emcpy+0x6f/0x80 [ 397.016893] pskb_expand_head+0x436/0x1d20 [ 397.021139] ___pskb_trim+0x3c9/0x1bf0 [ 397.025041] sk_filter_trim_cap+0x5ac/0xa60 [ 397.030101] tcp_filter+0x10c/0x260 [ 397.033757] tcp_v6_rcv+0x45ba/0x5df0 [ 397.037576] ip6_input_finish+0xb53/0x2450 [ 397.041826] ip6_input+0x29d/0x340 [ 397.045374] ip6_rcv_finish+0x4d2/0x710 [ 397.049361] ipv6_rcv+0x34b/0x3f0 [ 397.053047] process_backlog+0x82b/0x11e0 [ 397.057206] net_rx_action+0x98f/0x1d50 [ 397.061201] __do_softirq+0x721/0xc7f [ 397.065123] [ 397.066752] Uninit was stored to memory at: [ 397.071086] kmsan_internal_chain_origin+0x136/0x240 [ 397.076202] __msan_chain_origin+0x6d/0xb0 [ 397.080459] __save_stack_trace+0x8be/0xc60 [ 397.084795] save_stack_trace+0xc6/0x110 [ 397.088870] kmsan_internal_chain_origin+0x136/0x240 [ 397.093991] kmsan_memcpy_origins+0x13d/0x190 [ 397.098504] __msan_memcpy+0x6f/0x80 [ 397.102322] pskb_expand_head+0x436/0x1d20 [ 397.106866] ___pskb_trim+0x3c9/0x1bf0 [ 397.110767] sk_filter_trim_cap+0x5ac/0xa60 [ 397.115101] tcp_filter+0x10c/0x260 [ 397.118754] tcp_v6_rcv+0x45ba/0x5df0 [ 397.122566] ip6_input_finish+0xb53/0x2450 [ 397.127497] ip6_input+0x29d/0x340 [ 397.131134] ip6_rcv_finish+0x4d2/0x710 [ 397.135114] ipv6_rcv+0x34b/0x3f0 [ 397.138584] process_backlog+0x82b/0x11e0 [ 397.142749] net_rx_action+0x98f/0x1d50 [ 397.146742] __do_softirq+0x721/0xc7f [ 397.150541] [ 397.152173] Uninit was stored to memory at: [ 397.156521] kmsan_internal_chain_origin+0x136/0x240 [ 397.161636] __msan_chain_origin+0x6d/0xb0 [ 397.165879] __save_stack_trace+0x8be/0xc60 [ 397.170220] save_stack_trace+0xc6/0x110 [ 397.174297] kmsan_internal_chain_origin+0x136/0x240 [ 397.179409] kmsan_memcpy_origins+0x13d/0x190 [ 397.183913] __msan_memcpy+0x6f/0x80 [ 397.187641] pskb_expand_head+0x436/0x1d20 [ 397.191892] ___pskb_trim+0x3c9/0x1bf0 [ 397.195792] sk_filter_trim_cap+0x5ac/0xa60 [ 397.200132] tcp_filter+0x10c/0x260 [ 397.203772] tcp_v6_rcv+0x45ba/0x5df0 [ 397.207579] ip6_input_finish+0xb53/0x2450 [ 397.211834] ip6_input+0x29d/0x340 [ 397.215400] ip6_rcv_finish+0x4d2/0x710 [ 397.219870] ipv6_rcv+0x34b/0x3f0 [ 397.223336] process_backlog+0x82b/0x11e0 [ 397.228023] net_rx_action+0x98f/0x1d50 [ 397.232014] __do_softirq+0x721/0xc7f [ 397.235815] [ 397.237444] Uninit was stored to memory at: [ 397.241778] kmsan_internal_chain_origin+0x136/0x240 [ 397.246892] __msan_chain_origin+0x6d/0xb0 [ 397.251138] __save_stack_trace+0x8be/0xc60 [ 397.255470] save_stack_trace+0xc6/0x110 [ 397.259541] kmsan_internal_chain_origin+0x136/0x240 [ 397.264668] kmsan_memcpy_origins+0x13d/0x190 [ 397.269172] __msan_memcpy+0x6f/0x80 [ 397.272902] pskb_expand_head+0x436/0x1d20 [ 397.277148] ___pskb_trim+0x3c9/0x1bf0 [ 397.281047] sk_filter_trim_cap+0x5ac/0xa60 [ 397.285380] tcp_filter+0x10c/0x260 [ 397.289016] tcp_v6_rcv+0x45ba/0x5df0 [ 397.292828] ip6_input_finish+0xb53/0x2450 [ 397.297069] ip6_input+0x29d/0x340 [ 397.300610] ip6_rcv_finish+0x4d2/0x710 [ 397.304593] ipv6_rcv+0x34b/0x3f0 [ 397.308060] process_backlog+0x82b/0x11e0 [ 397.312230] net_rx_action+0x98f/0x1d50 [ 397.316221] __do_softirq+0x721/0xc7f [ 397.320018] [ 397.321658] Uninit was stored to memory at: [ 397.326716] kmsan_internal_chain_origin+0x136/0x240 [ 397.331843] __msan_chain_origin+0x6d/0xb0 [ 397.336095] __save_stack_trace+0x8be/0xc60 [ 397.340424] save_stack_trace+0xc6/0x110 [ 397.344494] kmsan_internal_chain_origin+0x136/0x240 [ 397.349606] kmsan_memcpy_origins+0x13d/0x190 [ 397.354112] __msan_memcpy+0x6f/0x80 [ 397.357840] pskb_expand_head+0x436/0x1d20 [ 397.362087] ___pskb_trim+0x3c9/0x1bf0 [ 397.365996] sk_filter_trim_cap+0x5ac/0xa60 [ 397.370329] tcp_filter+0x10c/0x260 [ 397.373966] tcp_v6_rcv+0x45ba/0x5df0 [ 397.377799] ip6_input_finish+0xb53/0x2450 [ 397.382044] ip6_input+0x29d/0x340 [ 397.385596] ip6_rcv_finish+0x4d2/0x710 [ 397.389578] ipv6_rcv+0x34b/0x3f0 [ 397.393046] process_backlog+0x82b/0x11e0 [ 397.397204] net_rx_action+0x98f/0x1d50 [ 397.401200] __do_softirq+0x721/0xc7f [ 397.405010] [ 397.406657] Uninit was stored to memory at: [ 397.411022] kmsan_internal_chain_origin+0x136/0x240 [ 397.416138] __msan_chain_origin+0x6d/0xb0 [ 397.420390] __save_stack_trace+0x8be/0xc60 [ 397.424724] save_stack_trace+0xc6/0x110 [ 397.429502] kmsan_internal_chain_origin+0x136/0x240 [ 397.434624] kmsan_memcpy_origins+0x13d/0x190 [ 397.439133] __msan_memcpy+0x6f/0x80 [ 397.442864] pskb_expand_head+0x436/0x1d20 [ 397.447208] ___pskb_trim+0x3c9/0x1bf0 [ 397.451140] sk_filter_trim_cap+0x5ac/0xa60 [ 397.455472] tcp_filter+0x10c/0x260 [ 397.459107] tcp_v6_rcv+0x45ba/0x5df0 [ 397.462917] ip6_input_finish+0xb53/0x2450 [ 397.467165] ip6_input+0x29d/0x340 [ 397.470716] ip6_rcv_finish+0x4d2/0x710 [ 397.474699] ipv6_rcv+0x34b/0x3f0 [ 397.478159] process_backlog+0x82b/0x11e0 [ 397.482313] net_rx_action+0x98f/0x1d50 [ 397.486321] __do_softirq+0x721/0xc7f [ 397.490127] [ 397.491753] Uninit was stored to memory at: [ 397.496093] kmsan_internal_chain_origin+0x136/0x240 [ 397.501218] __msan_chain_origin+0x6d/0xb0 [ 397.505467] __save_stack_trace+0x8be/0xc60 [ 397.509800] save_stack_trace+0xc6/0x110 [ 397.513873] kmsan_internal_chain_origin+0x136/0x240 [ 397.518993] kmsan_memcpy_origins+0x13d/0x190 [ 397.523606] __msan_memcpy+0x6f/0x80 [ 397.528026] pskb_expand_head+0x436/0x1d20 [ 397.532277] ___pskb_trim+0x3c9/0x1bf0 [ 397.536180] sk_filter_trim_cap+0x5ac/0xa60 [ 397.540623] tcp_filter+0x10c/0x260 [ 397.544261] tcp_v6_rcv+0x45ba/0x5df0 [ 397.548072] ip6_input_finish+0xb53/0x2450 [ 397.552399] ip6_input+0x29d/0x340 [ 397.555952] ip6_rcv_finish+0x4d2/0x710 [ 397.559937] ipv6_rcv+0x34b/0x3f0 [ 397.563405] process_backlog+0x82b/0x11e0 [ 397.567572] net_rx_action+0x98f/0x1d50 [ 397.571561] __do_softirq+0x721/0xc7f [ 397.575363] [ 397.576996] Local variable description: ----v.addr.i.i.i@should_fail [ 397.583490] Variable was created at: [ 397.587220] should_fail+0x14d/0x13c0 [ 397.591030] __should_failslab+0x278/0x2a0 [ 397.620426] not chained 340000 origins [ 397.624356] CPU: 1 PID: 10657 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 397.632353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.641731] Call Trace: [ 397.644335] dump_stack+0x32d/0x480 [ 397.647993] kmsan_internal_chain_origin+0x222/0x240 [ 397.653120] ? save_stack_trace+0xc6/0x110 [ 397.657355] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 397.662464] ? kmsan_internal_chain_origin+0x90/0x240 [ 397.667664] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 397.673030] ? is_bpf_text_address+0x49e/0x4d0 [ 397.677612] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 397.683057] ? in_task_stack+0x12c/0x210 [ 397.687122] __msan_chain_origin+0x6d/0xb0 [ 397.691356] ? kmsan_memcpy_origins+0x13d/0x190 [ 397.696022] __save_stack_trace+0x8be/0xc60 [ 397.700359] ? kmsan_memcpy_origins+0x13d/0x190 [ 397.705030] save_stack_trace+0xc6/0x110 [ 397.709091] kmsan_internal_chain_origin+0x136/0x240 [ 397.714192] ? do_syscall_64+0xcf/0x110 [ 397.718175] ? kmsan_internal_chain_origin+0x136/0x240 [ 397.723450] ? kmsan_memcpy_origins+0x13d/0x190 [ 397.728960] ? __msan_memcpy+0x6f/0x80 [ 397.732856] ? pskb_expand_head+0x436/0x1d20 [ 397.737262] ? __tcp_retransmit_skb+0xdf6/0x46c0 [ 397.742026] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 397.747207] ? tcp_ack+0x91b2/0xa010 [ 397.750924] ? tcp_rcv_established+0xf7e/0x2940 [ 397.755594] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 397.759757] ? __release_sock+0x32d/0x750 [ 397.763913] ? __sk_flush_backlog+0x52/0x70 [ 397.768236] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 397.772844] ? tcp_sendmsg+0xb2/0x100 [ 397.776639] ? inet_sendmsg+0x4e9/0x800 [ 397.780608] ? __sys_sendto+0x940/0xb80 [ 397.784575] ? __se_sys_sendto+0x107/0x130 [ 397.788806] ? __x64_sys_sendto+0x6e/0x90 [ 397.792948] ? do_syscall_64+0xcf/0x110 [ 397.797081] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 397.802474] ? __msan_get_context_state+0x9/0x20 [ 397.807247] ? INIT_INT+0xc/0x30 [ 397.810611] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 397.815998] kmsan_memcpy_origins+0x13d/0x190 [ 397.820496] __msan_memcpy+0x6f/0x80 [ 397.824223] pskb_expand_head+0x436/0x1d20 [ 397.829314] __tcp_retransmit_skb+0xdf6/0x46c0 [ 397.833911] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 397.839309] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 397.844668] ? __list_del_entry_valid+0x123/0x450 [ 397.849547] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 397.854585] tcp_ack+0x91b2/0xa010 [ 397.858125] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 397.863625] tcp_rcv_established+0xf7e/0x2940 [ 397.868133] tcp_v6_do_rcv+0x9f8/0x21b0 [ 397.872113] ? tcp_v6_destroy_sock+0x60/0x60 [ 397.876537] __release_sock+0x32d/0x750 [ 397.880516] __sk_flush_backlog+0x52/0x70 [ 397.884664] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 397.888911] tcp_sendmsg_locked+0xd72/0x6c30 [ 397.893328] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 397.898716] tcp_sendmsg+0xb2/0x100 [ 397.902346] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 397.907012] inet_sendmsg+0x4e9/0x800 [ 397.910825] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 397.916185] ? security_socket_sendmsg+0x1bd/0x200 [ 397.921118] ? inet_getname+0x490/0x490 [ 397.925087] __sys_sendto+0x940/0xb80 [ 397.929585] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 397.935063] ? prepare_exit_to_usermode+0x182/0x4c0 [ 397.940079] __se_sys_sendto+0x107/0x130 [ 397.944140] __x64_sys_sendto+0x6e/0x90 [ 397.948109] do_syscall_64+0xcf/0x110 [ 397.951907] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 397.957091] RIP: 0033:0x457569 [ 397.960290] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 397.979274] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 397.987003] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 397.994266] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 398.001527] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 398.008787] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 398.016051] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 398.023345] Uninit was stored to memory at: [ 398.028177] kmsan_internal_chain_origin+0x136/0x240 [ 398.033310] __msan_chain_origin+0x6d/0xb0 [ 398.037538] __save_stack_trace+0x8be/0xc60 [ 398.041853] save_stack_trace+0xc6/0x110 [ 398.045910] kmsan_internal_chain_origin+0x136/0x240 [ 398.051016] kmsan_memcpy_origins+0x13d/0x190 [ 398.055592] __msan_memcpy+0x6f/0x80 [ 398.059304] pskb_expand_head+0x436/0x1d20 [ 398.063532] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.068107] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.073123] tcp_ack+0x91b2/0xa010 [ 398.076666] tcp_rcv_established+0xf7e/0x2940 [ 398.081170] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.085156] __release_sock+0x32d/0x750 [ 398.089127] __sk_flush_backlog+0x52/0x70 [ 398.093284] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.097689] tcp_sendmsg+0xb2/0x100 [ 398.101313] inet_sendmsg+0x4e9/0x800 [ 398.105107] __sys_sendto+0x940/0xb80 [ 398.108898] __se_sys_sendto+0x107/0x130 [ 398.112950] __x64_sys_sendto+0x6e/0x90 [ 398.116942] do_syscall_64+0xcf/0x110 [ 398.120752] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.126513] [ 398.128134] Uninit was stored to memory at: [ 398.132464] kmsan_internal_chain_origin+0x136/0x240 [ 398.137561] __msan_chain_origin+0x6d/0xb0 [ 398.141805] __save_stack_trace+0x8be/0xc60 [ 398.146122] save_stack_trace+0xc6/0x110 [ 398.150182] kmsan_internal_chain_origin+0x136/0x240 [ 398.155288] kmsan_memcpy_origins+0x13d/0x190 [ 398.159798] __msan_memcpy+0x6f/0x80 [ 398.163511] pskb_expand_head+0x436/0x1d20 [ 398.167755] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.172331] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.177341] tcp_ack+0x91b2/0xa010 [ 398.180874] tcp_rcv_established+0xf7e/0x2940 [ 398.185368] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.189340] __release_sock+0x32d/0x750 [ 398.193310] __sk_flush_backlog+0x52/0x70 [ 398.197468] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.201886] tcp_sendmsg+0xb2/0x100 [ 398.205510] inet_sendmsg+0x4e9/0x800 [ 398.209312] __sys_sendto+0x940/0xb80 [ 398.213105] __se_sys_sendto+0x107/0x130 [ 398.217157] __x64_sys_sendto+0x6e/0x90 [ 398.221125] do_syscall_64+0xcf/0x110 [ 398.224926] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.230855] [ 398.232477] Uninit was stored to memory at: [ 398.236799] kmsan_internal_chain_origin+0x136/0x240 [ 398.241898] __msan_chain_origin+0x6d/0xb0 [ 398.246140] __save_stack_trace+0x8be/0xc60 [ 398.250456] save_stack_trace+0xc6/0x110 [ 398.254514] kmsan_internal_chain_origin+0x136/0x240 [ 398.259612] kmsan_memcpy_origins+0x13d/0x190 [ 398.264100] __msan_memcpy+0x6f/0x80 [ 398.267807] pskb_expand_head+0x436/0x1d20 [ 398.272034] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.276612] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.281622] tcp_ack+0x91b2/0xa010 [ 398.285156] tcp_rcv_established+0xf7e/0x2940 [ 398.289645] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.293618] __release_sock+0x32d/0x750 [ 398.297590] __sk_flush_backlog+0x52/0x70 [ 398.301737] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.306139] tcp_sendmsg+0xb2/0x100 [ 398.309764] inet_sendmsg+0x4e9/0x800 [ 398.313558] __sys_sendto+0x940/0xb80 [ 398.317349] __se_sys_sendto+0x107/0x130 [ 398.321402] __x64_sys_sendto+0x6e/0x90 [ 398.325375] do_syscall_64+0xcf/0x110 [ 398.329660] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.334840] [ 398.336471] Uninit was stored to memory at: [ 398.340793] kmsan_internal_chain_origin+0x136/0x240 [ 398.345891] __msan_chain_origin+0x6d/0xb0 [ 398.350122] __save_stack_trace+0x8be/0xc60 [ 398.354440] save_stack_trace+0xc6/0x110 [ 398.358494] kmsan_internal_chain_origin+0x136/0x240 [ 398.363605] kmsan_memcpy_origins+0x13d/0x190 [ 398.368093] __msan_memcpy+0x6f/0x80 [ 398.371804] pskb_expand_head+0x436/0x1d20 [ 398.376034] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.380615] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.385625] tcp_ack+0x91b2/0xa010 [ 398.389161] tcp_rcv_established+0xf7e/0x2940 [ 398.393651] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.397622] __release_sock+0x32d/0x750 [ 398.401587] __sk_flush_backlog+0x52/0x70 [ 398.405733] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.410137] tcp_sendmsg+0xb2/0x100 [ 398.413761] inet_sendmsg+0x4e9/0x800 [ 398.417580] __sys_sendto+0x940/0xb80 [ 398.421385] __se_sys_sendto+0x107/0x130 [ 398.425441] __x64_sys_sendto+0x6e/0x90 [ 398.429911] do_syscall_64+0xcf/0x110 [ 398.433713] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.438891] [ 398.440508] Uninit was stored to memory at: [ 398.444826] kmsan_internal_chain_origin+0x136/0x240 [ 398.449925] __msan_chain_origin+0x6d/0xb0 [ 398.454158] __save_stack_trace+0x8be/0xc60 [ 398.458476] save_stack_trace+0xc6/0x110 [ 398.462536] kmsan_internal_chain_origin+0x136/0x240 [ 398.467636] kmsan_memcpy_origins+0x13d/0x190 [ 398.472123] __msan_memcpy+0x6f/0x80 [ 398.475830] pskb_expand_head+0x436/0x1d20 [ 398.480057] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.484634] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.489644] tcp_ack+0x91b2/0xa010 [ 398.493179] tcp_rcv_established+0xf7e/0x2940 [ 398.497678] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.501649] __release_sock+0x32d/0x750 [ 398.505973] __sk_flush_backlog+0x52/0x70 [ 398.510118] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.514519] tcp_sendmsg+0xb2/0x100 [ 398.518137] inet_sendmsg+0x4e9/0x800 [ 398.521930] __sys_sendto+0x940/0xb80 [ 398.526454] __se_sys_sendto+0x107/0x130 [ 398.530507] __x64_sys_sendto+0x6e/0x90 [ 398.534476] do_syscall_64+0xcf/0x110 [ 398.538273] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.543459] [ 398.545073] Uninit was stored to memory at: [ 398.549389] kmsan_internal_chain_origin+0x136/0x240 [ 398.554487] __msan_chain_origin+0x6d/0xb0 [ 398.558713] __save_stack_trace+0x8be/0xc60 [ 398.563032] save_stack_trace+0xc6/0x110 [ 398.567091] kmsan_internal_chain_origin+0x136/0x240 [ 398.572187] kmsan_memcpy_origins+0x13d/0x190 [ 398.576683] __msan_memcpy+0x6f/0x80 [ 398.580395] pskb_expand_head+0x436/0x1d20 [ 398.584620] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.589197] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.594220] tcp_ack+0x91b2/0xa010 [ 398.597755] tcp_rcv_established+0xf7e/0x2940 [ 398.602246] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.606223] __release_sock+0x32d/0x750 [ 398.610195] __sk_flush_backlog+0x52/0x70 [ 398.614343] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.618765] tcp_sendmsg+0xb2/0x100 [ 398.622388] inet_sendmsg+0x4e9/0x800 [ 398.626872] __sys_sendto+0x940/0xb80 [ 398.630667] __se_sys_sendto+0x107/0x130 [ 398.634721] __x64_sys_sendto+0x6e/0x90 [ 398.638689] do_syscall_64+0xcf/0x110 [ 398.642488] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.647662] [ 398.649279] Uninit was stored to memory at: [ 398.653597] kmsan_internal_chain_origin+0x136/0x240 [ 398.658696] __msan_chain_origin+0x6d/0xb0 [ 398.662925] __save_stack_trace+0x8be/0xc60 [ 398.667241] save_stack_trace+0xc6/0x110 [ 398.671298] kmsan_internal_chain_origin+0x136/0x240 [ 398.676398] kmsan_memcpy_origins+0x13d/0x190 [ 398.680888] __msan_memcpy+0x6f/0x80 [ 398.684601] pskb_expand_head+0x436/0x1d20 [ 398.688832] __tcp_retransmit_skb+0xdf6/0x46c0 [ 398.693410] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 398.698419] tcp_ack+0x91b2/0xa010 [ 398.701950] tcp_rcv_established+0xf7e/0x2940 [ 398.706448] tcp_v6_do_rcv+0x9f8/0x21b0 [ 398.710420] __release_sock+0x32d/0x750 [ 398.714404] __sk_flush_backlog+0x52/0x70 [ 398.718546] tcp_sendmsg_locked+0xd72/0x6c30 [ 398.722954] tcp_sendmsg+0xb2/0x100 [ 398.727310] inet_sendmsg+0x4e9/0x800 [ 398.731101] __sys_sendto+0x940/0xb80 [ 398.734897] __se_sys_sendto+0x107/0x130 [ 398.738955] __x64_sys_sendto+0x6e/0x90 [ 398.742929] do_syscall_64+0xcf/0x110 [ 398.746726] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 398.751902] [ 398.753523] Local variable description: ----old.addr.i.i.i@should_fail [ 398.760176] Variable was created at: [ 398.763887] should_fail+0x123/0x13c0 [ 398.767693] __should_failslab+0x278/0x2a0 03:45:18 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d024031628571") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:18 executing program 1: 03:45:18 executing program 2: 03:45:18 executing program 5: mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = open(&(0x7f000080dff6)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000bc8000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000078dff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f00009db000)='./file1\x00') rename(&(0x7f00000f7ff0)='./control/file0\x00', &(0x7f0000636000)='./file0\x00') creat(&(0x7f0000000100)='./control/file0\x00', 0x0) dup2(r0, 0xffffffffffffffff) 03:45:18 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x2, 0x7, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000040)={0x0, @aes256}) 03:45:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f0000000000)) [ 399.176519] not chained 350000 origins [ 399.180460] CPU: 0 PID: 10691 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 399.187742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.197117] Call Trace: [ 399.199706] [ 399.201924] dump_stack+0x32d/0x480 [ 399.205572] ? save_stack_trace+0xc6/0x110 [ 399.209834] kmsan_internal_chain_origin+0x222/0x240 [ 399.214965] ? __local_bh_enable_ip+0x11f/0x260 [ 399.219892] ? kmsan_internal_chain_origin+0x136/0x240 [ 399.225183] ? __msan_chain_origin+0x6d/0xb0 [ 399.229999] ? __save_stack_trace+0x8be/0xc60 [ 399.234511] ? save_stack_trace+0xc6/0x110 [ 399.238758] ? kmsan_internal_chain_origin+0x136/0x240 [ 399.244051] ? kmsan_memcpy_origins+0x13d/0x190 [ 399.248734] ? __msan_memcpy+0x6f/0x80 [ 399.252633] ? pskb_expand_head+0x436/0x1d20 [ 399.257056] ? ___pskb_trim+0x3c9/0x1bf0 [ 399.261134] ? sk_filter_trim_cap+0x5ac/0xa60 [ 399.265648] ? tcp_filter+0x10c/0x260 [ 399.269462] ? tcp_v6_rcv+0x45ba/0x5df0 [ 399.273456] ? ip6_input_finish+0xb53/0x2450 [ 399.277881] ? ip6_input+0x29d/0x340 [ 399.281608] ? ip6_rcv_finish+0x4d2/0x710 [ 399.285769] ? ipv6_rcv+0x34b/0x3f0 [ 399.289409] ? process_backlog+0x82b/0x11e0 [ 399.293744] ? net_rx_action+0x98f/0x1d50 [ 399.297907] ? __do_softirq+0x721/0xc7f [ 399.301897] ? do_softirq_own_stack+0x49/0x80 [ 399.306407] ? __local_bh_enable_ip+0x228/0x260 [ 399.311087] ? local_bh_enable+0x36/0x40 [ 399.315158] ? ip6_finish_output2+0x1b1a/0x22d0 [ 399.319839] ? ip6_finish_output+0xc13/0xca0 [ 399.324259] ? ip6_output+0x5e4/0x720 [ 399.328413] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 399.333797] ? __module_address+0x6a/0x5f0 [ 399.338058] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 399.343525] ? in_task_stack+0x12c/0x210 [ 399.347611] ? get_stack_info+0x206/0x220 [ 399.351902] __msan_chain_origin+0x6d/0xb0 [ 399.356160] ? __sk_flush_backlog+0x52/0x70 [ 399.360501] __save_stack_trace+0x8be/0xc60 [ 399.364870] ? __sk_flush_backlog+0x52/0x70 [ 399.369218] save_stack_trace+0xc6/0x110 [ 399.373305] kmsan_internal_chain_origin+0x136/0x240 [ 399.378420] ? local_bh_enable+0x36/0x40 [ 399.382508] ? __sk_flush_backlog+0x52/0x70 [ 399.386847] ? kmsan_internal_chain_origin+0x136/0x240 [ 399.392133] ? kmsan_memcpy_origins+0x13d/0x190 [ 399.396831] ? __msan_memcpy+0x6f/0x80 [ 399.400753] ? pskb_expand_head+0x436/0x1d20 [ 399.405183] ? ___pskb_trim+0x3c9/0x1bf0 [ 399.409266] ? sk_filter_trim_cap+0x5ac/0xa60 [ 399.413864] ? tcp_filter+0x10c/0x260 [ 399.417690] ? tcp_v6_rcv+0x45ba/0x5df0 [ 399.421674] ? ip6_input_finish+0xb53/0x2450 [ 399.426395] ? ip6_input+0x29d/0x340 [ 399.430116] ? ip6_rcv_finish+0x4d2/0x710 [ 399.434274] ? ipv6_rcv+0x34b/0x3f0 [ 399.437910] ? process_backlog+0x82b/0x11e0 [ 399.442254] ? net_rx_action+0x98f/0x1d50 [ 399.446418] ? __do_softirq+0x721/0xc7f [ 399.450401] ? do_softirq_own_stack+0x49/0x80 [ 399.454906] ? __local_bh_enable_ip+0x228/0x260 [ 399.459616] ? local_bh_enable+0x36/0x40 [ 399.463690] ? ip6_finish_output2+0x1b1a/0x22d0 [ 399.468373] ? ip6_finish_output+0xc13/0xca0 [ 399.472799] ? ip6_output+0x5e4/0x720 [ 399.476611] ? ip6_xmit+0x216d/0x26a0 [ 399.480422] ? inet6_csk_xmit+0x3e0/0x4f0 [ 399.484577] ? __tcp_transmit_skb+0x425c/0x5e00 [ 399.489254] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 399.494104] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 399.499334] ? tcp_ack+0x91b2/0xa010 [ 399.503058] ? tcp_rcv_established+0xf7e/0x2940 [ 399.507744] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 399.511918] ? __release_sock+0x32d/0x750 [ 399.516199] ? __sk_flush_backlog+0x52/0x70 [ 399.520542] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 399.525139] ? tcp_sendmsg+0xb2/0x100 [ 399.529262] ? inet_sendmsg+0x4e9/0x800 [ 399.533256] ? __sys_sendto+0x940/0xb80 [ 399.537249] ? __se_sys_sendto+0x107/0x130 [ 399.541600] ? __x64_sys_sendto+0x6e/0x90 [ 399.545762] ? do_syscall_64+0xcf/0x110 [ 399.549757] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 399.555146] ? __msan_get_context_state+0x9/0x20 [ 399.559912] ? INIT_INT+0xc/0x30 [ 399.563293] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 399.568686] kmsan_memcpy_origins+0x13d/0x190 [ 399.573205] __msan_memcpy+0x6f/0x80 [ 399.576954] pskb_expand_head+0x436/0x1d20 [ 399.581230] ___pskb_trim+0x3c9/0x1bf0 [ 399.585154] sk_filter_trim_cap+0x5ac/0xa60 [ 399.589510] tcp_filter+0x10c/0x260 [ 399.593180] tcp_v6_rcv+0x45ba/0x5df0 [ 399.597004] ? __msan_poison_alloca+0x1e0/0x270 [ 399.601723] ? tcp_v6_early_demux+0xc80/0xc80 [ 399.606241] ? tcp_v6_early_demux+0xc80/0xc80 [ 399.610848] ip6_input_finish+0xb53/0x2450 [ 399.615336] ? ip6_input_finish+0x13e1/0x2450 [ 399.619852] ip6_input+0x29d/0x340 [ 399.623414] ? ip6_input+0x340/0x340 [ 399.627457] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 399.631881] ip6_rcv_finish+0x4d2/0x710 [ 399.635876] ipv6_rcv+0x34b/0x3f0 [ 399.639366] ? dst_hold+0x5e0/0x5e0 [ 399.643013] process_backlog+0x82b/0x11e0 [ 399.647171] ? __msan_poison_alloca+0x1e0/0x270 [ 399.651866] ? ip6_rcv_finish+0x710/0x710 [ 399.656037] ? rps_trigger_softirq+0x2e0/0x2e0 [ 399.660630] net_rx_action+0x98f/0x1d50 [ 399.664746] ? net_tx_action+0xf20/0xf20 [ 399.668828] __do_softirq+0x721/0xc7f [ 399.672652] do_softirq_own_stack+0x49/0x80 [ 399.676991] [ 399.679254] __local_bh_enable_ip+0x228/0x260 [ 399.683864] local_bh_enable+0x36/0x40 [ 399.687766] ip6_finish_output2+0x1b1a/0x22d0 [ 399.692302] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 399.697685] ? ip6_mtu+0x289/0x330 [ 399.701254] ip6_finish_output+0xc13/0xca0 [ 399.705527] ip6_output+0x5e4/0x720 [ 399.709200] ? ip6_output+0x720/0x720 [ 399.713067] ? ac6_seq_show+0x200/0x200 [ 399.717056] ip6_xmit+0x216d/0x26a0 [ 399.720728] ? ip6_xmit+0x26a0/0x26a0 [ 399.724542] inet6_csk_xmit+0x3e0/0x4f0 [ 399.728849] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 399.733921] __tcp_transmit_skb+0x425c/0x5e00 [ 399.738480] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 399.743172] ? __mod_timer+0x271f/0x2d70 [ 399.747268] ? __msan_poison_alloca+0x1a0/0x270 [ 399.751970] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 399.757033] tcp_ack+0x91b2/0xa010 [ 399.760598] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 399.766118] tcp_rcv_established+0xf7e/0x2940 [ 399.770648] tcp_v6_do_rcv+0x9f8/0x21b0 [ 399.774652] ? tcp_v6_destroy_sock+0x60/0x60 [ 399.779094] __release_sock+0x32d/0x750 [ 399.783093] __sk_flush_backlog+0x52/0x70 [ 399.787257] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 399.791512] tcp_sendmsg_locked+0xd72/0x6c30 [ 399.795955] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 399.801373] tcp_sendmsg+0xb2/0x100 [ 399.805018] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 399.809702] inet_sendmsg+0x4e9/0x800 [ 399.813522] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 399.818897] ? security_socket_sendmsg+0x1bd/0x200 [ 399.823844] ? inet_getname+0x490/0x490 03:45:19 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:19 executing program 1: 03:45:19 executing program 1: 03:45:19 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) r1 = dup(r0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000040)) [ 399.828285] __sys_sendto+0x940/0xb80 [ 399.832126] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 399.837593] ? prepare_exit_to_usermode+0x182/0x4c0 [ 399.842623] __se_sys_sendto+0x107/0x130 [ 399.846706] __x64_sys_sendto+0x6e/0x90 [ 399.850690] do_syscall_64+0xcf/0x110 [ 399.854520] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 399.859721] RIP: 0033:0x457569 [ 399.862924] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 399.881839] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 399.889560] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 399.896842] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 399.904136] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 399.911413] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 399.918689] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 399.925979] Uninit was stored to memory at: [ 399.930636] kmsan_internal_chain_origin+0x136/0x240 [ 399.935751] __msan_chain_origin+0x6d/0xb0 [ 399.940000] __save_stack_trace+0x8be/0xc60 [ 399.944445] save_stack_trace+0xc6/0x110 [ 399.948524] kmsan_internal_chain_origin+0x136/0x240 [ 399.953642] kmsan_memcpy_origins+0x13d/0x190 [ 399.958151] __msan_memcpy+0x6f/0x80 [ 399.961881] pskb_expand_head+0x436/0x1d20 [ 399.966130] ___pskb_trim+0x3c9/0x1bf0 [ 399.970032] sk_filter_trim_cap+0x5ac/0xa60 [ 399.974375] tcp_filter+0x10c/0x260 [ 399.978133] tcp_v6_rcv+0x45ba/0x5df0 [ 399.981943] ip6_input_finish+0xb53/0x2450 [ 399.986185] ip6_input+0x29d/0x340 [ 399.989744] ip6_rcv_finish+0x4d2/0x710 [ 399.993755] ipv6_rcv+0x34b/0x3f0 [ 399.997233] process_backlog+0x82b/0x11e0 [ 400.001393] net_rx_action+0x98f/0x1d50 [ 400.005486] __do_softirq+0x721/0xc7f [ 400.009304] [ 400.010941] Uninit was stored to memory at: [ 400.015283] kmsan_internal_chain_origin+0x136/0x240 [ 400.020406] __msan_chain_origin+0x6d/0xb0 [ 400.024656] __save_stack_trace+0x8be/0xc60 [ 400.029336] save_stack_trace+0xc6/0x110 [ 400.033413] kmsan_internal_chain_origin+0x136/0x240 [ 400.038549] kmsan_memcpy_origins+0x13d/0x190 [ 400.043054] __msan_memcpy+0x6f/0x80 [ 400.046782] pskb_expand_head+0x436/0x1d20 [ 400.051032] ___pskb_trim+0x3c9/0x1bf0 [ 400.054929] sk_filter_trim_cap+0x5ac/0xa60 [ 400.059282] tcp_filter+0x10c/0x260 [ 400.062918] tcp_v6_rcv+0x45ba/0x5df0 [ 400.066743] ip6_input_finish+0xb53/0x2450 [ 400.070985] ip6_input+0x29d/0x340 [ 400.074533] ip6_rcv_finish+0x4d2/0x710 [ 400.078522] ipv6_rcv+0x34b/0x3f0 [ 400.081997] process_backlog+0x82b/0x11e0 [ 400.086158] net_rx_action+0x98f/0x1d50 [ 400.090146] __do_softirq+0x721/0xc7f [ 400.093956] [ 400.095603] Uninit was stored to memory at: [ 400.099940] kmsan_internal_chain_origin+0x136/0x240 [ 400.105057] __msan_chain_origin+0x6d/0xb0 [ 400.109306] __save_stack_trace+0x8be/0xc60 [ 400.113645] save_stack_trace+0xc6/0x110 [ 400.117722] kmsan_internal_chain_origin+0x136/0x240 [ 400.122848] kmsan_memcpy_origins+0x13d/0x190 [ 400.127667] __msan_memcpy+0x6f/0x80 [ 400.131398] pskb_expand_head+0x436/0x1d20 [ 400.135650] ___pskb_trim+0x3c9/0x1bf0 [ 400.139554] sk_filter_trim_cap+0x5ac/0xa60 [ 400.143976] tcp_filter+0x10c/0x260 [ 400.147612] tcp_v6_rcv+0x45ba/0x5df0 [ 400.151426] ip6_input_finish+0xb53/0x2450 [ 400.155675] ip6_input+0x29d/0x340 [ 400.159240] ip6_rcv_finish+0x4d2/0x710 [ 400.163229] ipv6_rcv+0x34b/0x3f0 [ 400.166695] process_backlog+0x82b/0x11e0 [ 400.170859] net_rx_action+0x98f/0x1d50 [ 400.174841] __do_softirq+0x721/0xc7f [ 400.178644] [ 400.180279] Uninit was stored to memory at: [ 400.184631] kmsan_internal_chain_origin+0x136/0x240 [ 400.189748] __msan_chain_origin+0x6d/0xb0 [ 400.193997] __save_stack_trace+0x8be/0xc60 [ 400.198333] save_stack_trace+0xc6/0x110 [ 400.202423] kmsan_internal_chain_origin+0x136/0x240 [ 400.207544] kmsan_memcpy_origins+0x13d/0x190 [ 400.212055] __msan_memcpy+0x6f/0x80 [ 400.215786] pskb_expand_head+0x436/0x1d20 [ 400.220041] ___pskb_trim+0x3c9/0x1bf0 [ 400.223938] sk_filter_trim_cap+0x5ac/0xa60 [ 400.228628] tcp_filter+0x10c/0x260 [ 400.232269] tcp_v6_rcv+0x45ba/0x5df0 [ 400.236080] ip6_input_finish+0xb53/0x2450 [ 400.240322] ip6_input+0x29d/0x340 [ 400.243866] ip6_rcv_finish+0x4d2/0x710 [ 400.247857] ipv6_rcv+0x34b/0x3f0 [ 400.251326] process_backlog+0x82b/0x11e0 [ 400.255494] net_rx_action+0x98f/0x1d50 [ 400.259487] __do_softirq+0x721/0xc7f [ 400.263289] [ 400.264916] Uninit was stored to memory at: [ 400.269258] kmsan_internal_chain_origin+0x136/0x240 [ 400.274376] __msan_chain_origin+0x6d/0xb0 [ 400.278629] __save_stack_trace+0x8be/0xc60 [ 400.282962] save_stack_trace+0xc6/0x110 [ 400.287043] kmsan_internal_chain_origin+0x136/0x240 [ 400.292158] kmsan_memcpy_origins+0x13d/0x190 [ 400.296775] __msan_memcpy+0x6f/0x80 [ 400.300517] pskb_expand_head+0x436/0x1d20 [ 400.304773] ___pskb_trim+0x3c9/0x1bf0 [ 400.308680] sk_filter_trim_cap+0x5ac/0xa60 [ 400.313018] tcp_filter+0x10c/0x260 [ 400.316657] tcp_v6_rcv+0x45ba/0x5df0 [ 400.320475] ip6_input_finish+0xb53/0x2450 [ 400.324718] ip6_input+0x29d/0x340 [ 400.328622] ip6_rcv_finish+0x4d2/0x710 [ 400.332604] ipv6_rcv+0x34b/0x3f0 [ 400.336071] process_backlog+0x82b/0x11e0 [ 400.340240] net_rx_action+0x98f/0x1d50 [ 400.344234] __do_softirq+0x721/0xc7f [ 400.348058] [ 400.349692] Uninit was stored to memory at: [ 400.354025] kmsan_internal_chain_origin+0x136/0x240 [ 400.359283] __msan_chain_origin+0x6d/0xb0 [ 400.363529] __save_stack_trace+0x8be/0xc60 [ 400.367867] save_stack_trace+0xc6/0x110 [ 400.371950] kmsan_internal_chain_origin+0x136/0x240 [ 400.377066] kmsan_memcpy_origins+0x13d/0x190 [ 400.381574] __msan_memcpy+0x6f/0x80 [ 400.385305] pskb_expand_head+0x436/0x1d20 [ 400.389564] ___pskb_trim+0x3c9/0x1bf0 [ 