x8d) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000180)={0x4, 0x20, 0x0, r0, 0x0, &(0x7f0000000140)={0x9e0906, 0xffffffc0, [], @p_u8=&(0x7f0000000100)=0x1}}) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd0f969341", 0x6}], 0x1, 0x0) 19:19:20 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 435.185876][T10132] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 435.276914][T10132] not chained 210000 origins [ 435.281556][T10132] CPU: 1 PID: 10132 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 435.290234][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.300294][T10132] Call Trace: [ 435.303597][T10132] dump_stack+0x1df/0x240 [ 435.307940][T10132] kmsan_internal_chain_origin+0x6f/0x130 [ 435.313675][T10132] ? is_module_text_address+0x4d/0x2a0 [ 435.319128][T10132] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 435.324925][T10132] ? __kernel_text_address+0x171/0x2d0 [ 435.330372][T10132] ? unwind_get_return_address+0x8c/0x130 [ 435.336179][T10132] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.342240][T10132] ? arch_stack_walk+0x2a2/0x3e0 [ 435.347254][T10132] ? stack_trace_save+0x1a0/0x1a0 [ 435.352293][T10132] ? kmsan_get_metadata+0x4f/0x180 [ 435.357395][T10132] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 435.363215][T10132] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 435.369267][T10132] ? stack_trace_save+0x123/0x1a0 [ 435.374284][T10132] ? kmsan_get_metadata+0x11d/0x180 [ 435.379470][T10132] __msan_chain_origin+0x50/0x90 [ 435.384397][T10132] rmd256_transform+0x434e/0x4440 [ 435.389423][T10132] ? sock_kzfree_s+0x7f/0x100 [ 435.394110][T10132] rmd256_update+0x343/0x4f0 [ 435.398691][T10132] ? rmd256_init+0x260/0x260 [ 435.403266][T10132] crypto_shash_update+0x4e9/0x550 [ 435.408365][T10132] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 435.414515][T10132] ? crypto_hash_walk_first+0x1fd/0x360 [ 435.420045][T10132] ? kmsan_get_metadata+0x4f/0x180 [ 435.425142][T10132] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 435.430931][T10132] shash_async_update+0x113/0x1d0 [ 435.436043][T10132] ? shash_async_init+0x1e0/0x1e0 [ 435.441067][T10132] hash_sendpage+0x8ef/0xdf0 [ 435.445650][T10132] ? hash_recvmsg+0xd30/0xd30 [ 435.450331][T10132] sock_sendpage+0x1e1/0x2c0 [ 435.454916][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 435.459750][T10132] ? sock_fasync+0x250/0x250 [ 435.464343][T10132] __splice_from_pipe+0x565/0xf00 [ 435.469358][T10132] ? generic_splice_sendpage+0x2d0/0x2d0 [ 435.475009][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 435.480481][T10132] ? iter_file_splice_write+0x1800/0x1800 [ 435.486202][T10132] direct_splice_actor+0x1fd/0x580 [ 435.491325][T10132] ? kmsan_get_metadata+0x4f/0x180 [ 435.496428][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 435.501788][T10132] ? do_splice_direct+0x580/0x580 [ 435.506818][T10132] do_splice_direct+0x342/0x580 [ 435.511910][T10132] do_sendfile+0x101b/0x1d40 [ 435.516864][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 435.521972][T10132] ? kmsan_get_metadata+0x4f/0x180 [ 435.527076][T10132] __x64_sys_sendfile64+0x56/0x70 [ 435.532091][T10132] do_syscall_64+0xb0/0x150 [ 435.536586][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.542463][T10132] RIP: 0033:0x45c1d9 [ 435.546336][T10132] Code: Bad RIP value. [ 435.550381][T10132] RSP: 002b:00007fe8d5c8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 435.558778][T10132] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 435.566737][T10132] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005 [ 435.574694][T10132] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 435.582651][T10132] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 435.590612][T10132] R13: 0000000000c9fb6f R14: 00007fe8d5c8d9c0 R15: 000000000078bf0c [ 435.598580][T10132] Uninit was stored to memory at: [ 435.603600][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 435.609308][T10132] __msan_chain_origin+0x50/0x90 [ 435.614241][T10132] rmd256_transform+0x434e/0x4440 [ 435.619249][T10132] rmd256_update+0x343/0x4f0 [ 435.623829][T10132] crypto_shash_update+0x4e9/0x550 [ 435.628920][T10132] shash_async_update+0x113/0x1d0 [ 435.633929][T10132] hash_sendpage+0x8ef/0xdf0 [ 435.638592][T10132] sock_sendpage+0x1e1/0x2c0 [ 435.643169][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 435.648004][T10132] __splice_from_pipe+0x565/0xf00 [ 435.653010][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 435.658453][T10132] direct_splice_actor+0x1fd/0x580 [ 435.663548][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 435.668903][T10132] do_splice_direct+0x342/0x580 [ 435.673760][T10132] do_sendfile+0x101b/0x1d40 [ 435.678434][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 435.683535][T10132] __x64_sys_sendfile64+0x56/0x70 [ 435.688556][T10132] do_syscall_64+0xb0/0x150 [ 435.693047][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.698928][T10132] [ 435.701260][T10132] Uninit was stored to memory at: [ 435.706280][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 435.712009][T10132] __msan_chain_origin+0x50/0x90 [ 435.716934][T10132] rmd256_transform+0x434e/0x4440 [ 435.721941][T10132] rmd256_update+0x343/0x4f0 [ 435.726514][T10132] crypto_shash_update+0x4e9/0x550 [ 435.731606][T10132] shash_async_update+0x113/0x1d0 [ 435.736613][T10132] hash_sendpage+0x8ef/0xdf0 [ 435.741284][T10132] sock_sendpage+0x1e1/0x2c0 [ 435.745879][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 435.750728][T10132] __splice_from_pipe+0x565/0xf00 [ 435.755761][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 435.761202][T10132] direct_splice_actor+0x1fd/0x580 [ 435.766297][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 435.771651][T10132] do_splice_direct+0x342/0x580 [ 435.776485][T10132] do_sendfile+0x101b/0x1d40 [ 435.781065][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 435.786158][T10132] __x64_sys_sendfile64+0x56/0x70 [ 435.791167][T10132] do_syscall_64+0xb0/0x150 [ 435.795654][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.801539][T10132] [ 435.803853][T10132] Uninit was stored to memory at: [ 435.808864][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 435.814567][T10132] __msan_chain_origin+0x50/0x90 [ 435.819488][T10132] rmd256_transform+0x434e/0x4440 [ 435.824497][T10132] rmd256_update+0x343/0x4f0 [ 435.829071][T10132] crypto_shash_update+0x4e9/0x550 [ 435.834166][T10132] shash_async_update+0x113/0x1d0 [ 435.839172][T10132] hash_sendpage+0x8ef/0xdf0 [ 435.843762][T10132] sock_sendpage+0x1e1/0x2c0 [ 435.848339][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 435.853173][T10132] __splice_from_pipe+0x565/0xf00 [ 435.858181][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 435.863625][T10132] direct_splice_actor+0x1fd/0x580 [ 435.868720][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 435.874085][T10132] do_splice_direct+0x342/0x580 [ 435.878919][T10132] do_sendfile+0x101b/0x1d40 [ 435.883491][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 435.888587][T10132] __x64_sys_sendfile64+0x56/0x70 [ 435.893596][T10132] do_syscall_64+0xb0/0x150 [ 435.898083][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.903949][T10132] [ 435.906258][T10132] Uninit was stored to memory at: [ 435.911270][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 435.916978][T10132] __msan_chain_origin+0x50/0x90 [ 435.921904][T10132] rmd256_transform+0x434e/0x4440 [ 435.926915][T10132] rmd256_update+0x343/0x4f0 [ 435.931498][T10132] crypto_shash_update+0x4e9/0x550 [ 435.936591][T10132] shash_async_update+0x113/0x1d0 [ 435.941597][T10132] hash_sendpage+0x8ef/0xdf0 [ 435.946172][T10132] sock_sendpage+0x1e1/0x2c0 [ 435.950746][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 435.955583][T10132] __splice_from_pipe+0x565/0xf00 [ 435.960600][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 435.966044][T10132] direct_splice_actor+0x1fd/0x580 [ 435.971141][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 435.976505][T10132] do_splice_direct+0x342/0x580 [ 435.981343][T10132] do_sendfile+0x101b/0x1d40 [ 435.985919][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 435.991014][T10132] __x64_sys_sendfile64+0x56/0x70 [ 435.996027][T10132] do_syscall_64+0xb0/0x150 [ 436.001125][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.006994][T10132] [ 436.009407][T10132] Uninit was stored to memory at: [ 436.014438][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 436.020148][T10132] __msan_chain_origin+0x50/0x90 [ 436.025073][T10132] rmd256_transform+0x434e/0x4440 [ 436.030083][T10132] rmd256_update+0x343/0x4f0 [ 436.034658][T10132] crypto_shash_update+0x4e9/0x550 [ 436.039750][T10132] shash_async_update+0x113/0x1d0 [ 436.044761][T10132] hash_sendpage+0x8ef/0xdf0 [ 436.049341][T10132] sock_sendpage+0x1e1/0x2c0 [ 436.053920][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 436.058754][T10132] __splice_from_pipe+0x565/0xf00 [ 436.063774][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 436.069219][T10132] direct_splice_actor+0x1fd/0x580 [ 436.074332][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 436.079686][T10132] do_splice_direct+0x342/0x580 [ 436.084519][T10132] do_sendfile+0x101b/0x1d40 [ 436.089093][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 436.094187][T10132] __x64_sys_sendfile64+0x56/0x70 [ 436.099202][T10132] do_syscall_64+0xb0/0x150 [ 436.103694][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.109565][T10132] [ 436.111873][T10132] Uninit was stored to memory at: [ 436.116899][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 436.122619][T10132] __msan_chain_origin+0x50/0x90 [ 436.127631][T10132] rmd256_transform+0x434e/0x4440 [ 436.132651][T10132] rmd256_update+0x227/0x4f0 [ 436.137224][T10132] crypto_shash_update+0x4e9/0x550 [ 436.142320][T10132] shash_async_update+0x113/0x1d0 [ 436.147327][T10132] hash_sendpage+0x8ef/0xdf0 [ 436.151905][T10132] sock_sendpage+0x1e1/0x2c0 [ 436.156481][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 436.161315][T10132] __splice_from_pipe+0x565/0xf00 [ 436.166325][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 436.171768][T10132] direct_splice_actor+0x1fd/0x580 [ 436.176867][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 436.182224][T10132] do_splice_direct+0x342/0x580 [ 436.187060][T10132] do_sendfile+0x101b/0x1d40 [ 436.191636][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 436.196734][T10132] __x64_sys_sendfile64+0x56/0x70 [ 436.201743][T10132] do_syscall_64+0xb0/0x150 [ 436.206251][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.212135][T10132] [ 436.214447][T10132] Uninit was stored to memory at: [ 436.219998][T10132] kmsan_internal_chain_origin+0xad/0x130 [ 436.225707][T10132] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 436.231670][T10132] kmsan_memcpy_metadata+0xb/0x10 [ 436.236679][T10132] __msan_memcpy+0x43/0x50 [ 436.241083][T10132] rmd256_update+0x412/0x4f0 [ 436.245654][T10132] crypto_shash_update+0x4e9/0x550 [ 436.250747][T10132] shash_async_update+0x113/0x1d0 [ 436.255757][T10132] hash_sendpage+0x8ef/0xdf0 [ 436.260352][T10132] sock_sendpage+0x1e1/0x2c0 [ 436.264929][T10132] pipe_to_sendpage+0x38c/0x4c0 [ 436.269763][T10132] __splice_from_pipe+0x565/0xf00 [ 436.274774][T10132] generic_splice_sendpage+0x1d5/0x2d0 [ 436.280218][T10132] direct_splice_actor+0x1fd/0x580 [ 436.285318][T10132] splice_direct_to_actor+0x6b2/0xf50 [ 436.290675][T10132] do_splice_direct+0x342/0x580 [ 436.295509][T10132] do_sendfile+0x101b/0x1d40 [ 436.300096][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 436.305992][T10132] __x64_sys_sendfile64+0x56/0x70 [ 436.311003][T10132] do_syscall_64+0xb0/0x150 [ 436.315492][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.321359][T10132] [ 436.323666][T10132] Uninit was created at: [ 436.327893][T10132] kmsan_save_stack_with_flags+0x3c/0x90 [ 436.333508][T10132] kmsan_alloc_page+0xb9/0x180 [ 436.338252][T10132] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 436.343812][T10132] alloc_pages_current+0x672/0x990 [ 436.348907][T10132] push_pipe+0x605/0xb70 [ 436.353155][T10132] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 436.358860][T10132] do_splice_to+0x4fc/0x14f0 [ 436.363432][T10132] splice_direct_to_actor+0x45c/0xf50 [ 436.368789][T10132] do_splice_direct+0x342/0x580 [ 436.373640][T10132] do_sendfile+0x101b/0x1d40 [ 436.378236][T10132] __se_sys_sendfile64+0x2bb/0x360 [ 436.383334][T10132] __x64_sys_sendfile64+0x56/0x70 [ 436.388344][T10132] do_syscall_64+0xb0/0x150 [ 436.392838][T10132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.438705][T10134] netlink: 'syz-executor.2': attribute type 11 has an invalid length. 19:19:22 executing program 3: getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000600)={r0, @in={{0x2, 0x4e22, @loopback}}, 0x6, 0x9, 0xf9e, 0x5978999c, 0x24, 0xeecf, 0x7f}, 0x9c) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x2, 0x3, 0x2) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd126560000000049d2e181baf9450000953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360127ec60cb274ea524347d37dcb84900da971f7ee096d74c92e34bd5522d45cc36c2442eac2d224609aba9e60000000000000000000000002000d3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93980db1db00b419ce38d76109f7a4c37d64ca0cd80de1ba0c2974017ca4a8708f7a1f6885f986a1ad1fb11f8c2e7344000000000000"], 0xd3) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000400)=0x1, 0x4) ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, &(0x7f0000000580)={0xa, &(0x7f0000000540)=[0x5, 0x5, 0x4, 0x96, 0x0, 0x31, 0x0, 0x0, 0x6, 0x4]}) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r3, 0x5502) sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0xde93447fa804facd}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYRES16=r3, @ANYBLOB="fe6ed37d5c87b000d06d7d5b0c3173ead23c3f88b7b783e163f22d1fb0565bb3069c64916ce4f984ca315d5a555342aaf81cff000000000000007c71ad7af9e8c7389121d3587dbe8c2ed97f892b47fc968113c96f199acb4b835bd7bf50e387e7b83a3c340477a9020c0e", @ANYRESDEC, @ANYRES16, @ANYRES32, @ANYRESHEX, @ANYRESHEX], 0x3c}}, 0x20008010) sync() 19:19:22 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0xb8, 0x4) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:22 executing program 1: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="240000001e005f031400fffffffffff8070037b2b3448647a0e09658dc000208000800ff", 0xfdd6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001840)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x34, r3, 0xd34c83bbe0ec6c25, 0x0, 0x0, {}, [@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000700)={0x150, r3, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc}, {0xc, 0x90, 0x4}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x7}, {0xc}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x100}, {0xc, 0x90, 0xfffffffffffffff8}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0xb35}, {0xc, 0x90, 0x5}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x1e5}, {0xc, 0x90, 0x8}}]}, 0x150}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000140)) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x140, 0x0) r5 = shmget$private(0x0, 0x2000, 0x1, &(0x7f0000ffe000/0x2000)=nil) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000000)={0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) shmctl$IPC_RMID(r5, 0x0) recvmmsg(r0, &(0x7f0000005180), 0x193, 0x40010042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') r7 = creat(&(0x7f0000000240)='./file0\x00', 0x106) sendmsg$TIPC_CMD_SET_NODE_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x24, r6, 0x0, 0x0, 0x2, {{}, {}, {0x8}}}, 0x24}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r6, 0x800, 0x70bd28, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x0, @bearer=@udp='udp:syz1\x00'}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4008801}, 0x8c0) [ 438.071306][T10147] capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) [ 438.139100][ C1] sd 0:0:1:0: [sg0] tag#422 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 438.149661][ C1] sd 0:0:1:0: [sg0] tag#422 CDB: Test Unit Ready [ 438.156332][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.166060][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.175812][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.185555][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.195293][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.205043][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.214794][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.224537][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.234282][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.244022][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.253772][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.263519][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 438.273255][ C1] sd 0:0:1:0: [sg0] tag#422 CDB[c0]: 00 00 00 00 00 00 00 00 [ 438.294448][T10148] input: syz0 as /devices/virtual/input/input5 [ 438.337461][T10152] not chained 220000 origins [ 438.342111][T10152] CPU: 0 PID: 10152 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 438.350778][T10152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.360829][T10152] Call Trace: [ 438.364124][T10152] dump_stack+0x1df/0x240 [ 438.368458][T10152] kmsan_internal_chain_origin+0x6f/0x130 [ 438.374176][T10152] ? kmsan_get_metadata+0x4f/0x180 [ 438.379287][T10152] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 438.385179][T10152] ? __msan_poison_alloca+0xf0/0x120 [ 438.390466][T10152] ? kmsan_get_metadata+0x11d/0x180 [ 438.395670][T10152] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 438.401475][T10152] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 438.407544][T10152] ? kfree+0x61/0x30f0 [ 438.411615][T10152] ? kmsan_get_metadata+0x4f/0x180 [ 438.416728][T10152] ? kmsan_set_origin_checked+0x95/0xf0 [ 438.422272][T10152] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 438.428341][T10152] ? _copy_from_user+0x15b/0x260 [ 438.433362][T10152] ? kmsan_get_metadata+0x4f/0x180 [ 438.438473][T10152] __msan_chain_origin+0x50/0x90 [ 438.443418][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.448100][T10152] ? __msan_poison_alloca+0xf0/0x120 [ 438.453400][T10152] ? __se_sys_recvmmsg+0xac/0x350 [ 438.458423][T10152] ? __se_sys_recvmmsg+0xac/0x350 [ 438.463447][T10152] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 438.469342][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.474285][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.479136][T10152] do_syscall_64+0xb0/0x150 [ 438.483644][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.489527][T10152] RIP: 0033:0x45c1d9 [ 438.493411][T10152] Code: Bad RIP value. [ 438.497504][T10152] RSP: 002b:00007f22a3158c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 438.505914][T10152] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 438.513882][T10152] RDX: 0000000000000193 RSI: 0000000020005180 RDI: 0000000000000003 [ 438.521858][T10152] RBP: 000000000078c090 R08: 0000000000000000 R09: 0000000000000000 [ 438.529829][T10152] R10: 0000000040010042 R11: 0000000000000246 R12: 000000000078c04c [ 438.537801][T10152] R13: 0000000000c9fb6f R14: 00007f22a31599c0 R15: 000000000078c04c [ 438.545778][T10152] Uninit was stored to memory at: [ 438.550807][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.556529][T10152] __msan_chain_origin+0x50/0x90 [ 438.561467][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.566053][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.570992][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.575844][T10152] do_syscall_64+0xb0/0x150 [ 438.580350][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.586251][T10152] [ 438.588574][T10152] Uninit was stored to memory at: [ 438.593599][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.599316][T10152] __msan_chain_origin+0x50/0x90 [ 438.604280][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.608913][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.613853][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.618708][T10152] do_syscall_64+0xb0/0x150 [ 438.623281][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.629314][T10152] [ 438.631646][T10152] Uninit was stored to memory at: [ 438.636729][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.643146][T10152] __msan_chain_origin+0x50/0x90 [ 438.648087][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.652676][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.657610][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.662461][T10152] do_syscall_64+0xb0/0x150 [ 438.666966][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.672930][T10152] [ 438.675248][T10152] Uninit was stored to memory at: [ 438.680273][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.685992][T10152] __msan_chain_origin+0x50/0x90 [ 438.690960][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.695552][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.700488][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.705343][T10152] do_syscall_64+0xb0/0x150 [ 438.709913][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.715937][T10152] [ 438.718260][T10152] Uninit was stored to memory at: [ 438.723305][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.729026][T10152] __msan_chain_origin+0x50/0x90 [ 438.734096][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.738837][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.743803][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.748738][T10152] do_syscall_64+0xb0/0x150 [ 438.753241][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.759132][T10152] [ 438.761458][T10152] Uninit was stored to memory at: [ 438.766484][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.772200][T10152] __msan_chain_origin+0x50/0x90 [ 438.777137][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.781723][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.786667][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.791647][T10152] do_syscall_64+0xb0/0x150 [ 438.796290][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.802433][T10152] [ 438.805557][T10152] Uninit was stored to memory at: [ 438.810582][T10152] kmsan_internal_chain_origin+0xad/0x130 [ 438.816373][T10152] __msan_chain_origin+0x50/0x90 [ 438.821306][T10152] do_recvmmsg+0x105a/0x1ee0 [ 438.825913][T10152] __se_sys_recvmmsg+0x1d1/0x350 [ 438.830849][T10152] __x64_sys_recvmmsg+0x62/0x80 [ 438.835788][T10152] do_syscall_64+0xb0/0x150 [ 438.840284][T10152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.846161][T10152] [ 438.848482][T10152] Local variable ----msg_sys@do_recvmmsg created at: [ 438.855154][T10152] do_recvmmsg+0xc5/0x1ee0 [ 438.859565][T10152] do_recvmmsg+0xc5/0x1ee0 19:19:24 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 439.094381][T10166] input: syz0 as /devices/virtual/input/input6 19:19:24 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[], 0xa) close(0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x10) getsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000080), &(0x7f00000001c0)=0x8) write(0xffffffffffffffff, &(0x7f0000000180)="2000000012005f0214f9f407000000000a", 0x11) statx(0xffffffffffffffff, &(0x7f0000000180)='.\x00', 0x0, 0x0, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000380)="f98ac693ce6908", 0x7}], 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(0xffffffffffffffff, r6, 0x0, 0x1000007ffff000) bind$isdn(0xffffffffffffffff, &(0x7f0000000240)={0x22, 0xfc, 0x9, 0xff, 0x4}, 0x6) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f0000000100)) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 439.396142][ C1] sd 0:0:1:0: [sg0] tag#431 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 439.406872][ C1] sd 0:0:1:0: [sg0] tag#431 CDB: Test Unit Ready [ 439.414595][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.424675][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.434482][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.444510][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.454255][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.464149][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.474114][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.484119][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.493918][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.503722][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.513636][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.523521][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.533636][ C1] sd 0:0:1:0: [sg0] tag#431 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:25 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000800)=ANY=[@ANYBLOB="280000002100010000000000000000000a00008000000000000000f80b001080080000007f000001"], 0x28}], 0x1}, 0x0) [ 439.723507][T10178] netlink: 'syz-executor.2': attribute type 16 has an invalid length. [ 439.745048][T10178] netlink: 'syz-executor.2': attribute type 16 has an invalid length. 19:19:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x80, &(0x7f0000000180)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, @perf_config_ext={0x3, 0x6}, 0x800, 0x0, 0x0, 0x0, 0x6, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x18b145) write$binfmt_misc(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000e703ffff633b27e59aa14617560000000049d2e181baf9459c5c953948c6801d2c0945c08b45f1fc0e000000000765387245d75ee8f8acfacc1c5e1520e3ef44c279a48a6dd1477bc12fd514b4fe80812d274014ae40b8ae4f2a88e2fbea7b1f488505ddd46e9930a938817fd7299f385a9c592f5ba5489ebf625c7a15c73686ad516ab6c29eaa55ff95c26c14f1309a94895a81276bc1ca19499cb6e0d1ade8f98937b6251497aaf8cfeccdc3b75bfdb0ec6a808a1a4ed716acdc98963f6ae26bf6ae2a0816a714b685eb28292e638f9c9e792628eb399db24e08c672d5510ca3fbc7953fd195b54b908bb930400c7a078fd6daea73643eb4e23a5a8758e10aeb59ce"], 0xd3) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x11) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0x4) ioctl$UI_DEV_DESTROY(r1, 0x5502) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4001fd) ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f0000000100)=0x9) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x15, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) 19:19:25 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 440.017981][ C1] sd 0:0:1:0: [sg0] tag#384 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 440.028768][ C1] sd 0:0:1:0: [sg0] tag#384 CDB: Test Unit Ready [ 440.035442][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.046044][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.055895][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.065791][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.075538][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.085423][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.095187][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.105147][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.114913][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.124759][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.134508][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.144258][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 440.153995][ C1] sd 0:0:1:0: [sg0] tag#384 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:25 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:26 executing program 2: socket$kcm(0x2, 0x3, 0x2) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x2980, 0x2, 0xb8d, 0x3, 0x6, 0x5, 0x200, 0xffffffff, 0x10001, 0xa0, 0xe7, 0x6, 0xe5fa, 0x4, 0x401, 0x6], 0x4, 0x50104}) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="4c000000150041f87059ae08060c040002ff0f02000000000000018701546fabca1b4e7d06a6e74703c48f93b82a0000000000000000a5e54e0000000300000000", 0x41}, {&(0x7f0000000300)="4d999e6effc4548cbffb2f", 0xb}], 0x2}, 0x0) 19:19:26 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 440.683720][T10198] not chained 230000 origins [ 440.688457][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 440.697235][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.707311][T10198] Call Trace: [ 440.710627][T10198] dump_stack+0x1df/0x240 [ 440.714975][T10198] kmsan_internal_chain_origin+0x6f/0x130 [ 440.720803][T10198] ? is_module_text_address+0x4d/0x2a0 [ 440.726374][T10198] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 440.732218][T10198] ? __kernel_text_address+0x171/0x2d0 [ 440.737793][T10198] ? unwind_get_return_address+0x8c/0x130 [ 440.743532][T10198] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 440.749723][T10198] ? arch_stack_walk+0x2a2/0x3e0 [ 440.754682][T10198] ? stack_trace_save+0x1a0/0x1a0 [ 440.759728][T10198] ? kmsan_get_metadata+0x4f/0x180 [ 440.764898][T10198] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 440.770730][T10198] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 440.776851][T10198] ? stack_trace_save+0x123/0x1a0 [ 440.781889][T10198] ? kmsan_get_metadata+0x11d/0x180 [ 440.787232][T10198] __msan_chain_origin+0x50/0x90 [ 440.792283][T10198] rmd256_transform+0x43e9/0x4440 [ 440.797381][T10198] rmd256_update+0x343/0x4f0 [ 440.801998][T10198] ? rmd256_init+0x260/0x260 [ 440.806608][T10198] crypto_shash_update+0x4e9/0x550 [ 440.811748][T10198] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 440.817944][T10198] ? crypto_hash_walk_first+0x1fd/0x360 [ 440.823511][T10198] ? kmsan_get_metadata+0x4f/0x180 [ 440.828642][T10198] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 440.834469][T10198] shash_async_update+0x113/0x1d0 [ 440.839542][T10198] ? shash_async_init+0x1e0/0x1e0 [ 