400.393463] sk_filter_trim_cap+0x5ac/0xa60 [ 400.397794] tcp_filter+0x10c/0x260 [ 400.401417] tcp_v6_rcv+0x45ba/0x5df0 [ 400.405232] ip6_input_finish+0xb53/0x2450 [ 400.409479] ip6_input+0x29d/0x340 [ 400.413026] ip6_rcv_finish+0x4d2/0x710 [ 400.416999] ipv6_rcv+0x34b/0x3f0 [ 400.420457] process_backlog+0x82b/0x11e0 [ 400.424607] net_rx_action+0x98f/0x1d50 [ 400.428860] __do_softirq+0x721/0xc7f [ 400.432655] [ 400.434278] Uninit was stored to memory at: [ 400.438730] kmsan_internal_chain_origin+0x136/0x240 [ 400.443844] __msan_chain_origin+0x6d/0xb0 [ 400.448067] __save_stack_trace+0x8be/0xc60 [ 400.452417] save_stack_trace+0xc6/0x110 [ 400.456503] kmsan_internal_chain_origin+0x136/0x240 [ 400.461794] kmsan_memcpy_origins+0x13d/0x190 [ 400.466305] __msan_memcpy+0x6f/0x80 [ 400.470024] pskb_expand_head+0x436/0x1d20 [ 400.474272] ___pskb_trim+0x3c9/0x1bf0 [ 400.478166] sk_filter_trim_cap+0x5ac/0xa60 [ 400.482488] tcp_filter+0x10c/0x260 [ 400.486108] tcp_v6_rcv+0x45ba/0x5df0 [ 400.489913] ip6_input_finish+0xb53/0x2450 [ 400.494153] ip6_input+0x29d/0x340 [ 400.497700] ip6_rcv_finish+0x4d2/0x710 [ 400.501676] ipv6_rcv+0x34b/0x3f0 [ 400.505129] process_backlog+0x82b/0x11e0 [ 400.509263] net_rx_action+0x98f/0x1d50 [ 400.513244] __do_softirq+0x721/0xc7f [ 400.517044] [ 400.518687] Local variable description: ----v.addr.i.i.i@should_fail [ 400.525176] Variable was created at: [ 400.529241] should_fail+0x14d/0x13c0 [ 400.533057] __should_failslab+0x278/0x2a0 [ 400.563383] not chained 360000 origins [ 400.567317] CPU: 0 PID: 10691 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 400.574597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.583956] Call Trace: [ 400.586556] [ 400.588726] dump_stack+0x32d/0x480 [ 400.592385] kmsan_internal_chain_origin+0x222/0x240 [ 400.597520] ? __local_bh_enable_ip+0x11f/0x260 [ 400.602237] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 400.607618] ? __module_address+0x6a/0x5f0 [ 400.611872] ? is_bpf_text_address+0x3e5/0x4d0 [ 400.616479] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 400.621859] ? is_bpf_text_address+0x49e/0x4d0 [ 400.626499] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 400.632160] ? __module_address+0x6a/0x5f0 [ 400.636419] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 400.641887] ? in_task_stack+0x12c/0x210 [ 400.645970] ? get_stack_info+0x206/0x220 [ 400.650142] __msan_chain_origin+0x6d/0xb0 [ 400.654400] ? __x64_sys_sendto+0x6e/0x90 [ 400.658567] __save_stack_trace+0x8be/0xc60 [ 400.662943] ? __x64_sys_sendto+0x6e/0x90 [ 400.667115] save_stack_trace+0xc6/0x110 [ 400.671203] kmsan_internal_chain_origin+0x136/0x240 [ 400.676329] ? local_bh_enable+0x36/0x40 [ 400.680412] ? __sk_flush_backlog+0x52/0x70 [ 400.684752] ? kmsan_internal_chain_origin+0x136/0x240 [ 400.690044] ? kmsan_memcpy_origins+0x13d/0x190 [ 400.694729] ? __msan_memcpy+0x6f/0x80 [ 400.698647] ? pskb_expand_head+0x436/0x1d20 [ 400.703084] ? ___pskb_trim+0x3c9/0x1bf0 [ 400.707157] ? sk_filter_trim_cap+0x5ac/0xa60 [ 400.711667] ? tcp_filter+0x10c/0x260 [ 400.715487] ? tcp_v6_rcv+0x45ba/0x5df0 [ 400.719481] ? ip6_input_finish+0xb53/0x2450 [ 400.723901] ? ip6_input+0x29d/0x340 [ 400.727973] ? ip6_rcv_finish+0x4d2/0x710 [ 400.732129] ? ipv6_rcv+0x34b/0x3f0 [ 400.735772] ? process_backlog+0x82b/0x11e0 [ 400.740105] ? net_rx_action+0x98f/0x1d50 [ 400.744380] ? __do_softirq+0x721/0xc7f [ 400.748371] ? do_softirq_own_stack+0x49/0x80 [ 400.752876] ? __local_bh_enable_ip+0x228/0x260 [ 400.757567] ? local_bh_enable+0x36/0x40 [ 400.761641] ? ip6_finish_output2+0x1b1a/0x22d0 [ 400.766324] ? ip6_finish_output+0xc13/0xca0 [ 400.770750] ? ip6_output+0x5e4/0x720 [ 400.774563] ? ip6_xmit+0x216d/0x26a0 [ 400.778382] ? inet6_csk_xmit+0x3e0/0x4f0 [ 400.782545] ? __tcp_transmit_skb+0x425c/0x5e00 [ 400.787248] ? tcp_write_xmit+0x389a/0xacc0 [ 400.791590] ? __tcp_push_pending_frames+0x124/0x4e0 [ 400.796702] ? tcp_data_snd_check+0x1ec/0x1080 [ 400.801296] ? tcp_rcv_established+0x1bb2/0x2940 [ 400.806198] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 400.810362] ? __release_sock+0x32d/0x750 [ 400.814519] ? __sk_flush_backlog+0x52/0x70 [ 400.818851] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 400.823442] ? tcp_sendmsg+0xb2/0x100 [ 400.827554] ? inet_sendmsg+0x4e9/0x800 [ 400.831536] ? __sys_sendto+0x940/0xb80 [ 400.835521] ? __se_sys_sendto+0x107/0x130 [ 400.839761] ? __x64_sys_sendto+0x6e/0x90 [ 400.843917] ? do_syscall_64+0xcf/0x110 [ 400.847906] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 400.853288] ? __msan_get_context_state+0x9/0x20 [ 400.858056] ? INIT_INT+0xc/0x30 [ 400.861436] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 400.866834] kmsan_memcpy_origins+0x13d/0x190 [ 400.871344] __msan_memcpy+0x6f/0x80 [ 400.875072] pskb_expand_head+0x436/0x1d20 [ 400.879337] ___pskb_trim+0x3c9/0x1bf0 [ 400.883258] sk_filter_trim_cap+0x5ac/0xa60 [ 400.887603] tcp_filter+0x10c/0x260 [ 400.891261] tcp_v6_rcv+0x45ba/0x5df0 [ 400.895075] ? __msan_poison_alloca+0x1e0/0x270 [ 400.899798] ? tcp_v6_early_demux+0xc80/0xc80 [ 400.904312] ? tcp_v6_early_demux+0xc80/0xc80 [ 400.908822] ip6_input_finish+0xb53/0x2450 [ 400.913098] ? ip6_input_finish+0x13e1/0x2450 [ 400.917611] ip6_input+0x29d/0x340 [ 400.921169] ? ip6_input+0x340/0x340 [ 400.924920] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 400.929641] ip6_rcv_finish+0x4d2/0x710 [ 400.933643] ipv6_rcv+0x34b/0x3f0 [ 400.937118] ? dst_hold+0x5e0/0x5e0 [ 400.940765] process_backlog+0x82b/0x11e0 [ 400.944943] ? __msan_poison_alloca+0x1e0/0x270 [ 400.949626] ? ip6_rcv_finish+0x710/0x710 [ 400.953799] ? rps_trigger_softirq+0x2e0/0x2e0 [ 400.958394] net_rx_action+0x98f/0x1d50 [ 400.962404] ? net_tx_action+0xf20/0xf20 [ 400.966479] __do_softirq+0x721/0xc7f [ 400.970280] ? smp_call_function_single_interrupt+0x57f/0x5b0 [ 400.976170] do_softirq_own_stack+0x49/0x80 [ 400.980668] [ 400.982896] __local_bh_enable_ip+0x228/0x260 [ 400.987399] local_bh_enable+0x36/0x40 [ 400.991318] ip6_finish_output2+0x1b1a/0x22d0 [ 400.995830] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 401.001195] ? ip6_mtu+0x289/0x330 [ 401.004758] ip6_finish_output+0xc13/0xca0 [ 401.009003] ip6_output+0x5e4/0x720 [ 401.012649] ? ip6_output+0x720/0x720 [ 401.016482] ? ac6_seq_show+0x200/0x200 [ 401.020459] ip6_xmit+0x216d/0x26a0 [ 401.024112] ? ip6_xmit+0x26a0/0x26a0 [ 401.028456] inet6_csk_xmit+0x3e0/0x4f0 [ 401.032557] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 401.037482] __tcp_transmit_skb+0x425c/0x5e00 [ 401.041993] tcp_write_xmit+0x389a/0xacc0 [ 401.046220] __tcp_push_pending_frames+0x124/0x4e0 [ 401.051162] tcp_data_snd_check+0x1ec/0x1080 [ 401.055587] tcp_rcv_established+0x1bb2/0x2940 [ 401.060184] tcp_v6_do_rcv+0x9f8/0x21b0 [ 401.064186] ? tcp_v6_destroy_sock+0x60/0x60 [ 401.068602] __release_sock+0x32d/0x750 [ 401.072575] __sk_flush_backlog+0x52/0x70 [ 401.076712] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 401.080939] tcp_sendmsg_locked+0xd72/0x6c30 [ 401.085370] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 401.090752] tcp_sendmsg+0xb2/0x100 [ 401.094394] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 401.099064] inet_sendmsg+0x4e9/0x800 [ 401.102857] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 401.108225] ? security_socket_sendmsg+0x1bd/0x200 [ 401.113165] ? inet_getname+0x490/0x490 [ 401.117138] __sys_sendto+0x940/0xb80 [ 401.120963] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 401.126411] ? prepare_exit_to_usermode+0x182/0x4c0 [ 401.131775] __se_sys_sendto+0x107/0x130 [ 401.135846] __x64_sys_sendto+0x6e/0x90 [ 401.139821] do_syscall_64+0xcf/0x110 [ 401.143617] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 401.148802] RIP: 0033:0x457569 [ 401.151999] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 401.170890] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 401.178591] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 401.185858] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 401.193113] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 401.200372] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 401.207627] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 401.214889] Uninit was stored to memory at: [ 401.219394] kmsan_internal_chain_origin+0x136/0x240 [ 401.224525] __msan_chain_origin+0x6d/0xb0 [ 401.229067] __save_stack_trace+0x8be/0xc60 [ 401.233384] save_stack_trace+0xc6/0x110 [ 401.237450] kmsan_internal_chain_origin+0x136/0x240 [ 401.242546] kmsan_memcpy_origins+0x13d/0x190 [ 401.247042] __msan_memcpy+0x6f/0x80 [ 401.250754] pskb_expand_head+0x436/0x1d20 [ 401.254990] ___pskb_trim+0x3c9/0x1bf0 [ 401.258876] sk_filter_trim_cap+0x5ac/0xa60 [ 401.263185] tcp_filter+0x10c/0x260 [ 401.266826] tcp_v6_rcv+0x45ba/0x5df0 [ 401.270629] ip6_input_finish+0xb53/0x2450 [ 401.274861] ip6_input+0x29d/0x340 [ 401.278393] ip6_rcv_finish+0x4d2/0x710 [ 401.282370] ipv6_rcv+0x34b/0x3f0 [ 401.285820] process_backlog+0x82b/0x11e0 [ 401.289981] net_rx_action+0x98f/0x1d50 [ 401.293944] __do_softirq+0x721/0xc7f [ 401.297732] [ 401.299355] Uninit was stored to memory at: [ 401.303675] kmsan_internal_chain_origin+0x136/0x240 [ 401.308789] __msan_chain_origin+0x6d/0xb0 [ 401.313021] __save_stack_trace+0x8be/0xc60 [ 401.317337] save_stack_trace+0xc6/0x110 [ 401.321413] kmsan_internal_chain_origin+0x136/0x240 [ 401.326514] kmsan_memcpy_origins+0x13d/0x190 [ 401.331287] __msan_memcpy+0x6f/0x80 [ 401.335013] pskb_expand_head+0x436/0x1d20 [ 401.339255] ___pskb_trim+0x3c9/0x1bf0 [ 401.343132] sk_filter_trim_cap+0x5ac/0xa60 [ 401.347455] tcp_filter+0x10c/0x260 [ 401.351089] tcp_v6_rcv+0x45ba/0x5df0 [ 401.354877] ip6_input_finish+0xb53/0x2450 [ 401.359102] ip6_input+0x29d/0x340 [ 401.362635] ip6_rcv_finish+0x4d2/0x710 [ 401.366798] ipv6_rcv+0x34b/0x3f0 [ 401.370254] process_backlog+0x82b/0x11e0 [ 401.374402] net_rx_action+0x98f/0x1d50 [ 401.378362] __do_softirq+0x721/0xc7f [ 401.382141] [ 401.383749] Uninit was stored to memory at: [ 401.388063] kmsan_internal_chain_origin+0x136/0x240 [ 401.393152] __msan_chain_origin+0x6d/0xb0 [ 401.397374] __save_stack_trace+0x8be/0xc60 [ 401.401696] save_stack_trace+0xc6/0x110 [ 401.405758] kmsan_internal_chain_origin+0x136/0x240 [ 401.410852] kmsan_memcpy_origins+0x13d/0x190 [ 401.415431] __msan_memcpy+0x6f/0x80 [ 401.419164] pskb_expand_head+0x436/0x1d20 [ 401.423408] ___pskb_trim+0x3c9/0x1bf0 [ 401.427843] sk_filter_trim_cap+0x5ac/0xa60 [ 401.432154] tcp_filter+0x10c/0x260 [ 401.435779] tcp_v6_rcv+0x45ba/0x5df0 [ 401.439585] ip6_input_finish+0xb53/0x2450 [ 401.443819] ip6_input+0x29d/0x340 [ 401.447346] ip6_rcv_finish+0x4d2/0x710 [ 401.451306] ipv6_rcv+0x34b/0x3f0 [ 401.454758] process_backlog+0x82b/0x11e0 [ 401.458901] net_rx_action+0x98f/0x1d50 [ 401.462863] __do_softirq+0x721/0xc7f [ 401.466670] [ 401.468299] Uninit was stored to memory at: [ 401.472623] kmsan_internal_chain_origin+0x136/0x240 [ 401.477712] __msan_chain_origin+0x6d/0xb0 [ 401.482032] __save_stack_trace+0x8be/0xc60 [ 401.486371] save_stack_trace+0xc6/0x110 [ 401.490418] kmsan_internal_chain_origin+0x136/0x240 [ 401.495510] kmsan_memcpy_origins+0x13d/0x190 [ 401.500002] __msan_memcpy+0x6f/0x80 [ 401.503707] pskb_expand_head+0x436/0x1d20 [ 401.507928] ___pskb_trim+0x3c9/0x1bf0 [ 401.511807] sk_filter_trim_cap+0x5ac/0xa60 [ 401.516123] tcp_filter+0x10c/0x260 [ 401.519778] tcp_v6_rcv+0x45ba/0x5df0 [ 401.523585] ip6_input_finish+0xb53/0x2450 [ 401.528156] ip6_input+0x29d/0x340 [ 401.531694] ip6_rcv_finish+0x4d2/0x710 [ 401.535667] ipv6_rcv+0x34b/0x3f0 [ 401.539109] process_backlog+0x82b/0x11e0 [ 401.543348] net_rx_action+0x98f/0x1d50 [ 401.547309] __do_softirq+0x721/0xc7f [ 401.551090] [ 401.552713] Uninit was stored to memory at: [ 401.557037] kmsan_internal_chain_origin+0x136/0x240 [ 401.562133] __msan_chain_origin+0x6d/0xb0 [ 401.566377] __save_stack_trace+0x8be/0xc60 [ 401.570816] save_stack_trace+0xc6/0x110 [ 401.574881] kmsan_internal_chain_origin+0x136/0x240 [ 401.579975] kmsan_memcpy_origins+0x13d/0x190 [ 401.584474] __msan_memcpy+0x6f/0x80 [ 401.588179] pskb_expand_head+0x436/0x1d20 [ 401.592402] ___pskb_trim+0x3c9/0x1bf0 [ 401.596284] sk_filter_trim_cap+0x5ac/0xa60 [ 401.600607] tcp_filter+0x10c/0x260 [ 401.604225] tcp_v6_rcv+0x45ba/0x5df0 [ 401.608013] ip6_input_finish+0xb53/0x2450 [ 401.612242] ip6_input+0x29d/0x340 [ 401.615771] ip6_rcv_finish+0x4d2/0x710 [ 401.619731] ipv6_rcv+0x34b/0x3f0 [ 401.623173] process_backlog+0x82b/0x11e0 [ 401.627733] net_rx_action+0x98f/0x1d50 [ 401.631723] __do_softirq+0x721/0xc7f [ 401.635517] [ 401.637141] Uninit was stored to memory at: [ 401.641463] kmsan_internal_chain_origin+0x136/0x240 [ 401.646579] __msan_chain_origin+0x6d/0xb0 [ 401.650804] __save_stack_trace+0x8be/0xc60 [ 401.655113] save_stack_trace+0xc6/0x110 [ 401.659176] kmsan_internal_chain_origin+0x136/0x240 [ 401.664300] kmsan_memcpy_origins+0x13d/0x190 [ 401.668805] __msan_memcpy+0x6f/0x80 [ 401.672528] pskb_expand_head+0x436/0x1d20 [ 401.676764] ___pskb_trim+0x3c9/0x1bf0 [ 401.680650] sk_filter_trim_cap+0x5ac/0xa60 [ 401.684970] tcp_filter+0x10c/0x260 [ 401.688594] tcp_v6_rcv+0x45ba/0x5df0 [ 401.692379] ip6_input_finish+0xb53/0x2450 [ 401.696602] ip6_input+0x29d/0x340 [ 401.700223] ip6_rcv_finish+0x4d2/0x710 [ 401.704300] ipv6_rcv+0x34b/0x3f0 [ 401.707754] process_backlog+0x82b/0x11e0 [ 401.711899] net_rx_action+0x98f/0x1d50 [ 401.715902] __do_softirq+0x721/0xc7f [ 401.719702] [ 401.721328] Uninit was stored to memory at: [ 401.725660] kmsan_internal_chain_origin+0x136/0x240 [ 401.731112] __msan_chain_origin+0x6d/0xb0 [ 401.735355] __save_stack_trace+0x8be/0xc60 [ 401.739665] save_stack_trace+0xc6/0x110 [ 401.743714] kmsan_internal_chain_origin+0x136/0x240 [ 401.748806] kmsan_memcpy_origins+0x13d/0x190 [ 401.753303] __msan_memcpy+0x6f/0x80 [ 401.757033] pskb_expand_head+0x436/0x1d20 [ 401.761269] ___pskb_trim+0x3c9/0x1bf0 [ 401.765145] sk_filter_trim_cap+0x5ac/0xa60 [ 401.769461] tcp_filter+0x10c/0x260 [ 401.773091] tcp_v6_rcv+0x45ba/0x5df0 [ 401.776880] ip6_input_finish+0xb53/0x2450 [ 401.781112] ip6_input+0x29d/0x340 [ 401.784655] ip6_rcv_finish+0x4d2/0x710 [ 401.788636] ipv6_rcv+0x34b/0x3f0 [ 401.792100] process_backlog+0x82b/0x11e0 [ 401.796252] net_rx_action+0x98f/0x1d50 [ 401.800222] __do_softirq+0x721/0xc7f [ 401.804004] [ 401.805630] Local variable description: ----v.addr.i.i.i@should_fail [ 401.812103] Variable was created at: [ 401.815807] should_fail+0x14d/0x13c0 [ 401.819597] __should_failslab+0x278/0x2a0 03:45:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:21 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:21 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d02403162857170") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:21 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x0, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:21 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000040)={0xf010000, 0x0, 0x0, [0x346], &(0x7f0000000000)={0x0, 0x0, [], @p_u8=&(0x7f0000000080)}}) 03:45:22 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x0, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 402.061820] usb usb3: usbfs: process 10746 (syz-executor1) did not claim interface 0 before use 03:45:22 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 402.161452] usb usb3: usbfs: process 10753 (syz-executor1) did not claim interface 0 before use [ 402.205452] not chained 370000 origins [ 402.209390] CPU: 1 PID: 10752 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 402.216662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.226025] Call Trace: [ 402.229346] [ 402.231513] dump_stack+0x32d/0x480 [ 402.235169] kmsan_internal_chain_origin+0x222/0x240 [ 402.240305] ? __msan_poison_alloca+0x1e0/0x270 [ 402.245004] ? __msan_get_context_state+0x9/0x20 [ 402.249775] ? INIT_INT+0xc/0x30 [ 402.253146] ? got_nohz_idle_kick+0x13d/0x420 [ 402.257635] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 402.263016] ? __module_address+0x6a/0x5f0 [ 402.267254] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 402.272711] ? in_task_stack+0x12c/0x210 [ 402.276849] ? get_stack_info+0x206/0x220 [ 402.281022] __msan_chain_origin+0x6d/0xb0 [ 402.285272] ? __tcp_push_pending_frames+0x124/0x4e0 [ 402.290424] __save_stack_trace+0x8be/0xc60 [ 402.294780] ? __tcp_push_pending_frames+0x124/0x4e0 [ 402.299905] save_stack_trace+0xc6/0x110 [ 402.303993] kmsan_internal_chain_origin+0x136/0x240 [ 402.309099] ? local_bh_enable+0x36/0x40 [ 402.313164] ? __sk_flush_backlog+0x52/0x70 [ 402.317485] ? kmsan_internal_chain_origin+0x136/0x240 [ 402.322767] ? kmsan_memcpy_origins+0x13d/0x190 [ 402.327439] ? __msan_memcpy+0x6f/0x80 [ 402.331341] ? pskb_expand_head+0x436/0x1d20 [ 402.335763] ? ___pskb_trim+0x3c9/0x1bf0 [ 402.339926] ? sk_filter_trim_cap+0x5ac/0xa60 [ 402.344428] ? tcp_filter+0x10c/0x260 [ 402.348232] ? tcp_v6_rcv+0x45ba/0x5df0 [ 402.352205] ? ip6_input_finish+0xb53/0x2450 [ 402.356607] ? ip6_input+0x29d/0x340 [ 402.360315] ? ip6_rcv_finish+0x4d2/0x710 [ 402.364496] ? ipv6_rcv+0x34b/0x3f0 [ 402.368111] ? process_backlog+0x82b/0x11e0 [ 402.372436] ? net_rx_action+0x98f/0x1d50 [ 402.376576] ? __do_softirq+0x721/0xc7f [ 402.380544] ? do_softirq_own_stack+0x49/0x80 [ 402.385052] ? __local_bh_enable_ip+0x228/0x260 [ 402.390161] ? local_bh_enable+0x36/0x40 [ 402.394225] ? ip6_finish_output2+0x1b1a/0x22d0 [ 402.398907] ? ip6_finish_output+0xc13/0xca0 [ 402.403316] ? ip6_output+0x5e4/0x720 [ 402.407115] ? ip6_xmit+0x216d/0x26a0 [ 402.410933] ? inet6_csk_xmit+0x3e0/0x4f0 [ 402.415089] ? __tcp_transmit_skb+0x425c/0x5e00 [ 402.419753] ? tcp_write_xmit+0x389a/0xacc0 [ 402.424085] ? __tcp_push_pending_frames+0x124/0x4e0 [ 402.429199] ? tcp_data_snd_check+0x1ec/0x1080 [ 402.433803] ? tcp_rcv_established+0x1bb2/0x2940 [ 402.438571] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 402.442734] ? __release_sock+0x32d/0x750 [ 402.446891] ? __sk_flush_backlog+0x52/0x70 [ 402.451266] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 402.455861] ? tcp_sendmsg+0xb2/0x100 [ 402.459673] ? inet_sendmsg+0x4e9/0x800 [ 402.463655] ? __sys_sendto+0x940/0xb80 [ 402.467622] ? __se_sys_sendto+0x107/0x130 [ 402.471855] ? __x64_sys_sendto+0x6e/0x90 [ 402.476018] ? do_syscall_64+0xcf/0x110 [ 402.480009] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 402.485382] ? __msan_get_context_state+0x9/0x20 [ 402.490141] ? INIT_INT+0xc/0x30 [ 402.493521] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 402.499384] kmsan_memcpy_origins+0x13d/0x190 [ 402.503873] __msan_memcpy+0x6f/0x80 [ 402.507592] pskb_expand_head+0x436/0x1d20 [ 402.511867] ___pskb_trim+0x3c9/0x1bf0 03:45:22 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 402.515790] sk_filter_trim_cap+0x5ac/0xa60 [ 402.520136] tcp_filter+0x10c/0x260 [ 402.523808] tcp_v6_rcv+0x45ba/0x5df0 [ 402.527624] ? __msan_poison_alloca+0x1e0/0x270 [ 402.532335] ? tcp_v6_early_demux+0xc80/0xc80 [ 402.536842] ? tcp_v6_early_demux+0xc80/0xc80 [ 402.541352] ip6_input_finish+0xb53/0x2450 [ 402.545624] ? ip6_input_finish+0x13e1/0x2450 [ 402.550141] ip6_input+0x29d/0x340 [ 402.553700] ? ip6_input+0x340/0x340 [ 402.557429] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 402.561851] ip6_rcv_finish+0x4d2/0x710 [ 402.565923] ipv6_rcv+0x34b/0x3f0 [ 402.569525] ? dst_hold+0x5e0/0x5e0 [ 402.573173] process_backlog+0x82b/0x11e0 [ 402.577344] ? __msan_poison_alloca+0x1e0/0x270 [ 402.582045] ? ip6_rcv_finish+0x710/0x710 [ 402.586221] ? rps_trigger_softirq+0x2e0/0x2e0 [ 402.590816] net_rx_action+0x98f/0x1d50 [ 402.594831] ? net_tx_action+0xf20/0xf20 [ 402.599647] __do_softirq+0x721/0xc7f [ 402.603474] do_softirq_own_stack+0x49/0x80 [ 402.607794] [ 402.610043] __local_bh_enable_ip+0x228/0x260 [ 402.614557] local_bh_enable+0x36/0x40 03:45:22 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x0, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 402.618467] ip6_finish_output2+0x1b1a/0x22d0 [ 402.623001] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 402.628374] ? ip6_mtu+0x289/0x330 [ 402.631930] ip6_finish_output+0xc13/0xca0 [ 402.636196] ip6_output+0x5e4/0x720 [ 402.639852] ? ip6_output+0x720/0x720 [ 402.643664] ? ac6_seq_show+0x200/0x200 [ 402.647647] ip6_xmit+0x216d/0x26a0 [ 402.651313] ? ip6_xmit+0x26a0/0x26a0 [ 402.655130] inet6_csk_xmit+0x3e0/0x4f0 [ 402.659141] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 402.664086] __tcp_transmit_skb+0x425c/0x5e00 [ 402.668631] tcp_write_xmit+0x389a/0xacc0 [ 402.672855] __tcp_push_pending_frames+0x124/0x4e0 [ 402.677810] tcp_data_snd_check+0x1ec/0x1080 [ 402.682252] tcp_rcv_established+0x1bb2/0x2940 [ 402.686873] tcp_v6_do_rcv+0x9f8/0x21b0 [ 402.690878] ? tcp_v6_destroy_sock+0x60/0x60 [ 402.695302] __release_sock+0x32d/0x750 [ 402.699997] __sk_flush_backlog+0x52/0x70 [ 402.704168] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 402.708417] tcp_sendmsg_locked+0xd72/0x6c30 [ 402.712853] ? kmsan_internal_unpoison_shadow+0x30/0xd0 03:45:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 402.718272] tcp_sendmsg+0xb2/0x100 [ 402.721909] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 402.726588] inet_sendmsg+0x4e9/0x800 [ 402.730406] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 402.735782] ? security_socket_sendmsg+0x1bd/0x200 [ 402.740731] ? inet_getname+0x490/0x490 [ 402.744713] __sys_sendto+0x940/0xb80 [ 402.748549] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 402.754015] ? prepare_exit_to_usermode+0x182/0x4c0 [ 402.759047] __se_sys_sendto+0x107/0x130 [ 402.763129] __x64_sys_sendto+0x6e/0x90 [ 402.767130] do_syscall_64+0xcf/0x110 [ 402.770946] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 402.776147] RIP: 0033:0x457569 [ 402.779352] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 402.798265] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 402.806748] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 402.814028] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 402.821307] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 402.828596] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 402.835886] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 402.843174] Uninit was stored to memory at: [ 402.845339] usb usb3: usbfs: process 10764 (syz-executor3) did not claim interface 0 before use [ 402.847512] kmsan_internal_chain_origin+0x136/0x240 [ 402.847529] __msan_chain_origin+0x6d/0xb0 [ 402.847546] __save_stack_trace+0x8be/0xc60 [ 402.847561] save_stack_trace+0xc6/0x110 [ 402.847577] kmsan_internal_chain_origin+0x136/0x240 [ 402.847593] kmsan_memcpy_origins+0x13d/0x190 [ 402.847608] __msan_memcpy+0x6f/0x80 [ 402.847626] pskb_expand_head+0x436/0x1d20 [ 402.847642] ___pskb_trim+0x3c9/0x1bf0 [ 402.847659] sk_filter_trim_cap+0x5ac/0xa60 [ 402.847675] tcp_filter+0x10c/0x260 [ 402.847689] tcp_v6_rcv+0x45ba/0x5df0 [ 402.847703] ip6_input_finish+0xb53/0x2450 [ 402.847716] ip6_input+0x29d/0x340 [ 402.847729] ip6_rcv_finish+0x4d2/0x710 [ 402.847742] ipv6_rcv+0x34b/0x3f0 [ 402.847757] process_backlog+0x82b/0x11e0 [ 402.847772] net_rx_action+0x98f/0x1d50 [ 402.847788] __do_softirq+0x721/0xc7f [ 402.847794] [ 402.847800] Uninit was stored to memory at: [ 402.847816] kmsan_internal_chain_origin+0x136/0x240 [ 402.847831] __msan_chain_origin+0x6d/0xb0 [ 402.847846] __save_stack_trace+0x8be/0xc60 [ 402.847862] save_stack_trace+0xc6/0x110 [ 402.847878] kmsan_internal_chain_origin+0x136/0x240 [ 402.847893] kmsan_memcpy_origins+0x13d/0x190 [ 402.847909] __msan_memcpy+0x6f/0x80 [ 402.847925] pskb_expand_head+0x436/0x1d20 [ 402.847941] ___pskb_trim+0x3c9/0x1bf0 [ 402.847957] sk_filter_trim_cap+0x5ac/0xa60 [ 402.847976] tcp_filter+0x10c/0x260 [ 402.847989] tcp_v6_rcv+0x45ba/0x5df0 [ 402.848002] ip6_input_finish+0xb53/0x2450 [ 402.848015] ip6_input+0x29d/0x340 [ 402.848028] ip6_rcv_finish+0x4d2/0x710 [ 402.848041] ipv6_rcv+0x34b/0x3f0 [ 402.848056] process_backlog+0x82b/0x11e0 [ 402.848071] net_rx_action+0x98f/0x1d50 [ 402.848085] __do_softirq+0x721/0xc7f [ 402.848090] [ 402.848096] Uninit was stored to memory at: [ 402.848112] kmsan_internal_chain_origin+0x136/0x240 [ 402.848128] __msan_chain_origin+0x6d/0xb0 [ 402.848143] __save_stack_trace+0x8be/0xc60 [ 402.848158] save_stack_trace+0xc6/0x110 [ 402.848175] kmsan_internal_chain_origin+0x136/0x240 [ 402.848190] kmsan_memcpy_origins+0x13d/0x190 [ 402.848206] __msan_memcpy+0x6f/0x80 [ 402.848231] pskb_expand_head+0x436/0x1d20 [ 402.848247] ___pskb_trim+0x3c9/0x1bf0 [ 402.848263] sk_filter_trim_cap+0x5ac/0xa60 [ 402.848277] tcp_filter+0x10c/0x260 [ 402.848290] tcp_v6_rcv+0x45ba/0x5df0 [ 402.848303] ip6_input_finish+0xb53/0x2450 [ 402.848316] ip6_input+0x29d/0x340 [ 402.848330] ip6_rcv_finish+0x4d2/0x710 [ 402.848342] ipv6_rcv+0x34b/0x3f0 [ 402.848357] process_backlog+0x82b/0x11e0 [ 402.848372] net_rx_action+0x98f/0x1d50 [ 402.848387] __do_softirq+0x721/0xc7f [ 402.848392] [ 402.848397] Uninit was stored to memory at: [ 402.848414] kmsan_internal_chain_origin+0x136/0x240 [ 402.848430] __msan_chain_origin+0x6d/0xb0 [ 402.848445] __save_stack_trace+0x8be/0xc60 [ 402.848460] save_stack_trace+0xc6/0x110 [ 402.848476] kmsan_internal_chain_origin+0x136/0x240 [ 402.848492] kmsan_memcpy_origins+0x13d/0x190 [ 402.848507] __msan_memcpy+0x6f/0x80 [ 402.848523] pskb_expand_head+0x436/0x1d20 [ 402.848539] ___pskb_trim+0x3c9/0x1bf0 [ 402.848554] sk_filter_trim_cap+0x5ac/0xa60 [ 402.848568] tcp_filter+0x10c/0x260 [ 402.848581] tcp_v6_rcv+0x45ba/0x5df0 [ 402.848595] ip6_input_finish+0xb53/0x2450 [ 402.848608] ip6_input+0x29d/0x340 [ 402.848621] ip6_rcv_finish+0x4d2/0x710 [ 402.848634] ipv6_rcv+0x34b/0x3f0 [ 402.848649] process_backlog+0x82b/0x11e0 [ 402.848664] net_rx_action+0x98f/0x1d50 [ 402.848678] __do_softirq+0x721/0xc7f [ 402.848684] [ 402.848689] Uninit was stored to memory at: [ 402.848705] kmsan_internal_chain_origin+0x136/0x240 [ 402.848721] __msan_chain_origin+0x6d/0xb0 [ 402.848736] __save_stack_trace+0x8be/0xc60 [ 402.848751] save_stack_trace+0xc6/0x110 [ 402.848768] kmsan_internal_chain_origin+0x136/0x240 [ 402.848783] kmsan_memcpy_origins+0x13d/0x190 [ 402.848799] __msan_memcpy+0x6f/0x80 [ 402.848815] pskb_expand_head+0x436/0x1d20 [ 402.848831] ___pskb_trim+0x3c9/0x1bf0 [ 402.848846] sk_filter_trim_cap+0x5ac/0xa60 [ 402.848860] tcp_filter+0x10c/0x260 [ 402.848873] tcp_v6_rcv+0x45ba/0x5df0 [ 402.848886] ip6_input_finish+0xb53/0x2450 [ 402.848899] ip6_input+0x29d/0x340 [ 402.848913] ip6_rcv_finish+0x4d2/0x710 [ 402.848925] ipv6_rcv+0x34b/0x3f0 [ 402.848940] process_backlog+0x82b/0x11e0 [ 402.848955] net_rx_action+0x98f/0x1d50 03:45:23 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d02403162857170") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:23 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 402.848975] __do_softirq+0x721/0xc7f [ 402.848980] [ 402.848985] Uninit was stored to memory at: [ 402.849002] kmsan_internal_chain_origin+0x136/0x240 [ 402.849018] __msan_chain_origin+0x6d/0xb0 [ 402.849033] __save_stack_trace+0x8be/0xc60 [ 402.849048] save_stack_trace+0xc6/0x110 [ 402.849064] kmsan_internal_chain_origin+0x136/0x240 [ 402.849079] kmsan_memcpy_origins+0x13d/0x190 [ 402.849095] __msan_memcpy+0x6f/0x80 [ 402.849111] pskb_expand_head+0x436/0x1d20 [ 402.849127] ___pskb_trim+0x3c9/0x1bf0 [ 402.849142] sk_filter_trim_cap+0x5ac/0xa60 [ 402.849156] tcp_filter+0x10c/0x260 [ 402.849169] tcp_v6_rcv+0x45ba/0x5df0 [ 402.849182] ip6_input_finish+0xb53/0x2450 [ 402.849195] ip6_input+0x29d/0x340 [ 402.849216] ip6_rcv_finish+0x4d2/0x710 [ 402.849229] ipv6_rcv+0x34b/0x3f0 [ 402.849244] process_backlog+0x82b/0x11e0 [ 402.849259] net_rx_action+0x98f/0x1d50 [ 402.849274] __do_softirq+0x721/0xc7f [ 402.849279] [ 402.849284] Uninit was stored to memory at: [ 402.849301] kmsan_internal_chain_origin+0x136/0x240 [ 402.849317] __msan_chain_origin+0x6d/0xb0 [ 402.849332] __save_stack_trace+0x8be/0xc60 [ 402.849347] save_stack_trace+0xc6/0x110 [ 402.849363] kmsan_internal_chain_origin+0x136/0x240 [ 402.849379] kmsan_memcpy_origins+0x13d/0x190 [ 402.849394] __msan_memcpy+0x6f/0x80 [ 402.849411] pskb_expand_head+0x436/0x1d20 [ 402.849427] ___pskb_trim+0x3c9/0x1bf0 [ 402.849442] sk_filter_trim_cap+0x5ac/0xa60 [ 402.849456] tcp_filter+0x10c/0x260 [ 402.849469] tcp_v6_rcv+0x45ba/0x5df0 [ 402.849482] ip6_input_finish+0xb53/0x2450 [ 402.849495] ip6_input+0x29d/0x340 [ 402.849508] ip6_rcv_finish+0x4d2/0x710 [ 402.849521] ipv6_rcv+0x34b/0x3f0 [ 402.849536] process_backlog+0x82b/0x11e0 [ 402.849551] net_rx_action+0x98f/0x1d50 [ 402.849565] __do_softirq+0x721/0xc7f [ 402.849570] [ 402.849578] Local variable description: ----v.addr.i.i.i@should_fail [ 402.849584] Variable was created at: [ 402.849600] should_fail+0x14d/0x13c0 [ 402.849616] __should_failslab+0x278/0x2a0 [ 403.702977] not chained 380000 origins [ 403.791681] CPU: 1 PID: 10786 Comm: udevd Not tainted 4.20.0-rc2+ #85 [ 403.798254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.808289] Call Trace: [ 403.810863] [ 403.813013] dump_stack+0x32d/0x480 [ 403.816646] kmsan_internal_chain_origin+0x222/0x240 [ 403.821753] ? __msan_poison_alloca+0x1e0/0x270 [ 403.826432] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 403.831793] ? __module_address+0x6a/0x5f0 [ 403.836031] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 403.841482] ? in_task_stack+0x12c/0x210 [ 403.845549] ? get_stack_info+0x206/0x220 [ 403.849698] __msan_chain_origin+0x6d/0xb0 [ 403.853932] ? get_arg_page+0x186/0x540 [ 403.857904] __save_stack_trace+0x8be/0xc60 [ 403.862243] ? get_arg_page+0x186/0x540 [ 403.866222] save_stack_trace+0xc6/0x110 [ 403.870295] kmsan_internal_chain_origin+0x136/0x240 [ 403.875393] ? __msan_poison_alloca+0x1e0/0x270 [ 403.880061] ? do_syscall_64+0xcf/0x110 [ 403.884032] ? kmsan_internal_chain_origin+0x136/0x240 [ 403.889304] ? kmsan_memcpy_origins+0x13d/0x190 [ 403.893978] ? __msan_memcpy+0x6f/0x80 [ 403.897868] ? pskb_expand_head+0x436/0x1d20 [ 403.903010] ? __tcp_retransmit_skb+0xdf6/0x46c0 [ 403.907758] ? tcp_send_loss_probe+0x8fb/0xc00 [ 403.912334] ? tcp_write_timer_handler+0x691/0xe80 [ 403.917252] ? tcp_write_timer+0x139/0x250 [ 403.921477] ? call_timer_fn+0x356/0x7c0 [ 403.925533] ? __run_timers+0xe95/0x1300 [ 403.929589] ? run_timer_softirq+0x55/0xa0 [ 403.933818] ? __do_softirq+0x721/0xc7f [ 403.937782] ? irq_exit+0x305/0x340 [ 403.941417] ? exiting_irq+0xe/0x10 [ 403.945036] ? smp_apic_timer_interrupt+0x64/0x90 [ 403.949873] ? apic_timer_interrupt+0xf/0x20 [ 403.954289] ? kmsan_get_metadata_or_null+0x6/0x380 [ 403.959305] ? __msan_poison_alloca+0x1e0/0x270 [ 403.963973] ? __alloc_pages_nodemask+0x1ef/0x64d0 [ 403.968898] ? alloc_pages_current+0x55d/0x7d0 [ 403.973474] ? get_zeroed_page+0x47/0xd0 [ 403.977543] ? __pud_alloc+0xd4/0x4f0 [ 403.981342] ? handle_mm_fault+0xd26/0xa8c0 [ 403.985653] ? __get_user_pages+0x1d58/0x2b90 [ 403.990140] ? get_user_pages_remote+0x2a7/0xb20 [ 403.994885] ? get_arg_page+0x186/0x540 [ 403.999604] ? copy_strings+0x812/0x1190 [ 404.003655] ? __do_execve_file+0x1eb3/0x33d0 [ 404.008141] ? __se_sys_execve+0xec/0x110 [ 404.012286] ? __x64_sys_execve+0x4a/0x70 [ 404.016429] ? do_syscall_64+0xcf/0x110 [ 404.020409] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 404.025775] ? __msan_get_context_state+0x9/0x20 [ 404.030526] ? INIT_INT+0xc/0x30 [ 404.033888] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 404.039249] ? ipv4_dst_check+0x1aa/0x2a0 [ 404.043400] kmsan_memcpy_origins+0x13d/0x190 [ 404.047893] __msan_memcpy+0x6f/0x80 [ 404.051625] pskb_expand_head+0x436/0x1d20 [ 404.055876] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.060482] tcp_send_loss_probe+0x8fb/0xc00 [ 404.064898] tcp_write_timer_handler+0x691/0xe80 [ 404.069658] tcp_write_timer+0x139/0x250 [ 404.073721] call_timer_fn+0x356/0x7c0 [ 404.077605] ? tcp_init_xmit_timers+0x130/0x130 [ 404.082274] __run_timers+0xe95/0x1300 [ 404.086155] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 404.091513] ? tcp_init_xmit_timers+0x130/0x130 [ 404.096194] run_timer_softirq+0x55/0xa0 [ 404.101001] ? timers_dead_cpu+0xb70/0xb70 [ 404.105236] __do_softirq+0x721/0xc7f [ 404.109055] irq_exit+0x305/0x340 [ 404.112506] exiting_irq+0xe/0x10 [ 404.115954] smp_apic_timer_interrupt+0x64/0x90 [ 404.120621] apic_timer_interrupt+0xf/0x20 [ 404.124853] [ 404.127092] RIP: 0010:kmsan_get_metadata_or_null+0x6/0x380 [ 404.132711] Code: 0f 0b 0f 0b 55 48 89 e5 31 d2 31 c9 e8 43 fc ff ff 5d c3 90 b0 01 c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 <41> 56 41 55 41 54 53 48 83 ec 10 48 89 fb 49 be 00 00 00 00 80 77 [ 404.151621] RSP: 0018:ffff888118d1f1b8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 404.159325] RAX: 0000000000000004 RBX: 0000000000000004 RCX: ffff888118d1f210 [ 404.166588] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888118d1f4a4 [ 404.173853] RBP: ffff888118d1f1c0 R08: 0000000000480020 R09: 0000000000000002 [ 404.181239] R10: 0000000000000081 R11: 0000000000000001 R12: ffff888118d1f4a4 [ 404.188499] R13: 0000000000000007 R14: 0000000000000004 R15: 0000000098000000 [ 404.195783] __msan_poison_alloca+0x1e0/0x270 [ 404.201004] ? __alloc_pages_nodemask+0x1ef/0x64d0 [ 404.205943] ? alloc_pages_current+0x55d/0x7d0 [ 404.210529] __alloc_pages_nodemask+0x1ef/0x64d0 [ 404.215292] ? task_kmsan_context_state+0x51/0x90 [ 404.220134] ? __alloc_pages_nodemask+0x12ac/0x64d0 [ 404.225320] ? ima_match_policy+0xf8/0x22f0 [ 404.230084] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 404.235438] ? ima_match_policy+0x2215/0x22f0 [ 404.239929] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 404.245303] ? apic_timer_interrupt+0xa/0x20 [ 404.249733] ? kmsan_get_metadata_or_null+0x8e/0x380 [ 404.254834] alloc_pages_current+0x55d/0x7d0 [ 404.259249] get_zeroed_page+0x47/0xd0 [ 404.263132] __pud_alloc+0xd4/0x4f0 [ 404.266762] handle_mm_fault+0xd26/0xa8c0 [ 404.270993] ? follow_page_mask+0xd0/0x3010 [ 404.275331] __get_user_pages+0x1d58/0x2b90 [ 404.279678] get_user_pages_remote+0x2a7/0xb20 [ 404.284267] ? get_arg_page+0x7c/0x540 [ 404.288152] get_arg_page+0x186/0x540 [ 404.291985] copy_strings+0x812/0x1190 [ 404.295885] __do_execve_file+0x1eb3/0x33d0 [ 404.300766] __se_sys_execve+0xec/0x110 [ 404.304742] __x64_sys_execve+0x4a/0x70 [ 404.308735] do_syscall_64+0xcf/0x110 [ 404.312536] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 404.317719] RIP: 0033:0x7f212b278207 [ 404.321425] Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 8c 2d 00 f7 d8 64 89 02 [ 404.340321] RSP: 002b:00007ffcdf14cb58 EFLAGS: 00000202 ORIG_RAX: 000000000000003b [ 404.348035] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f212b278207 [ 404.355312] RDX: 0000000000b0b800 RSI: 00007ffcdf14cc50 RDI: 00007ffcdf14dc60 [ 404.362575] RBP: 0000000000625500 R08: 000000000000242e R09: 000000000000242e [ 404.369837] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000b0b800 [ 404.377121] R13: 0000000000000007 R14: 0000000000b06250 R15: 0000000000000005 [ 404.384399] Uninit was stored to memory at: [ 404.388728] kmsan_internal_chain_origin+0x136/0x240 [ 404.393824] __msan_chain_origin+0x6d/0xb0 [ 404.398049] __save_stack_trace+0x8be/0xc60 [ 404.402923] save_stack_trace+0xc6/0x110 [ 404.407002] kmsan_internal_chain_origin+0x136/0x240 [ 404.412103] kmsan_memcpy_origins+0x13d/0x190 [ 404.416592] __msan_memcpy+0x6f/0x80 [ 404.420301] pskb_expand_head+0x436/0x1d20 [ 404.424533] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.429108] tcp_send_loss_probe+0x8fb/0xc00 [ 404.433513] tcp_write_timer_handler+0x691/0xe80 [ 404.438259] tcp_write_timer+0x139/0x250 [ 404.442328] call_timer_fn+0x356/0x7c0 [ 404.446226] __run_timers+0xe95/0x1300 [ 404.450117] run_timer_softirq+0x55/0xa0 [ 404.454181] __do_softirq+0x721/0xc7f [ 404.457980] [ 404.459599] Uninit was stored to memory at: [ 404.463912] kmsan_internal_chain_origin+0x136/0x240 [ 404.469009] __msan_chain_origin+0x6d/0xb0 [ 404.473241] __save_stack_trace+0x8be/0xc60 [ 404.477554] save_stack_trace+0xc6/0x110 [ 404.481604] kmsan_internal_chain_origin+0x136/0x240 [ 404.486701] kmsan_memcpy_origins+0x13d/0x190 [ 404.491203] __msan_memcpy+0x6f/0x80 [ 404.494932] pskb_expand_head+0x436/0x1d20 [ 404.499869] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.504459] tcp_send_loss_probe+0x8fb/0xc00 [ 404.508868] tcp_write_timer_handler+0x691/0xe80 [ 404.513620] tcp_write_timer+0x139/0x250 [ 404.517689] call_timer_fn+0x356/0x7c0 [ 404.521572] __run_timers+0xe95/0x1300 [ 404.525455] run_timer_softirq+0x55/0xa0 [ 404.529528] __do_softirq+0x721/0xc7f [ 404.533315] [ 404.534933] Uninit was stored to memory at: [ 404.539252] kmsan_internal_chain_origin+0x136/0x240 [ 404.544370] __msan_chain_origin+0x6d/0xb0 [ 404.548603] __save_stack_trace+0x8be/0xc60 [ 404.552919] save_stack_trace+0xc6/0x110 [ 404.556978] kmsan_internal_chain_origin+0x136/0x240 [ 404.562081] kmsan_memcpy_origins+0x13d/0x190 [ 404.566597] __msan_memcpy+0x6f/0x80 [ 404.570319] pskb_expand_head+0x436/0x1d20 [ 404.574546] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.579123] tcp_send_loss_probe+0x8fb/0xc00 [ 404.583560] tcp_write_timer_handler+0x691/0xe80 [ 404.588309] tcp_write_timer+0x139/0x250 [ 404.592473] call_timer_fn+0x356/0x7c0 [ 404.596354] __run_timers+0xe95/0x1300 [ 404.600990] run_timer_softirq+0x55/0xa0 [ 404.605043] __do_softirq+0x721/0xc7f [ 404.608830] [ 404.610446] Uninit was stored to memory at: [ 404.614762] kmsan_internal_chain_origin+0x136/0x240 [ 404.619859] __msan_chain_origin+0x6d/0xb0 [ 404.624088] __save_stack_trace+0x8be/0xc60 [ 404.628409] save_stack_trace+0xc6/0x110 [ 404.632465] kmsan_internal_chain_origin+0x136/0x240 [ 404.637578] kmsan_memcpy_origins+0x13d/0x190 [ 404.642066] __msan_memcpy+0x6f/0x80 [ 404.645773] pskb_expand_head+0x436/0x1d20 [ 404.650011] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.654588] tcp_send_loss_probe+0x8fb/0xc00 [ 404.658995] tcp_write_timer_handler+0x691/0xe80 [ 404.663744] tcp_write_timer+0x139/0x250 [ 404.667811] call_timer_fn+0x356/0x7c0 [ 404.671695] __run_timers+0xe95/0x1300 [ 404.675573] run_timer_softirq+0x55/0xa0 [ 404.679638] __do_softirq+0x721/0xc7f [ 404.683427] [ 404.685045] Uninit was stored to memory at: [ 404.689360] kmsan_internal_chain_origin+0x136/0x240 [ 404.694457] __msan_chain_origin+0x6d/0xb0 [ 404.699425] __save_stack_trace+0x8be/0xc60 [ 404.703738] save_stack_trace+0xc6/0x110 [ 404.707795] kmsan_internal_chain_origin+0x136/0x240 [ 404.712891] kmsan_memcpy_origins+0x13d/0x190 [ 404.717378] __msan_memcpy+0x6f/0x80 [ 404.721084] pskb_expand_head+0x436/0x1d20 [ 404.725326] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.729902] tcp_send_loss_probe+0x8fb/0xc00 [ 404.734306] tcp_write_timer_handler+0x691/0xe80 [ 404.739138] tcp_write_timer+0x139/0x250 [ 404.743197] call_timer_fn+0x356/0x7c0 [ 404.747088] __run_timers+0xe95/0x1300 [ 404.750974] run_timer_softirq+0x55/0xa0 [ 404.755027] __do_softirq+0x721/0xc7f [ 404.758812] [ 404.760430] Uninit was stored to memory at: [ 404.764749] kmsan_internal_chain_origin+0x136/0x240 [ 404.769846] __msan_chain_origin+0x6d/0xb0 [ 404.774073] __save_stack_trace+0x8be/0xc60 [ 404.778385] save_stack_trace+0xc6/0x110 [ 404.782437] kmsan_internal_chain_origin+0x136/0x240 [ 404.787535] kmsan_memcpy_origins+0x13d/0x190 [ 404.792035] __msan_memcpy+0x6f/0x80 [ 404.795740] pskb_expand_head+0x436/0x1d20 [ 404.800478] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.805056] tcp_send_loss_probe+0x8fb/0xc00 [ 404.809459] tcp_write_timer_handler+0x691/0xe80 [ 404.814218] tcp_write_timer+0x139/0x250 [ 404.818270] call_timer_fn+0x356/0x7c0 [ 404.822153] __run_timers+0xe95/0x1300 [ 404.826034] run_timer_softirq+0x55/0xa0 [ 404.830099] __do_softirq+0x721/0xc7f [ 404.833887] [ 404.835509] Uninit was stored to memory at: [ 404.839829] kmsan_internal_chain_origin+0x136/0x240 [ 404.844924] __msan_chain_origin+0x6d/0xb0 [ 404.849152] __save_stack_trace+0x8be/0xc60 [ 404.853466] save_stack_trace+0xc6/0x110 [ 404.857523] kmsan_internal_chain_origin+0x136/0x240 [ 404.862621] kmsan_memcpy_origins+0x13d/0x190 [ 404.867121] __msan_memcpy+0x6f/0x80 [ 404.870828] pskb_expand_head+0x436/0x1d20 [ 404.875063] __tcp_retransmit_skb+0xdf6/0x46c0 [ 404.879637] tcp_send_loss_probe+0x8fb/0xc00 [ 404.884040] tcp_write_timer_handler+0x691/0xe80 [ 404.888785] tcp_write_timer+0x139/0x250 [ 404.892837] call_timer_fn+0x356/0x7c0 [ 404.896717] __run_timers+0xe95/0x1300 [ 404.901345] run_timer_softirq+0x55/0xa0 [ 404.905428] __do_softirq+0x721/0xc7f [ 404.909217] [ 404.910839] Local variable description: ----__ai_old.i@sched_clock_cpu [ 404.917488] Variable was created at: [ 404.921197] sched_clock_cpu+0x60/0x770 [ 404.925169] irqtime_account_irq+0xb8/0x3c0 [ 404.947683] usb usb3: usbfs: process 10784 (syz-executor5) did not claim interface 0 before use [ 404.985191] usb usb3: usbfs: process 10782 (syz-executor3) did not claim interface 0 before use 03:45:25 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:25 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x0, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:25 executing program 5: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f0000000440), &(0x7f0000000540), 0x0) ioctl$VT_DISALLOCATE(r0, 0x5608) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0x0, 0x20000800, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='ip6gre0\x00', 0x10) 03:45:25 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) [ 405.513191] usb usb3: usbfs: process 10798 (syz-executor1) did not claim interface 0 before use 03:45:25 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)) 03:45:25 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x4, 0x802) r1 = dup2(r0, r0) write$binfmt_elf32(r1, &(0x7f0000001340)=ANY=[], 0x10ff) 03:45:25 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f00000001c0)={0x3f}) 03:45:26 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000380), 0x297) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$sock_int(r3, 0x1, 0x0, &(0x7f00000000c0), 0x4) dup2(r0, r2) ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f0000000240)={'ifb0\x00', 0xff}) timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000040)={{0x0, 0x989680}}, &(0x7f0000000200)) 03:45:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:26 executing program 3: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000001c0)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:26 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000080)={0x0, @bt={0xffff}}) 03:45:26 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:26 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 03:45:26 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000080)={0x0, @bt={0x0, 0x1000000}}) 03:45:27 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000140)) 03:45:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 03:45:27 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000b80), 0x49249f8, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffee1, 0x2, 0x0) 03:45:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:27 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 03:45:27 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x7, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={"76657468305f746f5f626f6e64000004", &(0x7f0000000000)=ANY=[]}) prctl$getreaper(0x0, &(0x7f0000000800)) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:27 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:27 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:28 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x0, 0x3132564e}) [ 408.007320] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 408.167436] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:28 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x1, 0x0, 0x1, 0x0, [0x0]}}, 0x29) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:28 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000400)="0a5c1f023c126285719070") syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "525dbb", 0x14, 0x2b, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000100)) 03:45:28 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:28 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x0, 0x0, 0x1, 0x0, [0x0]}}, 0x29) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 408.587556] usb usb3: usbfs: process 10929 (syz-executor1) did not claim interface 0 before use [ 408.623017] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 408.826465] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 408.991836] usb usb3: usbfs: process 10946 (syz-executor3) did not claim interface 0 before use [ 409.051862] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:29 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) [ 409.186430] usb usb3: usbfs: process 10952 (syz-executor3) did not claim interface 0 before use 03:45:29 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x7, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={"76657468305f746f5f626f6e64000004", &(0x7f0000000000)=ANY=[@ANYBLOB="370000e400000000fdffffffffffffff"]}) prctl$getreaper(0x0, &(0x7f0000000800)) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:29 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="020300020c000000e8b15b36420000000200080008000000e000000000000000030006000000000002000000e0000001000000000000000002000100000000200000020000000000030005000000000002000000f0ff0001deffffff00000000"], 0x60}}, 0x0) 03:45:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:29 executing program 3: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000800), 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f00000007c0)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) [ 409.628512] usb usb3: usbfs: process 10969 (syz-executor5) did not claim interface 0 before use [ 409.638449] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:29 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:29 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:45:30 executing program 1: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="5b382e313a6e756c6c625bb7162b2ab388eda7c0a14b069313b2135d4dd4590a678c72a70bd23a"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)="50f073656c696e75786367726f757000") accept(0xffffffffffffffff, &(0x7f0000007ec0)=@can, &(0x7f0000007f40)=0x80) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000380)) 03:45:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1) r1 = gettid() ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x989680}}, &(0x7f00000001c0)) tkill(r1, 0x15) 03:45:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 410.147627] libceph: parse_ips bad ip '[8.1:nullb[·+*³ˆí§À¡K“²]MÔY [ 410.147627] gŒr§ Ò' [ 410.210673] libceph: parse_ips bad ip '[8.1:nullb[·+*³ˆí§À¡K“²]MÔY [ 410.210673] gŒr§ Ò' 03:45:30 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:30 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000080)={0x70080000}) 03:45:30 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x7, 0x7, 0x9}, 0x2c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0xd, 0x15, 0x4, 0x8, 0x0, r0}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r1, &(0x7f0000000140), &(0x7f00000001c0)=""/180}, 0x18) 03:45:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:30 executing program 3: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) execveat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f00000001c0)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:30 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x400}, 0x1c) syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000093780000"], &(0x7f00000002c0)) 03:45:30 executing program 1: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000140)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x2, 0x7, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, 0xffffffffffffffff) 03:45:31 executing program 2: setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 03:45:31 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1) r1 = gettid() ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x989680}}, &(0x7f00000001c0)) tkill(r1, 0x15) 03:45:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:33 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:33 executing program 4: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x10001) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="5b3830313a6e756c6c625bb7162b2ab388eda7c0a14b069313b2135d4dd4590a678c72a70bd23a"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)="50f073656c696e75786367726f757000") accept(0xffffffffffffffff, &(0x7f0000007ec0)=@can, &(0x7f0000007f40)=0x80) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000380)) getgroups(0x0, &(0x7f0000000480)) 03:45:33 executing program 1: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000140), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000780), &(0x7f0000000800)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000300)=""/134) creat(&(0x7f00000001c0)='./file1\x00', 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:33 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) 03:45:33 executing program 4: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x10001) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="5b3830313a6e756c6c625bb7162b2ab388eda7c0a14b069313b2135d4dd4590a678c72a70bd23a"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)="50f073656c696e75786367726f757000") accept(0xffffffffffffffff, &(0x7f0000007ec0)=@can, &(0x7f0000007f40)=0x80) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000380)) getgroups(0x0, &(0x7f0000000480)) [ 413.258729] libceph: parse_ips bad ip '[801:nullb[·+*³ˆí§À¡K“²]MÔY [ 413.258729] gŒr§ Ò' [ 413.276851] libceph: parse_ips bad ip '[801:nullb[·+*³ˆí§À¡K“²]MÔY [ 413.276851] gŒr§ Ò' [ 413.314751] not chained 390000 origins [ 413.319441] CPU: 1 PID: 11074 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 413.326718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.336074] Call Trace: [ 413.338663] [ 413.340833] dump_stack+0x32d/0x480 [ 413.344574] ? save_stack_trace+0xc6/0x110 [ 413.348835] kmsan_internal_chain_origin+0x222/0x240 [ 413.353967] ? kmsan_internal_chain_origin+0x136/0x240 [ 413.359261] ? __msan_chain_origin+0x6d/0xb0 [ 413.363683] ? __save_stack_trace+0x8be/0xc60 [ 413.368192] ? save_stack_trace+0xc6/0x110 [ 413.372466] ? kmsan_internal_chain_origin+0x136/0x240 [ 413.377758] ? kmsan_memcpy_origins+0x13d/0x190 [ 413.382440] ? __msan_memcpy+0x6f/0x80 [ 413.386341] ? pskb_expand_head+0x436/0x1d20 [ 413.390759] ? ___pskb_trim+0x3c9/0x1bf0 [ 413.394832] ? sk_filter_trim_cap+0x5ac/0xa60 [ 413.399339] ? tcp_filter+0x10c/0x260 [ 413.403153] ? tcp_v6_rcv+0x45ba/0x5df0 [ 413.407135] ? ip6_input_finish+0xb53/0x2450 [ 413.411563] ? ip6_input+0x29d/0x340 [ 413.415297] ? ip6_rcv_finish+0x4d2/0x710 [ 413.420219] ? ipv6_rcv+0x34b/0x3f0 [ 413.423877] ? process_backlog+0x82b/0x11e0 [ 413.428242] ? net_rx_action+0x98f/0x1d50 [ 413.432407] ? __do_softirq+0x721/0xc7f [ 413.436395] ? do_softirq_own_stack+0x49/0x80 [ 413.440995] ? __local_bh_enable_ip+0x228/0x260 [ 413.445675] ? local_bh_enable+0x36/0x40 [ 413.449741] ? ip6_finish_output2+0x1b1a/0x22d0 [ 413.454429] ? ip6_finish_output+0xc13/0xca0 [ 413.458850] ? ip6_output+0x5e4/0x720 [ 413.462685] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 413.468183] ? __module_address+0x6a/0x5f0 [ 413.472444] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 413.477905] ? in_task_stack+0x12c/0x210 [ 413.481989] ? get_stack_info+0x206/0x220 [ 413.486169] __msan_chain_origin+0x6d/0xb0 [ 413.490424] ? __local_bh_enable_ip+0x228/0x260 [ 413.495108] __save_stack_trace+0x8be/0xc60 [ 413.499460] ? __local_bh_enable_ip+0x228/0x260 [ 413.504141] save_stack_trace+0xc6/0x110 [ 413.508223] kmsan_internal_chain_origin+0x136/0x240 [ 413.513335] ? local_bh_enable+0x36/0x40 [ 413.518145] ? __se_sys_sendto+0x107/0x130 [ 413.522389] ? kmsan_internal_chain_origin+0x136/0x240 [ 413.527762] ? kmsan_memcpy_origins+0x13d/0x190 [ 413.532442] ? __msan_memcpy+0x6f/0x80 [ 413.536341] ? pskb_expand_head+0x436/0x1d20 [ 413.540768] ? ___pskb_trim+0x3c9/0x1bf0 [ 413.544838] ? sk_filter_trim_cap+0x5ac/0xa60 [ 413.549339] ? tcp_filter+0x10c/0x260 [ 413.553145] ? tcp_v6_rcv+0x45ba/0x5df0 [ 413.557134] ? ip6_input_finish+0xb53/0x2450 [ 413.561570] ? ip6_input+0x29d/0x340 [ 413.565297] ? ip6_rcv_finish+0x4d2/0x710 [ 413.569452] ? ipv6_rcv+0x34b/0x3f0 [ 413.573095] ? process_backlog+0x82b/0x11e0 [ 413.577432] ? net_rx_action+0x98f/0x1d50 [ 413.581593] ? __do_softirq+0x721/0xc7f [ 413.585582] ? do_softirq_own_stack+0x49/0x80 [ 413.590090] ? __local_bh_enable_ip+0x228/0x260 [ 413.594769] ? local_bh_enable+0x36/0x40 [ 413.598836] ? ip6_finish_output2+0x1b1a/0x22d0 [ 413.603517] ? ip6_finish_output+0xc13/0xca0 [ 413.607935] ? ip6_output+0x5e4/0x720 [ 413.611751] ? ip6_xmit+0x216d/0x26a0 [ 413.615561] ? inet6_csk_xmit+0x3e0/0x4f0 [ 413.620482] ? __tcp_transmit_skb+0x425c/0x5e00 [ 413.625166] ? tcp_write_xmit+0x389a/0xacc0 [ 413.629503] ? __tcp_push_pending_frames+0x124/0x4e0 [ 413.634625] ? tcp_sendmsg_locked+0x44bf/0x6c30 [ 413.639393] ? tcp_sendmsg+0xb2/0x100 [ 413.643210] ? inet_sendmsg+0x4e9/0x800 [ 413.647196] ? __sys_sendto+0x940/0xb80 [ 413.651191] ? __se_sys_sendto+0x107/0x130 [ 413.655444] ? __x64_sys_sendto+0x6e/0x90 [ 413.659604] ? do_syscall_64+0xcf/0x110 [ 413.663600] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 413.668993] ? __msan_get_context_state+0x9/0x20 [ 413.673762] ? INIT_INT+0xc/0x30 [ 413.677137] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 413.682523] kmsan_memcpy_origins+0x13d/0x190 [ 413.687042] __msan_memcpy+0x6f/0x80 [ 413.690772] pskb_expand_head+0x436/0x1d20 [ 413.695146] ___pskb_trim+0x3c9/0x1bf0 [ 413.699069] sk_filter_trim_cap+0x5ac/0xa60 [ 413.703414] tcp_filter+0x10c/0x260 [ 413.707048] tcp_v6_rcv+0x45ba/0x5df0 [ 413.710860] ? __msan_poison_alloca+0x1e0/0x270 [ 413.715602] ? tcp_v6_early_demux+0xc80/0xc80 [ 413.720842] ? tcp_v6_early_demux+0xc80/0xc80 [ 413.725352] ip6_input_finish+0xb53/0x2450 [ 413.729629] ? ip6_input_finish+0x13e1/0x2450 [ 413.734300] ip6_input+0x29d/0x340 [ 413.737862] ? ip6_input+0x340/0x340 [ 413.741695] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 413.746116] ip6_rcv_finish+0x4d2/0x710 [ 413.750105] ipv6_rcv+0x34b/0x3f0 [ 413.753573] ? dst_hold+0x5e0/0x5e0 [ 413.757217] process_backlog+0x82b/0x11e0 [ 413.761379] ? __msan_poison_alloca+0x1e0/0x270 [ 413.766062] ? ip6_rcv_finish+0x710/0x710 [ 413.770242] ? rps_trigger_softirq+0x2e0/0x2e0 [ 413.774845] net_rx_action+0x98f/0x1d50 [ 413.778874] ? net_tx_action+0xf20/0xf20 [ 413.782949] __do_softirq+0x721/0xc7f [ 413.786777] do_softirq_own_stack+0x49/0x80 [ 413.791102] [ 413.793373] __local_bh_enable_ip+0x228/0x260 [ 413.797893] local_bh_enable+0x36/0x40 [ 413.801976] ip6_finish_output2+0x1b1a/0x22d0 [ 413.806635] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 413.812013] ? ip6_mtu+0x289/0x330 [ 413.815585] ip6_finish_output+0xc13/0xca0 [ 413.820592] ip6_output+0x5e4/0x720 [ 413.824253] ? ip6_output+0x720/0x720 [ 413.828080] ? ac6_seq_show+0x200/0x200 [ 413.832069] ip6_xmit+0x216d/0x26a0 [ 413.835735] ? ip6_xmit+0x26a0/0x26a0 [ 413.839550] inet6_csk_xmit+0x3e0/0x4f0 [ 413.843546] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 413.848488] __tcp_transmit_skb+0x425c/0x5e00 [ 413.853038] tcp_write_xmit+0x389a/0xacc0 [ 413.857267] __tcp_push_pending_frames+0x124/0x4e0 [ 413.862227] tcp_sendmsg_locked+0x44bf/0x6c30 [ 413.866757] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 413.872168] tcp_sendmsg+0xb2/0x100 [ 413.875818] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 413.880512] inet_sendmsg+0x4e9/0x800 [ 413.884342] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 413.889725] ? security_socket_sendmsg+0x1bd/0x200 [ 413.894674] ? inet_getname+0x490/0x490 [ 413.898658] __sys_sendto+0x940/0xb80 [ 413.902487] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 413.907952] ? prepare_exit_to_usermode+0x182/0x4c0 [ 413.913004] __se_sys_sendto+0x107/0x130 [ 413.917795] __x64_sys_sendto+0x6e/0x90 [ 413.921785] do_syscall_64+0xcf/0x110 [ 413.925607] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 413.930805] RIP: 0033:0x457569 [ 413.934011] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 413.952922] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 413.960657] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 413.967943] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 413.975233] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 413.982508] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 413.989785] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 413.997189] Uninit was stored to memory at: [ 414.001536] kmsan_internal_chain_origin+0x136/0x240 [ 414.006649] __msan_chain_origin+0x6d/0xb0 [ 414.010991] __save_stack_trace+0x8be/0xc60 [ 414.015325] save_stack_trace+0xc6/0x110 [ 414.019976] kmsan_internal_chain_origin+0x136/0x240 [ 414.025096] kmsan_memcpy_origins+0x13d/0x190 [ 414.029623] __msan_memcpy+0x6f/0x80 [ 414.033358] pskb_expand_head+0x436/0x1d20 [ 414.037611] ___pskb_trim+0x3c9/0x1bf0 [ 414.041685] sk_filter_trim_cap+0x5ac/0xa60 [ 414.046025] tcp_filter+0x10c/0x260 [ 414.049671] tcp_v6_rcv+0x45ba/0x5df0 [ 414.053477] ip6_input_finish+0xb53/0x2450 [ 414.057810] ip6_input+0x29d/0x340 [ 414.061363] ip6_rcv_finish+0x4d2/0x710 [ 414.065366] ipv6_rcv+0x34b/0x3f0 [ 414.068851] process_backlog+0x82b/0x11e0 [ 414.073009] net_rx_action+0x98f/0x1d50 [ 414.077001] __do_softirq+0x721/0xc7f [ 414.080802] [ 414.082430] Uninit was stored to memory at: [ 414.086779] kmsan_internal_chain_origin+0x136/0x240 [ 414.091895] __msan_chain_origin+0x6d/0xb0 [ 414.096147] __save_stack_trace+0x8be/0xc60 [ 414.100486] save_stack_trace+0xc6/0x110 [ 414.104575] kmsan_internal_chain_origin+0x136/0x240 [ 414.109703] kmsan_memcpy_origins+0x13d/0x190 [ 414.114217] __msan_memcpy+0x6f/0x80 [ 414.118659] pskb_expand_head+0x436/0x1d20 [ 414.122906] ___pskb_trim+0x3c9/0x1bf0 [ 414.126801] sk_filter_trim_cap+0x5ac/0xa60 [ 414.131129] tcp_filter+0x10c/0x260 [ 414.134763] tcp_v6_rcv+0x45ba/0x5df0 [ 414.138569] ip6_input_finish+0xb53/0x2450 [ 414.142813] ip6_input+0x29d/0x340 [ 414.146368] ip6_rcv_finish+0x4d2/0x710 [ 414.150353] ipv6_rcv+0x34b/0x3f0 [ 414.153826] process_backlog+0x82b/0x11e0 [ 414.157993] net_rx_action+0x98f/0x1d50 [ 414.161982] __do_softirq+0x721/0xc7f [ 414.165781] [ 414.167408] Uninit was stored to memory at: [ 414.171826] kmsan_internal_chain_origin+0x136/0x240 [ 414.176941] __msan_chain_origin+0x6d/0xb0 [ 414.181188] __save_stack_trace+0x8be/0xc60 [ 414.185526] save_stack_trace+0xc6/0x110 [ 414.189617] kmsan_internal_chain_origin+0x136/0x240 [ 414.194822] kmsan_memcpy_origins+0x13d/0x190 [ 414.199328] __msan_memcpy+0x6f/0x80 [ 414.203054] pskb_expand_head+0x436/0x1d20 [ 414.207302] ___pskb_trim+0x3c9/0x1bf0 [ 414.211212] sk_filter_trim_cap+0x5ac/0xa60 [ 414.215543] tcp_filter+0x10c/0x260 [ 414.220390] tcp_v6_rcv+0x45ba/0x5df0 [ 414.224223] ip6_input_finish+0xb53/0x2450 [ 414.228464] ip6_input+0x29d/0x340 [ 414.232092] ip6_rcv_finish+0x4d2/0x710 [ 414.236065] ipv6_rcv+0x34b/0x3f0 [ 414.239528] process_backlog+0x82b/0x11e0 [ 414.243683] net_rx_action+0x98f/0x1d50 [ 414.247665] __do_softirq+0x721/0xc7f [ 414.251473] [ 414.253117] Uninit was stored to memory at: [ 414.257456] kmsan_internal_chain_origin+0x136/0x240 [ 414.262860] __msan_chain_origin+0x6d/0xb0 [ 414.267108] __save_stack_trace+0x8be/0xc60 [ 414.271437] save_stack_trace+0xc6/0x110 [ 414.275512] kmsan_internal_chain_origin+0x136/0x240 [ 414.280631] kmsan_memcpy_origins+0x13d/0x190 [ 414.285153] __msan_memcpy+0x6f/0x80 [ 414.288881] pskb_expand_head+0x436/0x1d20 [ 414.293128] ___pskb_trim+0x3c9/0x1bf0 [ 414.297027] sk_filter_trim_cap+0x5ac/0xa60 [ 414.301362] tcp_filter+0x10c/0x260 [ 414.304998] tcp_v6_rcv+0x45ba/0x5df0 [ 414.308809] ip6_input_finish+0xb53/0x2450 [ 414.310832] libceph: parse_ips bad ip '[801:nullb[·+*³ˆí§À¡K“²]MÔY [ 414.310832] gŒr§ Ò' [ 414.313050] ip6_input+0x29d/0x340 [ 414.313065] ip6_rcv_finish+0x4d2/0x710 [ 414.313078] ipv6_rcv+0x34b/0x3f0 [ 414.313095] process_backlog+0x82b/0x11e0 [ 414.313111] net_rx_action+0x98f/0x1d50 [ 414.313125] __do_softirq+0x721/0xc7f [ 414.313164] kmsan_internal_chain_origin+0x136/0x240 [ 414.350199] __msan_chain_origin+0x6d/0xb0 [ 414.354539] __save_stack_trace+0x8be/0xc60 [ 414.358866] save_stack_trace+0xc6/0x110 [ 414.362935] kmsan_internal_chain_origin+0x136/0x240 [ 414.368063] kmsan_memcpy_origins+0x13d/0x190 [ 414.372569] __msan_memcpy+0x6f/0x80 [ 414.376312] pskb_expand_head+0x436/0x1d20 [ 414.380559] ___pskb_trim+0x3c9/0x1bf0 [ 414.384455] sk_filter_trim_cap+0x5ac/0xa60 [ 414.388841] tcp_filter+0x10c/0x260 [ 414.392476] tcp_v6_rcv+0x45ba/0x5df0 [ 414.396315] ip6_input_finish+0xb53/0x2450 [ 414.400565] ip6_input+0x29d/0x340 [ 414.404119] ip6_rcv_finish+0x4d2/0x710 [ 414.408098] ipv6_rcv+0x34b/0x3f0 [ 414.411564] process_backlog+0x82b/0x11e0 [ 414.415842] net_rx_action+0x98f/0x1d50 [ 414.420568] __do_softirq+0x721/0xc7f [ 414.424373] [ 414.426003] Uninit was stored to memory at: [ 414.430333] kmsan_internal_chain_origin+0x136/0x240 [ 414.435462] __msan_chain_origin+0x6d/0xb0 [ 414.439712] __save_stack_trace+0x8be/0xc60 [ 414.444046] save_stack_trace+0xc6/0x110 [ 414.448113] kmsan_internal_chain_origin+0x136/0x240 [ 414.453232] kmsan_memcpy_origins+0x13d/0x190 [ 414.457751] __msan_memcpy+0x6f/0x80 [ 414.461478] pskb_expand_head+0x436/0x1d20 [ 414.465751] ___pskb_trim+0x3c9/0x1bf0 [ 414.469658] sk_filter_trim_cap+0x5ac/0xa60 [ 414.473996] tcp_filter+0x10c/0x260 [ 414.477633] tcp_v6_rcv+0x45ba/0x5df0 [ 414.481442] ip6_input_finish+0xb53/0x2450 [ 414.485688] ip6_input+0x29d/0x340 [ 414.489259] ip6_rcv_finish+0x4d2/0x710 [ 414.493278] ipv6_rcv+0x34b/0x3f0 [ 414.496769] process_backlog+0x82b/0x11e0 [ 414.500930] net_rx_action+0x98f/0x1d50 [ 414.505084] __do_softirq+0x721/0xc7f [ 414.508882] [ 414.510513] Uninit was stored to memory at: [ 414.514845] kmsan_internal_chain_origin+0x136/0x240 [ 414.520765] __msan_chain_origin+0x6d/0xb0 [ 414.525016] __save_stack_trace+0x8be/0xc60 [ 414.529362] save_stack_trace+0xc6/0x110 [ 414.533450] kmsan_internal_chain_origin+0x136/0x240 [ 414.538565] kmsan_memcpy_origins+0x13d/0x190 [ 414.543069] __msan_memcpy+0x6f/0x80 [ 414.546794] pskb_expand_head+0x436/0x1d20 [ 414.551041] ___pskb_trim+0x3c9/0x1bf0 [ 414.554948] sk_filter_trim_cap+0x5ac/0xa60 [ 414.559389] tcp_filter+0x10c/0x260 [ 414.563022] tcp_v6_rcv+0x45ba/0x5df0 [ 414.566833] ip6_input_finish+0xb53/0x2450 03:45:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:33 executing program 4: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x10001) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="5b3830313a6e756c6c625bb7162b2ab388eda7c0a14b069313b2135d4dd4590a678c72a70bd23a"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)="50f073656c696e75786367726f757000") accept(0xffffffffffffffff, &(0x7f0000007ec0)=@can, &(0x7f0000007f40)=0x80) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000380)) getgroups(0x0, &(0x7f0000000480)) 03:45:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1) r1 = gettid() ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x989680}}, &(0x7f00000001c0)) tkill(r1, 0x15) 03:45:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:34 executing program 4: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x10001) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="5b3830313a6e756c6c625bb7162b2ab388eda7c0a14b069313b2135d4dd4590a678c72a70bd23a"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)="50f073656c696e75786367726f757000") accept(0xffffffffffffffff, &(0x7f0000007ec0)=@can, &(0x7f0000007f40)=0x80) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000380)) getgroups(0x0, &(0x7f0000000480)) 03:45:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0), 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1) r1 = gettid() ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x989680}}, &(0x7f00000001c0)) tkill(r1, 0x15) [ 414.571073] ip6_input+0x29d/0x340 [ 414.574622] ip6_rcv_finish+0x4d2/0x710 [ 414.578609] ipv6_rcv+0x34b/0x3f0 [ 414.582081] process_backlog+0x82b/0x11e0 [ 414.586249] net_rx_action+0x98f/0x1d50 [ 414.590237] __do_softirq+0x721/0xc7f [ 414.594031] [ 414.595672] Local variable description: ----v.addr.i.i.i@should_fail [ 414.602162] Variable was created at: [ 414.605890] should_fail+0x14d/0x13c0 [ 414.609826] __should_failslab+0x278/0x2a0 03:45:34 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x0, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:34 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x3f8) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x80, 0x0) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f00000004c0)={0xc48, 0xfa1, 0x1}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000980)={{{@in, @in6=@mcast1}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000000)=0xe8) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) lseek(r3, 0x0, 0x0) 03:45:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0xc0000100]}) 03:45:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:34 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'bridge_slave_0\x00', 0x8123}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x7) close(r0) 03:45:35 executing program 5: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) ioctl$void(r0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:35 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:35 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) prctl$getreaper(0x0, &(0x7f0000000800)) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 415.433701] usb usb3: usbfs: process 11142 (syz-executor4) did not claim interface 0 before use 03:45:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 415.476565] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:35 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:35 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) ftruncate(r0, 0x8200) lseek(r0, 0x0, 0x2) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="17bca0f29930"], 0x6) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$UHID_DESTROY(r1, &(0x7f0000000240), 0x4) fcntl$setstatus(r0, 0x4, 0x200000) sendfile(r0, r2, &(0x7f0000002780), 0x8000fffffffe) ftruncate(r1, 0x4) [ 415.610461] usb usb3: usbfs: process 11146 (syz-executor3) did not claim interface 0 before use [ 415.624071] usb usb3: usbfs: process 11142 (syz-executor4) did not claim interface 0 before use [ 415.633769] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 415.761071] usb usb3: usbfs: process 11158 (syz-executor1) did not claim interface 0 before use [ 415.816401] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 415.899114] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 03:45:36 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340), 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:36 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:36 executing program 1: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000140)) r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000005c0)={0xc, 0x0, &(0x7f0000000000)=[@dead_binder_done={0x40086310, 0x4}], 0x0, 0xfffffdfd, &(0x7f0000000540)}) 03:45:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4), 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 416.281864] usb usb3: usbfs: process 11170 (syz-executor4) did not claim interface 0 before use [ 416.317527] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 416.428555] binder: 11178 RLIMIT_NICE not set 03:45:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 416.452145] binder: 11176:11178 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 416.481422] not chained 400000 origins [ 416.485354] CPU: 0 PID: 11179 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 416.492636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.501996] Call Trace: [ 416.504589] [ 416.506760] dump_stack+0x32d/0x480 [ 416.510424] ? save_stack_trace+0xc6/0x110 [ 416.514691] kmsan_internal_chain_origin+0x222/0x240 [ 416.520168] ? kmsan_internal_chain_origin+0x136/0x240 [ 416.525561] ? __msan_chain_origin+0x6d/0xb0 [ 416.529980] ? __save_stack_trace+0x8be/0xc60 [ 416.534499] ? save_stack_trace+0xc6/0x110 [ 416.538767] ? kmsan_internal_chain_origin+0x136/0x240 [ 416.544058] ? kmsan_memcpy_origins+0x13d/0x190 [ 416.548748] ? __msan_memcpy+0x6f/0x80 [ 416.552654] ? pskb_expand_head+0x436/0x1d20 [ 416.557080] ? ___pskb_trim+0x3c9/0x1bf0 [ 416.561175] ? sk_filter_trim_cap+0x5ac/0xa60 [ 416.565714] ? tcp_filter+0x10c/0x260 [ 416.569531] ? tcp_v6_rcv+0x45ba/0x5df0 [ 416.573517] ? ip6_input_finish+0xb53/0x2450 [ 416.577936] ? ip6_input+0x29d/0x340 [ 416.581661] ? ip6_rcv_finish+0x4d2/0x710 [ 416.585822] ? ipv6_rcv+0x34b/0x3f0 [ 416.589473] ? process_backlog+0x82b/0x11e0 [ 416.593868] ? net_rx_action+0x98f/0x1d50 [ 416.598030] ? __do_softirq+0x721/0xc7f [ 416.602017] ? do_softirq_own_stack+0x49/0x80 [ 416.606525] ? __local_bh_enable_ip+0x228/0x260 [ 416.611216] ? local_bh_enable+0x36/0x40 [ 416.615300] ? ip6_finish_output2+0x1b1a/0x22d0 [ 416.620299] ? ip6_finish_output+0xc13/0xca0 [ 416.624728] ? ip6_output+0x5e4/0x720 [ 416.628546] ? kmsan_internal_chain_origin+0x90/0x240 [ 416.633760] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 416.639142] ? is_bpf_text_address+0x49e/0x4d0 [ 416.643751] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 416.649235] __msan_chain_origin+0x6d/0xb0 [ 416.653495] ? ___pskb_trim+0x3c9/0x1bf0 [ 416.657580] __save_stack_trace+0x8be/0xc60 [ 416.662024] ? ___pskb_trim+0x3c9/0x1bf0 [ 416.666110] save_stack_trace+0xc6/0x110 [ 416.670192] kmsan_internal_chain_origin+0x136/0x240 [ 416.675314] ? local_bh_enable+0x36/0x40 [ 416.679503] ? __se_sys_sendto+0x107/0x130 [ 416.683752] ? kmsan_internal_chain_origin+0x136/0x240 [ 416.689048] ? kmsan_memcpy_origins+0x13d/0x190 [ 416.693735] ? __msan_memcpy+0x6f/0x80 [ 416.697637] ? pskb_expand_head+0x436/0x1d20 03:45:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 416.702056] ? ___pskb_trim+0x3c9/0x1bf0 [ 416.706129] ? sk_filter_trim_cap+0x5ac/0xa60 [ 416.710634] ? tcp_filter+0x10c/0x260 [ 416.714465] ? tcp_v6_rcv+0x45ba/0x5df0 [ 416.718752] ? ip6_input_finish+0xb53/0x2450 [ 416.723170] ? ip6_input+0x29d/0x340 [ 416.726915] ? ip6_rcv_finish+0x4d2/0x710 [ 416.731173] ? ipv6_rcv+0x34b/0x3f0 [ 416.734825] ? process_backlog+0x82b/0x11e0 [ 416.739169] ? net_rx_action+0x98f/0x1d50 [ 416.743340] ? __do_softirq+0x721/0xc7f [ 416.747329] ? do_softirq_own_stack+0x49/0x80 [ 416.751837] ? __local_bh_enable_ip+0x228/0x260 [ 416.756605] ? local_bh_enable+0x36/0x40 [ 416.760677] ? ip6_finish_output2+0x1b1a/0x22d0 [ 416.765364] ? ip6_finish_output+0xc13/0xca0 [ 416.769789] ? ip6_output+0x5e4/0x720 [ 416.773688] ? ip6_xmit+0x216d/0x26a0 [ 416.777499] ? inet6_csk_xmit+0x3e0/0x4f0 [ 416.781655] ? __tcp_transmit_skb+0x425c/0x5e00 [ 416.786334] ? tcp_write_xmit+0x389a/0xacc0 [ 416.790674] ? __tcp_push_pending_frames+0x124/0x4e0 [ 416.795791] ? tcp_sendmsg_locked+0x44bf/0x6c30 [ 416.800481] ? tcp_sendmsg+0xb2/0x100 [ 416.804296] ? inet_sendmsg+0x4e9/0x800 [ 416.808281] ? __sys_sendto+0x940/0xb80 [ 416.812386] ? __se_sys_sendto+0x107/0x130 [ 416.816624] ? __x64_sys_sendto+0x6e/0x90 [ 416.821088] ? do_syscall_64+0xcf/0x110 [ 416.825080] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 416.830477] ? __msan_get_context_state+0x9/0x20 [ 416.835252] ? INIT_INT+0xc/0x30 [ 416.838632] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 416.844022] kmsan_memcpy_origins+0x13d/0x190 [ 416.848543] __msan_memcpy+0x6f/0x80 03:45:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000419000)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 416.852292] pskb_expand_head+0x436/0x1d20 [ 416.856560] ___pskb_trim+0x3c9/0x1bf0 [ 416.860483] sk_filter_trim_cap+0x5ac/0xa60 [ 416.864837] tcp_filter+0x10c/0x260 [ 416.868491] tcp_v6_rcv+0x45ba/0x5df0 [ 416.872307] ? __msan_poison_alloca+0x1e0/0x270 [ 416.877035] ? tcp_v6_early_demux+0xc80/0xc80 [ 416.881545] ? tcp_v6_early_demux+0xc80/0xc80 [ 416.886056] ip6_input_finish+0xb53/0x2450 [ 416.890332] ? ip6_input_finish+0x13e1/0x2450 [ 416.894842] ip6_input+0x29d/0x340 [ 416.898413] ? ip6_input+0x340/0x340 [ 416.902139] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 416.905132] binder: 11176:11178 unknown command 536872576 [ 416.906556] ip6_rcv_finish+0x4d2/0x710 [ 416.906580] ipv6_rcv+0x34b/0x3f0 [ 416.906604] ? dst_hold+0x5e0/0x5e0 [ 416.906627] process_backlog+0x82b/0x11e0 [ 416.906645] ? __msan_poison_alloca+0x1e0/0x270 [ 416.906666] ? ip6_rcv_finish+0x710/0x710 [ 416.906696] ? rps_trigger_softirq+0x2e0/0x2e0 [ 416.906727] net_rx_action+0x98f/0x1d50 [ 416.912381] binder: 11176:11178 ioctl c0306201 20008fd0 returned -22 03:45:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000005c0)={0xc, 0x0, &(0x7f0000000000)=[@dead_binder_done={0x40086310, 0x4}], 0x0, 0xfffffdfd, &(0x7f0000000540)}) [ 416.916280] ? net_tx_action+0xf20/0xf20 [ 416.945595] binder: 11190 RLIMIT_NICE not set [ 416.960637] __do_softirq+0x721/0xc7f [ 416.964467] do_softirq_own_stack+0x49/0x80 [ 416.965630] binder: 11176:11191 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 416.968782] [ 416.968813] __local_bh_enable_ip+0x228/0x260 [ 416.982993] local_bh_enable+0x36/0x40 [ 416.986926] ip6_finish_output2+0x1b1a/0x22d0 [ 416.991485] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 416.996867] ? ip6_mtu+0x289/0x330 [ 417.000432] ip6_finish_output+0xc13/0xca0 [ 417.004702] ip6_output+0x5e4/0x720 [ 417.008357] ? ip6_output+0x720/0x720 [ 417.012177] ? ac6_seq_show+0x200/0x200 [ 417.016176] ip6_xmit+0x216d/0x26a0 [ 417.020214] ? ip6_xmit+0x26a0/0x26a0 [ 417.024031] inet6_csk_xmit+0x3e0/0x4f0 [ 417.028036] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 417.032980] __tcp_transmit_skb+0x425c/0x5e00 [ 417.037635] tcp_write_xmit+0x389a/0xacc0 [ 417.041849] __tcp_push_pending_frames+0x124/0x4e0 [ 417.046804] tcp_sendmsg_locked+0x44bf/0x6c30 [ 417.051864] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 417.057285] tcp_sendmsg+0xb2/0x100 [ 417.060935] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 417.065618] inet_sendmsg+0x4e9/0x800 [ 417.069439] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 417.074823] ? security_socket_sendmsg+0x1bd/0x200 [ 417.079775] ? inet_getname+0x490/0x490 [ 417.083761] __sys_sendto+0x940/0xb80 [ 417.087568] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 417.093010] ? prepare_exit_to_usermode+0x182/0x4c0 [ 417.098019] __se_sys_sendto+0x107/0x130 [ 417.102074] __x64_sys_sendto+0x6e/0x90 [ 417.106036] do_syscall_64+0xcf/0x110 [ 417.109830] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 417.115021] RIP: 0033:0x457569 [ 417.118502] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 417.137403] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 417.145119] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 417.152398] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 417.159656] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 417.166936] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 417.174211] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 417.181485] Uninit was stored to memory at: [ 417.185812] kmsan_internal_chain_origin+0x136/0x240 [ 417.190936] __msan_chain_origin+0x6d/0xb0 [ 417.195165] __save_stack_trace+0x8be/0xc60 [ 417.199489] save_stack_trace+0xc6/0x110 [ 417.203540] kmsan_internal_chain_origin+0x136/0x240 [ 417.208632] kmsan_memcpy_origins+0x13d/0x190 [ 417.213126] __msan_memcpy+0x6f/0x80 [ 417.217215] pskb_expand_head+0x436/0x1d20 [ 417.221748] ___pskb_trim+0x3c9/0x1bf0 [ 417.225636] sk_filter_trim_cap+0x5ac/0xa60 [ 417.229948] tcp_filter+0x10c/0x260 [ 417.233563] tcp_v6_rcv+0x45ba/0x5df0 [ 417.237354] ip6_input_finish+0xb53/0x2450 [ 417.241574] ip6_input+0x29d/0x340 [ 417.245099] ip6_rcv_finish+0x4d2/0x710 [ 417.249103] ipv6_rcv+0x34b/0x3f0 [ 417.252546] process_backlog+0x82b/0x11e0 [ 417.256688] net_rx_action+0x98f/0x1d50 [ 417.260678] __do_softirq+0x721/0xc7f [ 417.264468] [ 417.266110] Uninit was stored to memory at: [ 417.270421] kmsan_internal_chain_origin+0x136/0x240 [ 417.275622] __msan_chain_origin+0x6d/0xb0 [ 417.279872] __save_stack_trace+0x8be/0xc60 [ 417.284182] save_stack_trace+0xc6/0x110 [ 417.288250] kmsan_internal_chain_origin+0x136/0x240 [ 417.293357] kmsan_memcpy_origins+0x13d/0x190 [ 417.297840] __msan_memcpy+0x6f/0x80 [ 417.301540] pskb_expand_head+0x436/0x1d20 [ 417.305779] ___pskb_trim+0x3c9/0x1bf0 [ 417.309668] sk_filter_trim_cap+0x5ac/0xa60 [ 417.313979] tcp_filter+0x10c/0x260 [ 417.318123] tcp_v6_rcv+0x45ba/0x5df0 [ 417.321912] ip6_input_finish+0xb53/0x2450 [ 417.326144] ip6_input+0x29d/0x340 [ 417.329790] ip6_rcv_finish+0x4d2/0x710 [ 417.333764] ipv6_rcv+0x34b/0x3f0 [ 417.337229] process_backlog+0x82b/0x11e0 [ 417.341394] net_rx_action+0x98f/0x1d50 [ 417.345355] __do_softirq+0x721/0xc7f [ 417.349152] [ 417.350896] Uninit was stored to memory at: [ 417.355232] kmsan_internal_chain_origin+0x136/0x240 [ 417.360327] __msan_chain_origin+0x6d/0xb0 [ 417.364562] __save_stack_trace+0x8be/0xc60 [ 417.368907] save_stack_trace+0xc6/0x110 [ 417.372953] kmsan_internal_chain_origin+0x136/0x240 [ 417.378060] kmsan_memcpy_origins+0x13d/0x190 [ 417.382558] __msan_memcpy+0x6f/0x80 [ 417.386260] pskb_expand_head+0x436/0x1d20 [ 417.390483] ___pskb_trim+0x3c9/0x1bf0 [ 417.394357] sk_filter_trim_cap+0x5ac/0xa60 [ 417.398671] tcp_filter+0x10c/0x260 [ 417.402286] tcp_v6_rcv+0x45ba/0x5df0 [ 417.406075] ip6_input_finish+0xb53/0x2450 [ 417.410328] ip6_input+0x29d/0x340 [ 417.413855] ip6_rcv_finish+0x4d2/0x710 [ 417.418224] ipv6_rcv+0x34b/0x3f0 [ 417.421675] process_backlog+0x82b/0x11e0 [ 417.425837] net_rx_action+0x98f/0x1d50 [ 417.429796] __do_softirq+0x721/0xc7f [ 417.433583] [ 417.435196] Uninit was stored to memory at: [ 417.439630] kmsan_internal_chain_origin+0x136/0x240 [ 417.444720] __msan_chain_origin+0x6d/0xb0 [ 417.448949] __save_stack_trace+0x8be/0xc60 [ 417.453261] save_stack_trace+0xc6/0x110 [ 417.457321] kmsan_internal_chain_origin+0x136/0x240 [ 417.462412] kmsan_memcpy_origins+0x13d/0x190 [ 417.466919] __msan_memcpy+0x6f/0x80 [ 417.470624] pskb_expand_head+0x436/0x1d20 [ 417.474849] ___pskb_trim+0x3c9/0x1bf0 [ 417.478754] sk_filter_trim_cap+0x5ac/0xa60 [ 417.483065] tcp_filter+0x10c/0x260 [ 417.486681] tcp_v6_rcv+0x45ba/0x5df0 [ 417.490493] ip6_input_finish+0xb53/0x2450 [ 417.494723] ip6_input+0x29d/0x340 [ 417.498271] ip6_rcv_finish+0x4d2/0x710 [ 417.502244] ipv6_rcv+0x34b/0x3f0 [ 417.505685] process_backlog+0x82b/0x11e0 [ 417.509817] net_rx_action+0x98f/0x1d50 [ 417.513780] __do_softirq+0x721/0xc7f [ 417.517895] [ 417.519522] Uninit was stored to memory at: [ 417.523837] kmsan_internal_chain_origin+0x136/0x240 [ 417.529033] __msan_chain_origin+0x6d/0xb0 [ 417.533255] __save_stack_trace+0x8be/0xc60 [ 417.537564] save_stack_trace+0xc6/0x110 [ 417.541611] kmsan_internal_chain_origin+0x136/0x240 [ 417.546701] kmsan_memcpy_origins+0x13d/0x190 [ 417.551185] __msan_memcpy+0x6f/0x80 [ 417.554895] pskb_expand_head+0x436/0x1d20 [ 417.559116] ___pskb_trim+0x3c9/0x1bf0 [ 417.563003] sk_filter_trim_cap+0x5ac/0xa60 [ 417.567433] tcp_filter+0x10c/0x260 [ 417.571052] tcp_v6_rcv+0x45ba/0x5df0 [ 417.574842] ip6_input_finish+0xb53/0x2450 [ 417.579063] ip6_input+0x29d/0x340 [ 417.582588] ip6_rcv_finish+0x4d2/0x710 [ 417.586550] ipv6_rcv+0x34b/0x3f0 [ 417.589990] process_backlog+0x82b/0x11e0 [ 417.594138] net_rx_action+0x98f/0x1d50 [ 417.598112] __do_softirq+0x721/0xc7f [ 417.601902] [ 417.603513] Uninit was stored to memory at: [ 417.607820] kmsan_internal_chain_origin+0x136/0x240 [ 417.612913] __msan_chain_origin+0x6d/0xb0 [ 417.617448] __save_stack_trace+0x8be/0xc60 [ 417.621771] save_stack_trace+0xc6/0x110 [ 417.625831] kmsan_internal_chain_origin+0x136/0x240 [ 417.630919] kmsan_memcpy_origins+0x13d/0x190 [ 417.635420] __msan_memcpy+0x6f/0x80 [ 417.639136] pskb_expand_head+0x436/0x1d20 [ 417.643360] ___pskb_trim+0x3c9/0x1bf0 [ 417.647244] sk_filter_trim_cap+0x5ac/0xa60 [ 417.651551] tcp_filter+0x10c/0x260 [ 417.655181] tcp_v6_rcv+0x45ba/0x5df0 [ 417.658985] ip6_input_finish+0xb53/0x2450 [ 417.663224] ip6_input+0x29d/0x340 [ 417.666767] ip6_rcv_finish+0x4d2/0x710 [ 417.670727] ipv6_rcv+0x34b/0x3f0 [ 417.674172] process_backlog+0x82b/0x11e0 [ 417.678308] net_rx_action+0x98f/0x1d50 [ 417.682269] __do_softirq+0x721/0xc7f [ 417.686050] [ 417.687660] Uninit was stored to memory at: [ 417.692237] kmsan_internal_chain_origin+0x136/0x240 [ 417.697345] __msan_chain_origin+0x6d/0xb0 [ 417.701581] __save_stack_trace+0x8be/0xc60 [ 417.705904] save_stack_trace+0xc6/0x110 [ 417.709968] kmsan_internal_chain_origin+0x136/0x240 [ 417.715065] kmsan_memcpy_origins+0x13d/0x190 [ 417.720002] __msan_memcpy+0x6f/0x80 [ 417.723709] pskb_expand_head+0x436/0x1d20 [ 417.727945] ___pskb_trim+0x3c9/0x1bf0 [ 417.731912] sk_filter_trim_cap+0x5ac/0xa60 [ 417.736247] tcp_filter+0x10c/0x260 [ 417.739882] tcp_v6_rcv+0x45ba/0x5df0 [ 417.743674] ip6_input_finish+0xb53/0x2450 [ 417.747895] ip6_input+0x29d/0x340 [ 417.751436] ip6_rcv_finish+0x4d2/0x710 03:45:37 executing program 1: r0 = open(&(0x7f0000000200)='./file0\x00', 0x14104a, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000974fee)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000080)=[{}], 0x18) sendfile(r1, r0, &(0x7f0000000000), 0x100000001) [ 417.755417] ipv6_rcv+0x34b/0x3f0 [ 417.758900] process_backlog+0x82b/0x11e0 [ 417.763048] net_rx_action+0x98f/0x1d50 [ 417.767009] __do_softirq+0x721/0xc7f [ 417.770799] [ 417.772421] Local variable description: ----v.addr.i.i.i@should_fail [ 417.778897] Variable was created at: [ 417.782599] should_fail+0x14d/0x13c0 [ 417.786389] __should_failslab+0x278/0x2a0 03:45:37 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340), 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 03:45:38 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) 03:45:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 418.300309] binder: 11212 RLIMIT_NICE not set 03:45:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 418.393615] binder: 11207:11212 BC_DEAD_BINDER_DONE 0000000000000004 not found [ 418.450929] binder: 11207:11212 unknown command 536872576 [ 418.457036] binder: 11207:11212 ioctl c0306201 20008fd0 returned -22 03:45:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 418.492568] binder: 11219 RLIMIT_NICE not set [ 418.562738] binder: 11207:11225 BC_DEAD_BINDER_DONE 0000000000000004 not found 03:45:38 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) socket$nl_route(0x10, 0x3, 0x0) prctl$getreaper(0x0, &(0x7f0000000800)) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:38 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) 03:45:38 executing program 5: r0 = memfd_create(&(0x7f00000004c0)="7175657565310000000000000000313b000000000000000000000000000014d50e7ddd000000000000000000000000ebc2b0032566ccd0ca04d81f2e66c16297b767ea5f57688be20ed46115561d6a8952b75635444563d54cb68a275c72bfd42ab8f96e53e4be40f8b239767a400a8dca7bd22c3d421504ab5ea77831e2c401bda04b05a7bbe844dff7d9e6dd51431634db1919fda75b6d040000000000000016adf0bb1a2cedc35288d4cd71aac5882ce107007e9bf18bac0d25dcbdd587b8e8cf3b6c5514da027dbdea0c8066a9345bbdd1e87c998a37bac6c852eab361747081e275aecf3bd401839cb8bd05cebedb48e866b6de271bf607e4001c04dc189cf4", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x1) dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, "7175657565310000000000000000000000000000220000000000000000000078e9000000060000000000ccbf7ddd000000003f000d4500"}) write$sndseq(r0, &(0x7f0000000000)=[{0x5, 0xf401, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 03:45:38 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x0, 0x0, 0x1, 0x0, [0x0]}}, 0x29) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 418.944756] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 419.024256] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 419.090275] usb usb3: usbfs: process 11246 (syz-executor2) did not claim interface 0 before use [ 419.099992] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:39 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:39 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:39 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$getreaper(0x0, &(0x7f0000000800)) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:39 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) [ 419.289705] usb usb3: usbfs: process 11246 (syz-executor2) did not claim interface 0 before use 03:45:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000480), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300140006000000000000000000000000000000000008000500ac14141a080003000100000f010008"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="000000000000fcdbdf25"], 0x1}}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c1f023c12628571") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000140)=[{0x0, 0xc91}], 0x1) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0xe, 0x5, 0x9e}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 419.533575] usb usb3: usbfs: process 11259 (syz-executor1) did not claim interface 0 before use [ 419.628295] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xc, 0xe, &(0x7f0000000240)=ANY=[@ANYBLOB="b702000013000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000002b000000b70000000000000095000000000000003b0b"], &(0x7f00000000c0)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0x1000, &(0x7f0000000040)="e84373f460e0f11c39f9b7a31ba2", &(0x7f0000000500)=""/4096, 0x1283}, 0x28) [ 419.700759] usb usb3: usbfs: process 11264 (syz-executor1) did not claim interface 0 before use 03:45:39 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) 03:45:39 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:40 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') preadv(r0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/112, 0xfffffd73}], 0x1, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x98800, 0x0) 03:45:40 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:40 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="0203000a0c00000000000000000000000200080000000000e000000000000000030006000000000002000000e0002001000000000000000002000100000000000000020000000000030005000000000002000000f0ff0001deffffff00000000"], 0x60}}, 0x0) 03:45:40 executing program 5: 03:45:40 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:40 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:41 executing program 5: 03:45:41 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:41 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:41 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:41 executing program 5: 03:45:41 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:42 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000080)={0x28}, 0x28) socket$nl_route(0x10, 0x3, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:42 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') preadv(r0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/112, 0xfffffd73}], 0x1, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x98800, 0x0) 03:45:42 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:42 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:42 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') preadv(r0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/112, 0xfffffd73}], 0x1, 0x0) [ 422.735958] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 422.864017] usb usb3: usbfs: process 11335 (syz-executor5) did not claim interface 0 before use [ 422.873752] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:43 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:43 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:43 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000040), &(0x7f0000000180)) r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:43 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:43 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 423.766156] not chained 410000 origins [ 423.770115] CPU: 1 PID: 11345 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 423.777394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 423.786760] Call Trace: [ 423.789354] [ 423.791535] dump_stack+0x32d/0x480 [ 423.795178] ? save_stack_trace+0xc6/0x110 [ 423.799443] kmsan_internal_chain_origin+0x222/0x240 [ 423.804575] ? kmsan_internal_chain_origin+0x136/0x240 [ 423.810624] ? __msan_chain_origin+0x6d/0xb0 [ 423.815044] ? __save_stack_trace+0x8be/0xc60 [ 423.819570] ? save_stack_trace+0xc6/0x110 [ 423.823818] ? kmsan_internal_chain_origin+0x136/0x240 [ 423.829102] ? kmsan_memcpy_origins+0x13d/0x190 [ 423.833777] ? __msan_memcpy+0x6f/0x80 [ 423.837680] ? pskb_expand_head+0x436/0x1d20 [ 423.842249] ? ___pskb_trim+0x3c9/0x1bf0 [ 423.846326] ? sk_filter_trim_cap+0x5ac/0xa60 [ 423.850833] ? tcp_filter+0x10c/0x260 [ 423.854641] ? tcp_v6_rcv+0x45ba/0x5df0 [ 423.858621] ? ip6_input_finish+0xb53/0x2450 [ 423.863054] ? ip6_input+0x29d/0x340 [ 423.866770] ? ip6_rcv_finish+0x4d2/0x710 [ 423.870920] ? ipv6_rcv+0x34b/0x3f0 [ 423.874556] ? process_backlog+0x82b/0x11e0 [ 423.878892] ? net_rx_action+0x98f/0x1d50 [ 423.883045] ? __do_softirq+0x721/0xc7f [ 423.887030] ? do_softirq_own_stack+0x49/0x80 [ 423.891528] ? __local_bh_enable_ip+0x228/0x260 [ 423.896209] ? local_bh_enable+0x36/0x40 [ 423.900274] ? ip6_finish_output2+0x1b1a/0x22d0 [ 423.904949] ? ip6_finish_output+0xc13/0xca0 [ 423.910103] ? ip6_output+0x5e4/0x720 [ 423.913926] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 423.919297] ? __module_address+0x6a/0x5f0 [ 423.923546] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 423.929002] ? in_task_stack+0x12c/0x210 [ 423.933077] ? get_stack_info+0x206/0x220 [ 423.937241] __msan_chain_origin+0x6d/0xb0 [ 423.941590] ? __local_bh_enable_ip+0x228/0x260 [ 423.946280] __save_stack_trace+0x8be/0xc60 [ 423.950625] ? __local_bh_enable_ip+0x228/0x260 [ 423.955302] save_stack_trace+0xc6/0x110 [ 423.959375] kmsan_internal_chain_origin+0x136/0x240 [ 423.964481] ? local_bh_enable+0x36/0x40 [ 423.968556] ? __se_sys_sendto+0x107/0x130 [ 423.972799] ? kmsan_internal_chain_origin+0x136/0x240 [ 423.978083] ? kmsan_memcpy_origins+0x13d/0x190 [ 423.982759] ? __msan_memcpy+0x6f/0x80 [ 423.986653] ? pskb_expand_head+0x436/0x1d20 [ 423.991070] ? ___pskb_trim+0x3c9/0x1bf0 [ 423.995137] ? sk_filter_trim_cap+0x5ac/0xa60 [ 423.999638] ? tcp_filter+0x10c/0x260 [ 424.003440] ? tcp_v6_rcv+0x45ba/0x5df0 [ 424.008185] ? ip6_input_finish+0xb53/0x2450 [ 424.012607] ? ip6_input+0x29d/0x340 [ 424.016322] ? ip6_rcv_finish+0x4d2/0x710 [ 424.020473] ? ipv6_rcv+0x34b/0x3f0 [ 424.024109] ? process_backlog+0x82b/0x11e0 [ 424.028438] ? net_rx_action+0x98f/0x1d50 [ 424.032594] ? __do_softirq+0x721/0xc7f [ 424.036568] ? do_softirq_own_stack+0x49/0x80 [ 424.041068] ? __local_bh_enable_ip+0x228/0x260 [ 424.045737] ? local_bh_enable+0x36/0x40 [ 424.049802] ? ip6_finish_output2+0x1b1a/0x22d0 [ 424.054477] ? ip6_finish_output+0xc13/0xca0 [ 424.058890] ? ip6_output+0x5e4/0x720 [ 424.062793] ? ip6_xmit+0x216d/0x26a0 [ 424.066593] ? inet6_csk_xmit+0x3e0/0x4f0 [ 424.070755] ? __tcp_transmit_skb+0x425c/0x5e00 [ 424.075451] ? tcp_write_xmit+0x389a/0xacc0 [ 424.079775] ? __tcp_push_pending_frames+0x124/0x4e0 [ 424.084974] ? tcp_sendmsg_locked+0x44bf/0x6c30 [ 424.089649] ? tcp_sendmsg+0xb2/0x100 [ 424.093569] ? inet_sendmsg+0x4e9/0x800 [ 424.097548] ? __sys_sendto+0x940/0xb80 [ 424.101527] ? __se_sys_sendto+0x107/0x130 [ 424.106520] ? __x64_sys_sendto+0x6e/0x90 [ 424.110682] ? do_syscall_64+0xcf/0x110 [ 424.114678] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 424.120169] ? __msan_get_context_state+0x9/0x20 [ 424.124944] ? INIT_INT+0xc/0x30 [ 424.128324] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 424.133710] kmsan_memcpy_origins+0x13d/0x190 [ 424.138236] __msan_memcpy+0x6f/0x80 [ 424.141973] pskb_expand_head+0x436/0x1d20 [ 424.146251] ___pskb_trim+0x3c9/0x1bf0 [ 424.150170] sk_filter_trim_cap+0x5ac/0xa60 [ 424.154527] tcp_filter+0x10c/0x260 [ 424.158169] tcp_v6_rcv+0x45ba/0x5df0 [ 424.161989] ? __msan_poison_alloca+0x1e0/0x270 [ 424.166817] ? tcp_v6_early_demux+0xc80/0xc80 [ 424.171320] ? tcp_v6_early_demux+0xc80/0xc80 [ 424.175830] ip6_input_finish+0xb53/0x2450 [ 424.180099] ? ip6_input_finish+0x13e1/0x2450 [ 424.184610] ip6_input+0x29d/0x340 [ 424.188167] ? ip6_input+0x340/0x340 [ 424.191896] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 424.196313] ip6_rcv_finish+0x4d2/0x710 [ 424.200308] ipv6_rcv+0x34b/0x3f0 [ 424.203785] ? dst_hold+0x5e0/0x5e0 [ 424.208197] process_backlog+0x82b/0x11e0 [ 424.212370] ? __msan_poison_alloca+0x1e0/0x270 [ 424.217054] ? ip6_rcv_finish+0x710/0x710 [ 424.221949] ? rps_trigger_softirq+0x2e0/0x2e0 [ 424.226551] net_rx_action+0x98f/0x1d50 [ 424.230563] ? net_tx_action+0xf20/0xf20 [ 424.234636] __do_softirq+0x721/0xc7f [ 424.238459] do_softirq_own_stack+0x49/0x80 [ 424.242785] [ 424.245034] __local_bh_enable_ip+0x228/0x260 [ 424.249544] local_bh_enable+0x36/0x40 [ 424.253449] ip6_finish_output2+0x1b1a/0x22d0 [ 424.257988] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 424.263369] ? ip6_mtu+0x289/0x330 [ 424.266933] ip6_finish_output+0xc13/0xca0 [ 424.271215] ip6_output+0x5e4/0x720 [ 424.274871] ? ip6_output+0x720/0x720 [ 424.278701] ? ac6_seq_show+0x200/0x200 [ 424.282689] ip6_xmit+0x216d/0x26a0 [ 424.286360] ? ip6_xmit+0x26a0/0x26a0 [ 424.290176] inet6_csk_xmit+0x3e0/0x4f0 [ 424.294188] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 424.299139] __tcp_transmit_skb+0x425c/0x5e00 [ 424.303679] tcp_write_xmit+0x389a/0xacc0 [ 424.308604] __tcp_push_pending_frames+0x124/0x4e0 [ 424.313560] tcp_sendmsg_locked+0x44bf/0x6c30 03:45:43 executing program 5: 03:45:44 executing program 5: [ 424.318088] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 424.323508] tcp_sendmsg+0xb2/0x100 [ 424.327161] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 424.331854] inet_sendmsg+0x4e9/0x800 [ 424.335676] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 424.341056] ? security_socket_sendmsg+0x1bd/0x200 [ 424.346011] ? inet_getname+0x490/0x490 [ 424.350007] __sys_sendto+0x940/0xb80 [ 424.353850] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 424.359309] ? prepare_exit_to_usermode+0x182/0x4c0 [ 424.364335] __se_sys_sendto+0x107/0x130 [ 424.368414] __x64_sys_sendto+0x6e/0x90 [ 424.372395] do_syscall_64+0xcf/0x110 [ 424.376214] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 424.381430] RIP: 0033:0x457569 [ 424.384625] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 424.403536] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 424.411999] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 424.419276] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 424.426547] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 424.433819] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 424.441087] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 424.448372] Uninit was stored to memory at: [ 424.452707] kmsan_internal_chain_origin+0x136/0x240 [ 424.457816] __msan_chain_origin+0x6d/0xb0 [ 424.462058] __save_stack_trace+0x8be/0xc60 [ 424.466394] save_stack_trace+0xc6/0x110 [ 424.470469] kmsan_internal_chain_origin+0x136/0x240 [ 424.475584] kmsan_memcpy_origins+0x13d/0x190 [ 424.480087] __msan_memcpy+0x6f/0x80 [ 424.483810] pskb_expand_head+0x436/0x1d20 [ 424.488052] ___pskb_trim+0x3c9/0x1bf0 [ 424.492030] sk_filter_trim_cap+0x5ac/0xa60 [ 424.496474] tcp_filter+0x10c/0x260 [ 424.500102] tcp_v6_rcv+0x45ba/0x5df0 [ 424.503906] ip6_input_finish+0xb53/0x2450 [ 424.508834] ip6_input+0x29d/0x340 [ 424.512380] ip6_rcv_finish+0x4d2/0x710 [ 424.516351] ipv6_rcv+0x34b/0x3f0 [ 424.519811] process_backlog+0x82b/0x11e0 [ 424.523967] net_rx_action+0x98f/0x1d50 [ 424.527955] __do_softirq+0x721/0xc7f [ 424.531762] [ 424.533396] Uninit