440.844984][T10198] hash_sendpage+0x8ef/0xdf0 [ 440.849603][T10198] ? hash_recvmsg+0xd30/0xd30 [ 440.854298][T10198] sock_sendpage+0x1e1/0x2c0 [ 440.861706][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 440.866705][T10198] ? sock_fasync+0x250/0x250 [ 440.871331][T10198] __splice_from_pipe+0x565/0xf00 [ 440.876383][T10198] ? generic_splice_sendpage+0x2d0/0x2d0 [ 440.882188][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 440.887677][T10198] ? iter_file_splice_write+0x1800/0x1800 [ 440.893420][T10198] direct_splice_actor+0x1fd/0x580 [ 440.898560][T10198] ? kmsan_get_metadata+0x4f/0x180 [ 440.903888][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 440.909284][T10198] ? do_splice_direct+0x580/0x580 [ 440.914350][T10198] do_splice_direct+0x342/0x580 [ 440.919263][T10198] do_sendfile+0x101b/0x1d40 [ 440.923907][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 440.929045][T10198] ? kmsan_get_metadata+0x4f/0x180 [ 440.934300][T10198] __x64_sys_sendfile64+0x56/0x70 [ 440.939346][T10198] do_syscall_64+0xb0/0x150 [ 440.943873][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 440.949757][T10198] RIP: 0033:0x45c1d9 [ 440.953639][T10198] Code: Bad RIP value. [ 440.957696][T10198] RSP: 002b:00007fe8d5c8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 440.966187][T10198] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 440.974156][T10198] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 440.982122][T10198] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 440.990095][T10198] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 440.998064][T10198] R13: 0000000000c9fb6f R14: 00007fe8d5c8d9c0 R15: 000000000078bf0c [ 441.006121][T10198] Uninit was stored to memory at: [ 441.011153][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.016866][T10198] __msan_chain_origin+0x50/0x90 [ 441.021801][T10198] rmd256_transform+0x43e9/0x4440 [ 441.026824][T10198] rmd256_update+0x343/0x4f0 [ 441.031410][T10198] crypto_shash_update+0x4e9/0x550 [ 441.036513][T10198] shash_async_update+0x113/0x1d0 [ 441.041654][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.046243][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.050832][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.055688][T10198] __splice_from_pipe+0x565/0xf00 [ 441.060770][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.066226][T10198] direct_splice_actor+0x1fd/0x580 [ 441.071391][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.076761][T10198] do_splice_direct+0x342/0x580 [ 441.081656][T10198] do_sendfile+0x101b/0x1d40 [ 441.086331][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.091438][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.096546][T10198] do_syscall_64+0xb0/0x150 [ 441.101046][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.107037][T10198] [ 441.109401][T10198] Uninit was stored to memory at: [ 441.114684][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.120468][T10198] __msan_chain_origin+0x50/0x90 [ 441.125404][T10198] rmd256_transform+0x43e9/0x4440 [ 441.130420][T10198] rmd256_update+0x343/0x4f0 [ 441.135008][T10198] crypto_shash_update+0x4e9/0x550 [ 441.140110][T10198] shash_async_update+0x113/0x1d0 [ 441.145132][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.149724][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.154400][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.159244][T10198] __splice_from_pipe+0x565/0xf00 [ 441.164378][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.169838][T10198] direct_splice_actor+0x1fd/0x580 [ 441.174945][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.180311][T10198] do_splice_direct+0x342/0x580 [ 441.185208][T10198] do_sendfile+0x101b/0x1d40 [ 441.189788][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.194978][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.200081][T10198] do_syscall_64+0xb0/0x150 [ 441.204580][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.210524][T10198] [ 441.212844][T10198] Uninit was stored to memory at: [ 441.217867][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.223584][T10198] __msan_chain_origin+0x50/0x90 [ 441.228524][T10198] rmd256_transform+0x43e9/0x4440 [ 441.233544][T10198] rmd256_update+0x343/0x4f0 [ 441.238124][T10198] crypto_shash_update+0x4e9/0x550 [ 441.243232][T10198] shash_async_update+0x113/0x1d0 [ 441.248263][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.252848][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.257432][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.262273][T10198] __splice_from_pipe+0x565/0xf00 [ 441.267292][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.272744][T10198] direct_splice_actor+0x1fd/0x580 [ 441.277935][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.283303][T10198] do_splice_direct+0x342/0x580 [ 441.288410][T10198] do_sendfile+0x101b/0x1d40 [ 441.292992][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.298098][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.303195][T10198] do_syscall_64+0xb0/0x150 [ 441.307697][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.313574][T10198] [ 441.315892][T10198] Uninit was stored to memory at: [ 441.320915][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.326719][T10198] __msan_chain_origin+0x50/0x90 [ 441.331741][T10198] rmd256_transform+0x43e9/0x4440 [ 441.336815][T10198] rmd256_update+0x343/0x4f0 [ 441.341396][T10198] crypto_shash_update+0x4e9/0x550 [ 441.346503][T10198] shash_async_update+0x113/0x1d0 [ 441.351519][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.356333][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.360917][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.365762][T10198] __splice_from_pipe+0x565/0xf00 [ 441.370782][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.376236][T10198] direct_splice_actor+0x1fd/0x580 [ 441.381455][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.386822][T10198] do_splice_direct+0x342/0x580 [ 441.391663][T10198] do_sendfile+0x101b/0x1d40 [ 441.396245][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.401393][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.406416][T10198] do_syscall_64+0xb0/0x150 [ 441.410987][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.416865][T10198] [ 441.419186][T10198] Uninit was stored to memory at: [ 441.424266][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.429971][T10198] __msan_chain_origin+0x50/0x90 [ 441.434939][T10198] rmd256_transform+0x43e9/0x4440 [ 441.439959][T10198] rmd256_update+0x343/0x4f0 [ 441.444542][T10198] crypto_shash_update+0x4e9/0x550 [ 441.449647][T10198] shash_async_update+0x113/0x1d0 [ 441.454731][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.459317][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.463901][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.468746][T10198] __splice_from_pipe+0x565/0xf00 [ 441.473767][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.479225][T10198] direct_splice_actor+0x1fd/0x580 [ 441.484333][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.489698][T10198] do_splice_direct+0x342/0x580 [ 441.494753][T10198] do_sendfile+0x101b/0x1d40 [ 441.499345][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.504457][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.509476][T10198] do_syscall_64+0xb0/0x150 [ 441.514093][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.519986][T10198] [ 441.522399][T10198] Uninit was stored to memory at: [ 441.527719][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.533433][T10198] __msan_chain_origin+0x50/0x90 [ 441.538451][T10198] rmd256_transform+0x43e9/0x4440 [ 441.543465][T10198] rmd256_update+0x227/0x4f0 [ 441.548138][T10198] crypto_shash_update+0x4e9/0x550 [ 441.553241][T10198] shash_async_update+0x113/0x1d0 [ 441.558257][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.562843][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.567518][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.575453][T10198] __splice_from_pipe+0x565/0xf00 [ 441.580472][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.585942][T10198] direct_splice_actor+0x1fd/0x580 [ 441.591050][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.596422][T10198] do_splice_direct+0x342/0x580 [ 441.601267][T10198] do_sendfile+0x101b/0x1d40 [ 441.605942][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.611045][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.616068][T10198] do_syscall_64+0xb0/0x150 [ 441.620569][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.626447][T10198] [ 441.628852][T10198] Uninit was stored to memory at: [ 441.633875][T10198] kmsan_internal_chain_origin+0xad/0x130 [ 441.639674][T10198] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 441.645654][T10198] kmsan_memcpy_metadata+0xb/0x10 [ 441.650679][T10198] __msan_memcpy+0x43/0x50 [ 441.655176][T10198] rmd256_update+0x1fc/0x4f0 [ 441.659948][T10198] crypto_shash_update+0x4e9/0x550 [ 441.666629][T10198] shash_async_update+0x113/0x1d0 [ 441.671653][T10198] hash_sendpage+0x8ef/0xdf0 [ 441.676240][T10198] sock_sendpage+0x1e1/0x2c0 [ 441.680912][T10198] pipe_to_sendpage+0x38c/0x4c0 [ 441.685996][T10198] __splice_from_pipe+0x565/0xf00 [ 441.691181][T10198] generic_splice_sendpage+0x1d5/0x2d0 [ 441.696648][T10198] direct_splice_actor+0x1fd/0x580 [ 441.701761][T10198] splice_direct_to_actor+0x6b2/0xf50 [ 441.707132][T10198] do_splice_direct+0x342/0x580 [ 441.711974][T10198] do_sendfile+0x101b/0x1d40 [ 441.716563][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.721667][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.726687][T10198] do_syscall_64+0xb0/0x150 [ 441.731189][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.737073][T10198] [ 441.739391][T10198] Uninit was created at: [ 441.743700][T10198] kmsan_save_stack_with_flags+0x3c/0x90 [ 441.749327][T10198] kmsan_alloc_page+0xb9/0x180 [ 441.754173][T10198] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 441.759802][T10198] alloc_pages_current+0x672/0x990 [ 441.764934][T10198] push_pipe+0x605/0xb70 [ 441.769213][T10198] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 441.774924][T10198] do_splice_to+0x4fc/0x14f0 [ 441.779506][T10198] splice_direct_to_actor+0x45c/0xf50 [ 441.784872][T10198] do_splice_direct+0x342/0x580 [ 441.789721][T10198] do_sendfile+0x101b/0x1d40 [ 441.794304][T10198] __se_sys_sendfile64+0x2bb/0x360 [ 441.799406][T10198] __x64_sys_sendfile64+0x56/0x70 [ 441.804429][T10198] do_syscall_64+0xb0/0x150 [ 441.808928][T10198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) close(r0) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x800, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x4}, 0x68) 19:19:27 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x100, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f0000000040)}, {&(0x7f0000000080)="8a5afa6c49236a7bad0b39ae937a59013bd57c51d06cfcb08dc12a8847ce27472af062b0ee2b13ce3172d34690f4cc2f4625517073a686f053067db79712c3c1a5e259009198e40c9369618ee78248b7adde6408280fa964a6a1c4759877c637276068b8fded47715aadc2689745a6bf6cb1ebe355ff1327f4fcb601f2b03a4533ad2aa53ec6b05b19f8db00722747a358891b1e16c7a63797df65c46907e5c228fa3f6cdac9aeb72048772b1c7e2d13d13cc8da7260dbbe20fb35f8cb248b22ba9492de3a21fe07a6d9dcb2a26c9ed8f45b276005a491cd27f7639903d33d4f01b9eb42b60e52bfb16cf831a2198c6c306af409a7363bd6bd49c5a043", 0xfd}, {&(0x7f0000000180)="bc9250324257eda9dc9d02be262141c626a347f8b8a73c9c999b9e80bb0f96a16edc2b1975de8a0b35f3930e439a3de18a68167322e7c42196539753f0bf8ae66cccdbb10512d38bcd70f907392de0b3db8b9333e9ff78e87a024c39219fbc8d2b39aaf267a3fb1835b944ab", 0x6c}], 0x3) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000000240)) fsetxattr(0xffffffffffffffff, &(0x7f0000000280)=@random={'user.', '/dev/vsock\x00'}, &(0x7f00000002c0)='+}\x00', 0x3, 0x2) ioctl$VIDIOC_DBG_G_CHIP_INFO(r0, 0xc0c85666, &(0x7f0000000300)={{0x4, @addr=0x7}, "a9746141f12fa842a19cb1100d5ba298ab8361de5f6bf0854ab6511c6d8c2ce1", 0x2}) ioctl$VIDIOC_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000400)={0x0, @reserved}) r1 = openat2(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x180c2, 0x104, 0x1}, 0x18) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000740)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x3100048}, 0xc, &(0x7f0000000700)={&(0x7f00000005c0)={0x110, r2, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x40}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffffff5f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10001}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5dc0}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xbae7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x74e0d265}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x4880}, 0x8000) r3 = syz_open_dev$vcsa(&(0x7f0000000780)='/dev/vcsa#\x00', 0xa3, 0x8000) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r3, 0xc008551b, &(0x7f00000007c0)={0x7fffffff, 0x28, [0x0, 0x401, 0x10001, 0x7fffffff, 0x4, 0x6, 0xfffffff7, 0x8, 0x3, 0x4]}) pipe2$9p(&(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000840)) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000880)='/dev/zero\x00', 0x88000, 0x0) openat2(r6, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x98, 0xb}, 0x18) mmap$snddsp_control(&(0x7f0000ffd000/0x2000)=nil, 0x1000, 0x3000000, 0x2010, r3, 0x83000000) r7 = syz_open_dev$vcsa(&(0x7f0000000940)='/dev/vcsa#\x00', 0x101, 0x200600) write$apparmor_exec(r7, &(0x7f0000000980)={'stack ', '+}\x00'}, 0x9) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r5, 0xc0406619, &(0x7f00000009c0)={{0x2, 0x0, @descriptor="550382ec933dad45"}}) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000006, 0x10, r7, 0xffffffff80000001) 19:19:27 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:28 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e20}, 0x10) listen(r0, 0x0) syz_emit_ethernet(0x102c, &(0x7f0000002680)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa008137ffff101e0505ffffffffffffffffffff0000000000007575b6c6c8fc10009a00d016aa271e94ff332beeb7a2589e3e8f09a1a483be708d3386cf49497d79d6e9dce64a26283a59bb467567872a80c24d589be0071906e8f0a5e7e67360e55418cf55388b28f29b9fa4bf4c01bd01dcb1c506ec6680d2956e6bb60d2ef267c6acea91c912b7164585a2e5c5d5f6f828b226a066305ef82b84e783ea368f655ba68f4bda9a2372226edc99bbfb2539028ca941250fec2b36676f05a93185a7033567649bd46b4f055215d586b8d78a08122581122f6dd5dc3405da104d7ae40677457197c302f42008db88c96d90e7dae4f58e48e1edb2500c0816b6414f963b8866923353c2568e439a03114ebf370aa70899746f774a36b27ab71bfb5289336a9385cefd3900d843e3d454f12e65b6fb4757057b0f99d22f4e868cd3fd643d04d7e1f418de0951231cda492061a636d3c3267837d413621749314affeeae850af8af87ac3c57ac570c6d11e5a61371c6d16428fd072e37a9e4b2c92023f0e392b41d4b14de8755e9465207466f22df4b4d610d7ebbe46cbbd06692db1b03ce2c3e667b2d4e6b8fc04302d313a89885d2ba1073780280cd93d60986e030d9c5bfe75e3d2c645ce9bdeb2a09a35bb9bc1d018aa6ea2c59240252640e74468f8a51f79c2daa06cd1edaa9da65807859baa64075227d16955576d78601256244d94773c26b31037c505abcb2dc38d13ce76f9d683ed76c3a2a6736717617f47153fe373635eea148508febd72eac582696aa739d238a4309b0b0c1add01646d8c1b2fef54490d97336ef883724aa5056a8ea8415f72fe4e5084f0cafb2ab4d87f07d02294124a7ada1cbfe8a966b3da7f59138884dde830a95a0f0911a865a5dd93ac25570757b8c5f6af87fb29a36cd170226b45176039629ad8785e211e814a69ebbda95934d052eea34a7506fc16529f7679722c2a3b5f2ba40064f2cae899f9fd9a300185fe8f32d792a2155366965edb282fde2ecb05ea7bec7dbcfaa481f3cef96f812a03988176a1810f8060fa142683c21d090cba314d2d18c8b20df8a189f6bf9090101cbe4dc332d90703ddffcba9531475c3ae3bf6065e461e0d4724ed4383daa27718d403cbc2a4ea2fd83787f4a66a2c37e7d556afc25a9915f9edc1c0a61257f63118b398a1b61fd21bcb64146d6324329803e063e7974418cde0e7db769b9857228a2521dfd72e3572ff8167798b96fde601c821a86e9f571128917078687df5b4d7975448348eb10582091c8d1800f4dbcadf08452affe74d2efe31bcc2f98f4563d87d1a543b71fe869c4331269a7b01c781b7fa63f1d477021a6ef445e1a500dfe2851ebf63f204f710302a108479692d8df434a444519fb1a0bfd97dc694199a5fac60e4bf289936d9efd15b4f70df5587efdf42bfbd43ce0a8e369703b1fcbe717a6e43523a6b1442813e3fb8ace95a1ee63135d6a35fdc75bf8c295a446f7cfe96a09401a9cf173d87a2369044b74e0a44b3171de2c4f7a15adf56c70e1582630cf37e60000000000008877bbd4dae9123aaf7da6d7682f79ac78daaf94843cf1e2774ab128fc7b76bc8fd5f4b0da5f14c935f2e33756662f4c653a01bf6d4bf3b0c6de0f8c1c85263b92c9918f0c0e27465bc920adc35615d658aaf4453d44e5152fa305a65e5604da4ab014a14362ed3a7df2caa89ceb930558ba17487b1b02b2ebe4e712d9a9aaf4cdc769b0f1fd9042d74653185a12c774771c95a6008a5792dd81125d1b22ce5c749a7393ef212adcd8f75f98274e48339163b925f72affce6cb69125cca378caa60d262ddacbed66d293bfc3458be8292b42e47dfb0ecc0fb849c7cf23af4a59dbae4602eeb697c53ab3883ad9e10ad18cc3a38c63def8b4443781806eb7b6377d853713f62bf7bd5a9e7d8c63a54a4a48897886b9b71c3fcb20ba85d423c5abf4d4149253e4a1d543571f2377d0b3b466b64782f1161c3f18d7ef67b0d5b195ee29b87e15d7481859573dad6838908761112da21b459942a758eadd64049deb099cd4748443835e89702fe4b5dc0d6d94d0233d439680ebac614afaa1b3622cbec8987765fd36889be055f99cf0b1307cac22b62a6642138bc357ab39ecda98f4876a5154f10faa42dbf6e44dff3d9b8b0d8fc9d177f3d0208f164702ec825b9d3813d69e12aaa50e89fd02477392bc29c05d332b021dd85c12b30f34498d893173d97655db511754fe63c2ea2eade23544f0e0a8e87ca5102c3d1ba877df208584d099e4e1dcede0400bbd60169b20a7b8a4c3fa0dd2dcf27d442ed18cb82d46d2570d28a71a309d3556b84d2f1b8741981b0b623d4faa155ef410974f4bd61d6a02bc6295624db0f6033ee2c582a6015f0b11a445a6c6b65ca3438cb97718ff1ce6078c2e8049c04d30530ddeb116c5b83059b07525fba93b992b5f2c989d438881fd9c5860b5dd9098a060d0ffc866c08705c358aefc66ab6d717ec22b43fa0d3c2ec551ac9dddac711a024fc33343e9cca7963a063e4d4882553b51d9884ba0aed22cbeb170c3eb38b23295f1db15b4818ef2a0c59589f59cd6acf167608392704e31bc45f51eaf2b0e21fbbe05a6c71ada01ac6e2f99675c7fe5b88b217da9d8df02d2c5559c6fc56469f0aa70833fa9c8c3e4b048a47265d761d9e1412dcde57f8fe874a56fb2408ab9bab5e4702a4f531cf5b7d37a640579679789f735889b09c1f903895e9d98cdf2a221d89ac0f6659b5b4aa684317772f698fc002b3973013d9c02006433e907e8d604c0a177a3a0bea86d4c697bd30476d289a5ead94b843e524b6852c85e10fb13e0ff538a0a7214b897788dcdf748761266eef11e3f9cdd0b710854a459d5aa0f4a8d5527b058745f9453f6c889d51fa03acccf185d50eb1a998faf7c2c383148bf6d586fddf169ada95ed20ee5d96595c1b0a3ae2be68c28296176dfee38c75d22e40ca5499ab573d0d0b8765b64fafb93b38c11186ecb1156b00b8f4ca97e2354162e0c73a956f5a3e6e4b2b7c750ec4b47a8961548db6d89bed1a175ad4bf3950a028b011181acc1d0b722c175d44644e7574aa1a52e6e0c0cd1de27efa8157abe3c256843f23e9e13b69bb94044d1c2a75c6b5adb4777482be68fefd78992b9a4b8d0fc6e0e0f78f57ea962ba93a0044a92f985cb47d9d90a81c0332034925acb3d06e5adc18dfd60c746d9f66046eafd6955466d077605476f900cd90ef9b8684dfc2fe3e283d22864f7e7e58f212749a93c2f3c86f4a854a0261b96b3d1b60084ff710ec6101542cb48a88c64c9e602f6d96c7a49c96287ee6bae46aa655d28712bb4ef3e3a24900de3506dfbf3a11df149d40fec6110ad7c29915db3bd2fd79c59b9afa9d150a3f98ee487fb58aba0b6dddf9f68086666d11d65ea5d42c761fc292507e8a00313b36e78229fb253199c72da32cdc6a1e080e230e270924cebaf7224a3529c9da6742e5d0ca83336f76814056b16b8933b837bff2231ee4245e605331ebff7bfed9d4c6750b16ad3e7729e508c5683b4e7a7bf331c7549847475e24da1c0ffac536f873a9ab80002000000000000c5165bfe5f13cb99811e84be60bbe1c8521c8a79e60302720af9e4a1c0fe6c80e584365b4dfed0bc93e1c9c14cdceee5f44112cf742a92693d76a1dacf83af611179670a2a58a39f44c8398c014c8033e142ef54e6b3255810534f46b0c891fbb043793466b9fb7c4680f644a2a2486e80b5067605ffb0fdee8afeeffaaaa4c94261ff2025c616d0bac6040f94ce484c11663974b7f6cb7f1ff36a0f280fb230120279f3a2a6407fc19760bfe50d8fa59e975a56db472bde0445d8fcc8e1f0b4a84da835c0d7dc2ffc4a6503dbbe5b60b99e78ee3b43500e7d36eadcfc4d0e8b49b6918e13f9b2434775d57273afd138170c7e329677e2b0327cc5b6bb1d02e545d8cdf6b8a0589d5b287af0193b0258117d031968be8d942cafb1b59e2e0d7cf9da02dfbe089271c0de74c3471824c7bfffc2d202945f25c408b4a7c07d453c5e7240aee320b9ea8942328fd36e53f63929b18060c0c11e1178a04c7694aa14cdd8a7701c4c481ca4902a3373de293d16d4562c929cb281b3ef0ffe600970b4de842c47c8b12ae0b6bdbcde7b0f1812af9855a423fda130dd476495c3174eec55a20f5c430fa23321df88aa94f4f9f0b64c1384e738fae90ddbe231b5778ac1044c46361a48d235db9c0142e37b2663c72070955425a193d6de3313020436af8f5d6aff07359865976011484da67d98daf8d44e3b4ba49aafa4e04ee4bad918ad7380ac8fa21f16e62ae4dabb2734ba79815c49f6dbd247dfa10f802337fafa17fe1b5081b86ff76813214f052a859030e181c113da7edbf535545710e9d92373126e4a0c9d4d1caf545b8db767230a53b971a0c2afb93b090e01924bb436a613c3a297846332cc17f519614ae3148f990333f56fed08dcfe6d51760f62c41d7e29a4ca572506f0f854cadf820f6a812e468e56a06c516fa9f04abd2afc42f9549fed3b574856b1842c8e145d5412fe2fced775163e8be8b417232a4cdc6379a6bcc219839836e9730ccbdcdc5940cc23036d6cfd30188dfbdfac96112cc837ca0094278c1fa4c08741ee5b23b43448b108500ca548b55afcf820f755dc4b1b30344eaf956629a9e087a0a82fd46e826656a940846cd21c604c2ec0981787ee58f26f988c47ea4f7dca7e0bce32c243b1a88d2e4934fcb66c3e8695ffd7639ce49cebeaf51b3d370cd2f46bde8cf9a62ff14404c1ef4d8099750a17abb94d69e320b029401a4d156384fe1acd4e0d482317dd0b5611f85f7bc9abb890585f0d699be3f1fe015ec9bb7331998e3429831c41fba75eb74acaf8acfc8a5cc84cc9f36ef472775a57dbb2db7f1d2c7ef37c2205204efb19676729257804a90869dfd6d73ff3c25e5b2f78de4a9709761a7a4efce954b6361ae9d8830b2be64c0e1e51504b351e2810ce4ab8be28a52a3e78d01fa4b8252d508208ebd6b17271a189ebc065941c487bd63985a2b4ec4fcd026743b935e88f503785c2b9561fba9673cfac8cc38957a1aeb9628f113cbe7a4f0ec987c4bd2ddac02eb0de800f05e252a01ba89563e29a94177e86d33b7c703d94b8ea26359ab6ecdbed20d825b8a5a71ab09d39a7e10534aa7d4fc53edf73c6ea406aa60412622cb773052251c84925463e675fc4c50961729d19b1e215e890eeeb5df6cb7cdd54fe0fca418367579c968b8b0845acd3fa1e533ab3f280d29f83650fb722159561e9b46ecbd26224063fc59da4b22ee67e5d4386c3e7bd9803e20acdaee1cb7b5a9dca555af9cd9398a3f3c64179bd26123ea3628d3b51cd3d65e0a7eca26f97babf9576e824e8249317bd5afc017cdfd4ae960034068470d158c2367bd3a73030ee5db0ef914fc873be2a5d3dce1f79c444509f95b06086ba773c198af4a1e49d8d65f8a03d04f6444fa3f014e362ee62011c0c0134444e935af0284edd193d968c3875dcaf8798a072e3687f8d5f4496737c9550ad943b0bfdc4f1224179fe6681d83ee8dcc5ceccb85ad8f6edee62e0f7357ed454140bfaced46cb093c07c769ff933188946b1cc2cdad5531208b3ea26f27ba9cd7c0e878eda8f4df7932c6c6f296ae56c3fe9b6c0338e4fd26f47f9e5e7cf3c19dfab471d1dd0f4b6aa8d624809fc161b47cb029ec6fccbb03f94f7cdce63e48e2350b0da9e9a25f8c4871fbe3b2dbe56871ac1ac5a521f46fa4a4a953fb2a36617644799380c561668e409fa279baa3d706347a897b674e8095247507c85e1bf7ed70ac27237b205702f564c8e9dcb7c7dc763f35c164234e4f74ed8ce7e73d6cd3954c084449659ef771c2eec622b7d8900e42b18510fdd97c9592dd3b50a43080ab88a887a79e328b7c811e97aa75715dc95401e9624c8ae9090d5b58ed93666ac167669d0932d5594f426cc6e95f983468516010beec8f58fd747722329382caf362efdc8d6eabfeea9c5e005d4f62ada9362349cfe6ceb0921046204f185857c94babf0b000062badf2c04d7b9edfcbcc8488d9393079710e64be6bfe63b66a7e0d2cbbea672f8ee1f3e28269d26bb117450db5b34ff040a85058b1ea40c36ddbe85fce7414d80eb8367d5734651754697c4168974726493ef87f9446d0a36e9f9d19bfa48f500"/4426], 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @broadcast}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000100)={'ipvs\x00'}, &(0x7f0000000140)=0x1e) getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x180800) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f00000000c0)) [ 442.768873][T10212] not chained 240000 origins [ 442.773526][T10212] CPU: 0 PID: 10212 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 442.782239][T10212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.792314][T10212] Call Trace: [ 442.795793][T10212] dump_stack+0x1df/0x240 [ 442.800152][T10212] kmsan_internal_chain_origin+0x6f/0x130 [ 442.806014][T10212] ? is_module_text_address+0x4d/0x2a0 [ 442.811585][T10212] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.817427][T10212] ? __kernel_text_address+0x171/0x2d0 [ 442.823002][T10212] ? unwind_get_return_address+0x8c/0x130 [ 442.828956][T10212] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 442.835050][T10212] ? arch_stack_walk+0x2a2/0x3e0 [ 442.840139][T10212] ? stack_trace_save+0x1a0/0x1a0 [ 442.845192][T10212] ? kmsan_get_metadata+0x4f/0x180 [ 442.850370][T10212] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.856175][T10212] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 442.864503][T10212] ? stack_trace_save+0x123/0x1a0 [ 442.869623][T10212] ? kmsan_get_metadata+0x11d/0x180 [ 442.874817][T10212] __msan_chain_origin+0x50/0x90 [ 442.879846][T10212] rmd256_transform+0x442f/0x4440 [ 442.884916][T10212] rmd256_update+0x343/0x4f0 [ 442.889517][T10212] ? rmd256_init+0x260/0x260 [ 442.894113][T10212] crypto_shash_update+0x4e9/0x550 [ 442.899399][T10212] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 442.905654][T10212] ? crypto_hash_walk_first+0x1fd/0x360 [ 442.911960][T10212] ? kmsan_get_metadata+0x4f/0x180 [ 442.917165][T10212] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.922971][T10212] shash_async_update+0x113/0x1d0 [ 442.928103][T10212] ? shash_async_init+0x1e0/0x1e0 [ 442.933143][T10212] hash_sendpage+0x8ef/0xdf0 [ 442.937799][T10212] ? hash_recvmsg+0xd30/0xd30 [ 442.942475][T10212] sock_sendpage+0x1e1/0x2c0 [ 442.947070][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 442.951917][T10212] ? sock_fasync+0x250/0x250 [ 442.956513][T10212] __splice_from_pipe+0x565/0xf00 [ 442.961621][T10212] ? generic_splice_sendpage+0x2d0/0x2d0 [ 442.967267][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 442.972775][T10212] ? iter_file_splice_write+0x1800/0x1800 [ 442.978490][T10212] direct_splice_actor+0x1fd/0x580 [ 442.983605][T10212] ? kmsan_get_metadata+0x4f/0x180 [ 442.988725][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 442.994100][T10212] ? do_splice_direct+0x580/0x580 [ 442.999144][T10212] do_splice_direct+0x342/0x580 [ 443.004008][T10212] do_sendfile+0x101b/0x1d40 [ 443.008668][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.013862][T10212] ? kmsan_get_metadata+0x4f/0x180 [ 443.018975][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.023996][T10212] do_syscall_64+0xb0/0x150 [ 443.028502][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.034390][T10212] RIP: 0033:0x45c1d9 [ 443.038267][T10212] Code: Bad RIP value. [ 443.042329][T10212] RSP: 002b:00007f22a3158c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 443.050821][T10212] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 443.058908][T10212] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 443.067077][T10212] RBP: 000000000078c088 R08: 0000000000000000 R09: 0000000000000000 [ 443.075082][T10212] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078c04c [ 443.083049][T10212] R13: 0000000000c9fb6f R14: 00007f22a31599c0 R15: 000000000078c04c [ 443.091027][T10212] Uninit was stored to memory at: [ 443.096054][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.101761][T10212] __msan_chain_origin+0x50/0x90 [ 443.106701][T10212] rmd256_transform+0x442f/0x4440 [ 443.111727][T10212] rmd256_update+0x343/0x4f0 [ 443.116314][T10212] crypto_shash_update+0x4e9/0x550 [ 443.121573][T10212] shash_async_update+0x113/0x1d0 [ 443.126640][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.131226][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.135819][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.140673][T10212] __splice_from_pipe+0x565/0xf00 [ 443.145694][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.151327][T10212] direct_splice_actor+0x1fd/0x580 [ 443.156430][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.161798][T10212] do_splice_direct+0x342/0x580 [ 443.166643][T10212] do_sendfile+0x101b/0x1d40 [ 443.171241][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.176417][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.181535][T10212] do_syscall_64+0xb0/0x150 [ 443.186186][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.192156][T10212] [ 443.194472][T10212] Uninit was stored to memory at: [ 443.199584][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.205298][T10212] __msan_chain_origin+0x50/0x90 [ 443.210290][T10212] rmd256_transform+0x442f/0x4440 [ 443.215357][T10212] rmd256_update+0x343/0x4f0 [ 443.219938][T10212] crypto_shash_update+0x4e9/0x550 [ 443.225045][T10212] shash_async_update+0x113/0x1d0 [ 443.230064][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.234650][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.239489][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.244336][T10212] __splice_from_pipe+0x565/0xf00 [ 443.249355][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.255002][T10212] direct_splice_actor+0x1fd/0x580 [ 443.260153][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.265523][T10212] do_splice_direct+0x342/0x580 [ 443.270370][T10212] do_sendfile+0x101b/0x1d40 [ 443.274963][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.280073][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.285097][T10212] do_syscall_64+0xb0/0x150 [ 443.289597][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.295475][T10212] [ 443.297794][T10212] Uninit was stored to memory at: [ 443.302817][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.308626][T10212] __msan_chain_origin+0x50/0x90 [ 443.313661][T10212] rmd256_transform+0x442f/0x4440 [ 443.318678][T10212] rmd256_update+0x343/0x4f0 [ 443.323257][T10212] crypto_shash_update+0x4e9/0x550 [ 443.328364][T10212] shash_async_update+0x113/0x1d0 [ 443.333382][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.337964][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.342544][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.347391][T10212] __splice_from_pipe+0x565/0xf00 [ 443.352411][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.357864][T10212] direct_splice_actor+0x1fd/0x580 [ 443.362973][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.368340][T10212] do_splice_direct+0x342/0x580 [ 443.373190][T10212] do_sendfile+0x101b/0x1d40 [ 443.377774][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.382879][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.387914][T10212] do_syscall_64+0xb0/0x150 [ 443.392414][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.398287][T10212] [ 443.400603][T10212] Uninit was stored to memory at: [ 443.405626][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.411340][T10212] __msan_chain_origin+0x50/0x90 [ 443.416274][T10212] rmd256_transform+0x442f/0x4440 [ 443.421383][T10212] rmd256_update+0x343/0x4f0 [ 443.425964][T10212] crypto_shash_update+0x4e9/0x550 [ 443.431069][T10212] shash_async_update+0x113/0x1d0 [ 443.436083][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.440669][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.445259][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.450103][T10212] __splice_from_pipe+0x565/0xf00 [ 443.455122][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.460569][T10212] direct_splice_actor+0x1fd/0x580 [ 443.465676][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.471056][T10212] do_splice_direct+0x342/0x580 [ 443.475910][T10212] do_sendfile+0x101b/0x1d40 [ 443.480576][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.485688][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.490713][T10212] do_syscall_64+0xb0/0x150 [ 443.495991][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.501905][T10212] [ 443.504225][T10212] Uninit was stored to memory at: [ 443.509272][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.514983][T10212] __msan_chain_origin+0x50/0x90 [ 443.519920][T10212] rmd256_transform+0x442f/0x4440 [ 443.524940][T10212] rmd256_update+0x343/0x4f0 [ 443.529524][T10212] crypto_shash_update+0x4e9/0x550 [ 443.534716][T10212] shash_async_update+0x113/0x1d0 [ 443.539734][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.544414][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.549083][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.553930][T10212] __splice_from_pipe+0x565/0xf00 [ 443.558943][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.564398][T10212] direct_splice_actor+0x1fd/0x580 [ 443.569501][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.574931][T10212] do_splice_direct+0x342/0x580 [ 443.579860][T10212] do_sendfile+0x101b/0x1d40 [ 443.584443][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.589546][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.594655][T10212] do_syscall_64+0xb0/0x150 [ 443.599156][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.605034][T10212] [ 443.607372][T10212] Uninit was stored to memory at: [ 443.612392][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.618196][T10212] __msan_chain_origin+0x50/0x90 [ 443.623135][T10212] rmd256_transform+0x442f/0x4440 [ 443.628192][T10212] rmd256_update+0x227/0x4f0 [ 443.632779][T10212] crypto_shash_update+0x4e9/0x550 [ 443.637888][T10212] shash_async_update+0x113/0x1d0 [ 443.642931][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.647518][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.652105][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.656959][T10212] __splice_from_pipe+0x565/0xf00 [ 443.662093][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.667549][T10212] direct_splice_actor+0x1fd/0x580 [ 443.672679][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.678059][T10212] do_splice_direct+0x342/0x580 [ 443.682908][T10212] do_sendfile+0x101b/0x1d40 [ 443.687497][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.692604][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.697775][T10212] do_syscall_64+0xb0/0x150 [ 443.702297][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.708185][T10212] [ 443.710676][T10212] Uninit was stored to memory at: [ 443.716046][T10212] kmsan_internal_chain_origin+0xad/0x130 [ 443.721772][T10212] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 443.727754][T10212] kmsan_memcpy_metadata+0xb/0x10 [ 443.732776][T10212] __msan_memcpy+0x43/0x50 [ 443.737259][T10212] rmd256_update+0x1fc/0x4f0 [ 443.741842][T10212] crypto_shash_update+0x4e9/0x550 [ 443.746951][T10212] shash_async_update+0x113/0x1d0 [ 443.751974][T10212] hash_sendpage+0x8ef/0xdf0 [ 443.756562][T10212] sock_sendpage+0x1e1/0x2c0 [ 443.761150][T10212] pipe_to_sendpage+0x38c/0x4c0 [ 443.765996][T10212] __splice_from_pipe+0x565/0xf00 [ 443.771015][T10212] generic_splice_sendpage+0x1d5/0x2d0 [ 443.776468][T10212] direct_splice_actor+0x1fd/0x580 [ 443.781575][T10212] splice_direct_to_actor+0x6b2/0xf50 [ 443.786952][T10212] do_splice_direct+0x342/0x580 [ 443.791800][T10212] do_sendfile+0x101b/0x1d40 [ 443.796384][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.801493][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.806518][T10212] do_syscall_64+0xb0/0x150 [ 443.811019][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 443.816898][T10212] [ 443.819215][T10212] Uninit was created at: [ 443.823456][T10212] kmsan_save_stack_with_flags+0x3c/0x90 [ 443.829085][T10212] kmsan_alloc_page+0xb9/0x180 [ 443.833845][T10212] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 443.839523][T10212] alloc_pages_current+0x672/0x990 [ 443.844717][T10212] push_pipe+0x605/0xb70 [ 443.849044][T10212] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 443.854760][T10212] do_splice_to+0x4fc/0x14f0 [ 443.859366][T10212] splice_direct_to_actor+0x45c/0xf50 [ 443.864732][T10212] do_splice_direct+0x342/0x580 [ 443.869577][T10212] do_sendfile+0x101b/0x1d40 [ 443.874160][T10212] __se_sys_sendfile64+0x2bb/0x360 [ 443.879264][T10212] __x64_sys_sendfile64+0x56/0x70 [ 443.884371][T10212] do_syscall_64+0xb0/0x150 [ 443.888875][T10212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:29 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:30 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x102, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') open(&(0x7f0000000000)='./file0\x00', 0x40c042, 0xc8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f00000000c0)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000180)={0x0}) syz_open_procfs(r0, &(0x7f0000000140)) 19:19:30 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305829, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4}) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, 0x0, 0x48c0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x4000001) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e23, 0x1, @loopback}, 0x1c) r3 = open(&(0x7f0000000000)='./bus\x00', 0x600c2, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={0x0, 0x1fe}, 0x8) ftruncate(r3, 0x200004) sendfile(r1, r3, 0x0, 0x80001d00c0d0) 19:19:30 executing program 1: ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000040)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800, 0x0, 0x6710, 0x4, 0x0, 0xc, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x2) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000200)={0x80000000, 0x1, {0x2, 0x2, 0x0, 0x2, 0x1}, 0x2}) write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749f6c754f2781bccc42e6ef592a1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067eec438180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a439cf18f567fce68529aa44baa9f82bbd989477b56d1a9e60dd7da5c5b437be2f2fcdd62a20b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abcb5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f2410fc9448ab6c3b9fea9f2287e2a0b83beee2c77a6bb5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c97270ee2a5238e444a9c8cc12171c39c3e7a77d8dcd1ed368eaf557ad34b0c1cb8eec9c963001f3905cba6c67b6eab0fa"], 0x1c2) socket$inet_udplite(0x2, 0x2, 0x88) inotify_add_watch(0xffffffffffffffff, 0x0, 0x6000048) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) inotify_add_watch(r1, 0x0, 0x6000048) renameat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000180)='./file0\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_KEEPCAPS(0x8, 0x1) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup2(r3, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f00000001c0)) fanotify_mark(0xffffffffffffffff, 0x4, 0x2, r4, &(0x7f0000000080)='./file0\x00') sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x26, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000002300290800000000000800000400000005000b0000000000ce9e9a848a856c4acda50f51223b041957f4240ef4a39d882379d80d107c918d12f807151a14fe54b70c8e61e92c1dc8d9ae55bd18cd0d2b5531781488d49337bc98839cd7f2df55c96dd4a66685297f02d93c77cf8ca0b8d39c73812f3dbedcd3d83f991246076cd617bdf8fea8636af0b7d752601f374280bbdab8c6f65f723202bee29421c200339ed2ff24ebaacc8c847d48eeef026100390422e0ea5751d022526d895158909d8abe751478a6eac0ecae26f3b733c4079ef9ead449550e55ed59d9cea40accf27e9cafdc714920099542664269256cf25cc27e8267153a17e0a4abb43b67d908bad3e9121392639d68f02ba240d56d9b962cfebe2ec2079122a5726811dd8d3ec3aa4628b2c47534eeb13e4eb9b73cc8cad3677119956bbaec036f6e8c1ac728031fc2007437adac8f24adf6006b3d25934a891ad244d25cd4eb71570d4f7f848bbaaba93e8075f895cccc5c4f18ebf1080dd673b027440da6bb6b433199f50b0621887a5581b100b54093164b7c8a838ab26a5b3849529063dd9ad88e2ee84f95f0261300"/438], 0x1c}, 0x1, 0x60}, 0x0) [ 444.844845][ C0] sd 0:0:1:0: [sg0] tag#385 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 444.855526][ C0] sd 0:0:1:0: [sg0] tag#385 CDB: Test Unit Ready [ 444.862070][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.871913][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.881758][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.891714][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.901532][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.911355][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.921165][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.930986][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.940818][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.950646][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.960511][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.970332][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 444.980144][ C0] sd 0:0:1:0: [sg0] tag#385 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:30 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x9ac1, 0x20000) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x0) r6 = fcntl$dupfd(r1, 0x406, r0) getsockopt$TIPC_SRC_DROPPABLE(r6, 0x10f, 0x80, &(0x7f0000000000), &(0x7f0000000080)=0x4) sendmmsg$inet(r0, &(0x7f00000044c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@ip_retopts={{0x14, 0x0, 0x7, {[@noop, @generic={0x7, 0x2}]}}}], 0x18}}], 0x2, 0x0) 19:19:30 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 445.391482][T10251] not chained 250000 origins [ 445.396137][T10251] CPU: 0 PID: 10251 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 445.404813][T10251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.414876][T10251] Call Trace: [ 445.418184][T10251] dump_stack+0x1df/0x240 [ 445.422533][T10251] kmsan_internal_chain_origin+0x6f/0x130 [ 445.428264][T10251] ? is_module_text_address+0x4d/0x2a0 [ 445.433732][T10251] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 445.439561][T10251] ? __kernel_text_address+0x171/0x2d0 [ 445.445167][T10251] ? unwind_get_return_address+0x8c/0x130 [ 445.450924][T10251] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.457008][T10251] ? arch_stack_walk+0x2a2/0x3e0 [ 445.461968][T10251] ? stack_trace_save+0x1a0/0x1a0 [ 445.467015][T10251] ? kmsan_get_metadata+0x4f/0x180 [ 445.472136][T10251] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 445.477953][T10251] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 445.484036][T10251] ? stack_trace_save+0x123/0x1a0 [ 445.489070][T10251] ? kmsan_get_metadata+0x11d/0x180 [ 445.494282][T10251] __msan_chain_origin+0x50/0x90 [ 445.499242][T10251] rmd256_transform+0x442f/0x4440 [ 445.504334][T10251] rmd256_update+0x343/0x4f0 [ 445.508936][T10251] ? rmd256_init+0x260/0x260 [ 445.513534][T10251] crypto_shash_update+0x4e9/0x550 [ 445.518660][T10251] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 445.524844][T10251] ? crypto_hash_walk_first+0x1fd/0x360 [ 445.530391][T10251] ? kmsan_get_metadata+0x4f/0x180 [ 445.535522][T10251] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 445.541349][T10251] shash_async_update+0x113/0x1d0 [ 445.546381][T10251] ? shash_async_init+0x1e0/0x1e0 [ 445.551418][T10251] hash_sendpage+0x8ef/0xdf0 [ 445.556028][T10251] ? hash_recvmsg+0xd30/0xd30 [ 445.560721][T10251] sock_sendpage+0x1e1/0x2c0 [ 445.565315][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 445.570155][T10251] ? sock_fasync+0x250/0x250 [ 445.574741][T10251] __splice_from_pipe+0x565/0xf00 [ 445.579851][T10251] ? generic_splice_sendpage+0x2d0/0x2d0 [ 445.585484][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 445.590938][T10251] ? iter_file_splice_write+0x1800/0x1800 [ 445.596647][T10251] direct_splice_actor+0x1fd/0x580 [ 445.601753][T10251] ? kmsan_get_metadata+0x4f/0x180 [ 445.606859][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 445.612228][T10251] ? do_splice_direct+0x580/0x580 [ 445.617266][T10251] do_splice_direct+0x342/0x580 [ 445.622118][T10251] do_sendfile+0x101b/0x1d40 [ 445.626713][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 445.631830][T10251] ? kmsan_get_metadata+0x4f/0x180 [ 445.636932][T10251] __x64_sys_sendfile64+0x56/0x70 [ 445.641945][T10251] do_syscall_64+0xb0/0x150 [ 445.646439][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.652319][T10251] RIP: 0033:0x45c1d9 [ 445.656194][T10251] Code: Bad RIP value. [ 445.660248][T10251] RSP: 002b:00007fe8d5c8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 445.668651][T10251] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 445.676607][T10251] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 445.684570][T10251] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 445.692540][T10251] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bf0c [ 445.700512][T10251] R13: 0000000000c9fb6f R14: 00007fe8d5c8d9c0 R15: 000000000078bf0c [ 445.708487][T10251] Uninit was stored to memory at: [ 445.713507][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 445.719209][T10251] __msan_chain_origin+0x50/0x90 [ 445.724156][T10251] rmd256_transform+0x442f/0x4440 [ 445.729185][T10251] rmd256_update+0x343/0x4f0 [ 445.733778][T10251] crypto_shash_update+0x4e9/0x550 [ 445.738883][T10251] shash_async_update+0x113/0x1d0 [ 445.743900][T10251] hash_sendpage+0x8ef/0xdf0 [ 445.748477][T10251] sock_sendpage+0x1e1/0x2c0 [ 445.753592][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 445.758426][T10251] __splice_from_pipe+0x565/0xf00 [ 445.763436][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 445.768879][T10251] direct_splice_actor+0x1fd/0x580 [ 445.773980][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 445.779357][T10251] do_splice_direct+0x342/0x580 [ 445.784225][T10251] do_sendfile+0x101b/0x1d40 [ 445.788802][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 445.793896][T10251] __x64_sys_sendfile64+0x56/0x70 [ 445.798909][T10251] do_syscall_64+0xb0/0x150 [ 445.803400][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.809271][T10251] [ 445.811580][T10251] Uninit was stored to memory at: [ 445.816600][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 445.822303][T10251] __msan_chain_origin+0x50/0x90 [ 445.827226][T10251] rmd256_transform+0x442f/0x4440 [ 445.832253][T10251] rmd256_update+0x343/0x4f0 [ 445.836827][T10251] crypto_shash_update+0x4e9/0x550 [ 445.841923][T10251] shash_async_update+0x113/0x1d0 [ 445.846969][T10251] hash_sendpage+0x8ef/0xdf0 [ 445.851548][T10251] sock_sendpage+0x1e1/0x2c0 [ 445.856133][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 445.860974][T10251] __splice_from_pipe+0x565/0xf00 [ 445.865992][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 445.871435][T10251] direct_splice_actor+0x1fd/0x580 [ 445.876532][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 445.881889][T10251] do_splice_direct+0x342/0x580 [ 445.886726][T10251] do_sendfile+0x101b/0x1d40 [ 445.891302][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 445.896399][T10251] __x64_sys_sendfile64+0x56/0x70 [ 445.901409][T10251] do_syscall_64+0xb0/0x150 [ 445.905914][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.911786][T10251] [ 445.914097][T10251] Uninit was stored to memory at: [ 445.919111][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 445.924818][T10251] __msan_chain_origin+0x50/0x90 [ 445.929741][T10251] rmd256_transform+0x442f/0x4440 [ 445.934750][T10251] rmd256_update+0x343/0x4f0 [ 445.939321][T10251] crypto_shash_update+0x4e9/0x550 [ 445.944414][T10251] shash_async_update+0x113/0x1d0 [ 445.949424][T10251] hash_sendpage+0x8ef/0xdf0 [ 445.953999][T10251] sock_sendpage+0x1e1/0x2c0 [ 445.958575][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 445.963413][T10251] __splice_from_pipe+0x565/0xf00 [ 445.968425][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 445.973869][T10251] direct_splice_actor+0x1fd/0x580 [ 445.978965][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 445.984323][T10251] do_splice_direct+0x342/0x580 [ 445.989166][T10251] do_sendfile+0x101b/0x1d40 [ 445.993743][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 445.998839][T10251] __x64_sys_sendfile64+0x56/0x70 [ 446.003851][T10251] do_syscall_64+0xb0/0x150 [ 446.008343][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.014213][T10251] [ 446.016525][T10251] Uninit was stored to memory at: [ 446.021541][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 446.027250][T10251] __msan_chain_origin+0x50/0x90 [ 446.032177][T10251] rmd256_transform+0x442f/0x4440 [ 446.037185][T10251] rmd256_update+0x343/0x4f0 [ 446.041760][T10251] crypto_shash_update+0x4e9/0x550 [ 446.046857][T10251] shash_async_update+0x113/0x1d0 [ 446.051866][T10251] hash_sendpage+0x8ef/0xdf0 [ 446.056445][T10251] sock_sendpage+0x1e1/0x2c0 [ 446.061023][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 446.065874][T10251] __splice_from_pipe+0x565/0xf00 [ 446.070884][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 446.076368][T10251] direct_splice_actor+0x1fd/0x580 [ 446.081465][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 446.086820][T10251] do_splice_direct+0x342/0x580 [ 446.091656][T10251] do_sendfile+0x101b/0x1d40 [ 446.096229][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 446.101341][T10251] __x64_sys_sendfile64+0x56/0x70 [ 446.106352][T10251] do_syscall_64+0xb0/0x150 [ 446.110843][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.116716][T10251] [ 446.119025][T10251] Uninit was stored to memory at: [ 446.124035][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 446.129741][T10251] __msan_chain_origin+0x50/0x90 [ 446.134668][T10251] rmd256_transform+0x442f/0x4440 [ 446.139678][T10251] rmd256_update+0x343/0x4f0 [ 446.144253][T10251] crypto_shash_update+0x4e9/0x550 [ 446.149351][T10251] shash_async_update+0x113/0x1d0 [ 446.154362][T10251] hash_sendpage+0x8ef/0xdf0 [ 446.158937][T10251] sock_sendpage+0x1e1/0x2c0 [ 446.163536][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 446.168376][T10251] __splice_from_pipe+0x565/0xf00 [ 446.173392][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 446.178863][T10251] direct_splice_actor+0x1fd/0x580 [ 446.183971][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 446.189329][T10251] do_splice_direct+0x342/0x580 [ 446.194165][T10251] do_sendfile+0x101b/0x1d40 [ 446.198740][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 446.203840][T10251] __x64_sys_sendfile64+0x56/0x70 [ 446.208852][T10251] do_syscall_64+0xb0/0x150 [ 446.213343][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.220426][T10251] [ 446.222739][T10251] Uninit was stored to memory at: [ 446.227752][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 446.233455][T10251] __msan_chain_origin+0x50/0x90 [ 446.238381][T10251] rmd256_transform+0x442f/0x4440 [ 446.243415][T10251] rmd256_update+0x227/0x4f0 [ 446.247991][T10251] crypto_shash_update+0x4e9/0x550 [ 446.253087][T10251] shash_async_update+0x113/0x1d0 [ 446.258096][T10251] hash_sendpage+0x8ef/0xdf0 [ 446.262672][T10251] sock_sendpage+0x1e1/0x2c0 [ 446.267250][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 446.272090][T10251] __splice_from_pipe+0x565/0xf00 [ 446.277099][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 446.282543][T10251] direct_splice_actor+0x1fd/0x580 [ 446.287653][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 446.293019][T10251] do_splice_direct+0x342/0x580 [ 446.298117][T10251] do_sendfile+0x101b/0x1d40 [ 446.302691][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 446.307788][T10251] __x64_sys_sendfile64+0x56/0x70 [ 446.312806][T10251] do_syscall_64+0xb0/0x150 [ 446.317320][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.323188][T10251] [ 446.325503][T10251] Uninit was stored to memory at: [ 446.330517][T10251] kmsan_internal_chain_origin+0xad/0x130 [ 446.336220][T10251] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 446.342188][T10251] kmsan_memcpy_metadata+0xb/0x10 [ 446.347198][T10251] __msan_memcpy+0x43/0x50 [ 446.351601][T10251] rmd256_update+0x1fc/0x4f0 [ 446.356178][T10251] crypto_shash_update+0x4e9/0x550 [ 446.361274][T10251] shash_async_update+0x113/0x1d0 [ 446.366286][T10251] hash_sendpage+0x8ef/0xdf0 [ 446.370863][T10251] sock_sendpage+0x1e1/0x2c0 [ 446.375441][T10251] pipe_to_sendpage+0x38c/0x4c0 [ 446.380278][T10251] __splice_from_pipe+0x565/0xf00 [ 446.385294][T10251] generic_splice_sendpage+0x1d5/0x2d0 [ 446.390737][T10251] direct_splice_actor+0x1fd/0x580 [ 446.395835][T10251] splice_direct_to_actor+0x6b2/0xf50 [ 446.401189][T10251] do_splice_direct+0x342/0x580 [ 446.406022][T10251] do_sendfile+0x101b/0x1d40 [ 446.410594][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 446.415688][T10251] __x64_sys_sendfile64+0x56/0x70 [ 446.420697][T10251] do_syscall_64+0xb0/0x150 [ 446.425188][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.431057][T10251] [ 446.433365][T10251] Uninit was created at: [ 446.437594][T10251] kmsan_save_stack_with_flags+0x3c/0x90 [ 446.443249][T10251] kmsan_alloc_page+0xb9/0x180 [ 446.447996][T10251] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 446.453700][T10251] alloc_pages_current+0x672/0x990 [ 446.458797][T10251] push_pipe+0x605/0xb70 [ 446.463114][T10251] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 446.468821][T10251] do_splice_to+0x4fc/0x14f0 [ 446.473401][T10251] splice_direct_to_actor+0x45c/0xf50 [ 446.478758][T10251] do_splice_direct+0x342/0x580 [ 446.483597][T10251] do_sendfile+0x101b/0x1d40 [ 446.488173][T10251] __se_sys_sendfile64+0x2bb/0x360 [ 446.493540][T10251] __x64_sys_sendfile64+0x56/0x70 [ 446.498557][T10251] do_syscall_64+0xb0/0x150 [ 446.503049][T10251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.588384][ C0] sd 0:0:1:0: [sg0] tag#386 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=1s [ 446.598956][ C0] sd 0:0:1:0: [sg0] tag#386 CDB: Test Unit Ready [ 446.605640][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.615462][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.625333][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.635193][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.644975][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.654754][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.664533][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.674293][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19:19:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x880, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed771a927ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e5f6a6f18751f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b79254ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328dda1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067ee4c38180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a439cf1840dc8466796c04a4baa9f82bbd989477b56d1a9e60dd7da5c5b437be2f2fcdd62a20b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abcb5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f2410fc9448ab6c3b9fea9f2287e2a0b83beee2c77a6bb5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c972701c39c3e7a77d8dcd1ed368eaf557ad34b0c1cb8e597d963001f3905cba6c67", @ANYRESDEC=0x0, @ANYRES32=0x0], 0x3cb) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000380)={{0x0, 0x0, @identifier="4605b8d0f540ad9fcd36a34ddf55bd2a"}, 0x99, 0x0, [], "b0ac7b2837633ca547c4592509de6b14c4347da1a5547466195e6a30cb3f6c945e9da96bf7b7ecfa46ae95d76983bda8651aff5c2366b8a206ddf6d5a03b92ae3abc757385dcf9f98ac38ad3c0795a312ad7c2f5f89421bda236772e7c95662c0ae403f13330a98ac42ad60252632a9c25a15daa7bcd7067a7bfffae5071b68d956f93488af78af928d08cc3526503bfb61143a3721cb0abfb"}) keyctl$read(0xb, r2, &(0x7f0000000500)=""/181, 0xb5) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000a80)=ANY=[@ANYBLOB="8000c986261fee1aefd2b4d9aa2584e1dcffea8c2b4c0d7c1afa38d2c4bdb5f322e55b05a6dd651fd99c049278f6603f9969417cabaeceecb4a66a82ee1e08bfaf6bade2fd066fb7b73b76884b77f9333805c0e90c55ccbbc84942f98ecd6b99a4e272a0df1d5225ef0c84fe4de89efa3a92d9b8e26fa66f81fd96439c338455f459a1a3e12bcacfc6f2af67402ece8ff84f00e8fe7bbcd155540209126393eff8b270bd6642", @ANYRES16=0x0, @ANYBLOB="000826bd7000fcdbdf25020000000800020000000000050006003f00000005000600800000000800040061880000050005000300000008000300ffffffff0800030000000000100004006305000001000000feffffff0800030000000000080002000002000014000100fc020000000000000000000000000001"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x1) ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f0000000180)=""/34) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x801}, 0x10) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r3, 0xf502, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), 0x0) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) write(r1, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) recvmmsg(r1, &(0x7f0000002ec0), 0x29e, 0x1a, &(0x7f00000001c0)={0x77359400}) [ 446.684063][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.693843][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.703617][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.713390][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.723169][ C0] sd 0:0:1:0: [sg0] tag#386 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:32 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 446.890781][ C0] sd 0:0:1:0: [sg0] tag#387 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 446.901459][ C0] sd 0:0:1:0: [sg0] tag#387 CDB: Test Unit Ready [ 446.908155][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.917954][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.927861][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.937700][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.947490][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.957253][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.967014][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.976788][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.986562][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 446.996439][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.006221][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.015993][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.026026][ C0] sd 0:0:1:0: [sg0] tag#387 CDB[c0]: 00 00 00 00 00 00 00 00 19:19:32 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 447.407119][ C0] sd 0:0:1:0: [sg0] tag#388 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 447.417790][ C0] sd 0:0:1:0: [sg0] tag#388 CDB: Test Unit Ready [ 447.425411][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.435186][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.445096][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.454864][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.464638][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.474410][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.484191][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.493970][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.503716][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.513494][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.523264][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.533027][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 447.542681][ C0] sd 0:0:1:0: [sg0] tag#388 CDB[c0]: 00 00 00 00 00 00 00 00 [ 447.886703][T10276] not chained 260000 origins [ 447.891362][T10276] CPU: 0 PID: 10276 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 447.900038][T10276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.910100][T10276] Call Trace: [ 447.913427][T10276] dump_stack+0x1df/0x240 [ 447.917753][T10276] kmsan_internal_chain_origin+0x6f/0x130 [ 447.923474][T10276] ? is_module_text_address+0x4d/0x2a0 [ 447.929010][T10276] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 447.934812][T10276] ? __kernel_text_address+0x171/0x2d0 [ 447.940260][T10276] ? unwind_get_return_address+0x8c/0x130 [ 447.945973][T10276] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 447.952029][T10276] ? arch_stack_walk+0x2a2/0x3e0 [ 447.956957][T10276] ? stack_trace_save+0x1a0/0x1a0 [ 447.961974][T10276] ? kmsan_get_metadata+0x4f/0x180 [ 447.967075][T10276] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 447.972872][T10276] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 447.978926][T10276] ? stack_trace_save+0x123/0x1a0 [ 447.983941][T10276] ? kmsan_get_metadata+0x11d/0x180 [ 447.989137][T10276] __msan_chain_origin+0x50/0x90 [ 447.994069][T10276] rmd256_transform+0x4328/0x4440 [ 447.999122][T10276] rmd256_update+0x343/0x4f0 [ 448.003707][T10276] ? rmd256_init+0x260/0x260 [ 448.008285][T10276] crypto_shash_update+0x4e9/0x550 [ 448.013386][T10276] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 448.019559][T10276] ? crypto_hash_walk_first+0x1fd/0x360 [ 448.025093][T10276] ? kmsan_get_metadata+0x4f/0x180 [ 448.030195][T10276] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 448.035988][T10276] shash_async_update+0x113/0x1d0 [ 448.041111][T10276] ? shash_async_init+0x1e0/0x1e0 [ 448.046223][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.050810][T10276] ? hash_recvmsg+0xd30/0xd30 [ 448.055479][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.061021][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.065877][T10276] ? sock_fasync+0x250/0x250 [ 448.070488][T10276] __splice_from_pipe+0x565/0xf00 [ 448.075514][T10276] ? generic_splice_sendpage+0x2d0/0x2d0 [ 448.081150][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.086604][T10276] ? iter_file_splice_write+0x1800/0x1800 [ 448.092309][T10276] direct_splice_actor+0x1fd/0x580 [ 448.097415][T10276] ? kmsan_get_metadata+0x4f/0x180 [ 448.102524][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.107890][T10276] ? do_splice_direct+0x580/0x580 [ 448.112918][T10276] do_splice_direct+0x342/0x580 [ 448.117767][T10276] do_sendfile+0x101b/0x1d40 [ 448.122361][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.127459][T10276] ? kmsan_get_metadata+0x4f/0x180 [ 448.132563][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.137579][T10276] do_syscall_64+0xb0/0x150 [ 448.142095][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.147972][T10276] RIP: 0033:0x45c1d9 [ 448.151847][T10276] Code: Bad RIP value. [ 448.155894][T10276] RSP: 002b:00007fb8bb619c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 448.164288][T10276] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 448.172245][T10276] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 448.180289][T10276] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 448.188248][T10276] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 448.196205][T10276] R13: 0000000000c9fb6f R14: 00007fb8bb61a9c0 R15: 000000000078bfac [ 448.204186][T10276] Uninit was stored to memory at: [ 448.209203][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.214907][T10276] __msan_chain_origin+0x50/0x90 [ 448.219861][T10276] rmd256_transform+0x4328/0x4440 [ 448.224890][T10276] rmd256_update+0x343/0x4f0 [ 448.229466][T10276] crypto_shash_update+0x4e9/0x550 [ 448.234561][T10276] shash_async_update+0x113/0x1d0 [ 448.241219][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.245799][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.250375][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.255218][T10276] __splice_from_pipe+0x565/0xf00 [ 448.260227][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.265669][T10276] direct_splice_actor+0x1fd/0x580 [ 448.270763][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.276118][T10276] do_splice_direct+0x342/0x580 [ 448.280951][T10276] do_sendfile+0x101b/0x1d40 [ 448.285525][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.290627][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.295640][T10276] do_syscall_64+0xb0/0x150 [ 448.300132][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.306000][T10276] [ 448.308308][T10276] Uninit was stored to memory at: [ 448.313324][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.319028][T10276] __msan_chain_origin+0x50/0x90 [ 448.323958][T10276] rmd256_transform+0x4328/0x4440 [ 448.328971][T10276] rmd256_update+0x343/0x4f0 [ 448.333547][T10276] crypto_shash_update+0x4e9/0x550 [ 448.338644][T10276] shash_async_update+0x113/0x1d0 [ 448.343655][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.348234][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.352817][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.357655][T10276] __splice_from_pipe+0x565/0xf00 [ 448.362667][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.368109][T10276] direct_splice_actor+0x1fd/0x580 [ 448.373205][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.378561][T10276] do_splice_direct+0x342/0x580 [ 448.383407][T10276] do_sendfile+0x101b/0x1d40 [ 448.387982][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.393080][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.398099][T10276] do_syscall_64+0xb0/0x150 [ 448.402587][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.408456][T10276] [ 448.410767][T10276] Uninit was stored to memory at: [ 448.415780][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.422610][T10276] __msan_chain_origin+0x50/0x90 [ 448.427540][T10276] rmd256_transform+0x4328/0x4440 [ 448.432550][T10276] rmd256_update+0x343/0x4f0 [ 448.437125][T10276] crypto_shash_update+0x4e9/0x550 [ 448.442242][T10276] shash_async_update+0x113/0x1d0 [ 448.447251][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.451825][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.456400][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.461236][T10276] __splice_from_pipe+0x565/0xf00 [ 448.466249][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.471695][T10276] direct_splice_actor+0x1fd/0x580 [ 448.476794][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.482153][T10276] do_splice_direct+0x342/0x580 [ 448.486987][T10276] do_sendfile+0x101b/0x1d40 [ 448.491562][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.496656][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.501687][T10276] do_syscall_64+0xb0/0x150 [ 448.506178][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.512047][T10276] [ 448.514375][T10276] Uninit was stored to memory at: [ 448.519388][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.525193][T10276] __msan_chain_origin+0x50/0x90 [ 448.530138][T10276] rmd256_transform+0x4328/0x4440 [ 448.535166][T10276] rmd256_update+0x343/0x4f0 [ 448.539751][T10276] crypto_shash_update+0x4e9/0x550 [ 448.544875][T10276] shash_async_update+0x113/0x1d0 [ 448.549884][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.554461][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.559037][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.563876][T10276] __splice_from_pipe+0x565/0xf00 [ 448.568890][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.574338][T10276] direct_splice_actor+0x1fd/0x580 [ 448.579445][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.584800][T10276] do_splice_direct+0x342/0x580 [ 448.589634][T10276] do_sendfile+0x101b/0x1d40 [ 448.594209][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.599325][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.604337][T10276] do_syscall_64+0xb0/0x150 [ 448.608827][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.614696][T10276] [ 448.617004][T10276] Uninit was stored to memory at: [ 448.622017][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.627723][T10276] __msan_chain_origin+0x50/0x90 [ 448.632648][T10276] rmd256_transform+0x4328/0x4440 [ 448.637661][T10276] rmd256_update+0x343/0x4f0 [ 448.642237][T10276] crypto_shash_update+0x4e9/0x550 [ 448.647332][T10276] shash_async_update+0x113/0x1d0 [ 448.652340][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.656917][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.661496][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.666349][T10276] __splice_from_pipe+0x565/0xf00 [ 448.671370][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.676819][T10276] direct_splice_actor+0x1fd/0x580 [ 448.681916][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.687271][T10276] do_splice_direct+0x342/0x580 [ 448.692104][T10276] do_sendfile+0x101b/0x1d40 [ 448.696701][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.701809][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.706825][T10276] do_syscall_64+0xb0/0x150 [ 448.711315][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.717184][T10276] [ 448.719492][T10276] Uninit was stored to memory at: [ 448.724502][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.730204][T10276] __msan_chain_origin+0x50/0x90 [ 448.735129][T10276] rmd256_transform+0x4328/0x4440 [ 448.740161][T10276] rmd256_update+0x227/0x4f0 [ 448.744836][T10276] crypto_shash_update+0x4e9/0x550 [ 448.749954][T10276] shash_async_update+0x113/0x1d0 [ 448.754972][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.759558][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.764136][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.768993][T10276] __splice_from_pipe+0x565/0xf00 [ 448.774013][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.779491][T10276] direct_splice_actor+0x1fd/0x580 [ 448.784607][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.789963][T10276] do_splice_direct+0x342/0x580 [ 448.794802][T10276] do_sendfile+0x101b/0x1d40 [ 448.799375][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.804473][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.809484][T10276] do_syscall_64+0xb0/0x150 [ 448.813975][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.819844][T10276] [ 448.822154][T10276] Uninit was stored to memory at: [ 448.827169][T10276] kmsan_internal_chain_origin+0xad/0x130 [ 448.832876][T10276] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 448.838838][T10276] kmsan_memcpy_metadata+0xb/0x10 [ 448.843847][T10276] __msan_memcpy+0x43/0x50 [ 448.848250][T10276] rmd256_update+0x1fc/0x4f0 [ 448.852826][T10276] crypto_shash_update+0x4e9/0x550 [ 448.857920][T10276] shash_async_update+0x113/0x1d0 [ 448.862927][T10276] hash_sendpage+0x8ef/0xdf0 [ 448.867505][T10276] sock_sendpage+0x1e1/0x2c0 [ 448.872083][T10276] pipe_to_sendpage+0x38c/0x4c0 [ 448.876919][T10276] __splice_from_pipe+0x565/0xf00 [ 448.881928][T10276] generic_splice_sendpage+0x1d5/0x2d0 [ 448.887376][T10276] direct_splice_actor+0x1fd/0x580 [ 448.892473][T10276] splice_direct_to_actor+0x6b2/0xf50 [ 448.897832][T10276] do_splice_direct+0x342/0x580 [ 448.902665][T10276] do_sendfile+0x101b/0x1d40 [ 448.907241][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.912338][T10276] __x64_sys_sendfile64+0x56/0x70 [ 448.917352][T10276] do_syscall_64+0xb0/0x150 [ 448.921843][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 448.927713][T10276] [ 448.930024][T10276] Uninit was created at: [ 448.934253][T10276] kmsan_save_stack_with_flags+0x3c/0x90 [ 448.939870][T10276] kmsan_alloc_page+0xb9/0x180 [ 448.944622][T10276] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 448.950160][T10276] alloc_pages_current+0x672/0x990 [ 448.963593][T10276] push_pipe+0x605/0xb70 [ 448.967821][T10276] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 448.973530][T10276] do_splice_to+0x4fc/0x14f0 [ 448.978109][T10276] splice_direct_to_actor+0x45c/0xf50 [ 448.983466][T10276] do_splice_direct+0x342/0x580 [ 448.988304][T10276] do_sendfile+0x101b/0x1d40 [ 448.992884][T10276] __se_sys_sendfile64+0x2bb/0x360 [ 448.997995][T10276] __x64_sys_sendfile64+0x56/0x70 [ 449.003008][T10276] do_syscall_64+0xb0/0x150 [ 449.007499][T10276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 450.623169][T10285] IPVS: ftp: loaded support on port[0] = 21 [ 451.034860][T10285] chnl_net:caif_netlink_parms(): no params data found [ 451.226600][T10285] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.234381][T10285] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.243839][T10285] device bridge_slave_0 entered promiscuous mode [ 451.258574][T10285] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.266693][T10285] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.276318][T10285] device bridge_slave_1 entered promiscuous mode [ 451.343164][T10285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 451.361661][T10285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 451.420027][T10285] team0: Port device team_slave_0 added [ 451.434782][T10285] team0: Port device team_slave_1 added [ 451.516031][T10285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 451.524027][T10285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.550099][T10285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 451.616472][T10285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 451.623620][T10285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.649707][T10285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 451.840841][T10285] device hsr_slave_0 entered promiscuous mode [ 451.875821][T10285] device hsr_slave_1 entered promiscuous mode [ 451.905667][T10285] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 451.913472][T10285] Cannot create hsr debugfs directory [ 452.365465][T10285] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 452.435043][T10285] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 452.494055][T10285] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 452.574549][T10285] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 452.921393][T10285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 452.956729][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 452.966924][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 452.988749][T10285] 8021q: adding VLAN 0 to HW filter on device team0 [ 453.020537][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 453.031109][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 453.042365][ T8633] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.049723][ T8633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 453.132089][T10285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 453.147480][T10285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 453.163793][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 453.173906][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 453.184365][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 453.194393][ T8633] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.201591][ T8633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 453.210759][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 453.222250][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 453.233926][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 453.245130][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 453.256118][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 453.267145][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 453.278206][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 453.287992][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 453.298459][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 453.308154][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 453.330550][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 453.340420][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 453.386524][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 453.394467][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 453.431097][T10285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 453.492487][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 453.502751][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 453.556051][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 453.566052][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 453.586860][T10285] device veth0_vlan entered promiscuous mode [ 453.601435][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 453.610949][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 453.641504][T10285] device veth1_vlan entered promiscuous mode [ 453.741955][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 453.751514][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 453.761468][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 453.771497][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 453.788670][T10285] device veth0_macvtap entered promiscuous mode [ 453.821658][T10285] device veth1_macvtap entered promiscuous mode [ 453.889804][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 453.900393][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.910441][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 453.921007][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.931073][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 453.941651][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.951641][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 453.962205][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.978146][T10285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 453.986505][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 453.995937][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 454.004913][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 454.014896][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 454.029755][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 454.040846][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.050838][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 454.061396][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.071367][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 454.081907][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.091882][T10285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 454.102437][T10285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.116172][T10285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 454.144162][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 454.154279][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 454.387102][T10492] Unknown ioctl -1060612506 [ 454.471176][T10495] Unknown ioctl -1060612506 19:19:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x43, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000080)=0x4, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000040)) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='dctcp\x00', 0x6) sendto$inet6(r1, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x983a}, 0x1c) dup(0xffffffffffffffff) 19:19:40 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x8000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) open(&(0x7f0000000100)='./file0/file0\x00', 0x4000, 0x0) mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x281002, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0xa) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e35bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31bdbb2768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994cc008dd3deaafaab51144c1ef00f00001f5e73ff040000000000000000000000000000009a583b79ab00f70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae7f000000886871080d1588bb30abcbfecb4e10d4067a02736f08914faa037346191241c88e57569256cd58ec82518bc8bac2ef0f6e8bfd9ad94599c3230328ddf749f6c754f2781bccc42e6ef592a1fc36a03c9a0328b63ed42db18137f243d01a67ea9fe8e34b25676f9816cdae263897bbb3aaa1148cb80e7aa12869a052b3ea1dfa17ce754e76f57ed0868864d66429bc1d9e8c430deeb6331c152d637740b4efbe95880a2f28902b3358519f08f638235a295a63eb1c8f9460ced7b22ceb4c2c5504a2012c2c8f47fd9152910bc908e41e38ba60cbdffefadbe92a7ed8ce577bdb383c2f625067eec438180f282d638ac72b92ec020d66863813f5ab6189075ebf22d92ecafe4eb1fb9c6b2b88eb965af65c3d0b179a43bcf1840dc8466796c04a4baa9f82bbd989477b56cda9e60dd7da5c5b437be2f2fcdd62a20b6ba534ed9dc198fc041c003bc1340d124062352ad8e3ce63546ded69d5fcaafcffed51ab1b1f4ff88615446fe96983cabf08c3e7ccc1d4e8bdf884347f6156d91f42060477bdf30abcb5e9b6705c5adc1cedd2e7d38fbdef12d569db367978805652eb6f5ccaa6b377839d2b7525417fe4a97300017f2410fc9448ab6c3b9fea9f2287e2a0b83beee2c77a6bb5c3cafea3a7a42f9b5324b98680e6ecf240abdeee92ecd6c972701c39c3e7a77d8dcd1ed368eaf557ad34b0c1cb8eec9c963001f3905cba6c67b6eab0fae90504e30dc799fe07128d711b61834f3d4cb2cb47745c15fae1a2b694fe5983471b336a0829abfd46e6b5f420d723608591b372bb"], 0x1c2) write$binfmt_aout(r2, &(0x7f0000000380)={{0xcc, 0x6, 0x80, 0x32b, 0x1a, 0xffffffff, 0x294, 0x1ff}, "90a4105b58fd56c8fcc15661d2b8caf0e75d4d009853de28041d99503612c0ba4de628c90bfd4977a71076e7934bc61a5a7a390c7342a206c8b249486c3804f9b56fbaa7312fd1d58b79dfed168359e0d700afaf2efafef2e2646b593daf15d890abb2c76df455c3537d58fa9ec2308950d642f4b8064e95e0ef54603b1553f5f1f845cb204602352ec2da18ae1f8d14291262cd77f19051b877e51dc2c0582a562f3bc93a353384e013906775", [[], [], [], []]}, 0x4cd) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6(0xa, 0x2, 0x0) dup3(r5, r0, 0x0) 19:19:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x2000805}, 0x81) setxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='security.evm\x00', &(0x7f0000000300)=@md5={0x1, "b0469a62944e550a668bb1d30c640622"}, 0x11, 0x1) getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000100220028001276657468da003f0000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001340)=ANY=[@ANYBLOB="900e00002c00270d00"/20, @ANYRES32=r4, @ANYBLOB="00000000000000000a000000090001007273767000000000580e0200540e0600500e01000a0001007065646974000000240e0280200e0400000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000386600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000001000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004dd10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040006000c00070000000000000000000c00080000000000000000000600050000000000"], 0xe90}}, 0x0) 19:19:40 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:40 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) r4 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x6, 0x200) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r5, 0x0, 0x0, 0x0) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x40, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000140)=[r0, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff, r2, r4, r5, r6], 0x9) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r8, r9, 0x0, 0x1000007ffff000) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r8, 0x28, 0x0, &(0x7f0000000040)=0x1, 0x8) sendmsg$inet6(r0, &(0x7f0000000a00)={&(0x7f0000000400)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=[@dontfrag={{0x14}}, @hopopts={{0x18, 0x29, 0x3}}], 0x30}, 0x0) [ 454.779451][ C0] sd 0:0:1:0: [sg0] tag#389 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 454.790205][ C0] sd 0:0:1:0: [sg0] tag#389 CDB: Test Unit Ready [ 454.796874][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.806716][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.816530][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.826502][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.836330][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.846169][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.855982][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.865826][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.875719][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.887314][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.897139][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.906971][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 454.916808][ C0] sd 0:0:1:0: [sg0] tag#389 CDB[c0]: 00 00 00 00 00 00 00 00 [ 454.928219][T10510] sg_write: data in/out 775/1183 bytes for SCSI command 0x58-- guessing data in; [ 454.928219][T10510] program syz-executor.1 not setting count and/or reply_len properly 19:19:40 executing program 3: getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000880), &(0x7f00000008c0)=0x4) socket$inet_tcp(0x2, 0x1, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000180)) write$binfmt_misc(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="5300000044a6aeabc81e150600000000f64017db9820000000000000d403ffff633b27e59aa17cee8c705b6156d235085febacffc2632756b6f545cd2ef6a90e71eacb8df1d2c1249055b8682e34dd9d37590a3848499118c9aa66080228727544c62c3d77807e1b8f86746697f600"], 0x58) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clock_nanosleep(0x5, 0x0, &(0x7f0000000040), &(0x7f0000000140)) r3 = socket$inet_udp(0x2, 0x2, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x80000, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000040)="240000001e005f031400fffffffffff8070037b2b3448647a0e09658dc000208000800", 0x23) recvmmsg(r4, &(0x7f0000005180), 0x193, 0x40010042, 0x0) fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) setsockopt$inet_int(r3, 0x0, 0x6, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x7e) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f00000000c0)={0x1, 0x8}, 0x2) r6 = dup3(r1, r2, 0x0) dup2(r6, r5) [ 455.252888][T10519] not chained 270000 origins [ 455.257541][T10519] CPU: 0 PID: 10519 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 455.266289][T10519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.276353][T10519] Call Trace: [ 455.279669][T10519] dump_stack+0x1df/0x240 [ 455.284019][T10519] kmsan_internal_chain_origin+0x6f/0x130 [ 455.289763][T10519] ? is_module_text_address+0x4d/0x2a0 [ 455.295240][T10519] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 455.301078][T10519] ? __kernel_text_address+0x171/0x2d0 [ 455.306562][T10519] ? unwind_get_return_address+0x8c/0x130 [ 455.312297][T10519] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.318385][T10519] ? arch_stack_walk+0x2a2/0x3e0 [ 455.323346][T10519] ? stack_trace_save+0x1a0/0x1a0 [ 455.328397][T10519] ? kmsan_get_metadata+0x4f/0x180 [ 455.333528][T10519] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 455.339348][T10519] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 455.345432][T10519] ? stack_trace_save+0x123/0x1a0 [ 455.350477][T10519] ? kmsan_get_metadata+0x11d/0x180 [ 455.355694][T10519] __msan_chain_origin+0x50/0x90 [ 455.360652][T10519] rmd256_transform+0x4328/0x4440 [ 455.365750][T10519] rmd256_update+0x343/0x4f0 [ 455.370373][T10519] ? rmd256_init+0x260/0x260 [ 455.374979][T10519] crypto_shash_update+0x4e9/0x550 [ 455.380109][T10519] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 455.386299][T10519] ? crypto_hash_walk_first+0x1fd/0x360 [ 455.391864][T10519] ? kmsan_get_metadata+0x4f/0x180 [ 455.396998][T10519] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 455.402821][T10519] shash_async_update+0x113/0x1d0 [ 455.407872][T10519] ? shash_async_init+0x1e0/0x1e0 [ 455.412888][T10519] hash_sendpage+0x8ef/0xdf0 [ 455.417474][T10519] ? hash_recvmsg+0xd30/0xd30 [ 455.422139][T10519] sock_sendpage+0x1e1/0x2c0 [ 455.426727][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 455.431564][T10519] ? sock_fasync+0x250/0x250 [ 455.436152][T10519] __splice_from_pipe+0x565/0xf00 [ 455.441190][T10519] ? generic_splice_sendpage+0x2d0/0x2d0 [ 455.446826][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 455.452285][T10519] ? iter_file_splice_write+0x1800/0x1800 [ 455.457992][T10519] direct_splice_actor+0x1fd/0x580 [ 455.463095][T10519] ? kmsan_get_metadata+0x4f/0x180 [ 455.468232][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 455.473592][T10519] ? do_splice_direct+0x580/0x580 [ 455.478619][T10519] do_splice_direct+0x342/0x580 [ 455.483471][T10519] do_sendfile+0x101b/0x1d40 [ 455.488069][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 455.493168][T10519] ? kmsan_get_metadata+0x4f/0x180 [ 455.498269][T10519] __x64_sys_sendfile64+0x56/0x70 [ 455.503371][T10519] do_syscall_64+0xb0/0x150 [ 455.507866][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.513761][T10519] RIP: 0033:0x45c1d9 [ 455.517636][T10519] Code: Bad RIP value. [ 455.521687][T10519] RSP: 002b:00007fbad8eb4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 455.530081][T10519] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 455.538037][T10519] RDX: 0000000000000000 RSI: 000000000000000c RDI: 000000000000000b [ 455.545997][T10519] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 455.553953][T10519] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 455.561913][T10519] R13: 0000000000c9fb6f R14: 00007fbad8eb59c0 R15: 000000000078bfac [ 455.569878][T10519] Uninit was stored to memory at: [ 455.574981][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 455.580687][T10519] __msan_chain_origin+0x50/0x90 [ 455.585614][T10519] rmd256_transform+0x4328/0x4440 [ 455.590643][T10519] rmd256_update+0x343/0x4f0 [ 455.595220][T10519] crypto_shash_update+0x4e9/0x550 [ 455.600314][T10519] shash_async_update+0x113/0x1d0 [ 455.605322][T10519] hash_sendpage+0x8ef/0xdf0 [ 455.609899][T10519] sock_sendpage+0x1e1/0x2c0 [ 455.614474][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 455.619310][T10519] __splice_from_pipe+0x565/0xf00 [ 455.624320][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 455.629780][T10519] direct_splice_actor+0x1fd/0x580 [ 455.634880][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 455.640237][T10519] do_splice_direct+0x342/0x580 [ 455.645076][T10519] do_sendfile+0x101b/0x1d40 [ 455.649650][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 455.654744][T10519] __x64_sys_sendfile64+0x56/0x70 [ 455.659756][T10519] do_syscall_64+0xb0/0x150 [ 455.664246][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.670114][T10519] [ 455.672440][T10519] Uninit was stored to memory at: [ 455.677452][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 455.683156][T10519] __msan_chain_origin+0x50/0x90 [ 455.688083][T10519] rmd256_transform+0x4328/0x4440 [ 455.693120][T10519] rmd256_update+0x343/0x4f0 [ 455.697706][T10519] crypto_shash_update+0x4e9/0x550 [ 455.702815][T10519] shash_async_update+0x113/0x1d0 [ 455.707828][T10519] hash_sendpage+0x8ef/0xdf0 [ 455.712405][T10519] sock_sendpage+0x1e1/0x2c0 [ 455.716979][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 455.721813][T10519] __splice_from_pipe+0x565/0xf00 [ 455.726825][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 455.732267][T10519] direct_splice_actor+0x1fd/0x580 [ 455.737365][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 455.742722][T10519] do_splice_direct+0x342/0x580 [ 455.747557][T10519] do_sendfile+0x101b/0x1d40 [ 455.752132][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 455.757226][T10519] __x64_sys_sendfile64+0x56/0x70 [ 455.762237][T10519] do_syscall_64+0xb0/0x150 [ 455.766735][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.772602][T10519] [ 455.775011][T10519] Uninit was stored to memory at: [ 455.780024][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 455.785742][T10519] __msan_chain_origin+0x50/0x90 [ 455.790668][T10519] rmd256_transform+0x4328/0x4440 [ 455.795692][T10519] rmd256_update+0x343/0x4f0 [ 455.800267][T10519] crypto_shash_update+0x4e9/0x550 [ 455.805363][T10519] shash_async_update+0x113/0x1d0 [ 455.810373][T10519] hash_sendpage+0x8ef/0xdf0 [ 455.814967][T10519] sock_sendpage+0x1e1/0x2c0 [ 455.819560][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 455.824398][T10519] __splice_from_pipe+0x565/0xf00 [ 455.829410][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 455.834856][T10519] direct_splice_actor+0x1fd/0x580 [ 455.839952][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 455.845310][T10519] do_splice_direct+0x342/0x580 [ 455.850171][T10519] do_sendfile+0x101b/0x1d40 [ 455.854743][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 455.859839][T10519] __x64_sys_sendfile64+0x56/0x70 [ 455.864851][T10519] do_syscall_64+0xb0/0x150 [ 455.869339][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.875207][T10519] [ 455.877535][T10519] Uninit was stored to memory at: [ 455.882550][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 455.888256][T10519] __msan_chain_origin+0x50/0x90 [ 455.893185][T10519] rmd256_transform+0x4328/0x4440 [ 455.898196][T10519] rmd256_update+0x343/0x4f0 [ 455.902791][T10519] crypto_shash_update+0x4e9/0x550 [ 455.907892][T10519] shash_async_update+0x113/0x1d0 [ 455.912902][T10519] hash_sendpage+0x8ef/0xdf0 [ 455.917481][T10519] sock_sendpage+0x1e1/0x2c0 [ 455.922058][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 455.926899][T10519] __splice_from_pipe+0x565/0xf00 [ 455.936860][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 455.942305][T10519] direct_splice_actor+0x1fd/0x580 [ 455.947525][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 455.952890][T10519] do_splice_direct+0x342/0x580 [ 455.957731][T10519] do_sendfile+0x101b/0x1d40 [ 455.962321][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 455.967416][T10519] __x64_sys_sendfile64+0x56/0x70 [ 455.972428][T10519] do_syscall_64+0xb0/0x150 [ 455.976948][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 455.982821][T10519] [ 455.985134][T10519] Uninit was stored to memory at: [ 455.990147][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 455.995853][T10519] __msan_chain_origin+0x50/0x90 [ 456.000778][T10519] rmd256_transform+0x4328/0x4440 [ 456.005794][T10519] rmd256_update+0x343/0x4f0 [ 456.010367][T10519] crypto_shash_update+0x4e9/0x550 [ 456.015462][T10519] shash_async_update+0x113/0x1d0 [ 456.020504][T10519] hash_sendpage+0x8ef/0xdf0 [ 456.025080][T10519] sock_sendpage+0x1e1/0x2c0 [ 456.029657][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 456.034493][T10519] __splice_from_pipe+0x565/0xf00 [ 456.039502][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 456.044948][T10519] direct_splice_actor+0x1fd/0x580 [ 456.050050][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 456.055405][T10519] do_splice_direct+0x342/0x580 [ 456.060242][T10519] do_sendfile+0x101b/0x1d40 [ 456.064830][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 456.069947][T10519] __x64_sys_sendfile64+0x56/0x70 [ 456.074962][T10519] do_syscall_64+0xb0/0x150 [ 456.079456][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 456.085325][T10519] [ 456.087635][T10519] Uninit was stored to memory at: [ 456.092647][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 456.098352][T10519] __msan_chain_origin+0x50/0x90 [ 456.103277][T10519] rmd256_transform+0x4328/0x4440 [ 456.108286][T10519] rmd256_update+0x227/0x4f0 [ 456.112883][T10519] crypto_shash_update+0x4e9/0x550 [ 456.117984][T10519] shash_async_update+0x113/0x1d0 [ 456.123165][T10519] hash_sendpage+0x8ef/0xdf0 [ 456.127741][T10519] sock_sendpage+0x1e1/0x2c0 [ 456.132316][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 456.137153][T10519] __splice_from_pipe+0x565/0xf00 [ 456.142161][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 456.147604][T10519] direct_splice_actor+0x1fd/0x580 [ 456.152702][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 456.158059][T10519] do_splice_direct+0x342/0x580 [ 456.162894][T10519] do_sendfile+0x101b/0x1d40 [ 456.167478][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 456.172573][T10519] __x64_sys_sendfile64+0x56/0x70 [ 456.177607][T10519] do_syscall_64+0xb0/0x150 [ 456.182100][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 456.187971][T10519] [ 456.190280][T10519] Uninit was stored to memory at: [ 456.195297][T10519] kmsan_internal_chain_origin+0xad/0x130 [ 456.201003][T10519] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 456.206966][T10519] kmsan_memcpy_metadata+0xb/0x10 [ 456.211978][T10519] __msan_memcpy+0x43/0x50 [ 456.216379][T10519] rmd256_update+0x1fc/0x4f0 [ 456.220960][T10519] crypto_shash_update+0x4e9/0x550 [ 456.226053][T10519] shash_async_update+0x113/0x1d0 [ 456.231060][T10519] hash_sendpage+0x8ef/0xdf0 [ 456.235637][T10519] sock_sendpage+0x1e1/0x2c0 [ 456.240212][T10519] pipe_to_sendpage+0x38c/0x4c0 [ 456.245051][T10519] __splice_from_pipe+0x565/0xf00 [ 456.250062][T10519] generic_splice_sendpage+0x1d5/0x2d0 [ 456.255507][T10519] direct_splice_actor+0x1fd/0x580 [ 456.260601][T10519] splice_direct_to_actor+0x6b2/0xf50 [ 456.265965][T10519] do_splice_direct+0x342/0x580 [ 456.270802][T10519] do_sendfile+0x101b/0x1d40 [ 456.275375][T10519] __se_sys_sendfile64+0x2bb/0x360 [ 456.280469][T10519] __x64_sys_sendfile64+0x56/0x70 [ 456.285499][T10519] do_syscall_64+0xb0/0x150 [ 456.289990][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 456.295858][T10519] [ 456.298167][T10519] Uninit was created at: [ 456.302395][T10519] kmsan_save_stack_with_flags+0x3c/0x90 [ 456.308012][T10519] kmsan_alloc_page+0xb9/0x180 [ 456.312757][T10519] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 456.318286][T10519] alloc_pages_current+0x672/0x990 [ 456.323380][T10519] push_pipe+0x605/0xb70 [ 456.327604][T10519] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 456.333306][T10519] do_splice_to+0x4fc/0x14f0 [ 456.337880][T10519] splice_direct_to_actor+0x45c/0xf50 [ 456.343238][T10519] do_splice_direct+0x342/0x580 [ 456.348073][T10519] do_sendfile+0x101b/0x1d40 [ 456.352648][T10519] __se_sys_sendfile64+0x2bb/0x360 19:19:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000680)="945d3e2b2181049ee86dc947e0ae28a37743f33e39212923a0dba54a3928f0b7198f0753a706b4f63ac28ab0234367789421c7cd1527007608c26cbab494018d1519f1fe047ab6b163610e2f685e0f86b471a4c2cf086c8798d256b6021013a78bd7a5d7e58a6fe50e424a560f4d8ae807d1716cd90ec4c17ddd80144332882e9852b25fb62c35ca3aa47a0eda1d28d600d90208a7934c7571e92836be0e8a785a15ddeb55fd0fd7290a17ae55bfed1f583359e9f2664a1ed630f5c3ad8139dc8fecfa42509437b70cbe0db8bf303d375aa9787bbf89a23347a1fef4c434b1300eee881b95ba9f48a91449", 0x118, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={0x0, r1}, &(0x7f00000000c0)=""/83, 0xffffffffffffffc9, 0x0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000002c0)="f5", 0x1, 0xfffffffffffffffe) keyctl$update(0x2, r2, &(0x7f0000000480)="601dda7b69c02ca563f77f2c3cf38e55bed3cd14dc9d229490a67986cb67c903ef152e2cb38ea7c084b9d949b5c0ed6ceaf2bc41f1a8cf46826aaf9e876cd44e09f0a320591f61f4a8716946e5ab9aa31e106f7058a50ac4b24aa9030000004bc0566e2be1998170dc11fa3ec487d9da26fd71eb7e9c81265532b1da1ad697e9957febeb961b895eb871cb0c0b4d124a365312d3a9d51e5004475916960300ff4fe52728b55129a53623", 0xaa) r3 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000680)="945d3e2b2181049ee86dc947e0ae28a37743f33e39212923a0dba54a3928f0b7198f0753a706b4f63ac28ab0234367789421c7cd1527007608c26cbab494018d1519f1fe047ab6b163610e2f685e0f86b471a4c2cf086c8798d256b6021013a78bd7a5d7e58a6fe50e424a560f4d8ae807d1716cd90ec4c17ddd80144332882e9852b25fb62c35ca3aa47a0eda1d28d600d90208a7934c7571e92836be0e8a785a15ddeb55fd0fd7290a17ae55bfed1f583359e9f2664a1ed630f5c3ad8139dc8fecfa42509437b70cbe0db8bf303d375aa9787bbf89a23347a1fef4c434b1300eee881b95ba9f48a91449", 0x118, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xffffffffffffffc9, 0x0) keyctl$dh_compute(0x17, &(0x7f00000000c0)={0x0, 0x0, r2}, &(0x7f00000001c0)=""/76, 0x4c, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x1100000000000000, 0x1100, 0xaa, 0x80fe}, 0x80, 0x0}, 0x0) r4 = gettid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000040)=r4) r7 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_ifreq(r7, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', @ifru_flags=0x2}) [ 456.357745][T10519] __x64_sys_sendfile64+0x56/0x70 [ 456.362771][T10519] do_syscall_64+0xb0/0x150 [ 456.367266][T10519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:42 executing program 3: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x1, 0x0) syz_open_dev$radio(0x0, 0x3, 0x2) semop(0x0, &(0x7f0000000080)=[{0x0, 0xfffb}], 0x1) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$FIONCLEX(r3, 0x5450) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r4 = accept4(r1, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r4, r5, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) write$RDMA_USER_CM_CMD_DISCONNECT(r5, &(0x7f00000000c0)={0xa, 0x4}, 0xc) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x14f) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)=':(]-\\*-(*/{)\x00') 19:19:42 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0xc, 0x1, 0x2, {0xcacd, 0xf3bb, 0xfffffffd}}) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 457.078192][T10538] not chained 280000 origins [ 457.082832][T10538] CPU: 1 PID: 10538 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 457.091502][T10538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.101560][T10538] Call Trace: [ 457.104866][T10538] dump_stack+0x1df/0x240 [ 457.109207][T10538] ? kmsan_get_metadata+0x11d/0x180 [ 457.114422][T10538] kmsan_internal_chain_origin+0x6f/0x130 [ 457.120273][T10538] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 457.126357][T10538] ? idle_cpu+0x9a/0x1d0 [ 457.130612][T10538] ? __msan_get_context_state+0x9/0x20 [ 457.136347][T10538] ? idtentry_exit_cond_rcu+0x12/0x50 [ 457.142100][T10538] ? sysvec_apic_timer_interrupt+0x11e/0x130 [ 457.148102][T10538] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 457.154278][T10538] ? stack_trace_save+0x1a0/0x1a0 [ 457.159317][T10538] ? kmsan_get_metadata+0x24/0x180 [ 457.164437][T10538] ? kmsan_get_metadata+0x4f/0x180 [ 457.169562][T10538] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 457.175419][T10538] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 457.181497][T10538] ? stack_trace_save+0x123/0x1a0 [ 457.186534][T10538] ? kmsan_get_metadata+0x11d/0x180 [ 457.191743][T10538] __msan_chain_origin+0x50/0x90 [ 457.196698][T10538] rmd256_transform+0x4328/0x4440 [ 457.201788][T10538] rmd256_update+0x343/0x4f0 [ 457.206405][T10538] ? rmd256_init+0x260/0x260 [ 457.211007][T10538] crypto_shash_update+0x4e9/0x550 [ 457.216145][T10538] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 457.222333][T10538] ? crypto_hash_walk_first+0x1fd/0x360 [ 457.227898][T10538] ? kmsan_get_metadata+0x4f/0x180 [ 457.233029][T10538] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 457.238855][T10538] shash_async_update+0x113/0x1d0 [ 457.243900][T10538] ? shash_async_init+0x1e0/0x1e0 [ 457.248941][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.253559][T10538] ? hash_recvmsg+0xd30/0xd30 [ 457.258260][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.263141][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.268003][T10538] ? sock_fasync+0x250/0x250 [ 457.272619][T10538] __splice_from_pipe+0x565/0xf00 [ 457.277663][T10538] ? generic_splice_sendpage+0x2d0/0x2d0 [ 457.283331][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.288815][T10538] ? iter_file_splice_write+0x1800/0x1800 [ 457.294551][T10538] direct_splice_actor+0x1fd/0x580 [ 457.299686][T10538] ? kmsan_get_metadata+0x4f/0x180 [ 457.304822][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.310210][T10538] ? do_splice_direct+0x580/0x580 [ 457.315263][T10538] do_splice_direct+0x342/0x580 [ 457.320145][T10538] do_sendfile+0x101b/0x1d40 [ 457.324753][T10538] ? kmsan_get_metadata+0x11d/0x180 [ 457.329986][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 457.335114][T10538] ? kmsan_get_metadata+0x4f/0x180 [ 457.340249][T10538] __x64_sys_sendfile64+0x56/0x70 [ 457.345290][T10538] do_syscall_64+0xb0/0x150 [ 457.349809][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.355710][T10538] RIP: 0033:0x45c1d9 [ 457.359603][T10538] Code: Bad RIP value. [ 457.363673][T10538] RSP: 002b:00007f826b9e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 457.372092][T10538] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 457.380076][T10538] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 457.388096][T10538] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 457.396083][T10538] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 457.404068][T10538] R13: 0000000000c9fb6f R14: 00007f826b9e29c0 R15: 000000000078bfac [ 457.412085][T10538] Uninit was stored to memory at: [ 457.417130][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 457.422856][T10538] __msan_chain_origin+0x50/0x90 [ 457.427808][T10538] rmd256_transform+0x4328/0x4440 [ 457.432846][T10538] rmd256_update+0x343/0x4f0 [ 457.437441][T10538] crypto_shash_update+0x4e9/0x550 [ 457.442560][T10538] shash_async_update+0x113/0x1d0 [ 457.447590][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.452192][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.456788][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.461732][T10538] __splice_from_pipe+0x565/0xf00 [ 457.466767][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.472232][T10538] direct_splice_actor+0x1fd/0x580 [ 457.477353][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.482737][T10538] do_splice_direct+0x342/0x580 [ 457.487592][T10538] do_sendfile+0x101b/0x1d40 [ 457.494016][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 457.499140][T10538] __x64_sys_sendfile64+0x56/0x70 [ 457.504257][T10538] do_syscall_64+0xb0/0x150 [ 457.508772][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.514658][T10538] [ 457.516977][T10538] Uninit was stored to memory at: [ 457.522005][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 457.527731][T10538] __msan_chain_origin+0x50/0x90 [ 457.532679][T10538] rmd256_transform+0x4328/0x4440 [ 457.537697][T10538] rmd256_update+0x343/0x4f0 [ 457.542275][T10538] crypto_shash_update+0x4e9/0x550 [ 457.547369][T10538] shash_async_update+0x113/0x1d0 [ 457.552376][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.556955][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.561531][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.566366][T10538] __splice_from_pipe+0x565/0xf00 [ 457.571388][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.576852][T10538] direct_splice_actor+0x1fd/0x580 [ 457.581946][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.587307][T10538] do_splice_direct+0x342/0x580 [ 457.592147][T10538] do_sendfile+0x101b/0x1d40 [ 457.596721][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 457.601814][T10538] __x64_sys_sendfile64+0x56/0x70 [ 457.606825][T10538] do_syscall_64+0xb0/0x150 [ 457.611319][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.617190][T10538] [ 457.619502][T10538] Uninit was stored to memory at: [ 457.624513][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 457.630217][T10538] __msan_chain_origin+0x50/0x90 [ 457.635145][T10538] rmd256_transform+0x4328/0x4440 [ 457.640156][T10538] rmd256_update+0x343/0x4f0 [ 457.644736][T10538] crypto_shash_update+0x4e9/0x550 [ 457.649831][T10538] shash_async_update+0x113/0x1d0 [ 457.655113][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.660041][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.665657][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.670512][T10538] __splice_from_pipe+0x565/0xf00 [ 457.675542][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.681061][T10538] direct_splice_actor+0x1fd/0x580 [ 457.686292][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.691669][T10538] do_splice_direct+0x342/0x580 [ 457.696508][T10538] do_sendfile+0x101b/0x1d40 [ 457.701081][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 457.706177][T10538] __x64_sys_sendfile64+0x56/0x70 [ 457.711211][T10538] do_syscall_64+0xb0/0x150 [ 457.715733][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.721603][T10538] [ 457.723912][T10538] Uninit was stored to memory at: [ 457.728922][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 457.734625][T10538] __msan_chain_origin+0x50/0x90 [ 457.739553][T10538] rmd256_transform+0x4328/0x4440 [ 457.744564][T10538] rmd256_update+0x343/0x4f0 [ 457.749142][T10538] crypto_shash_update+0x4e9/0x550 [ 457.754240][T10538] shash_async_update+0x113/0x1d0 [ 457.759250][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.763837][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.768415][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.773251][T10538] __splice_from_pipe+0x565/0xf00 [ 457.778263][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.783708][T10538] direct_splice_actor+0x1fd/0x580 [ 457.788808][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.794169][T10538] do_splice_direct+0x342/0x580 [ 457.799004][T10538] do_sendfile+0x101b/0x1d40 [ 457.803579][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 457.808678][T10538] __x64_sys_sendfile64+0x56/0x70 [ 457.813690][T10538] do_syscall_64+0xb0/0x150 [ 457.818181][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.824053][T10538] [ 457.826367][T10538] Uninit was stored to memory at: [ 457.831383][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 457.837088][T10538] __msan_chain_origin+0x50/0x90 [ 457.842031][T10538] rmd256_transform+0x4328/0x4440 [ 457.847044][T10538] rmd256_update+0x343/0x4f0 [ 457.851618][T10538] crypto_shash_update+0x4e9/0x550 [ 457.856716][T10538] shash_async_update+0x113/0x1d0 [ 457.861726][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.866301][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.870881][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.875717][T10538] __splice_from_pipe+0x565/0xf00 [ 457.880726][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.886168][T10538] direct_splice_actor+0x1fd/0x580 [ 457.891266][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.896622][T10538] do_splice_direct+0x342/0x580 [ 457.901475][T10538] do_sendfile+0x101b/0x1d40 [ 457.906052][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 457.911150][T10538] __x64_sys_sendfile64+0x56/0x70 [ 457.916161][T10538] do_syscall_64+0xb0/0x150 [ 457.920650][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.926519][T10538] [ 457.928829][T10538] Uninit was stored to memory at: [ 457.933847][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 457.939550][T10538] __msan_chain_origin+0x50/0x90 [ 457.944503][T10538] rmd256_transform+0x4328/0x4440 [ 457.949515][T10538] rmd256_update+0x227/0x4f0 [ 457.954089][T10538] crypto_shash_update+0x4e9/0x550 [ 457.959187][T10538] shash_async_update+0x113/0x1d0 [ 457.964291][T10538] hash_sendpage+0x8ef/0xdf0 [ 457.968870][T10538] sock_sendpage+0x1e1/0x2c0 [ 457.973451][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 457.978287][T10538] __splice_from_pipe+0x565/0xf00 [ 457.983300][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 457.988746][T10538] direct_splice_actor+0x1fd/0x580 [ 457.993844][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 457.999202][T10538] do_splice_direct+0x342/0x580 [ 458.004036][T10538] do_sendfile+0x101b/0x1d40 [ 458.008612][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 458.013709][T10538] __x64_sys_sendfile64+0x56/0x70 [ 458.018718][T10538] do_syscall_64+0xb0/0x150 [ 458.023209][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 458.029086][T10538] [ 458.031407][T10538] Uninit was stored to memory at: [ 458.036418][T10538] kmsan_internal_chain_origin+0xad/0x130 [ 458.042123][T10538] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 458.048086][T10538] kmsan_memcpy_metadata+0xb/0x10 [ 458.053111][T10538] __msan_memcpy+0x43/0x50 [ 458.057515][T10538] rmd256_update+0x1fc/0x4f0 [ 458.062087][T10538] crypto_shash_update+0x4e9/0x550 [ 458.067182][T10538] shash_async_update+0x113/0x1d0 [ 458.072192][T10538] hash_sendpage+0x8ef/0xdf0 [ 458.076788][T10538] sock_sendpage+0x1e1/0x2c0 [ 458.081389][T10538] pipe_to_sendpage+0x38c/0x4c0 [ 458.086229][T10538] __splice_from_pipe+0x565/0xf00 [ 458.091240][T10538] generic_splice_sendpage+0x1d5/0x2d0 [ 458.096683][T10538] direct_splice_actor+0x1fd/0x580 [ 458.101780][T10538] splice_direct_to_actor+0x6b2/0xf50 [ 458.107138][T10538] do_splice_direct+0x342/0x580 [ 458.111975][T10538] do_sendfile+0x101b/0x1d40 [ 458.116548][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 458.121671][T10538] __x64_sys_sendfile64+0x56/0x70 [ 458.126682][T10538] do_syscall_64+0xb0/0x150 [ 458.131172][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 458.137039][T10538] [ 458.139350][T10538] Uninit was created at: [ 458.143580][T10538] kmsan_save_stack_with_flags+0x3c/0x90 [ 458.149203][T10538] kmsan_alloc_page+0xb9/0x180 [ 458.153970][T10538] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 458.159501][T10538] alloc_pages_current+0x672/0x990 [ 458.164602][T10538] push_pipe+0x605/0xb70 [ 458.168830][T10538] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 458.174539][T10538] do_splice_to+0x4fc/0x14f0 [ 458.179117][T10538] splice_direct_to_actor+0x45c/0xf50 [ 458.184477][T10538] do_splice_direct+0x342/0x580 [ 458.189328][T10538] do_sendfile+0x101b/0x1d40 [ 458.193902][T10538] __se_sys_sendfile64+0x2bb/0x360 [ 458.198997][T10538] __x64_sys_sendfile64+0x56/0x70 [ 458.204009][T10538] do_syscall_64+0xb0/0x150 [ 458.208500][T10538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:43 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:44 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000a00071010000700feffffff0800000000000000", 0x24) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000400)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108) syz_emit_ethernet(0x1e, &(0x7f0000000000)={@link_local={0x3}, @local, @void, {@can={0xc, {{0x2, 0x1, 0x0, 0x1}, 0x8, 0x3, 0x0, 0x0, "f8b19dba442781fb"}}}}, 0x0) prctl$PR_SET_ENDIAN(0x14, 0x1) 19:19:44 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={'\x00', 0x6}) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r2, &(0x7f0000000d40)=ANY=[@ANYBLOB="5300000044a6aeabae1e1520000000000000000000fff64017db9820000000000000d403"], 0x14f) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003bc0)=[{0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x1}, {&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000780)="46f3816fed8dddf664a5a91ca1abfa98306266b0cd472e05942159c1bd0dbcc33a59264b5eac47c05d6f8232986dddcafefd0efebc86cf30f62574aadcdfe5e2c9d32e22e20eb81ceb010a9e7e987293c4fba2", 0x53}, {0x0}], 0x3, 0x0, 0x0, 0x4000480}, {&(0x7f00000013c0)=@abs={0x1}, 0x6e, &(0x7f0000001440)=[{&(0x7f0000002880)}, {0x0}, {&(0x7f00000040c0)="a1373357ae6bf775e6cacf5fed7208f84c7cc1d3864367ed804be28804824efb380395c75ec6fcd41e3121d844e0be0aec150cff2c05ccc26e7f49748c45eb64e61cfb864c37ff89cedde458fd6289e10ba6380a362e1516f9c3ed428eef566344e64d68c826ba1c791a1bdc1c4abd7758cae873b6c4f9bb1cc483c3e275443af9ef5dacd7e94b036bd741a118d37e274dc28fb816d42bc41d4d3427ecc29ef2fff83ba883a1c1ae51a52c29f5630d1ed8c705f2d50e148d7f0f2ab2885ed5caf1c2ddf62e08a4e1844999f2f7e8d5fbb73304ea5c38489f74d8f957b4f9d83e3cc169f914a2f4a4ae2a24a96bc57420b9ae5aec695f52078ae3ce6c4467eb0d3a57b7207cc1419e6af0b5cbe9c691e7ff3234cfb33a9063cb20b70ff1f78fc2b66c43e1621ac420dbeca42977c7568d8f27b1a5db53ad849350d0f83116a4ace6f382faf3020e26e03200a9c1b2b910c8822be4462da68c1ec209e60fb3be5929c86e945dea38541999775d9706bab9badeb1de1649f11e57a795d2e5fe02f5228dd9a130943d48bb665ab24296e226a7f94cff85a9dba78297d77d13f10d148886fae9e5ce245a296bfbdd49625eb90a0d232c107139a08eacfbc34868d5aa176ab2265c1b591c3cf2bdd6834d6aa78c7b24b8ab197b1ac8d2e6001d80151d71897857041a74cbfbce0360ecb834db061b9a127f7484762842e1c02fc65f66fa5bbe68a94eaaee051881c4c44260275123cc46d072fc77f3ed96233e86fd9742e6ba37f4d5a300c06810ff96f681baac49afb119c79e3edf60122e6f0d8c6476cf4ce21621428e67513d81fadda7ad43339a43b6c3ad3f9bc06b96d8a49c5a47fbd9da503da28d56ed21f75918ac0bd5eb9cf4d8c4d8b99ffc217ce0e502f3bd50a60fa4131e1050787fdab3a308ee0a2e8c06a6fc57acc704dae7f82dfac943a38099368433a98566efd5df9dd218bac1913017fae41e1d16ae8acda0c6a2a05776eb52cb8eb3bba989170d05e02e7500dd69ea55d776e1bfb59f4cc8886496ea28fca1f71ce6f10a74ffd49ba763df01428f2c30de91182ff5f0238bab33d3417ca80117770481ad6bd7243ce4372eff4d9476bddb2afd2fcb09229a0c51e92f1afa4f745381c08ddf8d0c1381b4cb47d0176f3c7418d8b9c0c4f86e34bd7b1542c4530d6c4c68030a7df4e42d4513d0bbb5426828cc7236be82e8e5eae204fa541604f7621830518c555d698b9c8d7cca8d14e1a06ead0dfd13efe9db637819ccff0f9de5b4a6442599433673921a6ff582635297b1612071b0f0574fefe18c298009b42337dec8ae9c99b23ec34b6e88c7c6dd10516c8e4dff889ef6fce12856ee1b504efeb795734590885a818152358d3544e9e65a507c6e1610fb02bb4ea20efd289d92dc3c72f7362eee305de3e9aea67d9e9e7ec98787f1e1af30ead9eb285d508a07fd130d3f538145b541f76d8d193bb806b17c70b440f9e7fca1e125a9afd0da181cbb054f578d4199cd0ee7c513cb8e1c53a78efc0d2230f33e439ed531e4076fe7dc1aac7c2d4a3bd91527c239d784948f4ac43943544b28a1d1396403ed572de4f4fb82c4490c3c05d1412488016f5605c675cbdb5a01ce8348b3be62b8e161d7bd0c930a70a387ac27cae5c7addcc414b87395a6d09ae96166510ca3a5e0ff039ea26b8e970593237ccfdf43b6f4bef8495e8640360d85be2549d804696a673e8d86a61834a9cce87d1d2fb3f309eefbd911532b937b17d12861d9a054553a5eda2a2f121eff06314855480b54d46596b7236b2531f831d4de7c1f32d92723056e9e6725c3f96af27b0a0222426ea71eab9ddadf1924e60cb7e3bf59a8ee73af3a947eb920275cfd7f4a10fe8746bcd8d25a5117e0f2d883f60b89bc30b18026c7a76297b58510f581d2ca061075209fddcc3e3828611d7c56be29dab1dc0542fb22e976288b7927ee66b022de17545db0fd1d1cd19af66b20cb9198dc822fe3e45381de5d0fcc15546023fad7d1ba1a978105023e2e1f9defec1ef233fa45c81f366779d415aeba1c1c9375cc725335c2208b50787a0a8d7793d4d7a5ce2510849ebcefccd39b0288b25dbaa5d717743ca1758ff39821e6b47d2dcc99a8b032207255899f259586c7aac52c3705b65acf8b1b87620ee1925ac85efd2e8bb32d4453bd1d63f443a05ca542fd432a93b2526e27051bc0da92486a26537140263d91f12e62399ba63842441804438e49c42ca8aa8fb523e3ab9f8e47399c1923f84aca918006104fbb6ca4b1065bcf3049ae4e984447e66feae0a92f1b90177233ad1c1fc07edda214e9e3d76492b78d81b3af63e25e252d5a4c981680fcf7330f63ff55ab5e6a680553e5df5c27f8d5d772e161a30f504d10b32a91070247b8963543fe324c7a0835c4b125f676c8898f8d597abbc5fcb780f3811f80ccfa57473045e5d45db480dbcf9b1bd646fcd4eb854f7a17f09a56e3b64715159b06aed581cfabe6337b4449b09a44daa85ebc68a5b61925248887fcd8d34e6b0d360954fd3a19b38cf5315d62390c15f1ed83fc8cca94f42ae9b269e934aaab67aa692138f9865caee8a858b0771e1a5d5f3b004ee51dc2dd506dce9a1ce56c597dec23ef5cbbc98ebb542b00e7999c0d02b0da1cb6efc27838e42e388cd68a2e7ed49ee815735c3eb1d8ebf5e3cc718a38361ed187fc39e464ea5af8a93c80530666c81531698409bb22ada45d979dc7b9cf066ab417359d36ee5e10dda20f0ea71f9c7ed47817282046cfe27e30a17d22e79563737c27936af65ef3ed8cd6d27c0a85b276d0a3473e23a6e6a3a3fe98215707454e62b66f5420a0a76134f75876dfb83f062ed826bdb0ab43d942ede65521455787d2ea1452183435cf8d78d5", 0x806}], 0x3, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000080091ec6d07c0002000100000001000200eaf7b32c81b72dd6b6c5a858bdef204d10887f3f66e01a627978f52bd6ff36dc738e3b8d5d229b39f20effe7e79663dfb23bb2d49b44c76fd88150de624f6bda6a043541bb9832efa680e902a61ddaa68054bba940ae29eb11c1499e0e7441f4b1cdbb467feeca2f85d69d", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="d27743dfdea37c39cbe171ac9c3fdff20bdeb4d36b"], 0x78}], 0x3, 0x0) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000001040)={0xa0, 0x19, 0x2, {0x801, {0x50, 0x3, 0x1}, 0x90, 0x0, 0x0, 0x9, 0x0, 0xadb, 0x6, 0x9, 0x6a22, 0x0, 0x8, 0x0, 0x4, 0xffffffff, 0x6, 0xfff}}, 0xa0) dup(0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/256, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)={0x1, 0x0, [{0x0, 0x0, 0x0}]}) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000040)={0x0, r1}) r3 = dup3(r0, r1, 0x0) ioctl$VHOST_NET_SET_BACKEND(r3, 0xaf02, 0x0) [ 459.278812][ C1] sd 0:0:1:0: [sg0] tag#391 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 459.289578][ C1] sd 0:0:1:0: [sg0] tag#391 CDB: Test Unit Ready [ 459.296252][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.306000][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.315748][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.325466][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.335215][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.344970][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.354712][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.364437][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.374415][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.384164][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.393900][ C1] sd 0:0:1:0: [sg0] tag#391 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.594995][ C0] sd 0:0:1:0: [sg0] tag#392 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 459.605629][ C0] sd 0:0:1:0: [sg0] tag#392 CDB: Test Unit Ready [ 