was stored to memory at: [ 424.537749] kmsan_internal_chain_origin+0x136/0x240 [ 424.542879] __msan_chain_origin+0x6d/0xb0 [ 424.547124] __save_stack_trace+0x8be/0xc60 [ 424.551467] save_stack_trace+0xc6/0x110 [ 424.555534] kmsan_internal_chain_origin+0x136/0x240 [ 424.560641] kmsan_memcpy_origins+0x13d/0x190 [ 424.565140] __msan_memcpy+0x6f/0x80 [ 424.568887] pskb_expand_head+0x436/0x1d20 [ 424.573124] ___pskb_trim+0x3c9/0x1bf0 [ 424.577022] sk_filter_trim_cap+0x5ac/0xa60 [ 424.581345] tcp_filter+0x10c/0x260 [ 424.584977] tcp_v6_rcv+0x45ba/0x5df0 [ 424.588779] ip6_input_finish+0xb53/0x2450 [ 424.593014] ip6_input+0x29d/0x340 [ 424.596552] ip6_rcv_finish+0x4d2/0x710 [ 424.600533] ipv6_rcv+0x34b/0x3f0 [ 424.604001] process_backlog+0x82b/0x11e0 [ 424.608880] net_rx_action+0x98f/0x1d50 [ 424.612865] __do_softirq+0x721/0xc7f [ 424.616663] [ 424.618290] Uninit was stored to memory at: [ 424.622641] kmsan_internal_chain_origin+0x136/0x240 [ 424.627757] __msan_chain_origin+0x6d/0xb0 [ 424.632005] __save_stack_trace+0x8be/0xc60 [ 424.636335] save_stack_trace+0xc6/0x110 [ 424.640403] kmsan_internal_chain_origin+0x136/0x240 [ 424.645514] kmsan_memcpy_origins+0x13d/0x190 [ 424.650015] __msan_memcpy+0x6f/0x80 [ 424.653738] pskb_expand_head+0x436/0x1d20 [ 424.657976] ___pskb_trim+0x3c9/0x1bf0 [ 424.661870] sk_filter_trim_cap+0x5ac/0xa60 [ 424.666216] tcp_filter+0x10c/0x260 [ 424.669847] tcp_v6_rcv+0x45ba/0x5df0 [ 424.673651] ip6_input_finish+0xb53/0x2450 [ 424.677899] ip6_input+0x29d/0x340 [ 424.681442] ip6_rcv_finish+0x4d2/0x710 [ 424.685423] ipv6_rcv+0x34b/0x3f0 [ 424.688889] process_backlog+0x82b/0x11e0 [ 424.693046] net_rx_action+0x98f/0x1d50 [ 424.697031] __do_softirq+0x721/0xc7f [ 424.700826] [ 424.702454] Uninit was stored to memory at: [ 424.707312] kmsan_internal_chain_origin+0x136/0x240 [ 424.712436] __msan_chain_origin+0x6d/0xb0 [ 424.716683] __save_stack_trace+0x8be/0xc60 [ 424.721015] save_stack_trace+0xc6/0x110 [ 424.725091] kmsan_internal_chain_origin+0x136/0x240 [ 424.730212] kmsan_memcpy_origins+0x13d/0x190 [ 424.734712] __msan_memcpy+0x6f/0x80 [ 424.738432] pskb_expand_head+0x436/0x1d20 [ 424.742673] ___pskb_trim+0x3c9/0x1bf0 [ 424.746583] sk_filter_trim_cap+0x5ac/0xa60 [ 424.750910] tcp_filter+0x10c/0x260 [ 424.754543] tcp_v6_rcv+0x45ba/0x5df0 [ 424.758344] ip6_input_finish+0xb53/0x2450 [ 424.762582] ip6_input+0x29d/0x340 [ 424.766139] ip6_rcv_finish+0x4d2/0x710 [ 424.770116] ipv6_rcv+0x34b/0x3f0 [ 424.773571] process_backlog+0x82b/0x11e0 [ 424.777721] net_rx_action+0x98f/0x1d50 [ 424.781698] __do_softirq+0x721/0xc7f [ 424.785496] [ 424.787125] Uninit was stored to memory at: [ 424.791463] kmsan_internal_chain_origin+0x136/0x240 [ 424.796581] __msan_chain_origin+0x6d/0xb0 [ 424.800853] __save_stack_trace+0x8be/0xc60 [ 424.805189] save_stack_trace+0xc6/0x110 [ 424.810008] kmsan_internal_chain_origin+0x136/0x240 [ 424.815120] kmsan_memcpy_origins+0x13d/0x190 [ 424.819638] __msan_memcpy+0x6f/0x80 [ 424.823377] pskb_expand_head+0x436/0x1d20 [ 424.827617] ___pskb_trim+0x3c9/0x1bf0 [ 424.831509] sk_filter_trim_cap+0x5ac/0xa60 [ 424.835836] tcp_filter+0x10c/0x260 [ 424.839467] tcp_v6_rcv+0x45ba/0x5df0 [ 424.843268] ip6_input_finish+0xb53/0x2450 [ 424.847505] ip6_input+0x29d/0x340 [ 424.851047] ip6_rcv_finish+0x4d2/0x710 [ 424.855022] ipv6_rcv+0x34b/0x3f0 [ 424.858479] process_backlog+0x82b/0x11e0 [ 424.862629] net_rx_action+0x98f/0x1d50 [ 424.866607] __do_softirq+0x721/0xc7f [ 424.870408] [ 424.872045] Uninit was stored to memory at: [ 424.876385] kmsan_internal_chain_origin+0x136/0x240 [ 424.881499] __msan_chain_origin+0x6d/0xb0 [ 424.885741] __save_stack_trace+0x8be/0xc60 [ 424.890065] save_stack_trace+0xc6/0x110 [ 424.894130] kmsan_internal_chain_origin+0x136/0x240 [ 424.899237] kmsan_memcpy_origins+0x13d/0x190 [ 424.903735] __msan_memcpy+0x6f/0x80 [ 424.908188] pskb_expand_head+0x436/0x1d20 [ 424.912438] ___pskb_trim+0x3c9/0x1bf0 [ 424.916334] sk_filter_trim_cap+0x5ac/0xa60 [ 424.920665] tcp_filter+0x10c/0x260 [ 424.924295] tcp_v6_rcv+0x45ba/0x5df0 [ 424.928098] ip6_input_finish+0xb53/0x2450 [ 424.932350] ip6_input+0x29d/0x340 [ 424.935903] ip6_rcv_finish+0x4d2/0x710 [ 424.939887] ipv6_rcv+0x34b/0x3f0 [ 424.943353] process_backlog+0x82b/0x11e0 [ 424.947547] net_rx_action+0x98f/0x1d50 [ 424.951535] __do_softirq+0x721/0xc7f [ 424.955334] [ 424.956970] Uninit was stored to memory at: [ 424.961333] kmsan_internal_chain_origin+0x136/0x240 [ 424.966448] __msan_chain_origin+0x6d/0xb0 [ 424.970696] __save_stack_trace+0x8be/0xc60 [ 424.975034] save_stack_trace+0xc6/0x110 [ 424.979113] kmsan_internal_chain_origin+0x136/0x240 [ 424.984240] kmsan_memcpy_origins+0x13d/0x190 [ 424.988750] __msan_memcpy+0x6f/0x80 [ 424.992479] pskb_expand_head+0x436/0x1d20 [ 424.996725] ___pskb_trim+0x3c9/0x1bf0 [ 425.000622] sk_filter_trim_cap+0x5ac/0xa60 [ 425.004952] tcp_filter+0x10c/0x260 [ 425.009316] tcp_v6_rcv+0x45ba/0x5df0 [ 425.013128] ip6_input_finish+0xb53/0x2450 [ 425.017373] ip6_input+0x29d/0x340 [ 425.020928] ip6_rcv_finish+0x4d2/0x710 [ 425.024909] ipv6_rcv+0x34b/0x3f0 [ 425.028368] process_backlog+0x82b/0x11e0 [ 425.032522] net_rx_action+0x98f/0x1d50 [ 425.036503] __do_softirq+0x721/0xc7f [ 425.040297] [ 425.041932] Local variable description: ----v.addr.i.i.i@should_fail [ 425.048422] Variable was created at: [ 425.052383] should_fail+0x14d/0x13c0 [ 425.056188] __should_failslab+0x278/0x2a0 [ 425.099429] not chained 420000 origins [ 425.103366] CPU: 1 PID: 11345 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 425.111225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 425.120700] Call Trace: [ 425.123318] dump_stack+0x32d/0x480 [ 425.126980] ? save_stack_trace+0xc6/0x110 [ 425.131241] kmsan_internal_chain_origin+0x222/0x240 [ 425.136366] ? kmsan_internal_chain_origin+0x136/0x240 [ 425.141653] ? __msan_chain_origin+0x6d/0xb0 [ 425.146073] ? __save_stack_trace+0x8be/0xc60 [ 425.150571] ? save_stack_trace+0xc6/0x110 [ 425.154814] ? kmsan_internal_chain_origin+0x136/0x240 [ 425.160098] ? kmsan_memcpy_origins+0x13d/0x190 [ 425.164774] ? __msan_memcpy+0x6f/0x80 [ 425.168675] ? pskb_expand_head+0x436/0x1d20 [ 425.173106] ? skb_shift+0xce2/0x2d10 [ 425.176912] ? tcp_sacktag_walk+0x2156/0x29d0 [ 425.181412] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 425.186529] ? tcp_ack+0x2888/0xa010 [ 425.190270] ? tcp_rcv_established+0xf7e/0x2940 [ 425.194970] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 425.199140] ? __release_sock+0x32d/0x750 [ 425.203311] ? __sk_flush_backlog+0x52/0x70 [ 425.208367] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 425.212967] ? tcp_sendmsg+0xb2/0x100 [ 425.216785] ? inet_sendmsg+0x4e9/0x800 [ 425.221249] ? __sys_sendto+0x940/0xb80 [ 425.225244] ? __se_sys_sendto+0x107/0x130 [ 425.229488] ? __x64_sys_sendto+0x6e/0x90 [ 425.233653] ? do_syscall_64+0xcf/0x110 [ 425.237644] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 425.243031] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 425.248673] ? __module_address+0x6a/0x5f0 [ 425.252927] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 425.258325] ? is_bpf_text_address+0x49e/0x4d0 [ 425.262931] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 425.268399] ? in_task_stack+0x12c/0x210 [ 425.272492] __msan_chain_origin+0x6d/0xb0 [ 425.276742] ? tcp_sendmsg+0xb2/0x100 [ 425.280561] __save_stack_trace+0x8be/0xc60 [ 425.284926] ? tcp_sendmsg+0xb2/0x100 [ 425.288738] save_stack_trace+0xc6/0x110 [ 425.292821] kmsan_internal_chain_origin+0x136/0x240 [ 425.297930] ? __x64_sys_sendto+0x6e/0x90 [ 425.302095] ? kmsan_internal_chain_origin+0x136/0x240 [ 425.308086] ? kmsan_memcpy_origins+0x13d/0x190 [ 425.312763] ? __msan_memcpy+0x6f/0x80 [ 425.316671] ? pskb_expand_head+0x436/0x1d20 [ 425.321110] ? skb_shift+0xce2/0x2d10 [ 425.324923] ? tcp_sacktag_walk+0x2156/0x29d0 [ 425.329451] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 425.334650] ? tcp_ack+0x2888/0xa010 [ 425.338369] ? tcp_rcv_established+0xf7e/0x2940 [ 425.343049] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 425.347209] ? __release_sock+0x32d/0x750 [ 425.351363] ? __sk_flush_backlog+0x52/0x70 [ 425.355692] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 425.360282] ? tcp_sendmsg+0xb2/0x100 [ 425.364174] ? inet_sendmsg+0x4e9/0x800 [ 425.368182] ? __sys_sendto+0x940/0xb80 [ 425.372282] ? __se_sys_sendto+0x107/0x130 [ 425.376525] ? __x64_sys_sendto+0x6e/0x90 [ 425.380679] ? do_syscall_64+0xcf/0x110 [ 425.384669] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 425.390066] ? __msan_get_context_state+0x9/0x20 [ 425.394843] ? INIT_INT+0xc/0x30 03:45:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') preadv(r0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/112, 0xfffffd73}], 0x1, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x98800, 0x0) 03:45:45 executing program 5: [ 425.398225] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 425.403596] ? ip6_finish_output+0xc13/0xca0 [ 425.408715] kmsan_memcpy_origins+0x13d/0x190 [ 425.413341] __msan_memcpy+0x6f/0x80 [ 425.417064] pskb_expand_head+0x436/0x1d20 [ 425.421325] skb_shift+0xce2/0x2d10 [ 425.424998] tcp_sacktag_walk+0x2156/0x29d0 [ 425.429357] tcp_sacktag_write_queue+0x2805/0x4630 [ 425.434342] tcp_ack+0x2888/0xa010 [ 425.437898] ? tcp_parse_options+0xbe/0x1cf0 [ 425.442336] ? tcp_validate_incoming+0x50b/0x29d0 [ 425.447208] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 425.452671] ? tcp_parse_options+0x1c55/0x1cf0 [ 425.457325] tcp_rcv_established+0xf7e/0x2940 [ 425.461861] tcp_v6_do_rcv+0x9f8/0x21b0 [ 425.465869] ? tcp_v6_destroy_sock+0x60/0x60 [ 425.470300] __release_sock+0x32d/0x750 [ 425.474301] __sk_flush_backlog+0x52/0x70 [ 425.478465] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 425.482717] tcp_sendmsg_locked+0xd72/0x6c30 [ 425.487166] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 425.492592] tcp_sendmsg+0xb2/0x100 [ 425.496255] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 425.500940] inet_sendmsg+0x4e9/0x800 [ 425.504783] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 425.510873] ? security_socket_sendmsg+0x1bd/0x200 [ 425.515826] ? inet_getname+0x490/0x490 [ 425.519827] __sys_sendto+0x940/0xb80 [ 425.523670] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 425.529139] ? prepare_exit_to_usermode+0x182/0x4c0 [ 425.534178] __se_sys_sendto+0x107/0x130 [ 425.538271] __x64_sys_sendto+0x6e/0x90 [ 425.542260] do_syscall_64+0xcf/0x110 [ 425.546079] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 425.551277] RIP: 0033:0x457569 [ 425.554496] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 425.573409] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 425.581128] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 425.588414] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 03:45:45 executing program 2: 03:45:45 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:45 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 425.595703] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 425.602983] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 425.610950] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 425.618343] Uninit was stored to memory at: [ 425.622686] kmsan_internal_chain_origin+0x136/0x240 [ 425.627804] __msan_chain_origin+0x6d/0xb0 [ 425.632054] __save_stack_trace+0x8be/0xc60 [ 425.636386] save_stack_trace+0xc6/0x110 [ 425.640462] kmsan_internal_chain_origin+0x136/0x240 [ 425.645581] kmsan_memcpy_origins+0x13d/0x190 [ 425.650089] __msan_memcpy+0x6f/0x80 [ 425.653818] pskb_expand_head+0x436/0x1d20 [ 425.658064] skb_shift+0xce2/0x2d10 [ 425.661700] tcp_sacktag_walk+0x2156/0x29d0 [ 425.666036] tcp_sacktag_write_queue+0x2805/0x4630 [ 425.671060] tcp_ack+0x2888/0xa010 [ 425.674608] tcp_rcv_established+0xf7e/0x2940 [ 425.679119] tcp_v6_do_rcv+0x9f8/0x21b0 [ 425.683107] __release_sock+0x32d/0x750 [ 425.687107] __sk_flush_backlog+0x52/0x70 [ 425.691274] tcp_sendmsg_locked+0xd72/0x6c30 [ 425.695696] tcp_sendmsg+0xb2/0x100 [ 425.699333] inet_sendmsg+0x4e9/0x800 [ 425.703145] __sys_sendto+0x940/0xb80 [ 425.707661] __se_sys_sendto+0x107/0x130 [ 425.711740] __x64_sys_sendto+0x6e/0x90 [ 425.715730] do_syscall_64+0xcf/0x110 [ 425.719549] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 425.724747] [ 425.726379] Uninit was stored to memory at: [ 425.730718] kmsan_internal_chain_origin+0x136/0x240 [ 425.735835] __msan_chain_origin+0x6d/0xb0 [ 425.740087] __save_stack_trace+0x8be/0xc60 [ 425.744435] save_stack_trace+0xc6/0x110 03:45:45 executing program 5: [ 425.748525] kmsan_internal_chain_origin+0x136/0x240 [ 425.753728] kmsan_memcpy_origins+0x13d/0x190 [ 425.758256] __msan_memcpy+0x6f/0x80 [ 425.761988] pskb_expand_head+0x436/0x1d20 [ 425.766238] skb_shift+0xce2/0x2d10 [ 425.769879] tcp_sacktag_walk+0x2156/0x29d0 [ 425.774225] tcp_sacktag_write_queue+0x2805/0x4630 [ 425.779273] tcp_ack+0x2888/0xa010 [ 425.782826] tcp_rcv_established+0xf7e/0x2940 [ 425.787352] tcp_v6_do_rcv+0x9f8/0x21b0 [ 425.791363] __release_sock+0x32d/0x750 [ 425.795351] __sk_flush_backlog+0x52/0x70 [ 425.799515] tcp_sendmsg_locked+0xd72/0x6c30 [ 425.803934] tcp_sendmsg+0xb2/0x100 [ 425.808274] inet_sendmsg+0x4e9/0x800 [ 425.812087] __sys_sendto+0x940/0xb80 [ 425.815901] __se_sys_sendto+0x107/0x130 [ 425.819983] __x64_sys_sendto+0x6e/0x90 [ 425.823975] do_syscall_64+0xcf/0x110 [ 425.827797] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 425.832990] [ 425.834618] Uninit was stored to memory at: [ 425.838962] kmsan_internal_chain_origin+0x136/0x240 [ 425.844097] __msan_chain_origin+0x6d/0xb0 [ 425.848350] __save_stack_trace+0x8be/0xc60 [ 425.852689] save_stack_trace+0xc6/0x110 [ 425.856766] kmsan_internal_chain_origin+0x136/0x240 [ 425.861883] kmsan_memcpy_origins+0x13d/0x190 [ 425.866479] __msan_memcpy+0x6f/0x80 [ 425.870235] pskb_expand_head+0x436/0x1d20 [ 425.874482] skb_shift+0xce2/0x2d10 [ 425.878298] tcp_sacktag_walk+0x2156/0x29d0 [ 425.882717] tcp_sacktag_write_queue+0x2805/0x4630 [ 425.887668] tcp_ack+0x2888/0xa010 [ 425.891226] tcp_rcv_established+0xf7e/0x2940 [ 425.895732] tcp_v6_do_rcv+0x9f8/0x21b0 [ 425.899737] __release_sock+0x32d/0x750 [ 425.903726] __sk_flush_backlog+0x52/0x70 [ 425.908608] tcp_sendmsg_locked+0xd72/0x6c30 [ 425.913031] tcp_sendmsg+0xb2/0x100 [ 425.916665] inet_sendmsg+0x4e9/0x800 [ 425.920477] __sys_sendto+0x940/0xb80 [ 425.924287] __se_sys_sendto+0x107/0x130 [ 425.928365] __x64_sys_sendto+0x6e/0x90 [ 425.932440] do_syscall_64+0xcf/0x110 [ 425.936255] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 425.941442] [ 425.943088] Uninit was stored to memory at: [ 425.947443] kmsan_internal_chain_origin+0x136/0x240 [ 425.952566] __msan_chain_origin+0x6d/0xb0 [ 425.956816] __save_stack_trace+0x8be/0xc60 [ 425.961159] save_stack_trace+0xc6/0x110 [ 425.965265] kmsan_internal_chain_origin+0x136/0x240 [ 425.970384] kmsan_memcpy_origins+0x13d/0x190 [ 425.974891] __msan_memcpy+0x6f/0x80 [ 425.978619] pskb_expand_head+0x436/0x1d20 [ 425.982864] skb_shift+0xce2/0x2d10 [ 425.986501] tcp_sacktag_walk+0x2156/0x29d0 [ 425.990830] tcp_sacktag_write_queue+0x2805/0x4630 [ 425.995770] tcp_ack+0x2888/0xa010 [ 425.999322] tcp_rcv_established+0xf7e/0x2940 [ 426.003827] tcp_v6_do_rcv+0x9f8/0x21b0 [ 426.008541] __release_sock+0x32d/0x750 [ 426.012523] __sk_flush_backlog+0x52/0x70 [ 426.016686] tcp_sendmsg_locked+0xd72/0x6c30 [ 426.021117] tcp_sendmsg+0xb2/0x100 [ 426.024773] inet_sendmsg+0x4e9/0x800 [ 426.028581] __sys_sendto+0x940/0xb80 [ 426.032388] __se_sys_sendto+0x107/0x130 [ 426.036475] __x64_sys_sendto+0x6e/0x90 [ 426.040463] do_syscall_64+0xcf/0x110 [ 426.044279] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 426.049465] [ 426.051089] Uninit was stored to memory at: [ 426.055512] kmsan_internal_chain_origin+0x136/0x240 [ 426.060626] __msan_chain_origin+0x6d/0xb0 [ 426.064871] __save_stack_trace+0x8be/0xc60 [ 426.069210] save_stack_trace+0xc6/0x110 [ 426.073283] kmsan_internal_chain_origin+0x136/0x240 [ 426.078396] kmsan_memcpy_origins+0x13d/0x190 [ 426.082902] __msan_memcpy+0x6f/0x80 [ 426.086626] pskb_expand_head+0x436/0x1d20 [ 426.090866] skb_shift+0xce2/0x2d10 [ 426.094506] tcp_sacktag_walk+0x2156/0x29d0 [ 426.098842] tcp_sacktag_write_queue+0x2805/0x4630 [ 426.103781] tcp_ack+0x2888/0xa010 [ 426.108104] tcp_rcv_established+0xf7e/0x2940 [ 426.112618] tcp_v6_do_rcv+0x9f8/0x21b0 [ 426.116606] __release_sock+0x32d/0x750 [ 426.120594] __sk_flush_backlog+0x52/0x70 [ 426.124759] tcp_sendmsg_locked+0xd72/0x6c30 [ 426.129179] tcp_sendmsg+0xb2/0x100 [ 426.132825] inet_sendmsg+0x4e9/0x800 [ 426.136632] __sys_sendto+0x940/0xb80 [ 426.140440] __se_sys_sendto+0x107/0x130 [ 426.144515] __x64_sys_sendto+0x6e/0x90 [ 426.148504] do_syscall_64+0xcf/0x110 [ 426.152321] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 426.157516] [ 426.159151] Uninit was stored to memory at: [ 426.163489] kmsan_internal_chain_origin+0x136/0x240 [ 426.168603] __msan_chain_origin+0x6d/0xb0 [ 426.172878] __save_stack_trace+0x8be/0xc60 [ 426.177217] save_stack_trace+0xc6/0x110 [ 426.181550] kmsan_internal_chain_origin+0x136/0x240 [ 426.186777] kmsan_memcpy_origins+0x13d/0x190 [ 426.191285] __msan_memcpy+0x6f/0x80 [ 426.195018] pskb_expand_head+0x436/0x1d20 [ 426.199262] skb_shift+0xce2/0x2d10 [ 426.202899] tcp_sacktag_walk+0x2156/0x29d0 [ 426.207925] tcp_sacktag_write_queue+0x2805/0x4630 [ 426.212865] tcp_ack+0x2888/0xa010 [ 426.216416] tcp_rcv_established+0xf7e/0x2940 [ 426.220925] tcp_v6_do_rcv+0x9f8/0x21b0 [ 426.224918] __release_sock+0x32d/0x750 [ 426.228911] __sk_flush_backlog+0x52/0x70 [ 426.233074] tcp_sendmsg_locked+0xd72/0x6c30 [ 426.237496] tcp_sendmsg+0xb2/0x100 [ 426.241136] inet_sendmsg+0x4e9/0x800 [ 426.244949] __sys_sendto+0x940/0xb80 [ 426.248767] __se_sys_sendto+0x107/0x130 [ 426.252840] __x64_sys_sendto+0x6e/0x90 [ 426.256832] do_syscall_64+0xcf/0x110 [ 426.260650] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 426.265839] [ 426.267471] Uninit was stored to memory at: [ 426.271812] kmsan_internal_chain_origin+0x136/0x240 [ 426.276930] __msan_chain_origin+0x6d/0xb0 [ 426.281187] __save_stack_trace+0x8be/0xc60 [ 426.285530] save_stack_trace+0xc6/0x110 [ 426.289609] kmsan_internal_chain_origin+0x136/0x240 [ 426.294726] kmsan_memcpy_origins+0x13d/0x190 [ 426.299241] __msan_memcpy+0x6f/0x80 [ 426.303092] pskb_expand_head+0x436/0x1d20 [ 426.308093] skb_shift+0xce2/0x2d10 [ 426.311733] tcp_sacktag_walk+0x2156/0x29d0 [ 426.316069] tcp_sacktag_write_queue+0x2805/0x4630 [ 426.321034] tcp_ack+0x2888/0xa010 [ 426.324678] tcp_rcv_established+0xf7e/0x2940 [ 426.329188] tcp_v6_do_rcv+0x9f8/0x21b0 [ 426.333186] __release_sock+0x32d/0x750 [ 426.337185] __sk_flush_backlog+0x52/0x70 [ 426.341359] tcp_sendmsg_locked+0xd72/0x6c30 [ 426.345779] tcp_sendmsg+0xb2/0x100 [ 426.349422] inet_sendmsg+0x4e9/0x800 [ 426.353238] __sys_sendto+0x940/0xb80 [ 426.357050] __se_sys_sendto+0x107/0x130 [ 426.361123] __x64_sys_sendto+0x6e/0x90 [ 426.365121] do_syscall_64+0xcf/0x110 [ 426.368937] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 426.374132] [ 426.375768] Local variable description: ----state@__save_stack_trace [ 426.382260] Variable was created at: [ 426.386077] __save_stack_trace+0xae/0xc60 [ 426.390335] save_stack_trace+0xc6/0x110 03:45:46 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(0xffffffffffffffff, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:46 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(0xffffffffffffffff, &(0x7f0000000480), 0x258, 0x0) 03:45:46 executing program 2: 03:45:46 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:46 executing program 5: 03:45:46 executing program 2: 03:45:48 executing program 1: 03:45:48 executing program 5: 03:45:48 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:48 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:48 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:48 executing program 2: 03:45:48 executing program 2: 03:45:48 executing program 1: 03:45:48 executing program 5: 03:45:48 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:48 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:48 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:48 executing program 5: 03:45:48 executing program 2: 03:45:48 executing program 1: 03:45:49 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:49 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:49 executing program 2: 03:45:49 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:49 executing program 1: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000040)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000000)) 03:45:49 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:49 executing program 2: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f00000001c0), 0x400) ioctl$KDSETMODE(r0, 0x4b3a, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:49 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080), 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:49 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:45:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r2) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000040)={0x0, @aes256}) 03:45:49 executing program 5: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000400)=""/135) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:49 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:50 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080), 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:50 executing program 0: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 03:45:50 executing program 5: r0 = memfd_create(&(0x7f0000000100)="0b656d31c1f8a68d4ec0a35ce2cba2bae5f497ac232aff", 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="3c00070003000100000000000000000000000000000025000000000000000000000000000000200000000000"], 0x2c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) setxattr$security_selinux(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:unconfined_exec_t:s0\x00', 0x27, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x4db, &(0x7f0000000000)=[{}]}, 0x10) 03:45:50 executing program 1: 03:45:50 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 430.342867] not chained 430000 origins [ 430.346817] CPU: 1 PID: 11502 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 430.354097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.363459] Call Trace: [ 430.366050] [ 430.368227] dump_stack+0x32d/0x480 [ 430.371881] kmsan_internal_chain_origin+0x222/0x240 [ 430.377006] ? __local_bh_enable_ip+0x11f/0x260 [ 430.381707] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 430.387085] ? __module_address+0x6a/0x5f0 [ 430.391329] ? is_bpf_text_address+0x3e5/0x4d0 [ 430.395929] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 430.401333] ? is_bpf_text_address+0x49e/0x4d0 [ 430.405932] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 430.411430] ? __module_address+0x6a/0x5f0 [ 430.415705] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 430.421167] ? in_task_stack+0x12c/0x210 [ 430.425254] ? get_stack_info+0x206/0x220 [ 430.429422] __msan_chain_origin+0x6d/0xb0 [ 430.434174] ? tcp_data_snd_check+0x1ec/0x1080 [ 430.438774] __save_stack_trace+0x8be/0xc60 [ 430.443127] ? tcp_data_snd_check+0x1ec/0x1080 [ 430.447724] save_stack_trace+0xc6/0x110 [ 430.451804] kmsan_internal_chain_origin+0x136/0x240 [ 430.456922] ? local_bh_enable+0x36/0x40 [ 430.461011] ? __sk_flush_backlog+0x52/0x70 [ 430.465350] ? kmsan_internal_chain_origin+0x136/0x240 [ 430.470642] ? kmsan_memcpy_origins+0x13d/0x190 [ 430.475322] ? __msan_memcpy+0x6f/0x80 [ 430.479235] ? pskb_expand_head+0x436/0x1d20 [ 430.483657] ? ___pskb_trim+0x3c9/0x1bf0 [ 430.487725] ? sk_filter_trim_cap+0x5ac/0xa60 03:45:50 executing program 1: 03:45:50 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x5, 0x5, 0x7, 0x9}, 0x2c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x1ff, 0x4, 0x100000001, 0x0, r0}, 0x21) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000100)={r1, 0x2, &(0x7f0000000140)}, 0x10) [ 430.492245] ? tcp_filter+0x10c/0x260 [ 430.496054] ? tcp_v6_rcv+0x45ba/0x5df0 [ 430.500042] ? ip6_input_finish+0xb53/0x2450 [ 430.504458] ? ip6_input+0x29d/0x340 [ 430.508180] ? ip6_rcv_finish+0x4d2/0x710 [ 430.512345] ? ipv6_rcv+0x34b/0x3f0 [ 430.515995] ? process_backlog+0x82b/0x11e0 [ 430.520332] ? net_rx_action+0x98f/0x1d50 [ 430.524495] ? __do_softirq+0x721/0xc7f [ 430.528482] ? do_softirq_own_stack+0x49/0x80 [ 430.533737] ? __local_bh_enable_ip+0x228/0x260 [ 430.538418] ? local_bh_enable+0x36/0x40 [ 430.542490] ? ip6_finish_output2+0x1b1a/0x22d0 [ 430.547169] ? ip6_finish_output+0xc13/0xca0 [ 430.551599] ? ip6_output+0x5e4/0x720 [ 430.555414] ? ip6_xmit+0x216d/0x26a0 [ 430.559236] ? inet6_csk_xmit+0x3e0/0x4f0 [ 430.563397] ? __tcp_transmit_skb+0x425c/0x5e00 [ 430.568091] ? tcp_write_xmit+0x389a/0xacc0 [ 430.572427] ? __tcp_push_pending_frames+0x124/0x4e0 [ 430.577544] ? tcp_data_snd_check+0x1ec/0x1080 [ 430.582136] ? tcp_rcv_established+0x1bb2/0x2940 [ 430.586904] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 430.591064] ? __release_sock+0x32d/0x750 [ 430.595225] ? __sk_flush_backlog+0x52/0x70 [ 430.599560] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 430.604156] ? tcp_sendmsg+0xb2/0x100 [ 430.607977] ? inet_sendmsg+0x4e9/0x800 [ 430.611977] ? __sys_sendto+0x940/0xb80 [ 430.615967] ? __se_sys_sendto+0x107/0x130 [ 430.620235] ? __x64_sys_sendto+0x6e/0x90 [ 430.624396] ? do_syscall_64+0xcf/0x110 [ 430.628379] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 430.634432] ? __msan_get_context_state+0x9/0x20 [ 430.639205] ? INIT_INT+0xc/0x30 [ 430.642585] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 430.647988] kmsan_memcpy_origins+0x13d/0x190 [ 430.652511] __msan_memcpy+0x6f/0x80 [ 430.656246] pskb_expand_head+0x436/0x1d20 [ 430.660520] ___pskb_trim+0x3c9/0x1bf0 [ 430.664442] sk_filter_trim_cap+0x5ac/0xa60 [ 430.668782] tcp_filter+0x10c/0x260 [ 430.672414] tcp_v6_rcv+0x45ba/0x5df0 [ 430.676220] ? __msan_poison_alloca+0x1e0/0x270 [ 430.680912] ? tcp_v6_early_demux+0xc80/0xc80 [ 430.685402] ? tcp_v6_early_demux+0xc80/0xc80 [ 430.689914] ip6_input_finish+0xb53/0x2450 [ 430.694165] ? ip6_input_finish+0x13e1/0x2450 [ 430.698669] ip6_input+0x29d/0x340 [ 430.702217] ? ip6_input+0x340/0x340 [ 430.705928] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 430.710336] ip6_rcv_finish+0x4d2/0x710 [ 430.714313] ipv6_rcv+0x34b/0x3f0 [ 430.717764] ? dst_hold+0x5e0/0x5e0 [ 430.721392] process_backlog+0x82b/0x11e0 [ 430.725537] ? __msan_poison_alloca+0x1e0/0x270 [ 430.730952] ? ip6_rcv_finish+0x710/0x710 [ 430.735219] ? rps_trigger_softirq+0x2e0/0x2e0 [ 430.739800] net_rx_action+0x98f/0x1d50 [ 430.743787] ? net_tx_action+0xf20/0xf20 [ 430.747843] __do_softirq+0x721/0xc7f [ 430.751653] do_softirq_own_stack+0x49/0x80 [ 430.755991] [ 430.758230] __local_bh_enable_ip+0x228/0x260 [ 430.762725] local_bh_enable+0x36/0x40 [ 430.766618] ip6_finish_output2+0x1b1a/0x22d0 [ 430.771124] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 430.776482] ? ip6_mtu+0x289/0x330 [ 430.780021] ip6_finish_output+0xc13/0xca0 [ 430.784258] ip6_output+0x5e4/0x720 [ 430.787890] ? ip6_output+0x720/0x720 [ 430.791696] ? ac6_seq_show+0x200/0x200 [ 430.795667] ip6_xmit+0x216d/0x26a0 [ 430.799322] ? ip6_xmit+0x26a0/0x26a0 [ 430.803123] inet6_csk_xmit+0x3e0/0x4f0 [ 430.807101] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 430.812023] __tcp_transmit_skb+0x425c/0x5e00 [ 430.816539] tcp_write_xmit+0x389a/0xacc0 [ 430.820732] __tcp_push_pending_frames+0x124/0x4e0 [ 430.825666] tcp_data_snd_check+0x1ec/0x1080 [ 430.830780] tcp_rcv_established+0x1bb2/0x2940 [ 430.835378] tcp_v6_do_rcv+0x9f8/0x21b0 [ 430.839358] ? tcp_v6_destroy_sock+0x60/0x60 [ 430.843764] __release_sock+0x32d/0x750 [ 430.847744] __sk_flush_backlog+0x52/0x70 [ 430.851889] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 430.856118] tcp_sendmsg_locked+0xd72/0x6c30 [ 430.860542] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 430.865930] tcp_sendmsg+0xb2/0x100 [ 430.869557] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 430.874226] inet_sendmsg+0x4e9/0x800 [ 430.878113] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 430.883471] ? security_socket_sendmsg+0x1bd/0x200 [ 430.888402] ? inet_getname+0x490/0x490 [ 430.892472] __sys_sendto+0x940/0xb80 [ 430.896286] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 430.901729] ? prepare_exit_to_usermode+0x182/0x4c0 [ 430.906742] __se_sys_sendto+0x107/0x130 [ 430.910803] __x64_sys_sendto+0x6e/0x90 [ 430.914776] do_syscall_64+0xcf/0x110 [ 430.918574] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 430.923772] RIP: 0033:0x457569 [ 430.926983] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 430.946654] RSP: 002b:00007f2d33e73c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 430.954353] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 430.961614] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 430.968874] RBP: 000000000072bfa0 R08: 0000000020000080 R09: 000000000000001c [ 430.976140] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f2d33e746d4 [ 430.983402] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 430.990674] Uninit was stored to memory at: [ 430.995004] kmsan_internal_chain_origin+0x136/0x240 [ 431.000097] __msan_chain_origin+0x6d/0xb0 [ 431.004324] __save_stack_trace+0x8be/0xc60 [ 431.008651] save_stack_trace+0xc6/0x110 [ 431.012706] kmsan_internal_chain_origin+0x136/0x240 [ 431.017804] kmsan_memcpy_origins+0x13d/0x190 [ 431.022292] __msan_memcpy+0x6f/0x80 [ 431.025997] pskb_expand_head+0x436/0x1d20 [ 431.030962] ___pskb_trim+0x3c9/0x1bf0 [ 431.034842] sk_filter_trim_cap+0x5ac/0xa60 [ 431.039159] tcp_filter+0x10c/0x260 [ 431.042777] tcp_v6_rcv+0x45ba/0x5df0 [ 431.046570] ip6_input_finish+0xb53/0x2450 [ 431.051028] ip6_input+0x29d/0x340 [ 431.054568] ip6_rcv_finish+0x4d2/0x710 [ 431.058537] ipv6_rcv+0x34b/0x3f0 [ 431.061983] process_backlog+0x82b/0x11e0 [ 431.066136] net_rx_action+0x98f/0x1d50 [ 431.070107] __do_softirq+0x721/0xc7f [ 431.073896] [ 431.075515] Uninit was stored to memory at: [ 431.079834] kmsan_internal_chain_origin+0x136/0x240 [ 431.084928] __msan_chain_origin+0x6d/0xb0 [ 431.089160] __save_stack_trace+0x8be/0xc60 [ 431.093474] save_stack_trace+0xc6/0x110 [ 431.097530] kmsan_internal_chain_origin+0x136/0x240 [ 431.102626] kmsan_memcpy_origins+0x13d/0x190 [ 431.107111] __msan_memcpy+0x6f/0x80 [ 431.110822] pskb_expand_head+0x436/0x1d20 [ 431.115051] ___pskb_trim+0x3c9/0x1bf0 [ 431.118934] sk_filter_trim_cap+0x5ac/0xa60 [ 431.123255] tcp_filter+0x10c/0x260 [ 431.126870] tcp_v6_rcv+0x45ba/0x5df0 [ 431.131381] ip6_input_finish+0xb53/0x2450 [ 431.135612] ip6_input+0x29d/0x340 [ 431.139167] ip6_rcv_finish+0x4d2/0x710 [ 431.143141] ipv6_rcv+0x34b/0x3f0 [ 431.146585] process_backlog+0x82b/0x11e0 [ 431.150722] net_rx_action+0x98f/0x1d50 [ 431.154691] __do_softirq+0x721/0xc7f [ 431.158486] [ 431.160109] Uninit was stored to memory at: [ 431.164425] kmsan_internal_chain_origin+0x136/0x240 [ 431.169520] __msan_chain_origin+0x6d/0xb0 [ 431.173747] __save_stack_trace+0x8be/0xc60 [ 431.178060] save_stack_trace+0xc6/0x110 [ 431.182111] kmsan_internal_chain_origin+0x136/0x240 [ 431.187215] kmsan_memcpy_origins+0x13d/0x190 [ 431.191707] __msan_memcpy+0x6f/0x80 [ 431.195416] pskb_expand_head+0x436/0x1d20 [ 431.199646] ___pskb_trim+0x3c9/0x1bf0 [ 431.203527] sk_filter_trim_cap+0x5ac/0xa60 [ 431.207845] tcp_filter+0x10c/0x260 [ 431.211464] tcp_v6_rcv+0x45ba/0x5df0 [ 431.215260] ip6_input_finish+0xb53/0x2450 [ 431.220017] ip6_input+0x29d/0x340 [ 431.223550] ip6_rcv_finish+0x4d2/0x710 [ 431.227517] ipv6_rcv+0x34b/0x3f0 [ 431.231467] process_backlog+0x82b/0x11e0 [ 431.235606] net_rx_action+0x98f/0x1d50 [ 431.239573] __do_softirq+0x721/0xc7f [ 431.243357] [ 431.244973] Uninit was stored to memory at: [ 431.249286] kmsan_internal_chain_origin+0x136/0x240 [ 431.254386] __msan_chain_origin+0x6d/0xb0 [ 431.258617] __save_stack_trace+0x8be/0xc60 [ 431.262932] save_stack_trace+0xc6/0x110 [ 431.266987] kmsan_internal_chain_origin+0x136/0x240 [ 431.272085] kmsan_memcpy_origins+0x13d/0x190 [ 431.276576] __msan_memcpy+0x6f/0x80 [ 431.280284] pskb_expand_head+0x436/0x1d20 [ 431.284515] ___pskb_trim+0x3c9/0x1bf0 [ 431.288399] sk_filter_trim_cap+0x5ac/0xa60 [ 431.292717] tcp_filter+0x10c/0x260 [ 431.296337] tcp_v6_rcv+0x45ba/0x5df0 [ 431.300130] ip6_input_finish+0xb53/0x2450 [ 431.304360] ip6_input+0x29d/0x340 [ 431.307892] ip6_rcv_finish+0x4d2/0x710 [ 431.311860] ipv6_rcv+0x34b/0x3f0 [ 431.315306] process_backlog+0x82b/0x11e0 [ 431.319453] net_rx_action+0x98f/0x1d50 [ 431.323422] __do_softirq+0x721/0xc7f [ 431.327214] [ 431.328842] Uninit was stored to memory at: [ 431.333899] kmsan_internal_chain_origin+0x136/0x240 [ 431.338995] __msan_chain_origin+0x6d/0xb0 [ 431.343225] __save_stack_trace+0x8be/0xc60 [ 431.347539] save_stack_trace+0xc6/0x110 [ 431.351593] kmsan_internal_chain_origin+0x136/0x240 [ 431.356686] kmsan_memcpy_origins+0x13d/0x190 [ 431.361176] __msan_memcpy+0x6f/0x80 [ 431.364892] pskb_expand_head+0x436/0x1d20 [ 431.369119] ___pskb_trim+0x3c9/0x1bf0 [ 431.373001] sk_filter_trim_cap+0x5ac/0xa60 [ 431.377314] tcp_filter+0x10c/0x260 [ 431.380933] tcp_v6_rcv+0x45ba/0x5df0 [ 431.384729] ip6_input_finish+0xb53/0x2450 [ 431.388952] ip6_input+0x29d/0x340 [ 431.392485] ip6_rcv_finish+0x4d2/0x710 [ 431.396448] ipv6_rcv+0x34b/0x3f0 [ 431.399896] process_backlog+0x82b/0x11e0 [ 431.404035] net_rx_action+0x98f/0x1d50 [ 431.408005] __do_softirq+0x721/0xc7f [ 431.411792] [ 431.413405] Uninit was stored to memory at: [ 431.417728] kmsan_internal_chain_origin+0x136/0x240 [ 431.422821] __msan_chain_origin+0x6d/0xb0 [ 431.427046] __save_stack_trace+0x8be/0xc60 [ 431.432078] save_stack_trace+0xc6/0x110 [ 431.436130] kmsan_internal_chain_origin+0x136/0x240 [ 431.441227] kmsan_memcpy_origins+0x13d/0x190 [ 431.445715] __msan_memcpy+0x6f/0x80 [ 431.449425] pskb_expand_head+0x436/0x1d20 [ 431.453653] ___pskb_trim+0x3c9/0x1bf0 [ 431.457535] sk_filter_trim_cap+0x5ac/0xa60 [ 431.461850] tcp_filter+0x10c/0x260 [ 431.465473] tcp_v6_rcv+0x45ba/0x5df0 [ 431.469262] ip6_input_finish+0xb53/0x2450 [ 431.473498] ip6_input+0x29d/0x340 [ 431.477041] ip6_rcv_finish+0x4d2/0x710 [ 431.481006] ipv6_rcv+0x34b/0x3f0 [ 431.484451] process_backlog+0x82b/0x11e0 [ 431.488594] net_rx_action+0x98f/0x1d50 [ 431.492560] __do_softirq+0x721/0xc7f [ 431.496343] [ 431.497961] Uninit was stored to memory at: [ 431.502276] kmsan_internal_chain_origin+0x136/0x240 [ 431.507379] __msan_chain_origin+0x6d/0xb0 [ 431.511609] __save_stack_trace+0x8be/0xc60 [ 431.515930] save_stack_trace+0xc6/0x110 [ 431.519989] kmsan_internal_chain_origin+0x136/0x240 [ 431.525085] kmsan_memcpy_origins+0x13d/0x190 [ 431.530235] __msan_memcpy+0x6f/0x80 [ 431.533948] pskb_expand_head+0x436/0x1d20 [ 431.538183] ___pskb_trim+0x3c9/0x1bf0 [ 431.542071] sk_filter_trim_cap+0x5ac/0xa60 [ 431.546388] tcp_filter+0x10c/0x260 [ 431.550006] tcp_v6_rcv+0x45ba/0x5df0 [ 431.553799] ip6_input_finish+0xb53/0x2450 [ 431.558026] ip6_input+0x29d/0x340 [ 431.561554] ip6_rcv_finish+0x4d2/0x710 [ 431.565518] ipv6_rcv+0x34b/0x3f0 [ 431.568980] process_backlog+0x82b/0x11e0 [ 431.573216] net_rx_action+0x98f/0x1d50 [ 431.577187] __do_softirq+0x721/0xc7f [ 431.580986] [ 431.582604] Local variable description: ----v.addr.i.i.i@should_fail [ 431.589084] Variable was created at: [ 431.592789] should_fail+0x14d/0x13c0 [ 431.596587] __should_failslab+0x278/0x2a0 03:45:51 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080), 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket(0x80000000000000a, 0x2, 0x0) unshare(0x400) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000200), 0x4) 03:45:52 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote, [0x3f000000, 0x700, 0xa, 0xc0fe]}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="060000000000000000000000000000000000000000000000"], 0x18}, 0x0) 03:45:52 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000", 0xc) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:52 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:52 executing program 5: clone(0x80000000200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000004c0)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:52 executing program 2: 03:45:52 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote, [0x3f000000, 0x700, 0xa, 0xc0fe]}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="060000000000000000000000000000000000000000000000"], 0x18}, 0x0) 03:45:52 executing program 1: 03:45:52 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000", 0xc) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:52 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:52 executing program 2: 03:45:52 executing program 1: 03:45:52 executing program 0: 03:45:53 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:53 executing program 1: 03:45:53 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000", 0xc) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:53 executing program 5: 03:45:53 executing program 2: 03:45:53 executing program 0: 03:45:53 executing program 1: 03:45:53 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:53 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000", 0x12) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:53 executing program 2: 03:45:53 executing program 1: 03:45:53 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000140)=""/24, &(0x7f0000000200)=0x18) 03:45:53 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:53 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000440), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000380)={&(0x7f0000000300), 0x10, &(0x7f00000007c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="0000000001000000000000000000000060c5ccffa454a890d2ec450e6abaa884541ed0e2f1ac30d2a17c29c9a2978af3fcec4fc145068250bca3ce15790eb7ed09a5cf0029adf82777d2d0a7ddcb3ea4"], 0x1}}, 0x0) 03:45:53 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140)=0x4, 0x4) prctl$getreaper(0x0, &(0x7f0000000800)) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:54 executing program 5: 03:45:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000080)={0x0, 0x4, 0x0, 0xf68}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) pivot_root(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) recvmmsg(0xffffffffffffffff, &(0x7f0000002540)=[{{&(0x7f00000000c0)=@nfc, 0x80, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/230, 0xe6}, {&(0x7f00000003c0)=""/167, 0xa7}, {&(0x7f00000005c0)=""/4096, 0x1000}], 0x3}}], 0x1, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000180)="0f00db670f01df66b8000000000f23d80f21f86635400000f00f23f80f09b800008ee00f009a00000f212b0f01c30f21b00f1af9", 0x34}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000540)={0xd0003}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:45:54 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000", 0x12) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 434.153542] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:45:54 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:54 executing program 2: 03:45:54 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000", 0x12) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:54 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000080)={0x0, @bt={0x0, 0x0, 0x0, 0x0, 0xffffffff}}) 03:45:54 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1) r1 = gettid() sendmmsg(0xffffffffffffffff, &(0x7f000000a240)=[{{&(0x7f0000002bc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, {0xa, 0x4e24, 0x0, @mcast1}}}, 0x80, &(0x7f0000003080)}}, {{&(0x7f00000076c0)=@xdp, 0x80, &(0x7f0000007b80), 0x0, &(0x7f0000007c00)}}], 0x2, 0x0) ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000040)=0x8) timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x989680}}, &(0x7f00000001c0)) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f00000074c0)=0xffffffff, 0x4) tkill(r1, 0x15) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000240)=0x8000) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='io.stat\x00', 0x0, 0x0) 03:45:54 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) r1 = dup(r0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x2, 0x7, &(0x7f00000001c0)) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000040)) 03:45:55 executing program 2: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) pread64(r2, &(0x7f00000004c0)=""/191, 0xbf, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2f, &(0x7f0000000240)={0x1, {{0xa, 0x4e20, 0x8, @ipv4={[], [], @loopback}, 0x3}}, {{0xa, 0x4e22, 0x3, @local, 0x84e}}}, 0x108) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r2, 0x0) mmap(&(0x7f0000f44000/0x4000)=nil, 0x507000, 0x1000007, 0x2013, r2, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000100), &(0x7f0000000140)=0x1) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e21, 0x0, @mcast2, 0x3}}, 0x81, 0x0, 0x101, 0x3, 0x2}, &(0x7f0000000040)=0x98) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={r3, 0x2}, 0x8) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:45:55 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000", 0x15) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:55 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x7, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) 03:45:55 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000", 0x15) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 435.337393] usb usb3: usbfs: process 11649 (syz-executor0) did not claim interface 0 before use 03:45:55 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)) preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 435.381861] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 435.469979] usb usb3: usbfs: process 11656 (syz-executor0) did not claim interface 0 before use 03:45:55 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:55 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000", 0x15) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) 03:45:56 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d024031") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:58 executing program 1: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000140), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000780), &(0x7f0000000800)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000300)=""/134) creat(&(0x7f00000001c0)='./file1\x00', 0x5) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f0000000100)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000140)={0x0, &(0x7f0000000040)}) 03:45:58 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff00000000000000000000000000000202", 0x17) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:58 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x8a, 0x3132564e}) 03:45:58 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d024031") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f0000000100)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x2, 0x7, &(0x7f00000001c0)) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000140)={0x0, &(0x7f0000000040)}) 03:45:59 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d024031") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:59 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff00000000000000000000000000000202", 0x17) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:45:59 executing program 0: clone(0x200, &(0x7f0000000380), &(0x7f0000000180), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f00000003c0)='./file0\x00', 0x8000001040, 0x0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', &(0x7f0000000500), &(0x7f0000000740), 0x0) ioctl$KDSETMODE(r0, 0x4b3a, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:45:59 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000700)={0x16, 0x98, 0xfa00, {&(0x7f0000000340), 0x0, 0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x0, 0x0, {"6d3a03a22ad13804238c25806cdd75ac"}}}}, 0xa0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) flistxattr(r0, &(0x7f0000000380)=""/57, 0x39) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000640)='/dev/vsock\x00', 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x80, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000008c0)={{{@in6=@remote, @in=@multicast1}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f00000005c0)=0x13) readv(0xffffffffffffffff, &(0x7f00000f9000)=[{&(0x7f0000242000)=""/2560, 0xa00}], 0x1) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/176, 0xb0}], 0x1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300)=0xc, 0x4) keyctl$invalidate(0x15, 0x0) ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f00000006c0)=""/23) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/qat_adf_ctl\x00', 0x600001, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x8000000000000020) r4 = syz_open_dev$dmmidi(&(0x7f0000000a80)='/dev/dmmidi#\x00', 0x8, 0x80000) ioctl$IOC_PR_RELEASE(r4, 0x401070ca, &(0x7f0000000280)={0x7d, 0x6}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000002c0)='em0mime_typecpuset\x00', r3}, 0x10) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() io_setup(0x5, &(0x7f0000000580)=0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000009c0)) io_destroy(r5) creat(&(0x7f0000000480)='./file0\x00', 0xcc) llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f00000007c0)=""/196, 0x2b7) get_mempolicy(&(0x7f0000000a00), &(0x7f0000000a40), 0x9, &(0x7f0000ffe000/0x2000)=nil, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @rand_addr}, &(0x7f0000000180)=0x10) 03:45:59 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d024031628571") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:45:59 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff00000000000000000000000000000202", 0x17) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 439.640236] Unknown ioctl -2143271643 03:45:59 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) bind$inet(r0, &(0x7f00001edff0)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) recvmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f0000001a80)=@nfc_llcp, 0x80, &(0x7f00000020c0), 0x0, &(0x7f00000010c0)=""/164, 0xa4}}], 0x1, 0x0, 0x0) sendto$inet(r0, &(0x7f0000c95ffd), 0x49b8, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10) 03:46:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xfe5a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, 0xffffffffffffffff) 03:46:00 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d024031628571") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 439.963723] Unknown ioctl 1074275332 [ 440.009655] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 03:46:00 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:00 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vcs\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000740), &(0x7f0000000780)=0x4) r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x7, 0x5) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(r1, 0x127f, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x4}, 0x0, 0x0, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000540), 0x0, 0x4000, &(0x7f0000000140)={0x2, 0x4e21, @multicast2}, 0x10) r3 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0xffffffffffffff29, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r3, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x200242, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x20003, &(0x7f0000000b00)={0xffffffffffffffff}, 0x13b, 0x6}}, 0x1b) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000580)={0x3, 0x40, 0xfa00, {{0xa, 0x800004e1f, 0x99d, @loopback, 0xfffffffffffffffe}, {0xa, 0x4e24, 0x3, @local, 0x40000038}, r5, 0x7f}}, 0x48) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x40000, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3) r8 = memfd_create(&(0x7f0000000080)="765787e1b118fb000000", 0x3) getpgid(r2) r9 = openat(r8, &(0x7f0000000280)='./file0\x00', 0x101000, 0x80) r10 = openat$ppp(0xffffffffffffff9c, &(0x7f00003dd000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r10, 0x40047438, &(0x7f0000000180)=""/246) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0x0, 0xfffffffffffffeaf, 0xfa00, {0xfffffffffffffffe, &(0x7f0000000240)={0xffffffffffffffff}, 0x13f}}, 0xfffffe78) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r10, 0x12, 0x2, &(0x7f0000000600)=""/157, &(0x7f0000000540)=0x23) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x400, @dev, 0x3}, r11}}, 0x48) getsockopt$inet_dccp_int(r9, 0x21, 0x11, &(0x7f00000006c0), &(0x7f0000000880)=0x4) setsockopt$inet_dccp_buf(r9, 0x21, 0xf, &(0x7f0000000340)="640b4f4bc410840e2726d1f4a894046cda1dac3db3d99102588ab04934849524e37515c2d99972f585d00af69de6753c217433dd371ce2fdbeee6771731e6d30fdcdb0bc50e849d7e8b75e0b77089b83304f0a7d1cd20af4e9b2e6eebd", 0x5d) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$KVM_SET_XCRS(r9, 0x4188aea7, &(0x7f0000001240)=ANY=[@ANYBLOB="040000003f00000034000000001d1979539000b60290842f140000000700000000000000d391661ad287a742ff00090200000000000073f400000000002068b00000000000000200000000000000e8939da48993e02ad6cd0b45cccb383525cc587d01000000dafc36b7303b80734000407b7ce1a863406ea32a2087d5ac9ccdb6423aaa023586f7e884b02d80369e2f3ed3e2eb79c7d6a68053c66efdea1a680f26441baf4dd10e52dc41d70c952c95199ef862dfb5580848d705afe3496d0052642c945acb377acf4ba18bac2eb1c65c1c48e6654f7c1cbc8477658e6a909de06fcd562da19b9a1b4fec17c37c3ed636c803000000000000006c3b971a4395a21b983836ed2a87331ac978085760bf09d1c18d7115efba02e4efc40bcc86c2ab4fc08b3a88b79525407e0e8c295be8b7d29fa2f2daa5484f6741ebafed0c4bc153719b8ea9ef1e1002ccf7bf4667b9114ad1adcee725c29506564c51380b7ee371b6953897eb7306979a9571172c229402754a250b3d2c72bbf22b8362503b53c9740f5319bfadd5ad4219e5156eb47c13433a12b4a0aae2c9fe1537d06fea74b7030f0687de572cb3ecd93c6ccf24ab7cf50050f5e544cd4a10d8887b26bfc9e73ac03ab5150775e59be1f3974009479049768e72a0e747e2544a80964728ebdf03b59b455f036070e061221589af45e8b6890984d8c242c5c91ca02692110cf1033524c1468e5c0000531127ff3956a73cf664db84a9396950a5753c15a58185813d7e5ddc779c9af94dfd76e9d9e316137eaa53e199e01541d0fb86ee771ba549bec3af2b3986c458327c5be601751c623efadfd0ecaf6de658f5590651798f9e78071d4b8fed849a8e36cde67b1928e6d0b80a2b7346131777197af62d87d80d4f372328fd5edd148024055edc445bfd670aa80f9fbb66245d158b99c1891162e3c8b55c8a11d9e6e9093a68307fc812bf406f1dff8307c849c7754e63788416dbea01683dc255cebc2f2d47a3c79d52cc9fae4592202be33f732ec60e02beb0a4a931007906485b0e8b919d5b835589d7ea2812cf046a7af372de202e10145164f4727c9f1223b24bab7c68f512115ce6c2d2808efce6d7056576e0a7d2423e8649d12597319729cfe6454665a6fcb78e987abfcf3601ab5763c92ad90c68d17cb0a34eec74dde19321e4a5ecf6b85069439388ae123e6eb158b5549bd4a5b101d43ceef55214a110dfb8bdcb1cd04aa9226a0a3de681766d7a211ae685bb883f08eeb5b587860bd19375c3a315d3b62cce72ded5d61f870d53a32bf7e063e77809533d7fa091861317ef5b84931ca49e9defe5b67563aa20f1f758730340745e9fd66ce4dbc82ebb1d769af0ed5e8d5a4892"]) 03:46:00 executing program 0: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004, 0x0, @local={0xac, 0x223}, @dev}}}}}}, &(0x7f0000000040)) 03:46:00 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d024031628571") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 440.466239] Unknown ioctl -2143271643 03:46:00 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0xffffffffffffff29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00003dd000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 03:46:00 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 440.779229] Unknown ioctl 1074275332 03:46:02 executing program 2: 03:46:02 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d02403162857170") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101}) r2 = socket(0x10, 0x3, 0x0) recvmsg(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), 0x0, &(0x7f0000000700)=""/118, 0x2de}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f00000001c0), 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001a008d0dad77e490a03d0000000000005fd0bc1dce94539947d7565d90121291e27021ddf7176be927235eb6cc0311093785e4d259af25321f167b6d2e76f7d679692d7a4980c22b29a157f7da00bbca9971be38d95c26239f59d3fdc4ccd06ce9b5cadd81b754aa5da29d6d1b81fda39de2af27cecc5cf5d4546ef6c3cbe69379be3ea8dd23f4dda40e3fd28b86fd2fbb5aa5e80c5885f1ff0e95ef0441520db30da4e32eed4471badead192c2f85d4f19a0606a7495927"], 0x1}}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'lo\x00'}) recvfrom$inet(r2, &(0x7f0000000000)=""/67, 0xfffffffffffffea6, 0xfffffffffffffffc, 0x0, 0x0) 03:46:02 executing program 0: 03:46:02 executing program 3: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}}, 0x1c) 03:46:02 executing program 1: [ 442.369095] device lo entered promiscuous mode 03:46:02 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000140), 0x4) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000500)=""/175) ioctl$sock_inet_SIOCRTMSG(r0, 0x80085504, &(0x7f00000000c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='ip6gre0\x00'}) [ 442.480361] device lo left promiscuous mode 03:46:02 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d02403162857170") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:02 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x20000000) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) [ 442.655223] usb usb3: usbfs: process 11836 (syz-executor2) did not claim interface 0 before use [ 442.665015] vhci_hcd: default hub control req: 010b v0000 i0000 l0 03:46:02 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x400000002, 0x0) ioctl$int_in(r0, 0xc00008c004500a, &(0x7f0000000000)) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x10}, 0x10) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xa, 0x12, r0, 0x0) write$UHID_CREATE(r0, &(0x7f0000001840)={0x0, 'syz1\x00', 'syz1\x00\x00@\x00', "73797a310000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0100", &(0x7f0000000840)=""/4096, 0x1000}, 0x120) 03:46:02 executing program 3: 03:46:03 executing program 3: 03:46:03 executing program 2: 03:46:03 executing program 1: [ 443.872670] device lo entered promiscuous mode [ 443.986394] device lo left promiscuous mode 03:46:04 executing program 3: 03:46:04 executing program 0: 03:46:04 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d02403162857170") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:04 executing program 2: 03:46:04 executing program 5: 03:46:04 executing program 1: 03:46:04 executing program 3: 03:46:04 executing program 1: 03:46:04 executing program 2: 03:46:04 executing program 0: 03:46:04 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(0xffffffffffffffff, &(0x7f0000000480), 0x258, 0x0) 03:46:04 executing program 5: 03:46:05 executing program 1: 03:46:05 executing program 3: 03:46:05 executing program 2: 03:46:05 executing program 5: 03:46:05 executing program 0: 03:46:05 executing program 4: 03:46:05 executing program 1: 03:46:05 executing program 3: 03:46:05 executing program 0: 03:46:05 executing program 2: 03:46:05 executing program 1: 03:46:05 executing program 5: 03:46:05 executing program 4: 03:46:05 executing program 2: 03:46:05 executing program 0: 03:46:06 executing program 3: 03:46:06 executing program 1: 03:46:06 executing program 2: 03:46:06 executing program 0: 03:46:06 executing program 4: 03:46:06 executing program 5: 03:46:06 executing program 1: 03:46:06 executing program 3: 03:46:06 executing program 2: 03:46:06 executing program 0: 03:46:06 executing program 4: 03:46:06 executing program 2: 03:46:06 executing program 3: 03:46:06 executing program 1: 03:46:07 executing program 5: 03:46:07 executing program 4: 03:46:07 executing program 0: 03:46:07 executing program 5: 03:46:07 executing program 3: 03:46:07 executing program 1: 03:46:07 executing program 2: 03:46:07 executing program 3: 03:46:07 executing program 1: 03:46:07 executing program 5: 03:46:07 executing program 4: 03:46:07 executing program 2: 03:46:07 executing program 0: 03:46:08 executing program 3: 03:46:08 executing program 1: 03:46:08 executing program 2: 03:46:08 executing program 5: 03:46:08 executing program 4: 03:46:08 executing program 3: 03:46:08 executing program 0: 03:46:08 executing program 1: 03:46:08 executing program 5: 03:46:08 executing program 2: 03:46:08 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc2604110, 0xfffffffffffffffe) 03:46:08 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070") r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000005000), 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0xc1105517, &(0x7f0000001000)) 03:46:08 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nullb="5b643a3a5d3a2f6cc0623a00", &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)='\x00') 03:46:08 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000001440)={0x0, 0x9, 0x1, {0xb, @win={{0x0, 0xffff}, 0x0, 0x0, &(0x7f0000000240)={{}, &(0x7f0000000200)={{}, &(0x7f00000001c0)}}, 0x0, &(0x7f0000000440)}}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x11, r0, 0x0) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) 03:46:08 executing program 5: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000740)='/dev/uhid\x00', 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000400), 0xa) 03:46:09 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x100000000000001a, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000440)=""/118) creat(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x14104a, 0x0) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f00000004c0)={0x0, 0x2, 'client1\x00', 0x0, "50e1a6d8d92ba330", "2937d7bf62e93a40b33436029902fb8915a1ee722efc115ce565cf1e03a8a19d", 0x2, 0x5}) r2 = syz_open_dev$evdev(&(0x7f0000974fee)='/dev/input/event#\x00', 0x0, 0x101002) getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000000c0)={'nat\x00'}, &(0x7f0000000140)=0x54) write$evdev(r1, &(0x7f0000000080)=[{{}, 0x1, 0x74, 0x2}, {}], 0xfcf2) sendfile(r2, r1, &(0x7f0000000000), 0x100000001) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f00000000c0)) getrandom(&(0x7f0000000340)=""/198, 0xc6, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000240)={0x0, @sdr}) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000000)={'bond0\x00', @ifru_names='bond_slave_1\x00'}) timer_create(0x0, &(0x7f0000000700)={0x0, 0x0, 0x0, @thr={&(0x7f0000000580), &(0x7f0000000680)}}, &(0x7f0000000740)) memfd_create(&(0x7f0000000040)='wlan1\x00', 0x0) umount2(&(0x7f0000000040)='./file1\x00', 0x0) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) symlink(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file0\x00') inotify_add_watch(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) [ 448.947276] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present [ 449.103800] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.110761] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.117728] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.124589] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.131391] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.138284] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.145136] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.152096] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.158864] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.165885] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 449.173069] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 03:46:09 executing program 1: r0 = memfd_create(&(0x7f00000004c0)="7175657565310000000000000000313b000000000000000000000000000014d50e7ddd000000000000000000000000ebc2b0032566ccd0ca04d81f2e66c16297b767ea5f57688be20ed46115561d6a8952b75635444563d54cb68a275c72bfd42ab8f96e53e4be40f8b239767a400a8dca7bd22c3d421504ab5ea77831e2c401bda04b05a7bbe844dff7d9e6dd51431634db1919fda75b6d040000000000000016adf0bb1a2cedc35288d4cd71aac5882ce107007e9bf18bac0d25dcbdd587b8e8cf3b6c5514da027dbdea0c8066a9345bbdd1e87c998a37bac6c852eab361747081e275aecf3bd401839cb8bd05cebedb48e866b6de271bf607e4001c04dc189cf4", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x1) dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, "7175657565310000000000000000000000000000220000000000000000000078e9000000060000000000ccbf7ddd000000003f000d4500"}) write$sndseq(r0, &(0x7f0000000000)=[{0x5, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 03:46:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xa, &(0x7f0000000640)=ANY=[@ANYBLOB="bf1600000000000085100000050000003c00000000000000bf610000000000008510000002000000bf0100000000000095000000000000001501000000000000b7000000000000009500000000000000"], &(0x7f0000000200)="22b1a57e"}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0x50, &(0x7f0000000080)}, 0x10) [ 449.212385] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.219547] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.226530] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.233381] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.240153] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.247054] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.253922] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 03:46:09 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000200)) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) [ 449.260704] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.267548] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.274714] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.281565] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 449.465495] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 449.494583] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz1 03:46:09 executing program 5: r0 = socket(0x1, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000000c0)) 03:46:09 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070") r1 = memfd_create(&(0x7f00000004c0)="7175657565310000000000000000313b000000000000000000000000000014d50e7ddd000000000000000000000000ebc2b0032566ccd0ca04d81f2e66c16297b767ea5f57688be20ed46115561d6a8952b75635444563d54cb68a275c72bfd42ab8f96e53e4be40f8b239767a400a8dca7bd22c3d421504ab5ea77831e2c401bda04b05a7bbe844dff7d9e6dd51431634db1919fda75b6d040000000000000016adf0bb1a2cedc35288d4cd71aac5882ce107007e9bf18bac0d25dcbdd587b8e8cf3b6c5514da027dbdea0c8066a9345bbdd1e87c998a37bac6c852eab361747081e275aecf3bd401839cb8bd05cebedb48e866b6de271bf607e4001c04dc189cf4", 0x0) r2 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x1) dup2(r2, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, "7175657565310000000000000000000000000000220000000000000000000078e9000000060000000000ccbf7ddd000000003f000d4500"}) write$sndseq(r1, &(0x7f0000000000)=[{0x5, 0xf401, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 03:46:09 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000200)) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) 03:46:09 executing program 2: ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf", 0x4d}], 0x1, 0x0, &(0x7f0000000100), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000240)="c4e139e05cf109c4e179f45c3400b9470800000f32f00fc05700f4c4e27918cf66b882000f00d80f218ec4c201a7d3b9be0b00000f32", 0x36}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:46:09 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x13, &(0x7f0000000100)=ANY=[@ANYBLOB="bf16000000000000b707000001e80000507000000000e0ff480000000000000095000000000000000383d7aa1829b091f9bbf78ae6b63d8717b611a983249f54a7f1e129309d4c4382aaf220dfef7c6bb420f6ca11f82524b76f18b2159a0716d6bee951f7d3625e35773e6dc5750dd41b5c121b4330303cff78ed08d53e618d59b11c83aed55abe4cac9ecc5e08061dc18e1bc64fa58e3c766d7978"], &(0x7f0000000540)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x16, 0x6a, &(0x7f0000000080)="280695bde04b0fd752ec977b318372a5447ba1edc674", &(0x7f0000000240)=""/106}, 0x28) 03:46:09 