459.612181][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.622002][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.631832][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.641616][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.651393][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.661178][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.671095][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.680928][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.690758][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.700596][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 459.710434][ C0] sd 0:0:1:0: [sg0] tag#392 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19:19:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) timer_gettime(0x0, &(0x7f0000000040)) clock_gettime(0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @dev}}}, 0x48) 19:19:48 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r5, r6, 0x0, 0x1000007ffff000) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:48 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x12, r0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$USBDEVFS_SETCONFIGURATION(r3, 0x80045505, &(0x7f0000000000)=0x10000) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x1ff0000000000000) personality(0x4000000) ppoll(0x0, 0x0, &(0x7f0000000040), &(0x7f00000001c0), 0x8) rt_sigprocmask(0x1, &(0x7f00000000c0)={[0x8]}, &(0x7f0000000100), 0x8) 19:19:48 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1=0xe0000306, @dev, @multicast1}, 0xc) sendmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb92e0a480e000d000000e8bd6efb250309000e000100240248ff050005001201", 0x2e}], 0x1}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r2, r3, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$DRM_IOCTL_MODESET_CTL(r3, 0x40086408, &(0x7f0000000040)={0x0, 0xa0c}) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x32b, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb92e0a480e000d00000009000e00390340d5ae7d0200ff050005", 0x2e}], 0x1}, 0x80) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40081) r6 = accept4(r5, 0x0, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp\x00') sendfile(r6, r7, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f00000000c0)) 19:19:48 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, 0x0, 0x1000007ffff000) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000040)={0x8778, 0x200, 0x6, 0x400, 0x10, "a1970c9f984858c8"}) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x10001) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xfd}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0) close(r7) socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r5, 0x0, r7, 0x0, 0x4ffe0, 0x0) 19:19:48 executing program 5: r0 = geteuid() fstat(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000000000)='./file0\x00', r0, r1) r2 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r2, 0x8983, &(0x7f00000000c0)={0x8, 'virt_wifi0\x00', {'batadv_slave_0\x00'}, 0x5}) r3 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @multicast2}, {0x1, @remote}, 0x0, {0x2, 0x4e23, @local}, 'ipvlan0\x00'}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/slabinfo\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r4, 0x4008af13, &(0x7f00000001c0)={0x3, 0x472}) r5 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x40000000000, 0x462080) ioctl$EVIOCGEFFECTS(r5, 0x80044584, &(0x7f0000000240)=""/4096) fanotify_init(0x2, 0x8000) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001240)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000001280)={0x6, 0x2, 0x8009, 0x956, 0x0, 0x3ff500db, 0x5, 0x0, 0x0}, &(0x7f00000012c0)=0x20) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000001300)=@assoc_value={r7, 0x5}, &(0x7f0000001340)=0x8) r9 = dup2(0xffffffffffffffff, r4) ioctl$DRM_IOCTL_MODE_CURSOR(r9, 0xc01c64a3, &(0x7f0000001380)={0x5, 0x2, 0x80000001, 0xffffffff, 0x40, 0x7fff}) setxattr$trusted_overlay_redirect(&(0x7f00000013c0)='./file0\x00', &(0x7f0000001400)='trusted.overlay.redirect\x00', &(0x7f0000001440)='./file0\x00', 0x8, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001540)={&(0x7f00000014c0)={0x6c, 0x1, 0x4, 0x101, 0x0, 0x0, {0xc, 0x0, 0x1}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x4}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x3}, @NFULA_CFG_MODE={0xa, 0x2, {0x6, 0x2}}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x38}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x7}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x7}, @NFULA_CFG_MODE={0xa, 0x2, {0x5, 0x1}}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000004}, 0x44000) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000015c0)={r8, 0x74, "c0a14a45cf648aeb1f032f7d01a7ee3c60da407b9dbad3082111a8966bf787c03d4a8dc6947e4b6fe5425c5c3fc3f2eb10ce969208a894963a0a69a8054e97fb51c3c26766003a291d213fc72894cdc2da74611f45015e70b3ceb70a6bf5ff469e72f4ddb71904ae4b53d31a0c43abde0d530fb1"}, &(0x7f0000001640)=0x7c) [ 462.786079][T10586] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.794211][T10586] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.802316][T10586] device bridge0 entered promiscuous mode [ 462.871327][T10597] not chained 290000 origins [ 462.875970][T10597] CPU: 1 PID: 10597 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 462.884647][T10597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.894714][T10597] Call Trace: [ 462.898038][T10597] dump_stack+0x1df/0x240 [ 462.902390][T10597] kmsan_internal_chain_origin+0x6f/0x130 [ 462.908138][T10597] ? is_module_text_address+0x4d/0x2a0 [ 462.913619][T10597] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 462.919446][T10597] ? __kernel_text_address+0x171/0x2d0 [ 462.924924][T10597] ? unwind_get_return_address+0x8c/0x130 [ 462.930662][T10597] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 462.936739][T10597] ? arch_stack_walk+0x2a2/0x3e0 [ 462.941694][T10597] ? stack_trace_save+0x1a0/0x1a0 [ 462.946734][T10597] ? kmsan_get_metadata+0x4f/0x180 [ 462.951863][T10597] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 462.957684][T10597] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 462.963854][T10597] ? stack_trace_save+0x123/0x1a0 [ 462.968905][T10597] ? kmsan_get_metadata+0x11d/0x180 [ 462.974126][T10597] __msan_chain_origin+0x50/0x90 [ 462.979081][T10597] rmd256_transform+0x434e/0x4440 [ 462.984147][T10597] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 462.990257][T10597] rmd256_update+0x343/0x4f0 [ 462.994872][T10597] ? rmd256_init+0x260/0x260 [ 462.999472][T10597] crypto_shash_update+0x4e9/0x550 [ 463.004602][T10597] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 463.010783][T10597] ? crypto_hash_walk_first+0x1fd/0x360 [ 463.016341][T10597] ? kmsan_get_metadata+0x4f/0x180 [ 463.021473][T10597] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 463.027297][T10597] shash_async_update+0x113/0x1d0 [ 463.032338][T10597] ? shash_async_init+0x1e0/0x1e0 [ 463.037378][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.041988][T10597] ? hash_recvmsg+0xd30/0xd30 [ 463.046682][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.051299][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.056170][T10597] ? sock_fasync+0x250/0x250 [ 463.060788][T10597] __splice_from_pipe+0x565/0xf00 [ 463.065844][T10597] ? generic_splice_sendpage+0x2d0/0x2d0 [ 463.071509][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.077000][T10597] ? iter_file_splice_write+0x1800/0x1800 [ 463.082741][T10597] direct_splice_actor+0x1fd/0x580 [ 463.087880][T10597] ? kmsan_get_metadata+0x4f/0x180 [ 463.093015][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.098399][T10597] ? do_splice_direct+0x580/0x580 [ 463.103455][T10597] do_splice_direct+0x342/0x580 [ 463.108334][T10597] do_sendfile+0x101b/0x1d40 [ 463.112962][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.118084][T10597] ? kmsan_get_metadata+0x4f/0x180 [ 463.123205][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.128235][T10597] do_syscall_64+0xb0/0x150 [ 463.132750][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.138634][T10597] RIP: 0033:0x45c1d9 [ 463.142508][T10597] Code: Bad RIP value. [ 463.146558][T10597] RSP: 002b:00007fbad8eb4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 463.154953][T10597] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 463.162910][T10597] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 463.170868][T10597] RBP: 000000000078bfe8 R08: 0000000000000000 R09: 0000000000000000 [ 463.178844][T10597] R10: 001000007ffff000 R11: 0000000000000246 R12: 000000000078bfac [ 463.186808][T10597] R13: 0000000000c9fb6f R14: 00007fbad8eb59c0 R15: 000000000078bfac [ 463.194791][T10597] Uninit was stored to memory at: [ 463.199810][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.205516][T10597] __msan_chain_origin+0x50/0x90 [ 463.210439][T10597] rmd256_transform+0x434e/0x4440 [ 463.215449][T10597] rmd256_update+0x343/0x4f0 [ 463.220023][T10597] crypto_shash_update+0x4e9/0x550 [ 463.225137][T10597] shash_async_update+0x113/0x1d0 [ 463.230143][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.234722][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.239301][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.244137][T10597] __splice_from_pipe+0x565/0xf00 [ 463.249157][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.254603][T10597] direct_splice_actor+0x1fd/0x580 [ 463.259701][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.265058][T10597] do_splice_direct+0x342/0x580 [ 463.269893][T10597] do_sendfile+0x101b/0x1d40 [ 463.274467][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.279573][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.284585][T10597] do_syscall_64+0xb0/0x150 [ 463.289163][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.295031][T10597] [ 463.297341][T10597] Uninit was stored to memory at: [ 463.302353][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.308060][T10597] __msan_chain_origin+0x50/0x90 [ 463.312984][T10597] rmd256_transform+0x434e/0x4440 [ 463.317994][T10597] rmd256_update+0x343/0x4f0 [ 463.322567][T10597] crypto_shash_update+0x4e9/0x550 [ 463.327662][T10597] shash_async_update+0x113/0x1d0 [ 463.332670][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.337249][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.341828][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.346663][T10597] __splice_from_pipe+0x565/0xf00 [ 463.351674][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.357120][T10597] direct_splice_actor+0x1fd/0x580 [ 463.362213][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.367574][T10597] do_splice_direct+0x342/0x580 [ 463.372411][T10597] do_sendfile+0x101b/0x1d40 [ 463.376984][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.382081][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.387097][T10597] do_syscall_64+0xb0/0x150 [ 463.391599][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.397474][T10597] [ 463.399786][T10597] Uninit was stored to memory at: [ 463.404799][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.410504][T10597] __msan_chain_origin+0x50/0x90 [ 463.415432][T10597] rmd256_transform+0x434e/0x4440 [ 463.420444][T10597] rmd256_update+0x343/0x4f0 [ 463.425016][T10597] crypto_shash_update+0x4e9/0x550 [ 463.430126][T10597] shash_async_update+0x113/0x1d0 [ 463.435138][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.439715][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.444293][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.449131][T10597] __splice_from_pipe+0x565/0xf00 [ 463.454143][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.459588][T10597] direct_splice_actor+0x1fd/0x580 [ 463.464683][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.470041][T10597] do_splice_direct+0x342/0x580 [ 463.474877][T10597] do_sendfile+0x101b/0x1d40 [ 463.479450][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.484544][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.489554][T10597] do_syscall_64+0xb0/0x150 [ 463.494044][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.499913][T10597] [ 463.502220][T10597] Uninit was stored to memory at: [ 463.507231][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.512933][T10597] __msan_chain_origin+0x50/0x90 [ 463.517857][T10597] rmd256_transform+0x434e/0x4440 [ 463.522869][T10597] rmd256_update+0x343/0x4f0 [ 463.527442][T10597] crypto_shash_update+0x4e9/0x550 [ 463.532533][T10597] shash_async_update+0x113/0x1d0 [ 463.537542][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.542125][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.546700][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.551534][T10597] __splice_from_pipe+0x565/0xf00 [ 463.556542][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.561983][T10597] direct_splice_actor+0x1fd/0x580 [ 463.567080][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.572437][T10597] do_splice_direct+0x342/0x580 [ 463.577360][T10597] do_sendfile+0x101b/0x1d40 [ 463.581933][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.587026][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.592036][T10597] do_syscall_64+0xb0/0x150 [ 463.596527][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.602395][T10597] [ 463.604705][T10597] Uninit was stored to memory at: [ 463.609716][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.615421][T10597] __msan_chain_origin+0x50/0x90 [ 463.620347][T10597] rmd256_transform+0x434e/0x4440 [ 463.625358][T10597] rmd256_update+0x343/0x4f0 [ 463.629937][T10597] crypto_shash_update+0x4e9/0x550 [ 463.635031][T10597] shash_async_update+0x113/0x1d0 [ 463.640048][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.644628][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.649204][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.654039][T10597] __splice_from_pipe+0x565/0xf00 [ 463.659050][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.664495][T10597] direct_splice_actor+0x1fd/0x580 [ 463.669594][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.674971][T10597] do_splice_direct+0x342/0x580 [ 463.679816][T10597] do_sendfile+0x101b/0x1d40 [ 463.684398][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.689517][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.694537][T10597] do_syscall_64+0xb0/0x150 [ 463.699031][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.704908][T10597] [ 463.707240][T10597] Uninit was stored to memory at: [ 463.712276][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.718101][T10597] __msan_chain_origin+0x50/0x90 [ 463.723034][T10597] rmd256_transform+0x434e/0x4440 [ 463.728047][T10597] rmd256_update+0x227/0x4f0 [ 463.732623][T10597] crypto_shash_update+0x4e9/0x550 [ 463.737717][T10597] shash_async_update+0x113/0x1d0 [ 463.742726][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.749608][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.754187][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.759020][T10597] __splice_from_pipe+0x565/0xf00 [ 463.764029][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.769471][T10597] direct_splice_actor+0x1fd/0x580 [ 463.774569][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.779928][T10597] do_splice_direct+0x342/0x580 [ 463.784767][T10597] do_sendfile+0x101b/0x1d40 [ 463.789467][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.794565][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.799576][T10597] do_syscall_64+0xb0/0x150 [ 463.804070][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.809938][T10597] [ 463.812246][T10597] Uninit was stored to memory at: [ 463.817255][T10597] kmsan_internal_chain_origin+0xad/0x130 [ 463.822959][T10597] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 463.828924][T10597] kmsan_memcpy_metadata+0xb/0x10 [ 463.833932][T10597] __msan_memcpy+0x43/0x50 [ 463.838333][T10597] rmd256_update+0x1fc/0x4f0 [ 463.842908][T10597] crypto_shash_update+0x4e9/0x550 [ 463.848002][T10597] shash_async_update+0x113/0x1d0 [ 463.853008][T10597] hash_sendpage+0x8ef/0xdf0 [ 463.857588][T10597] sock_sendpage+0x1e1/0x2c0 [ 463.862164][T10597] pipe_to_sendpage+0x38c/0x4c0 [ 463.867000][T10597] __splice_from_pipe+0x565/0xf00 [ 463.872010][T10597] generic_splice_sendpage+0x1d5/0x2d0 [ 463.877453][T10597] direct_splice_actor+0x1fd/0x580 [ 463.882550][T10597] splice_direct_to_actor+0x6b2/0xf50 [ 463.887907][T10597] do_splice_direct+0x342/0x580 [ 463.892740][T10597] do_sendfile+0x101b/0x1d40 [ 463.897319][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.902431][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.907442][T10597] do_syscall_64+0xb0/0x150 [ 463.911959][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 463.918027][T10597] [ 463.920356][T10597] Uninit was created at: [ 463.924585][T10597] kmsan_save_stack_with_flags+0x3c/0x90 [ 463.930216][T10597] kmsan_alloc_page+0xb9/0x180 [ 463.934969][T10597] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 463.940497][T10597] alloc_pages_current+0x672/0x990 [ 463.945592][T10597] push_pipe+0x605/0xb70 [ 463.949817][T10597] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 463.955518][T10597] do_splice_to+0x4fc/0x14f0 [ 463.960093][T10597] splice_direct_to_actor+0x45c/0xf50 [ 463.965448][T10597] do_splice_direct+0x342/0x580 [ 463.970280][T10597] do_sendfile+0x101b/0x1d40 19:19:49 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)}], 0x1, 0x0, 0x0, 0x4c}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000001980)={0x0, 0xffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0224fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1}, 0x0) 19:19:49 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000200)) [ 463.974857][T10597] __se_sys_sendfile64+0x2bb/0x360 [ 463.979951][T10597] __x64_sys_sendfile64+0x56/0x70 [ 463.984962][T10597] do_syscall_64+0xb0/0x150 [ 463.989456][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:19:49 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r4, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 464.263230][T10601] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. [ 464.273241][T10601] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.280485][T10601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.288462][T10601] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.295840][T10601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.304005][T10601] device bridge0 left promiscuous mode 19:19:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @empty}, 0x1c) [ 464.596398][T10603] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.603969][T10603] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.611496][T10603] device bridge0 entered promiscuous mode [ 464.765748][T10586] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.4'. [ 464.775592][T10586] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.782979][T10586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.790827][T10586] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.798217][T10586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.806542][T10586] device bridge0 left promiscuous mode [ 464.928538][T10613] IPVS: ftp: loaded support on port[0] = 21 [ 465.192648][T10650] openvswitch: netlink: Message has 1 unknown bytes. 19:19:50 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) [ 465.263311][ T8680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 465.368982][T10613] chnl_net:caif_netlink_parms(): no params data found 19:19:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x7fff) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "001700011f00000100"}) read(r0, &(0x7f00000002c0)=""/102396, 0x18ffc) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "002d874a334115050808d6de633407010cca91"}) 19:19:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$P9_RWRITE(r2, &(0x7f0000000000)={0xb, 0x77, 0x1}, 0xb) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000003f000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000000040)="0fa22e0fc79e0000000066b8e7008ed8660f2fc10f788c3d0f8379e366b82f018ee8f083326b0f090f20e035000004000f22e03ef23e0f0174dcb6", 0x3b}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000080)={[0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') [ 465.741575][T10613] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.749565][T10613] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.759056][T10613] device bridge_slave_0 entered promiscuous mode 19:19:51 executing program 1: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x14507e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r0, 0x0) [ 465.827562][T10613] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.834981][T10613] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.844634][T10613] device bridge_slave_1 entered promiscuous mode 19:19:51 executing program 3: open(&(0x7f0000000040)='./file0\x00', 0x400c2, 0x21) faccessat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) [ 465.978493][T10613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 466.074328][T10613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 466.304590][T10613] team0: Port device team_slave_0 added [ 466.348434][T10613] team0: Port device team_slave_1 added [ 466.416145][T10613] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.423358][T10613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.449478][T10613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.476312][T10613] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.484232][T10613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.510350][T10613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.649605][T10613] device hsr_slave_0 entered promiscuous mode [ 466.714287][T10613] device hsr_slave_1 entered promiscuous mode [ 466.743410][T10613] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.751052][T10613] Cannot create hsr debugfs directory [ 467.272014][T10613] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 467.303913][T10613] netdevsim netdevsim5 netdevsim1: renamed from eth1 19:19:52 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)) 19:19:52 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) accept4(r4, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) [ 467.392233][T10613] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 467.448349][T10613] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 467.874551][T10613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.938313][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 467.947364][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 467.983587][T10613] 8021q: adding VLAN 0 to HW filter on device team0 [ 468.031774][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 468.042068][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 468.051524][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.058893][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.152511][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 468.162248][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 468.172136][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 468.181503][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.188857][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.197976][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 468.209078][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 468.220073][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 468.230600][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 468.240963][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 468.251444][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 468.261876][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 468.271544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 468.328375][T10613] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 468.341522][T10613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 468.350926][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 468.360589][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 468.370312][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 468.478165][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 468.486546][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 468.515130][T10613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.570625][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 468.580717][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 468.639555][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 468.649616][ T8633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 468.668141][T10613] device veth0_vlan entered promiscuous mode [ 468.679140][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 468.690542][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 468.747944][T10613] device veth1_vlan entered promiscuous mode [ 468.830858][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 468.840411][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 468.851625][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 468.861692][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 468.887431][T10613] device veth0_macvtap entered promiscuous mode [ 468.919415][T10613] device veth1_macvtap entered promiscuous mode [ 468.997831][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.008427][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.018521][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.029194][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.039250][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.049906][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.059980][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.070655][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.080750][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 469.091390][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.105312][T10613] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 469.121224][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 469.130999][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 469.140497][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 469.150513][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 469.177270][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.187975][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.202710][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.213335][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.223338][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.234009][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.244031][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.254627][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.264649][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 469.275246][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.289005][T10613] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.303226][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 469.313343][ T2303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 19:19:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x7fff) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000080)={0xffff, 0x0, 0x0, 0x0, 0x0, "6653bd01b368e97e"}) 19:19:55 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vcsu(0x0, 0x16c, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x100000, 0x0) 19:19:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x1f00) pipe(&(0x7f00000000c0)) pipe(&(0x7f00000000c0)) 19:19:55 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/199, 0xc7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 19:19:55 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:55 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$inet_icmp_raw(0x2, 0x3, 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x100000, 0x0) 19:19:55 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0, 0x26}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x1f00) 19:19:55 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000040)="120000001200e7ef007b0000f4afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003a00)=[{{0x0, 0x0, &(0x7f0000002480)=[{&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/149, 0x95}, {&(0x7f0000001300)=""/202, 0xca}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/106, 0x6a}], 0x5}}], 0x1, 0x0, 0x0) 19:19:55 executing program 3: rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8) r1 = getpid() r2 = gettid() rt_tgsigqueueinfo(r1, r2, 0x1b, &(0x7f0000000000)) r3 = memfd_create(&(0x7f0000000080)='systemem0md5sum$\x05\x00^\fC\x1fJ\x11\x0e\xb8\xb0H\x8c(\x9bD\xd5\xb1V\x95N\x19*\x13\x99\a\xfd#\x9f\xa4j-\xda\x8e\x1a\x9am\xc0\xf6HSL}\xb0\x03D(^\x1e,\x00\x02~\x80O\xd6\xfc\xb3\xdcX\x10dV\xe1iZ\x14Y@\xa0\x84\x00\xc5\xed6\xc0\x1ds\xf8\xaa\xe5\xcc\xd0\xfd\xe4\xdc\x96}\x02\xb4)j\xbe]\x16\xa1\xada\x86\xc4\xa0i\xed\x9f3\x99|IO\x00Cv\xc1}\xe7f\x82\x83\xda\x80\xc3\x03\xd5\xc8*\xcde\x8en\xbc\x01\x00hb\xe0N\x9c}\x0f\xfd\xbe!\xbe\xe3\"w\xc5K\xaf\x89d\x14I1\xeaJ\x1e\x03\x00\x00\x00\x00\xda\xc6\xd7\x82nYK]r\x16\x8f\xe1G_#i\xf0?y6\xf8\xe2sF\x8c\x88;#\xc9\xb98\xfe\xdayu\x12\x9a \xcd\xeb<\xa0nd:r\x81|\xb1\x9a\r\xdc\xed0\x05\f\xf1t\xd7\x05`\v\xb8`\xd9\x8882<\xb6\xb1\xe88l\x1f-JN+2a4\xfc\a=&\xf7L\x94\xf8\xc3\x99\xe0\xc4J.\xa9uGv\xd1-\xc5\x98\x17\xe9nJ\b^\a\x16\xe8\x03z\xd7\xf6\xb4\x9dOr\x13\xf0>\x12\xf8\x1d\xdf\x15\xa8#\xcd\xaa\t\x00\xbfV\x9f\xd3\x06:\xbc}\x96T\x84|\xb9x\xae *\'\xc2 \x97)\x88%\xf0\\\xff\x01\x00\x00\x00\x00\x00\x00\b\xdfi|\x1a,\x82\xc9\xed\x1d\x8c\x1bO.\x16k{\x84\x83\xc1\xbfs\x11\x1bI!\xfd+^\x81\b\xed\xe1a=\xf8\x84\a\xedEL\x0fM\xdf\x8e\x95\xb2\xd58[qG\xa3plm\x8cz2\xea\xdcq4\xb0\xf0?\x85\xd6\xa9\xe7m9\x1aYMg\xea\xd8\xbe\x89\xefq\xe3\\\x00\x00\x00\x00\xae\t\xa39\xc74\x1d.