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nullb='[d::d:/llb:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)='\x00') 03:46:10 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x202080, 0x0) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000400)={0x2, 0x0, [{}, {0x1f, 0x0, 0x6}]}) openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @remote}, 0x101}}, 0x0, 0x0, 0x7}, &(0x7f00000003c0)=0x98) semctl$SEM_STAT(0x0, 0x5, 0x12, &(0x7f0000000100)=""/141) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000540), &(0x7f0000000580)=0x8) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)) r1 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0xe000, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) accept$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000000)=0x6e) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000240)) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r1) [ 450.060934] libceph: parse_ips bad ip '[d::d' 03:46:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ffff7f000a0002000000000000000002"], 0x1}}, 0x0) 03:46:10 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x81204101, 0xfffffffffffffffe) 03:46:10 executing program 1: r0 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0xe000, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) accept$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000000)=0x6e) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000240)) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) 03:46:10 executing program 3: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000025c0)={&(0x7f0000002240)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0xffffffffffffffba, &(0x7f0000002480), 0x0, &(0x7f0000000000)=""/206, 0xce}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f00000017c0), 0x181, 0x0) 03:46:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_tables_matches\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000156, 0xa0010000) 03:46:10 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) r4 = socket$nl_generic(0xa, 0x3, 0x10) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) setsockopt$netlink_NETLINK_RX_RING(r4, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 03:46:10 executing program 0: openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @ipv4={[], [], @remote}, 0x101}}, 0x0, 0x0, 0x7, 0x0, 0x8000}, &(0x7f00000003c0)=0x98) semctl$SEM_STAT(0x0, 0x0, 0x12, &(0x7f0000000100)=""/141) r0 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0xe000, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) accept$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000000)=0x6e) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000240)={0x7fffffff}) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r0) 03:46:10 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0xb, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x40405514, &(0x7f0000001000)) 03:46:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="020300020c00000000000000000000000200080000000000e000000000000000030006000000000002000000e0002001000000000000000002000100000000000000020000000000030005000000000002000000f0ff0001deffffff00000000"], 0x60}}, 0x0) 03:46:10 executing program 3: ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000400)={0x2, 0x0, [{0x45}, {0x0, 0x0, 0x183}]}) openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x6cd, @ipv4={[], [], @remote}, 0x101}}, 0x0, 0x0, 0x7}, &(0x7f00000003c0)=0x98) semget$private(0x0, 0x4, 0x0) semctl$SEM_STAT(0x0, 0x0, 0x12, &(0x7f0000000100)=""/141) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000540), &(0x7f0000000580)=0x8) r0 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0xe000, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) accept$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000000)=0x6e) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r0) [ 450.978428] print_req_error: 120 callbacks suppressed [ 450.978465] print_req_error: I/O error, dev loop3, sector 0 [ 450.989742] buffer_io_error: 120 callbacks suppressed [ 450.989768] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 451.002994] print_req_error: I/O error, dev loop3, sector 8 [ 451.008772] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 451.016691] print_req_error: I/O error, dev loop3, sector 16 [ 451.022673] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 451.030437] print_req_error: I/O error, dev loop3, sector 24 [ 451.036548] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 451.044429] print_req_error: I/O error, dev loop3, sector 32 [ 451.050820] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 451.058681] print_req_error: I/O error, dev loop3, sector 40 [ 451.064795] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 451.073009] print_req_error: I/O error, dev loop3, sector 48 03:46:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000100)=ANY=[@ANYBLOB=')O']) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000040)={0x7b, 0x0, [0x0, 0xc0000082]}) [ 451.078848] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 451.086835] print_req_error: I/O error, dev loop3, sector 56 [ 451.092790] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 451.100568] print_req_error: I/O error, dev loop3, sector 64 [ 451.106567] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 451.114409] print_req_error: I/O error, dev loop3, sector 72 [ 451.120268] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:11 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x105082) fallocate(r0, 0x3, 0x0, 0x100000001) 03:46:11 executing program 3: dup(0xffffffffffffffff) clone(0x8000100, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f00000000c0)={'sy.', 0x2}, &(0x7f0000000080)='?y\a', 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x80, 0x1, 0x1, 0x5, 0x0, 0x0, 0x1f}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000400)) ppoll(&(0x7f0000000180), 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, &(0x7f0000000200), 0x8) write$evdev(0xffffffffffffffff, &(0x7f0000000100), 0x0) 03:46:11 executing program 0: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_setup(0x0, &(0x7f0000000540)=0x0) io_destroy(r1) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264", 0x85) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r0, 0x4c00, r2) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) r4 = socket$nl_generic(0xa, 0x3, 0x10) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r3) setsockopt$netlink_NETLINK_RX_RING(r4, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 03:46:11 executing program 5: ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf", 0x4d}], 0x1, 0x0, &(0x7f0000000100), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) ioctl$KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, &(0x7f0000000100)=""/78) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000240)="c4e139e05cf109c4e179f45c3400b9470800000f32f00fc05700f4c4e27918cf66b882000f00d80f218ec4c201a7d3b9be0b00000f32", 0x36}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000a40)={"9f829cd5cd2b91bb81e006737b729175913a2ff7ac65954ad68e07a3e1ab1fc48adf946e4b8386ca328a40454567e06cfaaabf81eed1299b137109255f916eca5904e2073c067c2c6b5a1ae86059b6d70987ad950f64e8ef19d42d6cd160d5866bad8f8c56a0c88f601e0f959251e2200c4c17145971f2513ca07cd149f88190673b2e1250b4ccdab2ce68f6a65023a3dcc41b9beb6852a7d1bbed61613364d9074463443bf4fb1f1608629bf80efd8307dac06a080beb9f597071be701fa7551d97cbe6bc765062516c3d0161f95853f19542eb76eb6012bcd27f522da700277573bcf62b49f9cfa85aefd11574bc02822c56b06b175d7ade5003574f4535c5ed359b69376c88ef8bf6d5f9e9a2fe9cb3b73d11393f1ff535d7f18d5c59361b68a68f70313ce7087122bdf64c95bd2c74a5f6e704498c2a9aa4113099b787c21f48f7d435b79594cd52782107476d657284f4241f6d9bf81c3a0e1e5431f3420bd230c159fd891ee98a860b10723e18836da25acab1680bc8e3280274e3da24e396e95ad3432af08d7f96c905212c40caa29e422b42177e04dd2e16602331731b4b0aaae66f114f45fa2c7cfb28398b0272ebf90663cf0b46e022eb90849c77cd5d0efec6e349ce122e5cf371a9a0054ea7f42c2be34c489a5832e22b6a4b65ca1cba26883dc08052ec9bd9fae08996368d3ea7c7271d55e4776f8f5bf066b7a17b2cff2a31b11a4caf2227c8af432fc5f56c7e0f51154955d8df09ab80085d069486e3f688df37efb34083b5e57a7b8c2e14619642822b1f6e43536e9021be6060e2c1eebbdd7e705b87c4f53e30b70ddd038e3e682e4161d57949cbd0120ce70e5ac250b1291dd923ad8991e5a7847c3ac9dd27ee485facf02e67b73037c8f718dceede517b9b9609296d695450d4cea318d82bfddf3d6197a4f55b73eb8644adaada48a76f82d81ec58f6f16fb3afbc8e0190fce5e2b237267fdddd0afa43991fe419acff32f295576b43d72a4a8c4e572676fb935856e8f00a6ebf33907407cb944e1f8bdff17024fd9334e0d272ae5b8a58edbe5923b3f4efc0d5fb991da9ad2799cc346345d4612689d58736e9262e5340a15d10a8abd6e9246700461c691dc29f45fb466b693d9400303d3f9f24880fdce579b9c096e066d2bb60df0ee492540ab8f112b850e4058c72b92a3ebb6104dd94c36bbcf73b3d60a2a031eeda9473afac757ba3837cf62ebc96dc5c42420930270a75ef5cbb00ae3c7000f2a0cabfb190ff7b9826ae77afc745cab6eedffe0386b7c1640a739c225f1176f1dc6784d8fc191ac8fd9b9ab3cc8d85d0b39d1ca48e4a08bbce63d1ac06258060c2c8a3a1798ec48b5aa7e78701be83312dbecc9f202dabc125158ea971797883fae4045aa99a9c305045805c7183304aadebfe587f977c2dc4618affc64c229"}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000640)=@security={'security\x00', 0xe, 0x4, 0x398, 0x258, 0x3b0, 0x0, 0x110, 0x0, 0x3b0, 0x3b0, 0x3b0, 0x3b0, 0x3b0, 0x4, &(0x7f0000000200), {[{{@ip={@rand_addr, @remote, 0x0, 0x0, 'teql0\x00', 'nr0\x00', {}, {}, 0x16}, 0x0, 0x98, 0xe0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xf8}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x28]}}}, {{@uncond, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@addrtype={0x30, 'addrtype\x00'}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @dev, 0x0, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x32, 0x0, 0x0, 0x0, 0x5, 0x2e]}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8) 03:46:11 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000540), 0xffffffffffffffff) r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000280)) ioctl$FS_IOC_FSGETXATTR(r1, 0xc0185500, &(0x7f0000000100)={0xa3}) 03:46:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xffffffff, 0x4) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x19c}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r2, 0xf}}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') 03:46:12 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) r4 = socket$nl_generic(0xa, 0x3, 0x10) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) setsockopt$netlink_NETLINK_RX_RING(r4, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 03:46:12 executing program 1: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x8d}, 0x1c) 03:46:12 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x7e, 0x1, 0x3}, 0x2c) [ 452.083828] vhci_hcd: invalid port number 0 [ 452.096015] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? 03:46:12 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f00000000c0)="cf", 0x1, 0x0, &(0x7f0000a04000)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x4) recvmmsg(r2, &(0x7f0000008180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/13}, {&(0x7f0000000080)=""/31}, {&(0x7f0000000100)=""/34}, {&(0x7f0000000580)=""/216}, {&(0x7f00000003c0)=""/217}, {&(0x7f00000004c0)=""/175}], 0x0, &(0x7f00000007c0)=""/160, 0xa0}}], 0x234, 0x8802, &(0x7f00000083c0)={0x77359400}) writev(r2, &(0x7f000051c000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560284470080ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 03:46:12 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) r4 = socket$nl_generic(0xa, 0x3, 0x10) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) setsockopt$netlink_NETLINK_RX_RING(r4, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 03:46:12 executing program 2: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x8d}, 0x1c) 03:46:13 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x65, &(0x7f0000013e95), 0x4) close(r2) close(r1) 03:46:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xffffffff, 0x4) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x19c}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r2, 0xf}}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') 03:46:13 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000340)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) [ 453.200659] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? 03:46:13 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x6e, &(0x7f0000013e95), 0x4) close(r2) close(r1) 03:46:13 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) creat(&(0x7f00000024c0)='./file0\x00', 0x102) r2 = fcntl$getown(r1, 0x9) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000002500)={[], 0x0, 0x400, 0xf3c8, 0x100, 0x3c9c, r2}) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x8dab}]}, 0x10) sendto$inet6(r3, &(0x7f0000000300), 0xfdb8, 0x4008080, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) socket$inet6(0x10, 0x3, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) 03:46:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xffffffff, 0x4) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x19c}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r2, 0xf}}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') 03:46:14 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffbc27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000400)='/dev/sequencer2\x00', 0x0, 0x0) syz_open_dev$dspn(&(0x7f0000000540)='/dev/dsp#\x00', 0x0, 0x10000) io_setup(0x9, &(0x7f0000000380)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\'', 0x1ff) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000340)) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x9, 0x0, 0x11, 0xfffffffffffff722, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x100000000, 0x0, 0x0, 0xffffffffffffd5c2, 0x4, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x8026, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") socket$inet(0x10, 0x0, 0xc) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000040), &(0x7f0000000080)=0x4) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x10, 0x100008000f, 0x40000000) close(r2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, [], 0x12}, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x0, 0x0, 0x5}, 0x20) 03:46:14 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) userfaultfd(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @my=0x0}, 0x10) shutdown(r2, 0x0) pipe(&(0x7f0000000180)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) 03:46:14 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) r4 = socket$nl_generic(0xa, 0x3, 0x10) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) setsockopt$netlink_NETLINK_RX_RING(r4, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 03:46:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xffffffff, 0x4) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x19c}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r2, 0xf}}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') 03:46:14 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000180)='rdma.max\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x200064) 03:46:14 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000f56000)={0x3f00, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="020300020c00000000000000000000000200080004000000e000000000000000030006000000000002000000e0000001000000000000000002000100000000000000020000000000030005000000000002000000f0ff0001deffffff00000000"], 0x60}}, 0x0) 03:46:14 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='map_files\x00') fchdir(r0) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000300)='-') 03:46:14 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) socket$nl_generic(0xa, 0x3, 0x10) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) 03:46:14 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000f56000)={0x3f00, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="020300020c00000000000000000000000200080004000000e000000000000000030006000000000002000000e0000001000000000000000002000100000000000000fb0000000000030005000000000002000000f0ff0001deffffff00000000"], 0x60}}, 0x0) 03:46:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000040)={0x7b, 0x0, [0x0, 0xc0000082]}) 03:46:15 executing program 5: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x2c, 0x29, 0x1, 0x0, 0x0, {0x1}, [@nested={0x18, 0x0, [@typed={0xffff8001, 0x0, @ipv6=@ipv4={[0x0, 0x0, 0x0, 0x11, 0x9effffff], [], @remote}}]}]}, 0x2c}}, 0x0) 03:46:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="020300020c00000000000000000000000200080008000000e000000000000000030006000000000002000000e0000001000000000000000002000100000000000000020000000000030005000000000002000000f0ff0001deffffff00000000"], 0x60}}, 0x0) 03:46:15 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@remote, @in6=@remote}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f0000000400)=0xe8) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) timer_getoverrun(0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10) dup2(r0, r1) 03:46:15 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10) dup2(r0, r1) 03:46:16 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='status\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000268, 0x0) 03:46:16 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) [ 456.126653] Started in network mode [ 456.130499] Own node identity ff000000, cluster identity 4711 [ 456.136642] 32-bit node address hash set to ff000000 [ 456.317682] print_req_error: 770 callbacks suppressed [ 456.317711] print_req_error: I/O error, dev loop3, sector 0 [ 456.329019] buffer_io_error: 769 callbacks suppressed [ 456.329050] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 456.342481] print_req_error: I/O error, dev loop3, sector 8 [ 456.348332] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 456.356240] print_req_error: I/O error, dev loop3, sector 16 [ 456.362241] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 456.370005] print_req_error: I/O error, dev loop3, sector 24 [ 456.376260] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 456.384156] print_req_error: I/O error, dev loop3, sector 32 [ 456.390021] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 456.397970] print_req_error: I/O error, dev loop3, sector 40 [ 456.404032] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 456.411903] print_req_error: I/O error, dev loop3, sector 48 03:46:16 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x101001, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000480)={0xc0000000, 0x107, "18d5081a926085f0570f015bc057e3ee217838dd816e9e6b6098881db40e3afe", 0x1, 0x101, 0x0, 0x101, 0x59, 0x6b, 0x6, 0x1ff, [0x12cb, 0x81, 0x2670, 0x3f]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @remote, 0x3}, 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000640)='/dev/sequencer2\x00', 0x8080, 0x0) ioctl$VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000680)=0xabb0) socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x2e) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000040)='irlan0\x00') setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}}, {{@in=@multicast1, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4, 0x0, 0x7ff}}, 0xe8) setgroups(0x0, &(0x7f0000000200)) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000200)='veth0_to_bridge\x00', 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000009c0)={{{@in=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f00000005c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000600)={'vcan0\x00', r4}) r6 = socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000280)={@loopback}, &(0x7f00000003c0)=0x14) setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/17, 0x10000, 0x1000}, 0x18) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780)='/dev/vhost-net\x00', 0x2, 0x0) dup(0xffffffffffffffff) ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0) setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000000140)=0x400, 0x4) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000400)=ANY=[@ANYBLOB="020000000000000000000000400000000088cd09f27188277fe55ccdf1c4b2599631e5802d8b7ce556ce0400f09957d39f0445336bb96b8c5d21e1f4b4d1cb216ffa046039b9048c5897468798a78458471d5ca75871c877ce00000000000000000000000000000000"]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffc) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000100)=0x8, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) bind$xdp(r6, &(0x7f0000000300)={0x2c, 0x2, r5, 0x26}, 0x10) 03:46:16 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='status\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000268, 0x0) 03:46:16 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000000c0)=0x1) [ 456.417760] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 456.425635] print_req_error: I/O error, dev loop3, sector 56 [ 456.431498] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 456.439455] print_req_error: I/O error, dev loop3, sector 64 [ 456.445410] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 456.453286] print_req_error: I/O error, dev loop3, sector 72 [ 456.459147] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:16 executing program 3: ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000140)) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0xa, 0x82, 0xffff, 0xb5}, 0x2c) 03:46:16 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x0, 0x0) dup2(r0, r1) 03:46:17 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f00000000c0), 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4), 0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@remote, @in6=@remote}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f0000000400)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000580)={{{@in6, @in=@local}}, {{@in=@broadcast}, 0x0, @in6=@mcast2}}, 0xe8) socket$inet6(0xa, 0x0, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10) dup2(r0, r1) 03:46:17 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0xa, 0x82, 0xffff, 0xb5}, 0x2c) 03:46:17 executing program 2: socket$packet(0x11, 0x3, 0x300) r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf6a8, 0xffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x10003, 0x80011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') finit_module(0xffffffffffffffff, &(0x7f0000000080)='comm\x00', 0x1) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', r1}, 0x10) writev(r1, &(0x7f0000000080), 0x1a6) 03:46:17 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xb}, 0x2c) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) 03:46:17 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000000c0)={0x0, &(0x7f0000000040)}, 0x10) dup2(r0, r1) 03:46:17 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000140)) 03:46:18 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x101001, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000480)={0xc0000000, 0x107, "18d5081a926085f0570f015bc057e3ee217838dd816e9e6b6098881db40e3afe", 0x1, 0x101, 0x0, 0x101, 0x59, 0x6b, 0x6, 0x1ff, [0x12cb, 0x81, 0x2670, 0x3f]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @remote, 0x3}, 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000640)='/dev/sequencer2\x00', 0x8080, 0x0) ioctl$VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000680)=0xabb0) socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x2e) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000040)='irlan0\x00') setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}}, {{@in=@multicast1, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4, 0x0, 0x7ff}}, 0xe8) setgroups(0x0, &(0x7f0000000200)) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000200)='veth0_to_bridge\x00', 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000009c0)={{{@in=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f00000005c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000600)={'vcan0\x00', r4}) r6 = socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000280)={@loopback}, &(0x7f00000003c0)=0x14) setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/17, 0x10000, 0x1000}, 0x18) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780)='/dev/vhost-net\x00', 0x2, 0x0) dup(0xffffffffffffffff) ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0) setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000000140)=0x400, 0x4) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000400)=ANY=[@ANYBLOB="020000000000000000000000400000000088cd09f27188277fe55ccdf1c4b2599631e5802d8b7ce556ce0400f09957d39f0445336bb96b8c5d21e1f4b4d1cb216ffa046039b9048c5897468798a78458471d5ca75871c877ce00000000000000000000000000000000"]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xfffffffffffffffc) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000100)=0x8, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) bind$xdp(r6, &(0x7f0000000300)={0x2c, 0x2, r5, 0x26}, 0x10) 03:46:18 executing program 0: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x1004000000013) 03:46:18 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000cc0)={@link_local, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}}}}}}, 0x0) 03:46:18 executing program 2: socket$packet(0x11, 0x3, 0x300) r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf6a8, 0xffff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x10003, 0x80011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') finit_module(0xffffffffffffffff, &(0x7f0000000080)='comm\x00', 0x1) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', r1}, 0x10) writev(r1, &(0x7f0000000080), 0x1a6) 03:46:18 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) lseek(r1, 0x0, 0x2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="17bca0f29930"], 0x6) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) fcntl$setstatus(r2, 0x4, 0x800) ftruncate(r0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$UHID_DESTROY(r2, &(0x7f0000000240), 0x4) fcntl$setstatus(r1, 0x4, 0x200000) mlockall(0x1) sendfile(r1, r3, &(0x7f0000002780), 0x8000fffffffe) ftruncate(r2, 0x4) 03:46:18 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) iopl(0xffffffff) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, 0xffffffffffffffff) 03:46:19 executing program 5: clone(0x20002103, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x51, r0, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x0) 03:46:19 executing program 1: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) lstat(&(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000002100)) getresuid(&(0x7f00000035c0), &(0x7f0000003600), &(0x7f0000003640)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003900), &(0x7f0000003940)=0xc) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syncfs(r0) link(&(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='./file0\x00') 03:46:19 executing program 2: syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) write$P9_RRENAMEAT(r0, &(0x7f0000000080)={0xffffffffffffff18}, 0xff88) write$P9_RLOCK(r0, &(0x7f0000000040)={0x8}, 0x8) 03:46:19 executing program 0: syz_execute_func(&(0x7f0000000080)="ba66440f50f564ff0941c335e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dcc4bd31919") prctl$intptr(0x1d, 0xfffffffffffff771) prctl$getreaper(0x40400000000001e, &(0x7f0000000200)) 03:46:19 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000d4b000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1, [{{0xa, 0x0, 0x0, @mcast2}}]}, 0x110) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f00000025c0)={'gre0\x00', {0x2, 0x0, @dev}}) 03:46:19 executing program 1: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000140)={0x0, 0x1, 0x8}) mq_timedreceive(r0, &(0x7f0000000040)=""/50, 0x32, 0x80000000, &(0x7f0000000080)={0x0, 0x1c9c380}) 03:46:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x8000000000) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001200192340834b80040d8c560a067fffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 03:46:19 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r2 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r1, r1, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sendmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="3e06584485381620365799026170f1fba680f06151c4a3dd2fd8dfe3aec5baa8912e5151542e2bab0000000023a200829dcb444981b8cfb1cbb634637f8165d9401933833119038fa0eb6e0f76966103963c904a2603497acbf46751f7f0ef06e97289bbbf2f2efc076e1f34a14ce3d77a1c1398eda082f773314bb43aa2784809de691f8d2e45a53c0f54eb7ffdd3bd1bbfe984db3b85d60c50e0b52589fd4551a93aabecafe6e3add23da8d0c6269ecdc896b62d9a4e97f3803d27828521431879d3cdaf97072bb3c89fdbb770b7de1e", 0xd1}], 0x1, &(0x7f0000000800), 0x0, 0x840}, 0x20004000) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, 0xffffffffffffffff) [ 459.935588] netlink: 56 bytes leftover after parsing attributes in process `syz-executor2'. 