\xf14\xd6\xea\xf5\xccxKn\xa5\xd8\\\x81\x97\xc6\xbfc\tl\xba\x97j}\xdc\xa9\x1b\xb4.\xb5R\xee\xde\xea\x86Oc\xce\xcct\xaa\xa3\xd8:\xc0\xa2\x91\xc65\'\xe9Z\v_@\xf3a\xe1\x11nB\xe4Z\x98\x80\xb7\x9e\xef\xeei\xab}\x11\x9f \x8d\tlFJ\v\xd9\xb9\xb7\xa5\xa4_\x0f\xeb\x14\x80*7(|\x8b|\x9e\xb1\xe59\x11\xaca^Y\xecO\xce L\xd3\x93\xaf\xbe\xfeS\x9f\x82+\xd5\x91\v\xe5Y\xb6\x19Z1\x05\xf6\xe2\b\xa1PT\xe3\x85\xe8\xfb\xcc\x8d\n\xfb\xa7\xcfKZ`N\xa5 \xb8b\a@\xe6\xc8@3o\x1b:~\x8a\x8e\xdd<>\x03\xce(\xd9\xd9\x14\xaa\x81\t\xf7\x00\xb6?f\xcbzv\xa3\x01\xf1\xe9d\r\xfe\xc4\xa9\x9bcI\xffiz\xc8q\xd0\xf9\xbd3\x04RE\xcc\x03\x00\x1f\xabFy\xa33\xde\x84\x17\xfdu;\x14q^B\x9d\xca[u0\xbd\xb7\x1dng\xd5p_U\xda\x04OEo\x84=\xad\x9e@OI\x83\x19\xf9G\xe0d\xcd/f\x8f.\xe9\xd4\xb3\xeegH\xbb\xef\xadw\x90\xcd\x99\xc4\xd2F\xca\x05\xb2\x1f\xc5\xe2\x9d\x97M\x14\x94&\xe5\x94cm\xf6\x11\x0e\x1b\xc5\x91Q\xec\x9f\xee\x1f\x8c\xd4a\xe9\x8f\xfe\x9cC\x95%\xd1\xed\xd9\xc6r\xa0\xfe\xf5\x18\xbc', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, r3, 0x0) read(r0, &(0x7f0000000740)=""/384, 0x200008c0) 19:19:56 executing program 5: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000000)='/dev/vcsu#\x00', 0x16c, 0x80000) getsockopt$IPT_SO_GET_INFO(r4, 0x0, 0x40, &(0x7f0000000180)={'raw\x00'}, &(0x7f0000000080)=0x54) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x100000, 0x0) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f0000000200)) 19:19:56 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:56 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$vcsu(0x0, 0x16c, 0x0) getsockopt$IPT_SO_GET_INFO(r4, 0x0, 0x40, &(0x7f0000000180)={'raw\x00'}, &(0x7f0000000080)=0x54) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) pipe(0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x100000, 0x0) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f0000000200)) 19:19:56 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_CROP(0xffffffffffffffff, 0x4014563c, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/199, 0xc7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 19:19:56 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000e4effc)=0x4, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x100000, 0x0) 19:19:56 executing program 3: r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000040)="a2e6999b", 0x4) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b031402f4"], 0xfdef) 19:19:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) timer_gettime(r0, &(0x7f0000000040)) clock_gettime(0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x18100, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {r5, 0x800}}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x5, &(0x7f0000000500)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) 19:19:56 executing program 4: perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x59b9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f00000000c0)="ffb10c10ba4300b0c8ee660f38826f3cf30f01e80f69e866f20f38f015650f01c883dd000f0131baf80c66b87aa1cc8b66efbafc0ced", 0x36}], 0x1, 0x62, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x200000000000203, 0x1d, 0x4ca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:19:57 executing program 5: 19:19:57 executing program 2: 19:19:57 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:57 executing program 1: 19:19:57 executing program 4: 19:19:57 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "001700011f00000100"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') 19:19:57 executing program 2: socket$kcm(0x11, 0x0, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000680)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010080001404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000006623848adf1dd9592eec9bca3ade7741101cc6f1f7a764ab51a064e0ff0ca327ab62931d861531fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8205b01ddaa54d8756ad0f50f2568836077b8471b6b69819782748b376358c33c9753bfd989b1ca58949a54d5801000000ecea66a5c53e9c37251709f1061b973ef07bf7f53ce10700ecd7b4dd15100f2b452f98526a0d8cacfb6379b4c5008652a7b4c0974486a8d203bddc62bb2d555a363adbc33b49e13fbd1757b2701acad0e2684120b99b8cff3f48c9411670c34faf7851b290feb3045aef0d01809e331b622f20c41d8418bc4159c14025422835e81c3573af77dbaeb07913476244ffd5b5a924275cb1749289b44e97e7a73f148ae8206afe120c143749b5992e89f42ac52903971b323fd0d52eb7c9e89aafc50e78e1f62dcbb17f342aab5104d18e4eb69122b42f57c68ec642d97d2173184c1d0fb3817c99b645f6e80e14e5d5c95a9ede697e2c1b535feb7a34c6d69aceca5b6d5a099f931f6052e1dfd9b864f67e74878a41817884bc7677dce10ecc1a046180e4ba2b6250b3eca3ceb6f3df50a41bb7149da8fec0dbdd"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0xe, 0x0, &(0x7f0000000400)="3d6ee2e04b91ab10143d9bbe86dd", 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 19:19:57 executing program 1: 19:19:57 executing program 4: 19:19:58 executing program 4: 19:19:59 executing program 3: 19:19:59 executing program 1: 19:19:59 executing program 2: 19:19:59 executing program 5: 19:19:59 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:19:59 executing program 4: 19:20:00 executing program 5: 19:20:00 executing program 1: 19:20:00 executing program 2: 19:20:00 executing program 4: 19:20:00 executing program 3: 19:20:00 executing program 5: 19:20:00 executing program 1: 19:20:00 executing program 2: 19:20:00 executing program 4: 19:20:00 executing program 3: 19:20:01 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) 19:20:01 executing program 5: 19:20:01 executing program 2: 19:20:01 executing program 1: 19:20:01 executing program 3: 19:20:01 executing program 4: 19:20:01 executing program 2: 19:20:01 executing program 1: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000)={0x0, @in, 0x9175}, 0xa0) 19:20:01 executing program 3: r0 = socket(0x2, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x3, &(0x7f0000000000)={0x0, 0x2, 0x0, 0xb3f}, 0x8) 19:20:01 executing program 5: 19:20:01 executing program 4: 19:20:01 executing program 2: 19:20:02 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) 19:20:02 executing program 3: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x4, &(0x7f0000000000), 0x4) 19:20:02 executing program 5: 19:20:02 executing program 1: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xb) 19:20:02 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = dup2(r1, r0) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x10) 19:20:02 executing program 4: r0 = socket(0x1c, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r3 = socket$inet6_sctp(0x1c, 0x5, 0x84) r4 = dup2(r3, r3) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000)={r5}, 0x8) 19:20:02 executing program 5: r0 = socket(0x2, 0x5, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x1f, &(0x7f0000000480), &(0x7f00000004c0)=0x4) 19:20:02 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x10) 19:20:02 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000140), 0x94) 19:20:02 executing program 2: r0 = socket(0x2, 0x5, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x25, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000)={r2}, 0x8) 19:20:02 executing program 4: r0 = socket(0x2, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x3, &(0x7f0000000000)={0x3ff}, 0x8) 19:20:02 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x16, &(0x7f0000000040)={0x0, 0x4}, 0x8) 19:20:03 executing program 3: r0 = socket(0x2, 0x5, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x0, 0x0, 0x0) 19:20:03 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000180)={0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe1, 0x0) 19:20:03 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x25, &(0x7f0000000480)=ANY=[@ANYBLOB="d5"], &(0x7f0000000040)=0x8) 19:20:03 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000000), &(0x7f0000000040)=0x8) 19:20:03 executing program 4: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000040), &(0x7f0000000080)=0x8) 19:20:03 executing program 5: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x80000000000209, 0x0) close(r0) socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x16, &(0x7f0000000200), 0x8) 19:20:03 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000000), &(0x7f00000000c0)=0x94) 19:20:03 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r3 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x108, &(0x7f00000001c0)={r2}, &(0x7f0000000200)=0x18) 19:20:03 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x31, 0x0, 0x0) 19:20:03 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_mreqn(r0, 0x0, 0x0, 0x0, 0x0) 19:20:04 executing program 5: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f0000000100)={0x0, 0x2, "d6f6"}, &(0x7f00000001c0)=0xa) 19:20:04 executing program 3: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x22, &(0x7f0000000240)={0xf}, 0xc) 19:20:04 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}, 0x14) 19:20:04 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x15, &(0x7f00000000c0)) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000180)={0x0}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:04 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x2e, 0x0, 0x0) 19:20:04 executing program 4: r0 = socket(0x1c, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r3 = socket$inet6_sctp(0x1c, 0x5, 0x84) r4 = dup2(r3, r3) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000000), &(0x7f0000000040)=0x8) 19:20:04 executing program 5: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x10, &(0x7f0000000000), 0x4) 19:20:04 executing program 3: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000080), &(0x7f0000000140)=0x94) 19:20:04 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r3 = socket$inet6_sctp(0x1c, 0x5, 0x84) r4 = dup2(r3, r3) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f0000000000)={r5}, &(0x7f0000000040)=0x8) 19:20:04 executing program 1: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x1f, &(0x7f0000000240), &(0x7f00000002c0)=0x4) 19:20:05 executing program 4: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f0000000100), &(0x7f00000001c0)=0x8) 19:20:05 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect(r0, &(0x7f00000004c0)=@in={0x10, 0x2}, 0x10) 19:20:05 executing program 2: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f00000001c0), &(0x7f0000000280)=0x94) 19:20:05 executing program 3: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xd, &(0x7f0000000000), 0x4) 19:20:05 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x15, &(0x7f00000000c0)) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000180)={0x0}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:05 executing program 1: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x4, &(0x7f0000000000)=0x9, 0x4) 19:20:06 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, &(0x7f0000000040)="ae", 0x1, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10) 19:20:06 executing program 4: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000100), &(0x7f0000000140)=0x18) 19:20:06 executing program 5: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f00000000c0), 0x8) 19:20:06 executing program 3: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x11, &(0x7f00000000c0), &(0x7f0000000080)=0x4) 19:20:06 executing program 1: r0 = socket(0x2, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x3, &(0x7f0000000000), 0x8) 19:20:06 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x15, &(0x7f00000000c0)) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000180)={0x0}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:06 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x25, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)=0x8) 19:20:06 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r2 = socket$inet6_sctp(0x1c, 0x1, 0x84) r3 = dup2(r1, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r4 = socket$inet6_sctp(0x1c, 0x5, 0x84) r5 = dup2(r4, r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f0000000000)={r6}, 0x8) 19:20:06 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect(r0, &(0x7f00000002c0)=@in6={0x0, 0x1c, 0x2}, 0x7) 19:20:06 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xffffffffffffffd7, 0x1c, 0x3}, 0x1c) connect(r0, &(0x7f00000004c0)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 19:20:06 executing program 1: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xd, &(0x7f0000000080), &(0x7f0000000000)=0x4) 19:20:07 executing program 5: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x19, &(0x7f0000000000), &(0x7f0000000040)=0x8) 19:20:07 executing program 3: r0 = socket(0x1c, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r3 = socket$inet6_sctp(0x1c, 0x5, 0x84) r4 = dup2(r3, r3) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r5}, 0x10) 19:20:07 executing program 4: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x22, &(0x7f0000000240), 0xc) 19:20:07 executing program 1: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000), 0x8c) 19:20:07 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x2e, &(0x7f0000000000)={@loopback}, 0x14) 19:20:07 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x80, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10) 19:20:08 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) ptrace(0x10, r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:20:08 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 19:20:08 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xffffffffffffffd7, 0x1c, 0x3}, 0x1c) connect(r0, &(0x7f00000004c0)=@in={0x10, 0x2}, 0x10) 19:20:08 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x14) 19:20:08 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) recvfrom$inet6(r0, 0x0, 0x0, 0x41, 0x0, 0x0) 19:20:08 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r1, r0) 19:20:08 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) dup2(r1, r0) 19:20:08 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xb, &(0x7f0000000000), 0x20) 19:20:08 executing program 1: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x10, &(0x7f0000000000)=0x1, 0x4) 19:20:08 executing program 3: r0 = socket(0x1c, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r3 = socket$inet6_sctp(0x1c, 0x5, 0x84) r4 = dup2(r3, r3) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000100), &(0x7f0000000140)=0x18) 19:20:09 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) 19:20:09 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) 19:20:09 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x15, &(0x7f00000000c0)) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:20:09 executing program 4: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000)={0x0, @in, 0x0, 0x0, 0x4}, 0xa0) 19:20:09 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000100)=@file={0xa}, 0xa, 0x0, 0x0, &(0x7f00000003c0)=[@rights, @cred], 0x24}, 0x0) 19:20:09 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x2e, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) dup2(r1, r0) 19:20:09 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xa) 19:20:09 executing program 3: r0 = socket(0x2, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x3, &(0x7f0000000000)={0x0, 0x0, 0x1ff}, 0x8) 19:20:09 executing program 5: r0 = socket(0x2, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x3, &(0x7f0000000000)={0x0, 0x2}, 0x8) 19:20:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x7fff) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "001700011f00000100"}) read(r0, &(0x7f00000002c0)=""/102396, 0x18ffc) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xffffffff, 0x0, "002d874a334115050808d6de633407010cca91"}) 19:20:10 executing program 1: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x22, &(0x7f0000000080), &(0x7f00000000c0)=0xc) 19:20:10 executing program 2: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000000), &(0x7f0000000040)=0x8) 19:20:10 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[{0xc}, {0xc}], 0x18}, 0x0) 19:20:10 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0xa) 19:20:10 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r2], 0xffffff2b) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r3, 0x0, 0x4ffe1, 0x0) 19:20:10 executing program 3: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xb) 19:20:10 executing program 1: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x20, &(0x7f0000000000), 0x4) 19:20:10 executing program 2: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x10, &(0x7f0000000000), &(0x7f0000000040)=0x4) 19:20:11 executing program 1: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000), 0xb) 19:20:11 executing program 5: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000000), &(0x7f0000000040)=0x8) 19:20:11 executing program 4: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000), 0xa0) 19:20:11 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect(r0, &(0x7f00000004c0)=@un=@abs={0x8}, 0x8) [ 485.611249][ T1] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=6/ABRT [ 485.726501][ T1] systemd[1]: systemd-journald.service: Unit entered failed state. [ 485.773964][ T1] systemd[1]: systemd-journald.service: Failed with result 'watchdog'. [ 485.847379][ T1] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. 19:20:11 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, &(0x7f0000000040)="ae", 0x1, 0x80, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10) 19:20:11 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000000040)=0x8) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r5 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x1, &(0x7f0000000000)={r4}, &(0x7f00000000c0)=0x10) 19:20:11 executing program 5: r0 = socket(0x1c, 0x5, 0x0) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4) [ 486.160199][ T1] systemd[1]: Stopped Flush Journal to Persistent Storage. 19:20:11 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000180)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 19:20:11 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) [ 486.235309][ T1] systemd[1]: Stopping Flush Journal to Persistent Storage... 19:20:11 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1002"], 0xa) [ 486.340302][ T1] systemd[1]: Stopped Journal Service. 19:20:12 executing program 2: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f00000000c0), 0x8) [ 486.615603][ T1] systemd[1]: Starting Journal Service... 19:20:12 executing program 5: r0 = socket(0x2, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x3, &(0x7f0000000000)={0x3ff, 0x2, 0x1ff, 0xb3f}, 0x8) 19:20:12 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = dup(r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x10, &(0x7f0000000040)=0x3, 0x4) 19:20:12 executing program 3: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000)={0x0, 0xfff}, 0x8) 19:20:12 executing program 4: r0 = socket(0x1c, 0x5, 0x0) bind$unix(r0, &(0x7f0000000000)=@abs={0x8}, 0x8) 19:20:12 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10) 19:20:12 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = dup2(r1, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0), &(0x7f0000001700)=0x4) 19:20:12 executing program 2: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000026000106"], 0x28}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000005c80)=[{{0x0, 0x7ec0, 0x0}}], 0x344, 0x10122, 0x0) 19:20:12 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 19:20:12 executing program 0: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe1, 0x0) 19:20:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x120) [ 487.524434][T11519] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 487.612425][T11519] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 487.691358][T11519] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 19:20:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 487.833680][T11519] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 19:20:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0xfffffffffffffef8}}, 0x4c081) 19:20:13 executing program 0: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe1, 0x0) [ 487.991950][T11519] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 19:20:13 executing program 4: mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 19:20:13 executing program 3: 19:20:13 executing program 2: 19:20:13 executing program 5: 19:20:13 executing program 1: 19:20:14 executing program 0: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe1, 0x0) 19:20:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 488.541621][T11487] systemd-journald[11487]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. 19:20:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/autofs\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x8002}, 0xc) dup3(r2, r3, 0x0) 19:20:14 executing program 2: 19:20:14 executing program 5: 19:20:14 executing program 1: 19:20:14 executing program 0: pipe(0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe1, 0x0) 19:20:14 executing program 3: 19:20:14 executing program 4: 19:20:14 executing program 2: 19:20:14 executing program 1: 19:20:14 executing program 5: 19:20:14 executing program 0: pipe(0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe1, 0x0) 19:20:14 executing program 3: 19:20:14 executing program 4: 19:20:14 executing program 2: 19:20:15 executing program 1: 19:20:15 executing program 5: 19:20:15 executing program 0: pipe(0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe1, 0x0) 19:20:15 executing program 3: 19:20:15 executing program 4: 19:20:15 executing program 2: 19:20:15 executing program 1: 19:20:15 executing program 5: 19:20:15 executing program 3: 19:20:15 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r1, 0x0, 0x4ffe1, 0x0) 19:20:15 executing program 4: 19:20:15 executing program 2: 19:20:15 executing program 5: 19:20:15 executing program 1: 19:20:15 executing program 3: 19:20:15 executing program 4: 19:20:16 executing program 5: 19:20:16 executing program 2: 19:20:16 executing program 1: 19:20:16 executing program 3: 19:20:16 executing program 4: 19:20:16 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r1, 0x0, 0x4ffe1, 0x0) 19:20:16 executing program 5: 19:20:16 executing program 2: 19:20:16 executing program 1: 19:20:16 executing program 4: 19:20:16 executing program 3: 19:20:16 executing program 5: 19:20:16 executing program 2: 19:20:16 executing program 1: 19:20:16 executing program 3: 19:20:16 executing program 4: 19:20:17 executing program 2: 19:20:17 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64], 0xffffff2b) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r1, 0x0, 0x4ffe1, 0x0) 19:20:17 executing program 1: 19:20:17 executing program 5: 19:20:17 executing program 4: 19:20:17 executing program 3: 19:20:17 executing program 2: 19:20:17 executing program 4: 19:20:17 executing program 2: 19:20:18 executing program 1: 19:20:18 executing program 5: 19:20:18 executing program 3: 19:20:18 executing program 4: 19:20:18 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:18 executing program 1: 19:20:18 executing program 5: 19:20:18 executing program 2: 19:20:18 executing program 3: 19:20:18 executing program 4: 19:20:18 executing program 4: 19:20:18 executing program 1: 19:20:19 executing program 5: 19:20:19 executing program 3: 19:20:19 executing program 2: 19:20:19 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:19 executing program 4: 19:20:19 executing program 1: 19:20:19 executing program 5: 19:20:19 executing program 2: 19:20:19 executing program 3: r0 = socket(0x1c, 0x5, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000), 0x8) 19:20:19 executing program 4: 19:20:19 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:19 executing program 5: 19:20:19 executing program 1: 19:20:19 executing program 2: 19:20:20 executing program 4: 19:20:20 executing program 3: 19:20:20 executing program 1: 19:20:20 executing program 5: 19:20:20 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:20 executing program 2: 19:20:20 executing program 4: 19:20:20 executing program 1: 19:20:20 executing program 3: 19:20:20 executing program 5: 19:20:20 executing program 2: 19:20:20 executing program 4: 19:20:20 executing program 5: 19:20:20 executing program 1: 19:20:20 executing program 3: 19:20:20 executing program 2: 19:20:21 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:21 executing program 4: 19:20:21 executing program 5: 19:20:21 executing program 1: 19:20:21 executing program 3: 19:20:21 executing program 2: 19:20:21 executing program 1: 19:20:21 executing program 4: 19:20:21 executing program 5: 19:20:21 executing program 3: 19:20:21 executing program 2: 19:20:21 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast2}}}, 0x88) 19:20:22 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r5, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r3, &(0x7f0000000300)={@void, @void, @eth={@broadcast, @remote, @val={@void}, {@ipv6={0x86dd, @generic={0x0, 0x6, "004002", 0x0, 0x2f, 0x0, @local, @mcast2}}}}}, 0x3a) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r2, 0x0, r4, 0x0, 0x18100, 0x0) 19:20:22 executing program 1: unshare(0x20000400) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x52) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c002b8008000100fe24"], 0x3c}}, 0x0) 19:20:22 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0xa32800, 0x1000}, 0x20) gettid() 19:20:22 executing program 3: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001c007d1c000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00006b610a000200bbbb51bbbbbb00000600050002"], 0x30}}, 0x0) 19:20:22 executing program 4: [ 496.964133][T11745] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 19:20:22 executing program 4: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000100)=""/28, 0xffffff66) 19:20:22 executing program 3: r0 = socket$inet6(0xa, 0x4000000080002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}, 0x1c) 19:20:22 executing program 5: unshare(0x44000600) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x0, 0x0) poll(&(0x7f0000000200)=[{r0}], 0x1, 0x0) 19:20:22 executing program 1: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0xa32800, 0x1000}, 0x20) gettid() [ 497.458229][T11759] IPVS: ftp: loaded support on port[0] = 21 19:20:23 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r1, &(0x7f0000000300)={@void, @void, @eth={@broadcast, @remote, @val={@void}, {@ipv6={0x86dd, @generic={0x0, 0x6, "004002", 0x0, 0x2f, 0x0, @local, @mcast2}}}}}, 0x3a) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 19:20:23 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) socket(0x10, 0x3, 0x0) write(0xffffffffffffffff, &(0x7f0000000140)="240000004a005f0014f9f407000909000a", 0x11) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r2, 0x0, r4, 0x0, 0x4ffe0, 0x0) [ 497.970759][T11759] IPVS: ftp: loaded support on port[0] = 21 19:20:23 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:23 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000001500050000000000000000000100000008000100ac1414aa"], 0x24}}, 0x0) 19:20:23 executing program 4: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() tkill(r0, 0x3c) migrate_pages(r0, 0x5, 0x0, &(0x7f0000000040)=0x8001) 19:20:23 executing program 3: open(&(0x7f0000000180)='./file0\x00', 0x40c2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100172,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x1, 0x4}}, 0x28) 19:20:23 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) request_key(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, r2) 19:20:23 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0xa32800, 0x1000}, 0x20) gettid() socket$inet6(0xa, 0x0, 0x4) [ 498.433408][T10704] tipc: TX() has been purged, node left! 19:20:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unshare(0x44000600) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="4000000010003904fb4900"/20, @ANYRES32=r7, @ANYBLOB="03000000000000002000128008000100736974001400028008000100", @ANYRES32], 0x40}}, 0x0) sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty}}}], 0x20}}], 0x1, 0x0) 19:20:24 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fefdff0000850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465c3a1f59916ffc9bf0bd09f07fb2ea80e5cf8dcf819b5c0c00000000000090af27db5b56024df96b4673b4e8d5467e3554508535766c80114604eab9b290a248a120c9c6e39f403ff065fd303d4ae80677eeba68562eaeaea5fecf298ca20f274233106e2baf69b1c6099f366b89ab63ecf92b2704550a4d1dd5c50b7420b48a93fe94c7561094fcd0b2eb785632e0a85f02a5a6474ae549070000000000000094fba0ed5020e6477cc921fee1f6d8ad6a80d0947cd6d4a561ced23b0b4a64dc546f19d716b8f84340ec26902bdbbf7ec2d1ba000000004dc9becfbd915f808d8fd66df6892857a88b299cc4036c246d398e54cad9f103112000e6afc4dce4f9"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x27, 0x304, &(0x7f0000000040)="b90103600000f000009e0ff008001fffffe100004000631177fbac141441e0000001be3e7d2a182fff", 0x0, 0x104, 0xa000000, 0x0, 0xfeb9, &(0x7f0000000640)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7", &(0x7f0000000100)}, 0x28) 19:20:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) faccessat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 19:20:24 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3c, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='memory.events\x00', 0x7a05, 0x1700) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) [ 499.010907][T11838] IPVS: ftp: loaded support on port[0] = 21 [ 499.093882][T11844] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 499.203626][T11847] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 19:20:24 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:24 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0xa, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$FUSE_NOTIFY_INVAL_ENTRY(r1, 0x0, 0x0) creat(0x0, 0x0) write$evdev(r1, 0x0, 0x0) 19:20:25 executing program 3: unshare(0x40000000) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@ipv4_newroute={0x1c, 0x18, 0x301}, 0x1c}}, 0x0) 19:20:25 executing program 1: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000340), 0x41395527) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) vmsplice(r0, &(0x7f0000000340)=[{&(0x7f0000001040)='d', 0x1}], 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x14, r1, 0x0, 0x40007d}, 0x14}}, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) 19:20:25 executing program 4: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x374, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f0000000140)=""/85, 0x20a}, {&(0x7f0000000fc0)=""/4096, 0x843}, {&(0x7f0000000400)=""/106, 0x2ce}, {&(0x7f0000000740)=""/73, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x40d}, {&(0x7f0000000000)=""/22, 0xa}], 0x81, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) [ 499.602566][T11844] IPVS: ftp: loaded support on port[0] = 21 [ 499.841353][T11898] IPVS: ftp: loaded support on port[0] = 21 19:20:25 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@prinfo={0x18}, @sndinfo={0x20}], 0x38}, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 19:20:25 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) write$binfmt_misc(r1, &(0x7f0000000480)=ANY=[], 0xffffff31) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 500.480493][T11898] IPVS: ftp: loaded support on port[0] = 21 19:20:26 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:26 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000100)={0x38, 0x1, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x200000ee) setsockopt$inet_mtu(r2, 0x0, 0x4, 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 19:20:26 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@prinfo={0x18}], 0x18}, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 19:20:26 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet(0x2, 0x800, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0xd}, @multicast1}, 0xc) sendmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb92e0a480e000d000000e8bd6efb250309000e000100240248ff050005001201", 0x2e}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 19:20:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000024000b0f0100e300e4ff000000000000", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000b00010064736d61726b00000c0002000600010020"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}]}, 0x34}}, 0x0) [ 501.709408][T11974] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.717595][T11974] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.725962][T11974] device bridge0 entered promiscuous mode [ 502.015890][T11987] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 19:20:27 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private2}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffb5}], 0xaaaac44, 0x0, 0x0, 0xfffffe41) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5b]}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, &(0x7f00000000c0)=0x6b) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20021, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x9}, 0x40100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 19:20:27 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @broadcast}, 0x10) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000), 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f00000038c0), 0x4000000000000a8, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x10041, &(0x7f00000037c0)={0x0, 0x989680}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240)={0xffffffffffffffff}) syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_NEW_MPATH(r2, &(0x7f0000002f80)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000002f40)={&(0x7f0000002f00)={0x28, 0x0, 0x4, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc}]}, 0x28}}, 0x4000850) 19:20:28 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001440)={0x8, {"a2e3ad21ed6b52f99cfbf4c087f719b4d04fe7ff7fc6e5539b360a0e8b546a9b375094370890e0878fdb1ac6e7049b75b4956c409a472a5b67f3988f7ef31952a981ffe8d178708c523c921b1b4d4b0a169b71d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fef5952a5391fd5615d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e67d1d7232f17696294378ce716dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f7927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39973132f02768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90195c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b010a3ad0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0xfd95) setsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0) 19:20:28 executing program 4: r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETVERSION(r0, 0xc020662a, &(0x7f0000000080)) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x7}}, 0xffffffffffffffff, 0x0, r0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0xfffffffffffffce8}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') open(&(0x7f00000000c0)='./bus\x00', 0x80, 0x118) 19:20:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newlink={0x28, 0x11, 0x40d, 0x0, 0x0, {0x10}, [@IFLA_GROUP={0x8, 0x1b, 0x6}]}, 0x28}}, 0x0) 19:20:28 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f0000000180)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:28 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @broadcast}, 0x10) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f00000038c0), 0x4000000000000a8, 0x0) socket$xdp(0x2c, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10041, &(0x7f00000037c0)={0x0, 0x989680}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240)) syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, 0x0, 0x4000850) 19:20:28 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33800000, 0x0, @perf_config_ext={0x0, 0x617}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nullb0\x00', 0x4000000044882, 0x0) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000005000/0x3000)=nil) socket$nl_audit(0x10, 0x3, 0x9) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00') shmat(r1, &(0x7f0000000000/0x13000)=nil, 0x6000) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) dup(0xffffffffffffffff) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r3, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000}]) 19:20:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_SREGS(r2, 0x8138ae83, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 503.683311][T10704] tipc: TX() has been purged, node left! 19:20:29 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) [ 503.866883][T10704] tipc: TX() has been purged, node left! [ 504.043315][T10704] tipc: TX() has been purged, node left! 19:20:29 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, "cc"}], 0x18}}], 0x1, 0x300000000000000) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) [ 504.214615][T10704] tipc: TX() has been purged, node left! 19:20:29 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000080)={0x81, 0x5, 0x2}) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000140)={0x0, 0x5, 0x4, 0x0, 0x0, {}, {}, 0x0, 0x2, @planes=&(0x7f0000000000)={0x0, 0x0, @userptr}, 0xff00}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) dup2(r4, r0) [ 504.363330][T10704] tipc: TX() has been purged, node left! 19:20:30 executing program 1: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private2}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffb5}], 0xaaaac44, 0x0, 0x0, 0xfffffe41) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5b]}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, &(0x7f00000000c0)=0x6b) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20021, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x4, @perf_config_ext, 0x40100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, &(0x7f0000000280)={0x1, 0x0, 0xc, 0x0, 0x0, &(0x7f00000003c0)}) 19:20:30 executing program 3: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private2}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffb5}], 0xaaaac44, 0x0, 0x0, 0xfffffe41) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5b]}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, &(0x7f00000000c0)=0x6b) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20021, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x4, @perf_config_ext, 0x40100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r4, 0x0, 0xfffffcaa) ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, 0x0) 19:20:30 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0400fc60100002400c000200053582c137153e37090001805a001d00d1bd", 0x2e}], 0x1}, 0x0) 19:20:30 executing program 4: openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 19:20:30 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0xf24, 0xc7, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2c, 0x800, 0x4fec) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x6612, 0x0) ioctl$VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f0000000100)=0x1ff) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$unix(0x1, 0x0, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x20) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140)) write$P9_RMKDIR(r2, &(0x7f0000000240)={0x14, 0x49, 0x2, {0x10, 0x0, 0x7}}, 0x14) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000025000511d25a802a8c63940d0424fc6004000e000a0011000200008037153e370a000c8000000000d1bd", 0x2e}], 0x1}, 0x20) r3 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000380)=ANY=[], 0x102) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000380)=ANY=[], 0x102) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-neon\x00'}, 0x58) [ 505.573667][T12070] openvswitch: netlink: Message has 5 unknown bytes. 19:20:31 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000001500)) 19:20:31 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0x1, 0xc, 0x0, &(0x7f00000002c0)) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) 19:20:31 executing program 4: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private2}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffb5}], 0xaaaac44, 0x0, 0x0, 0xfffffe41) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5b]}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, &(0x7f00000000c0)=0x6b) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20021, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x4, @perf_config_ext, 0x40100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 19:20:32 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001440)={0x8, {"a2e3ad21ed6b52f99cfbf4c087f719b4d04fe7ff7fc6e5539b360a0e8b546a9b375094370890e0878fdb1ac6e7049b75b4956c409a472a5b67f3988f7ef31952a981ffe8d178708c523c921b1b4d4b0a169b71d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fef5952a5391fd5615d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e67d1d7232f17696294378ce716dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f7927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39973132f02768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90195c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b010a3ad0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0xfd95) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) 19:20:32 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:32 executing program 5: getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private2}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffb5}], 0xaaaac44, 0x0, 0x0, 0xfffffe41) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000140)={[0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5b]}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, &(0x7f00000000c0)=0x6b) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x20021, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x4, @perf_config_ext={0x0, 0x9}, 0x40100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:20:35 executing program 1: unshare(0x2000400) r0 = io_uring_setup(0xa4, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) io_uring_enter(r0, 0x418, 0x0, 0x0, 0x0, 0x0) 19:20:35 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001440)={0x8, {"a2e3ad21ed6b52f99cfbf4c087f719b4d04fe7ff7fc6e5539b360a0e8b546a9b375094370890e0878fdb1ac6e7049b75b4956c409a472a5b67f3988f7ef31952a981ffe8d178708c523c921b1b4d4b0a169b71d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fef5952a5391fd5615d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e67d1d7232f17696294378ce716dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f7927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39973132f02768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90195c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b010a3ad0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0xfd95) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x0, 0x0, 0x2004) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) 19:20:35 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x44182) pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f00000023c0)="f1a02811a7b98eff17cab45cde12e82ff6b48ad960437b9740cbcc4d26f1d21ebf4fe94e05d31ace7577379435d95531decaf0d363c444863ab99a09ea5dbf8819aaf14f34fc9bb27151a064ffd331daa254b9b183c4ef293d72a9ba472880134c1bfadf115abdbb47877845b02daa1442ae386ed0c047a7849f25c802c7d4be3cf69fb5985b7c933b5985ab8e9a1434ec7c6c91358cc0789ee4f898b7d0d9c6d660122c794a1e8f65d7cde6f4263c70f890a147057b49a0be827ad36fe58cf924709b8d1e192dea50c0caa2058e697e98c3f909712eef620adde5fc6834f6ffbc5b67b307205104bc7a149cf1d8d6e64bef3907f595821de19fa52478a7633cee98102847c7e552184237394716f8532602170fd6dc3ee3132d3fc1628a455e2340b9fca55fb19b928ebdd5233a5bd84a8a345fb1bba27036cfe5dade47587b5233f4d7016507b6e07ce89bf0f25b2f78f2dbe1f5666760e4ec8e5a88ed2c3a4aaff00566e27a76ee91cdaa96d7359bed530fb86462e8a61aeb8b3e0dff9ed988ec45b3944672dc9eebdf2029ca417c894a210334ff3bd7ec3c0072d2e8569c2ccd1acb1288b84d56f3d285c0dec4c386fce09963f1b19f0903247910f2f222d8a0ff3df7f11323df278caa5889eab1bdfa3c51da1c6748aeeaecc220d0b1175eb66f8537a6de61b7bc2494c2d750ecbc29965a022dc6261e00ebf471fd9a34fc9cc8938d1944341ebb07b6709810fe4ff282bb6c04839298e3a7c1120be6491754627e88585e180d2a49d2cc70a3afac96f6d76e91aa9cd6fc7af509bcb7f1f3329ad0700f8a87d0b38dff12962268ce0c0b42bbe2afdb8d9ff199ddf5f64dcfa004839a84667e2a98496c6c711c22efd4885149e279bb41bbdef49b7af6f4ebd7a1158c7e305e1e517fc11763307ca379bfa978d9ccac9639f5c97ee9535a277a9a55ffcfb2ad288da1004603c3f8f1e57e9e9001b1f5bfffae1aae41f111de81dcf2f320adf9268248b4a7ba0635d0100ed0fd3e9897c205ef8f712c4827a75cb0d5ac56b0a2a234967b5c35049d94ca48a511f81e7d45b054dc659c9d264ccf560fa521bc2bfeebe7e01bad6d93c59ee4ce0fd6ba02b7988f769bfc92346feb80a0d499efd4536286ad507b8a7f0c105ed4ac78ba69f6f327b206c270600b134afef7c0966616ea986ccedfa202e12d3a8f65f32c6c2676d805a675d31000df34520aa135c71ec4d939afd6481d50e7b0da5fd86779ac6a5aabf7b1cf4063a9d12eb0fb7d0c49ff91012ef653407e203753d02eee662d032c5e0970de83b09750c00f8090ad297ed4e5bbd918cb4c035b90bb672f9699b6e72aed723e0da7e1ebe5810a77a0868da956f1e3dddf64ee3a4054dcc6c8e4b2c055d445948e2116c4a2166f1b3782a126195ab3a9d172c85fe4d4e82d9ddfa3a76863b2d1316aaf965a2dca457471183515ba295f24232d68ba0156c1c62e2264f7d30dd04533c4db6e5322001cd61d66dbc022fa9a294442e70086ae4f2fac3c5abd3be29ebf3f25a67d0193e9367b96967a8bd972251b87ea8956af2c8aa16e4c2bbde7b46702df096968149e9faac1c8a9a9284a282d2d499eb6742303839aa0578d33cdabc685ec45961f5f71b3653833bef175a3f63c261c9b617cd65a803fbf5a975408c4f49abee5e8477318f0a8625bb6bf1aba023ef52bd8ad8fbbd90ba3be5b1d4d1b18b2dab227e76c5186f61421e55a2fe223549b09952de12f3234c7fbc5b95b648144d1e8d7c8b60604c6be843ae41a6473d8b905c23708e1c03c7ce31cb171786ba402ad0dd14c0c1e5fb38795562a80a3ed6b26abc317e94e265cdebf05731f33e456ab3a3ea5ff1f5bdaae50e74877f70bb1d942a0564194d81a59b9bda019d3b41449ad56abdf82e9b16ede84d355bb82db829f28b47e20a88e98091f227af7ed86277dfbfbe1b1136ee8e9e5a04ee3fab6d7fbd93c8378d09e63acdfe3b7a4c84630ebe40e83246e3a476286303173d568cf162b70cf8712b0ee27e768cba843e98cfb6c902058770056c1ad3fa030c27a60e8ca74aea8559c8fc8dc36f3c0a9b4c83cd88cc40ee3acd8867ae12654c88823cf78cf1c2be6cf7b9a92c58a8e1a066b4af8d6b25de22f45070fb8ec66af3b252956e9ee59d4f5adeb68e846c27c48978872cf58a2cfbc0c904530465d277e1b795ad4a89ddac6e31e2f0c12ab905fa93353a402cecf31d47e46921d7625c7338a9f2de03f7438a177349909cccc51456864b71ae4aa4735903c5ec6332e67be1b1f1f0bc356d1df0bbd287abd1e34adb409d84bd94e72d30d7a385890b116e64ba029649bb26a2fae18080445b608871c2e9d185f38f299fdd624269fa54ef47f1a914bdee2a91ce621c655d7f1d6fcb94ca70766029e8a604c02f0b5329a98b9860dff6d8435e70a28b01faa9a2a8eff8774367651ffc4daf009633c5e6029eb3f5c27656671e0a631406712995ea783412b34555fa4c0f13e8802b0abb667e8205356f21d3dc79910d3ac872595246c9c6fd996bc30ab6d0623eb85b8a82145182da863458e1829dd6048f838daa503e5ab5b9eb2fbac3e4d122f67469af4d71582d73795caf68ddaab1361470d9ffc41a531a6fef8728691990de185d1137d70457857608d64e601b4cacb672945e071ccf32671362c32d881996b3ce75d5124f1a048c07661ba16f68f0010f7904b27737031f07991ac569df0f8dab4eefc4a2bfa13348f5088a1b97782d7b37375256dcbc8aff49ba7a982c7fadd3b591794b567be12db6c1fcdaa76931a617126683c0aed0615b5aba4bda8ae2b828e4c0efac280959faed367d763b43c7b6975d3f411b347064dcba8590931459a37b1d47841accef273fe75d8b1046e01867deee14b172e334bf887a3f9e3943a80e4fad2dd3c8c101e15930b04b510805ca91dd201d7416e2e963e03d7a04a6db2e5edadc7e0ba66dad10645c612c29d6c36f6e530ff069bace4db6fd75c8a2a1d5a854cc9e747136c1da9174712f2e95155cf6410c917315bfc964249e95cc7d3793315cec1f6a30aab796a9e0f90031be8f051d1dfbcf818d8efb0ff5ccc613df9afdf8d54dc38af22e9b56423264272091b6936be6a066f5c46c93335a00c61287ffdb8a41622c8a821e2db57abf421a5b8bd1902717d0a1a37d6afbc4922e88d5405556a26f9aeb281c8e448537a760e66a045a0623fbc94f52e2c3ba5137722c17afb77b5e690ae18ab4abf63df32f138e277ae3004da7e2725f75b9e999085046317c1692df725e991063542f5636c2356f942a2fef1c547d472174e6f27dfeb48075737e62e1fd5c605884b00d59a054104b9fef72e74e1daf24d3758c1d9d365bfc7bb364719eafe5a5d14324b6373b3f52d2dd62c96fb0a5f404bcc8e553a7bc0af7c13dd994aa971b030f6bcaa8eb6ed0657c09a9785247d00579da3172a968377ddb56a9e6989bde1e29e74ba6af557e4b4699c96249d7fcf5902b7027148a6a136486da59384959b5ee6edd2f472242ada4355a12abb4d173e084646965806d979d3382111c7d6c0b3da6e1000c43745e4b8a6045071c0befc4176c13a61b37930b3c75e4e6cb004ee19899c908c43ab6c508d3a31e0a528fabdf7c6a69fa18a899d24a8299eb811bd0fc0f8c20f501ed61ed99ce3913f32b8d1417266e6d78fe250d2589caa88af92b7e4fad4fcfb4e5d85b2d679dff84b2283b2a91346edd3ac72f6a34c92de604fbdd6b0ba1e7dedfa062fcebde3e2ef979517453550ef823d4cebbfa1ffbf70c0a776ac273c53011daaaa1b9d2149bc1de2dba9585597a76d3192a0dc4b36409dc4d499fd5a958913899a450d41e5480b00f8fa0633dd9ff8218746ad6cb072b8ab5786678112bdd3914404e7dc6ef162325f20e8c3341acde5eece0bc8cbdd1b5af036976738c2d191ab27d21023a322f0d31ef08e19137e93da8fb9b595e7006f4b922a711f1e7fa00f0d2881a151104f41089a49315ace34f9af1c0c38501d1c62af84bfa2120894b75b7ed95a0234a59d14fe177a761785d15a65c7d992ad2fdfa812ab8739ce9fe5c787c9e52dc20adaa675cf74b134ed33cb81c39e5c2a5574ea8b8bf51ed787f11dc844ee7dfadf43da13d2dfe61bf12c185fc31924e4fb013a9c2f9392802e12339414160ee0e88761f52e938ae84bc97fe2a2aa95bdf37de1eb5c0f959e9ba5747ace996d995f9da7febc2150c05aa38444689efa7a57636baefc600b7625b782510cacfb3e4600920227308ed0b02b8ead598c9fe81fdceed6d5c98bda687c73f289c8227abe711acd1adf15783c3015b090f1064197ab3d134773ce7d1b29ff2d3984efe9b771bcdbd0125567ed45a292bd1d0038fd22367bbf740c9d23d5236a692377596362f9078a981be540b6c92354990edca2b69ed9365d5e2ebe8921cb2586d6d424f01909c625b7ed96fd333438cdd4474ca76b33b87be002c22864ab27ec9919211c1b8a2c167fbbfc2f1abb8156ab8cbad805ea63f0b604f48e10aa9ff6d2f6256d682173be75e35287afdd1cc3a9c6c4e35b5ef17df00f9a22435fdbedcd196f9c9128d830bb07943ef207592fe92b6f0f58c67baa1b57ef2960682657368f919d99bc9e7e9e5862e55982107d6da3b5f328cf55294e387accc8b0f715aa82c4c835436d7d36bd6d0859bf29ca65e74e576f7562a4f29f13823d5696d8fd063a91b270f1e76cef0461d76cdeab3c9a413ed83eed8ee6e6acf12c7f01ae8032971e0af9afd942f18cf2e1ec36463fd14a9afa603f4d6aac916788d946f8bcffb0c1a62df049dcf1094e42d7610d87451fb71a8b28e5a457fda425b4d689de24895541b465134914fc714471e37709b57cd1a0da2c3f1e137358adf416848a512acfd61d64da083bd54ff3d88432a301d5ce8013a8ad8c14c81a0f78c24a86b3a06b582bd2a2b2de4366a406fe3718238e5a281c1df70842f9b20637f5d62ac86e4a222ba562c60d83088924824b3b3191cc39c84f30ffcc6a95796d981f5d552b16e85662e0119902fa", 0xdfe}], 0x1, 0x2) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000280)={0x600, {}, 0x48, {}, 0x2300, 0x0, 0x0, 0xc, "b04a83706694a75154c629f75b71a95a8f3b289271c607adb22d4d000000007b1291b1150d4d3aa20d7beebc689e926d5e290679d1042f1b38e9e8af694c0d43", "d66ee438c05a45ff21d7560f000000557cc5e50000a482ebf7888c305bee6fd6"}) 19:20:35 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffff2b) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180), 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='veth1_vlan\x00', 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xc6dd, 0xf087}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0) 19:20:35 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0324fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1}, 0x0) 19:20:35 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0x1, 0x4, 0x0, &(0x7f00000002c0)) [ 510.000805][T12139] openvswitch: netlink: Message has 1 unknown bytes. 19:20:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000024000b0f0100e300e4ff000000000000", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000b00010064736d61726b00000c0002000600010020"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x11}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}]}, 0x34}}, 0x0) 19:20:35 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80087601, &(0x7f0000001500)) 19:20:35 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0xfffffffffffff8ed}, 0x0, 0x0, 0x0, 0x3, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x4204, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x7ffff00e) add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) pipe(&(0x7f0000000000)) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) [ 510.393153][T12163] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 510.479286][T12163] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 510.479330][T12165] ===================================================== [ 510.479362][T12165] BUG: KMSAN: uninit-value in sha512_generic_block_fn+0x222a/0x2ac0 [ 510.479381][T12165] CPU: 0 PID: 12165 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 510.479389][T12165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 510.479395][T12165] Call Trace: [ 510.479417][T12165] dump_stack+0x1df/0x240 [ 510.479442][T12165] kmsan_report+0xf7/0x1e0 [ 510.479463][T12165] __msan_warning+0x58/0xa0 [ 510.479486][T12165] sha512_generic_block_fn+0x222a/0x2ac0 [ 510.479527][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.479561][T12165] ? kmsan_get_metadata+0x11d/0x180 [ 510.479578][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.479594][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.479618][T12165] ? kmsan_get_metadata+0x11d/0x180 [ 510.479638][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.479659][T12165] crypto_sha512_update+0x4cc/0x570 [ 510.479684][T12165] ? crypto_sha224_init+0x210/0x210 [ 510.479702][T12165] crypto_shash_update+0x4e9/0x550 [ 510.479718][T12165] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 510.479752][T12165] ? crypto_hash_walk_first+0x1fd/0x360 [ 510.479766][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.479782][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.479796][T12165] shash_async_update+0x113/0x1d0 [ 510.479814][T12165] ? shash_async_init+0x1e0/0x1e0 [ 510.479829][T12165] hash_sendpage+0x8ef/0xdf0 [ 510.479851][T12165] ? hash_recvmsg+0xd30/0xd30 [ 510.479870][T12165] sock_sendpage+0x1e1/0x2c0 [ 510.479898][T12165] pipe_to_sendpage+0x38c/0x4c0 [ 510.479913][T12165] ? sock_fasync+0x250/0x250 [ 510.479942][T12165] __splice_from_pipe+0x565/0xf00 [ 510.479961][T12165] ? generic_splice_sendpage+0x2d0/0x2d0 [ 510.479996][T12165] generic_splice_sendpage+0x1d5/0x2d0 [ 510.480024][T12165] ? iter_file_splice_write+0x1800/0x1800 [ 510.480042][T12165] direct_splice_actor+0x1fd/0x580 [ 510.480062][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.480082][T12165] splice_direct_to_actor+0x6b2/0xf50 [ 510.480098][T12165] ? do_splice_direct+0x580/0x580 [ 510.480133][T12165] do_splice_direct+0x342/0x580 [ 510.480164][T12165] do_sendfile+0x101b/0x1d40 [ 510.480200][T12165] __se_sys_sendfile64+0x2bb/0x360 [ 510.480214][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.480235][T12165] __x64_sys_sendfile64+0x56/0x70 [ 510.480255][T12165] do_syscall_64+0xb0/0x150 [ 510.480276][T12165] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 510.480288][T12165] RIP: 0033:0x45c1d9 [ 510.480294][T12165] Code: Bad RIP value. [ 510.480302][T12165] RSP: 002b:00007fbad8ed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 510.480317][T12165] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 510.480326][T12165] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 510.480335][T12165] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 510.480344][T12165] R10: 000000007ffff00e R11: 0000000000000246 R12: 000000000078bf0c [ 510.480354][T12165] R13: 0000000000c9fb6f R14: 00007fbad8ed69c0 R15: 000000000078bf0c [ 510.480369][T12165] [ 510.480374][T12165] Uninit was created at: [ 510.480390][T12165] kmsan_save_stack_with_flags+0x3c/0x90 [ 510.480404][T12165] kmsan_alloc_page+0xb9/0x180 [ 510.480417][T12165] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 510.480432][T12165] alloc_pages_current+0x672/0x990 [ 510.480445][T12165] push_pipe+0x605/0xb70 [ 510.480459][T12165] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 510.480474][T12165] do_splice_to+0x4fc/0x14f0 [ 510.480490][T12165] splice_direct_to_actor+0x45c/0xf50 [ 510.480506][T12165] do_splice_direct+0x342/0x580 [ 510.480519][T12165] do_sendfile+0x101b/0x1d40 [ 510.480532][T12165] __se_sys_sendfile64+0x2bb/0x360 [ 510.480542][T12165] __x64_sys_sendfile64+0x56/0x70 [ 510.480555][T12165] do_syscall_64+0xb0/0x150 [ 510.480570][T12165] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 510.480574][T12165] ===================================================== [ 510.480579][T12165] Disabling lock debugging due to kernel taint [ 510.480586][T12165] Kernel panic - not syncing: panic_on_warn set ... [ 510.480600][T12165] CPU: 0 PID: 12165 Comm: syz-executor.4 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 510.480608][T12165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 510.480620][T12165] Call Trace: [ 510.480638][T12165] dump_stack+0x1df/0x240 [ 510.480659][T12165] panic+0x3d5/0xc3e [ 510.480690][T12165] kmsan_report+0x1df/0x1e0 [ 510.480708][T12165] __msan_warning+0x58/0xa0 [ 510.480729][T12165] sha512_generic_block_fn+0x222a/0x2ac0 [ 510.480768][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.480804][T12165] ? kmsan_get_metadata+0x11d/0x180 [ 510.480823][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.480840][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.480859][T12165] ? kmsan_get_metadata+0x11d/0x180 [ 510.480879][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.480899][T12165] crypto_sha512_update+0x4cc/0x570 [ 510.480923][T12165] ? crypto_sha224_init+0x210/0x210 [ 510.480940][T12165] crypto_shash_update+0x4e9/0x550 [ 510.480958][T12165] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 510.480990][T12165] ? crypto_hash_walk_first+0x1fd/0x360 [ 510.481014][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.481035][T12165] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 510.481053][T12165] shash_async_update+0x113/0x1d0 [ 510.481075][T12165] ? shash_async_init+0x1e0/0x1e0 [ 510.481090][T12165] hash_sendpage+0x8ef/0xdf0 [ 510.481115][T12165] ? hash_recvmsg+0xd30/0xd30 [ 510.481134][T12165] sock_sendpage+0x1e1/0x2c0 [ 510.481158][T12165] pipe_to_sendpage+0x38c/0x4c0 [ 510.481173][T12165] ? sock_fasync+0x250/0x250 [ 510.481195][T12165] __splice_from_pipe+0x565/0xf00 [ 510.481210][T12165] ? generic_splice_sendpage+0x2d0/0x2d0 [ 510.481236][T12165] generic_splice_sendpage+0x1d5/0x2d0 [ 510.481257][T12165] ? iter_file_splice_write+0x1800/0x1800 [ 510.481275][T12165] direct_splice_actor+0x1fd/0x580 [ 510.481299][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.481319][T12165] splice_direct_to_actor+0x6b2/0xf50 [ 510.481336][T12165] ? do_splice_direct+0x580/0x580 [ 510.481370][T12165] do_splice_direct+0x342/0x580 [ 510.481401][T12165] do_sendfile+0x101b/0x1d40 [ 510.481440][T12165] __se_sys_sendfile64+0x2bb/0x360 [ 510.481457][T12165] ? kmsan_get_metadata+0x4f/0x180 [ 510.481478][T12165] __x64_sys_sendfile64+0x56/0x70 [ 510.481496][T12165] do_syscall_64+0xb0/0x150 [ 510.481517][T12165] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 510.481528][T12165] RIP: 0033:0x45c1d9 [ 510.481533][T12165] Code: Bad RIP value. [ 510.481542][T12165] RSP: 002b:00007fbad8ed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 510.481559][T12165] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 510.481568][T12165] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 510.481577][T12165] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 510.481588][T12165] R10: 000000007ffff00e R11: 0000000000000246 R12: 000000000078bf0c [ 510.481597][T12165] R13: 0000000000c9fb6f R14: 00007fbad8ed69c0 R15: 000000000078bf0c [ 510.483006][T12165] Kernel Offset: 0x23200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 511.177366][T12165] Rebooting in 86400 seconds..