03:46:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="30000000210011020000000000000000020000000000000f000000000b00000008000b00000000000800100000000000ef68940f309af1a2b8bd92eddd3f1247a20bf87f7440d808e5b087c57e57d17c18f8b6c91e82824875b28ddef74d9a7ea72d380575e1ad8d42ff678e4b54e6ea1fd60d5c6557bfa7279052d4c57bfcb6db9aec8c0e27aa0fa9ccfc93b8fe6a15f7b69693c0f9775ae8ffd7e1ee71435905274dd12224101c54a2296adae96e0cc6f05ff731e7b0dc0bd01bbc95682b9200000000000000"], 0x1}}, 0x0) 03:46:20 executing program 5: 03:46:20 executing program 0: 03:46:20 executing program 2: 03:46:20 executing program 1: 03:46:20 executing program 5: syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='fuse.', 0x0, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 03:46:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) syz_execute_func(&(0x7f0000000080)="ba66440f50f564ff0941c335e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dcc4bd31919") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x0, &(0x7f0000000400), 0x4) syz_execute_func(&(0x7f0000000340)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010196f04cd04cd0f2902") 03:46:20 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:20 executing program 3: 03:46:20 executing program 1: 03:46:20 executing program 2: 03:46:21 executing program 1: 03:46:21 executing program 5: 03:46:21 executing program 2: 03:46:21 executing program 0: 03:46:21 executing program 3: 03:46:21 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:21 executing program 2: 03:46:21 executing program 3: 03:46:21 executing program 1: 03:46:21 executing program 5: 03:46:21 executing program 0: 03:46:21 executing program 2: 03:46:22 executing program 3: 03:46:22 executing program 2: 03:46:22 executing program 5: 03:46:22 executing program 1: 03:46:22 executing program 0: 03:46:22 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:22 executing program 1: 03:46:22 executing program 2: 03:46:22 executing program 0: 03:46:22 executing program 5: 03:46:22 executing program 3: 03:46:23 executing program 1: 03:46:23 executing program 2: 03:46:23 executing program 0: 03:46:23 executing program 5: 03:46:23 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:23 executing program 1: 03:46:23 executing program 2: 03:46:23 executing program 0: 03:46:23 executing program 3: 03:46:23 executing program 5: 03:46:23 executing program 1: 03:46:23 executing program 2: 03:46:24 executing program 3: 03:46:24 executing program 0: 03:46:24 executing program 5: 03:46:24 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:24 executing program 2: 03:46:24 executing program 1: 03:46:24 executing program 5: 03:46:24 executing program 3: 03:46:24 executing program 0: [ 464.640145] print_req_error: 611 callbacks suppressed [ 464.640170] print_req_error: I/O error, dev loop3, sector 0 [ 464.651363] buffer_io_error: 611 callbacks suppressed [ 464.651390] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 464.664582] print_req_error: I/O error, dev loop3, sector 8 [ 464.670361] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 464.678606] print_req_error: I/O error, dev loop3, sector 16 [ 464.684556] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 464.692450] print_req_error: I/O error, dev loop3, sector 24 [ 464.698333] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 464.706318] print_req_error: I/O error, dev loop3, sector 32 [ 464.712316] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 464.720079] print_req_error: I/O error, dev loop3, sector 40 [ 464.726070] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 464.733987] print_req_error: I/O error, dev loop3, sector 48 [ 464.739852] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 464.747761] print_req_error: I/O error, dev loop3, sector 56 [ 464.753687] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 464.761448] print_req_error: I/O error, dev loop3, sector 64 [ 464.767438] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 464.775640] print_req_error: I/O error, dev loop3, sector 72 [ 464.781495] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:24 executing program 5: 03:46:24 executing program 2: 03:46:24 executing program 1: 03:46:24 executing program 3: 03:46:24 executing program 0: 03:46:25 executing program 2: 03:46:25 executing program 5: 03:46:25 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:25 executing program 1: 03:46:25 executing program 0: 03:46:25 executing program 3: 03:46:25 executing program 1: 03:46:25 executing program 2: 03:46:25 executing program 5: 03:46:25 executing program 0: 03:46:26 executing program 3: 03:46:26 executing program 1: 03:46:26 executing program 0: 03:46:26 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:26 executing program 2: 03:46:26 executing program 1: 03:46:26 executing program 5: 03:46:26 executing program 0: 03:46:26 executing program 2: 03:46:26 executing program 3: 03:46:26 executing program 1: 03:46:26 executing program 5: 03:46:27 executing program 0: 03:46:27 executing program 2: 03:46:27 executing program 1: 03:46:27 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:27 executing program 3: 03:46:27 executing program 5: 03:46:27 executing program 2: 03:46:27 executing program 1: 03:46:27 executing program 0: 03:46:27 executing program 5: 03:46:27 executing program 3: 03:46:27 executing program 2: 03:46:27 executing program 1: 03:46:28 executing program 0: 03:46:28 executing program 5: 03:46:28 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:28 executing program 2: 03:46:28 executing program 1: 03:46:28 executing program 2: 03:46:28 executing program 3: 03:46:28 executing program 1: 03:46:28 executing program 0: 03:46:28 executing program 5: 03:46:28 executing program 2: 03:46:28 executing program 3: 03:46:28 executing program 5: 03:46:28 executing program 1: 03:46:29 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:29 executing program 0: 03:46:29 executing program 2: 03:46:29 executing program 5: 03:46:29 executing program 1: 03:46:29 executing program 3: 03:46:29 executing program 1: 03:46:29 executing program 5: 03:46:29 executing program 0: 03:46:29 executing program 2: 03:46:29 executing program 3: 03:46:29 executing program 1: 03:46:30 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:30 executing program 2: 03:46:30 executing program 0: 03:46:30 executing program 5: 03:46:30 executing program 3: 03:46:30 executing program 1: 03:46:30 executing program 2: 03:46:30 executing program 0: 03:46:30 executing program 5: 03:46:30 executing program 3: 03:46:30 executing program 1: 03:46:30 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:30 executing program 2: 03:46:30 executing program 3: 03:46:31 executing program 1: 03:46:31 executing program 0: 03:46:31 executing program 5: 03:46:31 executing program 3: 03:46:31 executing program 2: 03:46:31 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:31 executing program 0: 03:46:31 executing program 5: 03:46:31 executing program 1: 03:46:31 executing program 3: 03:46:31 executing program 2: 03:46:31 executing program 5: [ 471.949791] print_req_error: 216 callbacks suppressed [ 471.949817] print_req_error: I/O error, dev loop3, sector 0 [ 471.962225] buffer_io_error: 216 callbacks suppressed [ 471.962252] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 471.975362] print_req_error: I/O error, dev loop3, sector 8 [ 471.981147] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 471.989717] print_req_error: I/O error, dev loop3, sector 16 [ 471.995650] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 472.003519] print_req_error: I/O error, dev loop3, sector 24 [ 472.009386] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 472.017346] print_req_error: I/O error, dev loop3, sector 32 [ 472.023597] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 472.031382] print_req_error: I/O error, dev loop3, sector 40 [ 472.037313] Buffer I/O error on dev loop3, logical block 5, lost async page write 03:46:32 executing program 0: [ 472.045149] print_req_error: I/O error, dev loop3, sector 48 [ 472.051022] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 472.058857] print_req_error: I/O error, dev loop3, sector 56 [ 472.064755] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 472.072578] print_req_error: I/O error, dev loop3, sector 64 [ 472.078476] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 472.087112] print_req_error: I/O error, dev loop3, sector 72 [ 472.093059] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) syz_execute_func(&(0x7f0000000080)="ba66440f50f564ff0941c335e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dcc4bd31919") semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000)) syz_execute_func(&(0x7f0000000200)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010196f04cd04cd0f2902") 03:46:32 executing program 1: 03:46:32 executing program 0: 03:46:32 executing program 5: 03:46:32 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:32 executing program 2: 03:46:32 executing program 1: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:32 executing program 0: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:32 executing program 3: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:32 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000", 0x12) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:33 executing program 2: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000", 0xc) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:33 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:33 executing program 5: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:33 executing program 0: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0), &(0x7f0000000180)="7dd76e437497d4e876da61e0d7", 0xd, 0xfffffffffffffffb) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:33 executing program 2: mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = open(&(0x7f000080dff6)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000bc8000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f000078dff8)='./file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f00009db000)='./file1\x00') rename(&(0x7f00000f7ff0)='./control/file0\x00', &(0x7f0000636000)='./file0\x00') creat(&(0x7f0000000100)='./control/file0\x00', 0x0) dup2(r0, 0xffffffffffffffff) 03:46:33 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000004c0)='veth0_to_bond\x00') sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:33 executing program 5: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r1, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:34 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:34 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:34 executing program 0 (fault-call:4 fault-nth:0): preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 474.390740] not chained 440000 origins [ 474.394677] CPU: 1 PID: 12880 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 474.401959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.411418] Call Trace: [ 474.414006] [ 474.416173] dump_stack+0x32d/0x480 [ 474.419830] kmsan_internal_chain_origin+0x222/0x240 [ 474.424976] ? __local_bh_enable_ip+0x11f/0x260 [ 474.429677] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 474.435059] ? __module_address+0x6a/0x5f0 [ 474.439326] ? is_bpf_text_address+0x3e5/0x4d0 [ 474.443931] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 474.449316] ? is_bpf_text_address+0x49e/0x4d0 [ 474.453916] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 474.459297] ? __module_address+0x6a/0x5f0 [ 474.463554] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 474.469016] ? in_task_stack+0x12c/0x210 [ 474.473186] ? get_stack_info+0x206/0x220 [ 474.477359] __msan_chain_origin+0x6d/0xb0 [ 474.481611] ? tcp_sendmsg+0xb2/0x100 [ 474.486106] __save_stack_trace+0x8be/0xc60 [ 474.490457] ? tcp_sendmsg+0xb2/0x100 [ 474.494274] save_stack_trace+0xc6/0x110 [ 474.498353] kmsan_internal_chain_origin+0x136/0x240 [ 474.503463] ? local_bh_enable+0x36/0x40 [ 474.507552] ? __sk_flush_backlog+0x52/0x70 [ 474.511889] ? kmsan_internal_chain_origin+0x136/0x240 [ 474.517189] ? kmsan_memcpy_origins+0x13d/0x190 [ 474.521876] ? __msan_memcpy+0x6f/0x80 [ 474.525777] ? pskb_expand_head+0x436/0x1d20 [ 474.530210] ? ___pskb_trim+0x3c9/0x1bf0 [ 474.534287] ? sk_filter_trim_cap+0x5ac/0xa60 03:46:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 474.538791] ? tcp_filter+0x10c/0x260 [ 474.542595] ? tcp_v6_rcv+0x45ba/0x5df0 [ 474.546583] ? ip6_input_finish+0xb53/0x2450 [ 474.551002] ? ip6_input+0x29d/0x340 [ 474.554742] ? ip6_rcv_finish+0x4d2/0x710 [ 474.558900] ? ipv6_rcv+0x34b/0x3f0 [ 474.562549] ? process_backlog+0x82b/0x11e0 [ 474.566886] ? net_rx_action+0x98f/0x1d50 [ 474.571048] ? __do_softirq+0x721/0xc7f [ 474.575030] ? do_softirq_own_stack+0x49/0x80 [ 474.579538] ? __local_bh_enable_ip+0x228/0x260 [ 474.584902] ? local_bh_enable+0x36/0x40 [ 474.588981] ? ip6_finish_output2+0x1b1a/0x22d0 [ 474.593650] ? ip6_finish_output+0xc13/0xca0 [ 474.598067] ? ip6_output+0x5e4/0x720 [ 474.601898] ? ip6_xmit+0x216d/0x26a0 [ 474.605711] ? inet6_csk_xmit+0x3e0/0x4f0 [ 474.609870] ? __tcp_transmit_skb+0x425c/0x5e00 [ 474.614568] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 474.619423] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 474.624625] ? tcp_ack+0x91b2/0xa010 [ 474.628349] ? tcp_rcv_established+0xf7e/0x2940 [ 474.633031] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 474.637200] ? __release_sock+0x32d/0x750 [ 474.641359] ? __sk_flush_backlog+0x52/0x70 [ 474.645695] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 474.650287] ? tcp_sendmsg+0xb2/0x100 [ 474.654108] ? inet_sendmsg+0x4e9/0x800 [ 474.658091] ? __sys_sendto+0x940/0xb80 [ 474.662094] ? __se_sys_sendto+0x107/0x130 [ 474.666336] ? __x64_sys_sendto+0x6e/0x90 [ 474.670478] ? do_syscall_64+0xcf/0x110 [ 474.674450] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 474.679814] ? __msan_get_context_state+0x9/0x20 [ 474.685401] ? INIT_INT+0xc/0x30 [ 474.688784] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 474.694149] kmsan_memcpy_origins+0x13d/0x190 [ 474.698650] __msan_memcpy+0x6f/0x80 [ 474.702361] pskb_expand_head+0x436/0x1d20 [ 474.706605] ___pskb_trim+0x3c9/0x1bf0 [ 474.710520] sk_filter_trim_cap+0x5ac/0xa60 [ 474.714862] tcp_filter+0x10c/0x260 [ 474.718490] tcp_v6_rcv+0x45ba/0x5df0 [ 474.722287] ? __msan_poison_alloca+0x1e0/0x270 [ 474.726982] ? tcp_v6_early_demux+0xc80/0xc80 [ 474.731473] ? tcp_v6_early_demux+0xc80/0xc80 [ 474.735966] ip6_input_finish+0xb53/0x2450 [ 474.740217] ? ip6_input_finish+0x13e1/0x2450 [ 474.744709] ip6_input+0x29d/0x340 [ 474.748244] ? ip6_input+0x340/0x340 [ 474.751963] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 474.756361] ip6_rcv_finish+0x4d2/0x710 [ 474.760330] ipv6_rcv+0x34b/0x3f0 [ 474.763781] ? dst_hold+0x5e0/0x5e0 [ 474.767408] process_backlog+0x82b/0x11e0 [ 474.771550] ? __msan_poison_alloca+0x1e0/0x270 [ 474.776217] ? ip6_rcv_finish+0x710/0x710 [ 474.780361] ? rps_trigger_softirq+0x2e0/0x2e0 [ 474.785666] net_rx_action+0x98f/0x1d50 [ 474.789663] ? net_tx_action+0xf20/0xf20 [ 474.793718] __do_softirq+0x721/0xc7f [ 474.797523] do_softirq_own_stack+0x49/0x80 [ 474.801833] [ 474.804069] __local_bh_enable_ip+0x228/0x260 [ 474.808560] local_bh_enable+0x36/0x40 [ 474.812441] ip6_finish_output2+0x1b1a/0x22d0 [ 474.816949] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 474.822303] ? ip6_mtu+0x289/0x330 [ 474.825841] ip6_finish_output+0xc13/0xca0 [ 474.830081] ip6_output+0x5e4/0x720 [ 474.833709] ? ip6_output+0x720/0x720 [ 474.837506] ? ac6_seq_show+0x200/0x200 [ 474.841473] ip6_xmit+0x216d/0x26a0 [ 474.845113] ? ip6_xmit+0x26a0/0x26a0 [ 474.848916] inet6_csk_xmit+0x3e0/0x4f0 [ 474.853006] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 474.857927] __tcp_transmit_skb+0x425c/0x5e00 [ 474.862447] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 474.867113] ? __mod_timer+0x271f/0x2d70 [ 474.871173] ? __msan_poison_alloca+0x1a0/0x270 [ 474.875859] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 474.880894] tcp_ack+0x91b2/0xa010 [ 474.885152] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 474.890641] tcp_rcv_established+0xf7e/0x2940 [ 474.895149] tcp_v6_do_rcv+0x9f8/0x21b0 [ 474.899141] ? tcp_v6_destroy_sock+0x60/0x60 [ 474.903543] __release_sock+0x32d/0x750 [ 474.907538] __sk_flush_backlog+0x52/0x70 [ 474.911690] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 474.915944] tcp_sendmsg_locked+0xd72/0x6c30 [ 474.920360] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 474.925739] tcp_sendmsg+0xb2/0x100 [ 474.929373] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 474.934035] inet_sendmsg+0x4e9/0x800 [ 474.937828] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 474.943194] ? security_socket_sendmsg+0x1bd/0x200 [ 474.948122] ? inet_getname+0x490/0x490 [ 474.952086] __sys_sendto+0x940/0xb80 [ 474.955898] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 474.961343] ? prepare_exit_to_usermode+0x182/0x4c0 [ 474.966360] __se_sys_sendto+0x107/0x130 [ 474.970432] __x64_sys_sendto+0x6e/0x90 [ 474.974403] do_syscall_64+0xcf/0x110 [ 474.978204] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 474.984099] RIP: 0033:0x457569 [ 474.987286] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 475.006175] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 475.013883] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 475.021142] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 475.028408] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 475.035669] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 475.042933] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 475.050426] Uninit was stored to memory at: [ 475.054748] kmsan_internal_chain_origin+0x136/0x240 [ 475.059841] __msan_chain_origin+0x6d/0xb0 [ 475.064066] __save_stack_trace+0x8be/0xc60 [ 475.068383] save_stack_trace+0xc6/0x110 [ 475.072436] kmsan_internal_chain_origin+0x136/0x240 [ 475.077531] kmsan_memcpy_origins+0x13d/0x190 [ 475.082022] __msan_memcpy+0x6f/0x80 [ 475.086449] pskb_expand_head+0x436/0x1d20 [ 475.090762] ___pskb_trim+0x3c9/0x1bf0 [ 475.094643] sk_filter_trim_cap+0x5ac/0xa60 [ 475.098960] tcp_filter+0x10c/0x260 [ 475.102576] tcp_v6_rcv+0x45ba/0x5df0 [ 475.106367] ip6_input_finish+0xb53/0x2450 [ 475.110590] ip6_input+0x29d/0x340 [ 475.114119] ip6_rcv_finish+0x4d2/0x710 [ 475.118168] ipv6_rcv+0x34b/0x3f0 [ 475.121623] process_backlog+0x82b/0x11e0 [ 475.125768] net_rx_action+0x98f/0x1d50 [ 475.129740] __do_softirq+0x721/0xc7f [ 475.133531] [ 475.135143] Uninit was stored to memory at: [ 475.139466] kmsan_internal_chain_origin+0x136/0x240 [ 475.144564] __msan_chain_origin+0x6d/0xb0 [ 475.148790] __save_stack_trace+0x8be/0xc60 [ 475.153101] save_stack_trace+0xc6/0x110 [ 475.157154] kmsan_internal_chain_origin+0x136/0x240 [ 475.162289] kmsan_memcpy_origins+0x13d/0x190 [ 475.166786] __msan_memcpy+0x6f/0x80 [ 475.170491] pskb_expand_head+0x436/0x1d20 [ 475.174732] ___pskb_trim+0x3c9/0x1bf0 [ 475.178625] sk_filter_trim_cap+0x5ac/0xa60 [ 475.183661] tcp_filter+0x10c/0x260 [ 475.187283] tcp_v6_rcv+0x45ba/0x5df0 [ 475.191072] ip6_input_finish+0xb53/0x2450 [ 475.195297] ip6_input+0x29d/0x340 [ 475.198828] ip6_rcv_finish+0x4d2/0x710 [ 475.202795] ipv6_rcv+0x34b/0x3f0 [ 475.206241] process_backlog+0x82b/0x11e0 [ 475.210380] net_rx_action+0x98f/0x1d50 [ 475.214351] __do_softirq+0x721/0xc7f [ 475.218602] [ 475.220216] Uninit was stored to memory at: [ 475.224536] kmsan_internal_chain_origin+0x136/0x240 [ 475.229628] __msan_chain_origin+0x6d/0xb0 [ 475.233853] __save_stack_trace+0x8be/0xc60 [ 475.238164] save_stack_trace+0xc6/0x110 [ 475.242223] kmsan_internal_chain_origin+0x136/0x240 [ 475.247316] kmsan_memcpy_origins+0x13d/0x190 [ 475.251822] __msan_memcpy+0x6f/0x80 [ 475.255561] pskb_expand_head+0x436/0x1d20 [ 475.259786] ___pskb_trim+0x3c9/0x1bf0 [ 475.263681] sk_filter_trim_cap+0x5ac/0xa60 [ 475.267993] tcp_filter+0x10c/0x260 [ 475.271618] tcp_v6_rcv+0x45ba/0x5df0 [ 475.275413] ip6_input_finish+0xb53/0x2450 [ 475.279637] ip6_input+0x29d/0x340 [ 475.283926] ip6_rcv_finish+0x4d2/0x710 [ 475.287897] ipv6_rcv+0x34b/0x3f0 [ 475.291347] process_backlog+0x82b/0x11e0 [ 475.295488] net_rx_action+0x98f/0x1d50 [ 475.299462] __do_softirq+0x721/0xc7f [ 475.303276] [ 475.304890] Uninit was stored to memory at: [ 475.309209] kmsan_internal_chain_origin+0x136/0x240 [ 475.314305] __msan_chain_origin+0x6d/0xb0 [ 475.318531] __save_stack_trace+0x8be/0xc60 [ 475.322848] save_stack_trace+0xc6/0x110 [ 475.326904] kmsan_internal_chain_origin+0x136/0x240 [ 475.331999] kmsan_memcpy_origins+0x13d/0x190 [ 475.336573] __msan_memcpy+0x6f/0x80 [ 475.340279] pskb_expand_head+0x436/0x1d20 [ 475.344506] ___pskb_trim+0x3c9/0x1bf0 [ 475.348387] sk_filter_trim_cap+0x5ac/0xa60 [ 475.352701] tcp_filter+0x10c/0x260 [ 475.356314] tcp_v6_rcv+0x45ba/0x5df0 [ 475.360103] ip6_input_finish+0xb53/0x2450 [ 475.364326] ip6_input+0x29d/0x340 [ 475.367855] ip6_rcv_finish+0x4d2/0x710 [ 475.371818] ipv6_rcv+0x34b/0x3f0 [ 475.375262] process_backlog+0x82b/0x11e0 [ 475.379403] net_rx_action+0x98f/0x1d50 [ 475.384103] __do_softirq+0x721/0xc7f [ 475.387887] [ 475.389501] Uninit was stored to memory at: [ 475.393823] kmsan_internal_chain_origin+0x136/0x240 [ 475.398917] __msan_chain_origin+0x6d/0xb0 [ 475.403144] __save_stack_trace+0x8be/0xc60 [ 475.407456] save_stack_trace+0xc6/0x110 [ 475.411508] kmsan_internal_chain_origin+0x136/0x240 [ 475.416602] kmsan_memcpy_origins+0x13d/0x190 [ 475.421087] __msan_memcpy+0x6f/0x80 [ 475.424795] pskb_expand_head+0x436/0x1d20 [ 475.429022] ___pskb_trim+0x3c9/0x1bf0 [ 475.432899] sk_filter_trim_cap+0x5ac/0xa60 [ 475.437211] tcp_filter+0x10c/0x260 [ 475.440823] tcp_v6_rcv+0x45ba/0x5df0 [ 475.444615] ip6_input_finish+0xb53/0x2450 [ 475.448848] ip6_input+0x29d/0x340 [ 475.452376] ip6_rcv_finish+0x4d2/0x710 [ 475.456360] ipv6_rcv+0x34b/0x3f0 [ 475.459807] process_backlog+0x82b/0x11e0 [ 475.463952] net_rx_action+0x98f/0x1d50 [ 475.467918] __do_softirq+0x721/0xc7f [ 475.471708] [ 475.473329] Uninit was stored to memory at: [ 475.477642] kmsan_internal_chain_origin+0x136/0x240 [ 475.483494] __msan_chain_origin+0x6d/0xb0 [ 475.487723] __save_stack_trace+0x8be/0xc60 [ 475.492037] save_stack_trace+0xc6/0x110 [ 475.496091] kmsan_internal_chain_origin+0x136/0x240 [ 475.501190] kmsan_memcpy_origins+0x13d/0x190 [ 475.505676] __msan_memcpy+0x6f/0x80 [ 475.509383] pskb_expand_head+0x436/0x1d20 [ 475.513607] ___pskb_trim+0x3c9/0x1bf0 [ 475.517490] sk_filter_trim_cap+0x5ac/0xa60 [ 475.521807] tcp_filter+0x10c/0x260 [ 475.525443] tcp_v6_rcv+0x45ba/0x5df0 [ 475.529231] ip6_input_finish+0xb53/0x2450 [ 475.533457] ip6_input+0x29d/0x340 [ 475.536985] ip6_rcv_finish+0x4d2/0x710 [ 475.540953] ipv6_rcv+0x34b/0x3f0 [ 475.544403] process_backlog+0x82b/0x11e0 [ 475.548544] net_rx_action+0x98f/0x1d50 [ 475.552506] __do_softirq+0x721/0xc7f [ 475.556292] [ 475.557908] Uninit was stored to memory at: [ 475.562220] kmsan_internal_chain_origin+0x136/0x240 [ 475.567317] __msan_chain_origin+0x6d/0xb0 [ 475.571544] __save_stack_trace+0x8be/0xc60 [ 475.575855] save_stack_trace+0xc6/0x110 [ 475.579908] kmsan_internal_chain_origin+0x136/0x240 [ 475.585753] kmsan_memcpy_origins+0x13d/0x190 [ 475.590239] __msan_memcpy+0x6f/0x80 [ 475.593950] pskb_expand_head+0x436/0x1d20 [ 475.598175] ___pskb_trim+0x3c9/0x1bf0 [ 475.602062] sk_filter_trim_cap+0x5ac/0xa60 [ 475.606377] tcp_filter+0x10c/0x260 [ 475.609995] tcp_v6_rcv+0x45ba/0x5df0 [ 475.613783] ip6_input_finish+0xb53/0x2450 [ 475.618010] ip6_input+0x29d/0x340 [ 475.621637] ip6_rcv_finish+0x4d2/0x710 [ 475.625610] ipv6_rcv+0x34b/0x3f0 [ 475.629058] process_backlog+0x82b/0x11e0 [ 475.633202] net_rx_action+0x98f/0x1d50 [ 475.637171] __do_softirq+0x721/0xc7f [ 475.640960] [ 475.642576] Local variable description: ----v.addr.i.i.i@should_fail [ 475.649047] Variable was created at: [ 475.652759] should_fail+0x14d/0x13c0 [ 475.656552] __should_failslab+0x278/0x2a0 03:46:35 executing program 5: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r1, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) [ 475.775451] FAULT_INJECTION: forcing a failure. [ 475.775451] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 475.787980] CPU: 0 PID: 12895 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 475.795394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.804833] Call Trace: [ 475.807509] dump_stack+0x32d/0x480 [ 475.811235] should_fail+0x11e5/0x13c0 [ 475.815230] __alloc_pages_nodemask+0x6f7/0x64d0 [ 475.820071] ? kmsan_set_origin+0x7f/0x100 [ 475.824380] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 475.829854] ? mntput_no_expire+0xa0/0x1860 [ 475.834298] ? lockref_put_or_lock+0x57a/0x6a0 [ 475.837878] not chained 450000 origins [ 475.838982] alloc_pages_current+0x55d/0x7d0 [ 475.847263] kmalloc_order_trace+0xd9/0x470 [ 475.851644] __kmalloc+0x4b2/0x4d0 [ 475.855240] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 475.860653] rw_copy_check_uvector+0x1a4/0x770 [ 475.865319] import_iovec+0x187/0x680 [ 475.869216] do_preadv+0x34d/0x5e0 [ 475.872844] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 475.878357] ? prepare_exit_to_usermode+0x182/0x4c0 [ 475.883743] __se_sys_preadv+0xc6/0xe0 [ 475.887689] __x64_sys_preadv+0x62/0x80 [ 475.891704] do_syscall_64+0xcf/0x110 [ 475.895553] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 475.900780] RIP: 0033:0x457569 [ 475.904010] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 475.922945] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 475.930696] RAX: ffffffffffffffda RBX: 00007f2d33e94c90 RCX: 0000000000457569 [ 475.937995] RDX: 0000000000000258 RSI: 0000000020000480 RDI: 0000000000000003 [ 475.945297] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 475.952601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 475.959902] R13: 00000000004c3384 R14: 00000000004d5100 R15: 0000000000000005 [ 475.967224] CPU: 1 PID: 12880 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 475.974527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.984629] Call Trace: [ 475.987232] dump_stack+0x32d/0x480 [ 475.990881] ? save_stack_trace+0xc6/0x110 [ 475.995232] kmsan_internal_chain_origin+0x222/0x240 [ 476.000376] ? kmsan_internal_chain_origin+0x136/0x240 [ 476.005667] ? __msan_chain_origin+0x6d/0xb0 [ 476.010088] ? __save_stack_trace+0x8be/0xc60 [ 476.014608] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 476.019981] ? __module_address+0x6a/0x5f0 [ 476.024231] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.028392] ? __release_sock+0x32d/0x750 [ 476.032549] ? is_bpf_text_address+0x3e5/0x4d0 [ 476.037129] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 476.042592] ? is_bpf_text_address+0x49e/0x4d0 [ 476.047174] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 476.052557] ? __module_address+0x6a/0x5f0 [ 476.056790] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 476.062149] ? is_bpf_text_address+0x49e/0x4d0 [ 476.066735] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 476.072187] ? in_task_stack+0x12c/0x210 [ 476.076265] __msan_chain_origin+0x6d/0xb0 [ 476.080505] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.086630] __save_stack_trace+0x8be/0xc60 [ 476.090966] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.096336] save_stack_trace+0xc6/0x110 [ 476.100399] kmsan_internal_chain_origin+0x136/0x240 [ 476.105494] ? __x64_sys_sendto+0x6e/0x90 [ 476.109642] ? kmsan_internal_chain_origin+0x136/0x240 [ 476.114911] ? kmsan_memcpy_origins+0x13d/0x190 [ 476.119838] ? __msan_memcpy+0x6f/0x80 [ 476.123726] ? pskb_expand_head+0x436/0x1d20 [ 476.128125] ? skb_shift+0xfc3/0x2d10 [ 476.131918] ? tcp_sacktag_walk+0x2156/0x29d0 [ 476.136427] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 476.141514] ? tcp_ack+0x2888/0xa010 [ 476.145221] ? tcp_rcv_established+0xf7e/0x2940 [ 476.149884] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.154024] ? __release_sock+0x32d/0x750 [ 476.158166] ? __sk_flush_backlog+0x52/0x70 [ 476.162488] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 476.167151] ? tcp_sendmsg+0xb2/0x100 [ 476.170955] ? inet_sendmsg+0x4e9/0x800 [ 476.174920] ? __sys_sendto+0x940/0xb80 [ 476.178891] ? __se_sys_sendto+0x107/0x130 [ 476.183844] ? __x64_sys_sendto+0x6e/0x90 [ 476.187990] ? do_syscall_64+0xcf/0x110 [ 476.191980] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.197355] ? __msan_get_context_state+0x9/0x20 [ 476.202102] ? INIT_INT+0xc/0x30 [ 476.205467] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 476.210833] kmsan_memcpy_origins+0x13d/0x190 [ 476.215342] __msan_memcpy+0x6f/0x80 [ 476.219053] pskb_expand_head+0x436/0x1d20 [ 476.223296] skb_shift+0xfc3/0x2d10 [ 476.226940] tcp_sacktag_walk+0x2156/0x29d0 [ 476.231276] tcp_sacktag_write_queue+0x2805/0x4630 [ 476.236239] tcp_ack+0x2888/0xa010 [ 476.239771] ? tcp_parse_options+0xbe/0x1cf0 [ 476.244173] ? tcp_validate_incoming+0x50b/0x29d0 [ 476.249026] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 476.254472] ? tcp_parse_options+0x1c55/0x1cf0 [ 476.259087] tcp_rcv_established+0xf7e/0x2940 [ 476.263597] tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.267578] ? tcp_v6_destroy_sock+0x60/0x60 [ 476.271981] __release_sock+0x32d/0x750 [ 476.275985] __sk_flush_backlog+0x52/0x70 [ 476.280127] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 476.285061] tcp_sendmsg_locked+0xd72/0x6c30 [ 476.289481] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 476.294888] tcp_sendmsg+0xb2/0x100 [ 476.298515] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 476.303189] inet_sendmsg+0x4e9/0x800 [ 476.306988] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 476.312345] ? security_socket_sendmsg+0x1bd/0x200 [ 476.317272] ? inet_getname+0x490/0x490 [ 476.321243] __sys_sendto+0x940/0xb80 [ 476.325055] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 476.330499] ? prepare_exit_to_usermode+0x182/0x4c0 [ 476.335515] __se_sys_sendto+0x107/0x130 [ 476.339584] __x64_sys_sendto+0x6e/0x90 [ 476.343555] do_syscall_64+0xcf/0x110 [ 476.347360] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.352544] RIP: 0033:0x457569 [ 476.355733] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 476.374626] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 476.382330] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 476.390347] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 476.397610] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 476.404883] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 476.412146] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 476.419415] Uninit was stored to memory at: [ 476.423743] kmsan_internal_chain_origin+0x136/0x240 [ 476.428839] __msan_chain_origin+0x6d/0xb0 [ 476.433065] __save_stack_trace+0x8be/0xc60 [ 476.437377] save_stack_trace+0xc6/0x110 [ 476.441434] kmsan_internal_chain_origin+0x136/0x240 [ 476.446532] kmsan_memcpy_origins+0x13d/0x190 [ 476.451016] __msan_memcpy+0x6f/0x80 [ 476.454722] pskb_expand_head+0x436/0x1d20 [ 476.459032] skb_shift+0xce2/0x2d10 [ 476.462653] tcp_sacktag_walk+0x2156/0x29d0 [ 476.466975] tcp_sacktag_write_queue+0x2805/0x4630 [ 476.471912] tcp_ack+0x2888/0xa010 [ 476.475445] tcp_rcv_established+0xf7e/0x2940 [ 476.479930] tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.484457] __release_sock+0x32d/0x750 [ 476.488422] __sk_flush_backlog+0x52/0x70 [ 476.492565] tcp_sendmsg_locked+0xd72/0x6c30 [ 476.496969] tcp_sendmsg+0xb2/0x100 [ 476.500590] inet_sendmsg+0x4e9/0x800 [ 476.504409] __sys_sendto+0x940/0xb80 [ 476.508215] __se_sys_sendto+0x107/0x130 [ 476.512279] __x64_sys_sendto+0x6e/0x90 [ 476.516245] do_syscall_64+0xcf/0x110 [ 476.520043] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.525219] [ 476.526835] Uninit was stored to memory at: [ 476.531162] kmsan_internal_chain_origin+0x136/0x240 [ 476.536263] __msan_chain_origin+0x6d/0xb0 [ 476.540492] __save_stack_trace+0x8be/0xc60 [ 476.544810] save_stack_trace+0xc6/0x110 [ 476.548862] kmsan_internal_chain_origin+0x136/0x240 [ 476.553956] kmsan_memcpy_origins+0x13d/0x190 [ 476.558455] __msan_memcpy+0x6f/0x80 [ 476.562186] pskb_expand_head+0x436/0x1d20 [ 476.566412] skb_shift+0xce2/0x2d10 [ 476.570034] tcp_sacktag_walk+0x2156/0x29d0 [ 476.574349] tcp_sacktag_write_queue+0x2805/0x4630 [ 476.579266] tcp_ack+0x2888/0xa010 [ 476.583492] tcp_rcv_established+0xf7e/0x2940 [ 476.587980] tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.591955] __release_sock+0x32d/0x750 [ 476.595919] __sk_flush_backlog+0x52/0x70 [ 476.600073] tcp_sendmsg_locked+0xd72/0x6c30 [ 476.604476] tcp_sendmsg+0xb2/0x100 [ 476.608095] inet_sendmsg+0x4e9/0x800 [ 476.611885] __sys_sendto+0x940/0xb80 [ 476.615673] __se_sys_sendto+0x107/0x130 [ 476.619729] __x64_sys_sendto+0x6e/0x90 [ 476.623696] do_syscall_64+0xcf/0x110 [ 476.627495] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.632673] [ 476.634293] Uninit was stored to memory at: [ 476.638607] kmsan_internal_chain_origin+0x136/0x240 [ 476.643719] __msan_chain_origin+0x6d/0xb0 [ 476.647947] __save_stack_trace+0x8be/0xc60 [ 476.652262] save_stack_trace+0xc6/0x110 [ 476.656318] kmsan_internal_chain_origin+0x136/0x240 [ 476.661429] kmsan_memcpy_origins+0x13d/0x190 [ 476.665916] __msan_memcpy+0x6f/0x80 [ 476.669627] pskb_expand_head+0x436/0x1d20 [ 476.673854] skb_shift+0xce2/0x2d10 [ 476.677472] tcp_sacktag_walk+0x2156/0x29d0 [ 476.681786] tcp_sacktag_write_queue+0x2805/0x4630 [ 476.687396] tcp_ack+0x2888/0xa010 [ 476.690926] tcp_rcv_established+0xf7e/0x2940 [ 476.695418] tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.699387] __release_sock+0x32d/0x750 [ 476.703349] __sk_flush_backlog+0x52/0x70 [ 476.707489] tcp_sendmsg_locked+0xd72/0x6c30 [ 476.711889] tcp_sendmsg+0xb2/0x100 [ 476.715506] inet_sendmsg+0x4e9/0x800 [ 476.719296] __sys_sendto+0x940/0xb80 [ 476.723087] __se_sys_sendto+0x107/0x130 [ 476.727141] __x64_sys_sendto+0x6e/0x90 [ 476.731103] do_syscall_64+0xcf/0x110 [ 476.734898] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.740071] [ 476.741688] Uninit was stored to memory at: [ 476.746009] kmsan_internal_chain_origin+0x136/0x240 [ 476.751106] __msan_chain_origin+0x6d/0xb0 [ 476.755334] __save_stack_trace+0x8be/0xc60 [ 476.759648] save_stack_trace+0xc6/0x110 [ 476.763702] kmsan_internal_chain_origin+0x136/0x240 [ 476.768800] kmsan_memcpy_origins+0x13d/0x190 [ 476.773289] __msan_memcpy+0x6f/0x80 [ 476.776996] pskb_expand_head+0x436/0x1d20 [ 476.781218] skb_shift+0xce2/0x2d10 [ 476.785570] tcp_sacktag_walk+0x2156/0x29d0 [ 476.789884] tcp_sacktag_write_queue+0x2805/0x4630 [ 476.794805] tcp_ack+0x2888/0xa010 [ 476.798334] tcp_rcv_established+0xf7e/0x2940 [ 476.802824] tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.806789] __release_sock+0x32d/0x750 [ 476.810756] __sk_flush_backlog+0x52/0x70 [ 476.814898] tcp_sendmsg_locked+0xd72/0x6c30 [ 476.819297] tcp_sendmsg+0xb2/0x100 [ 476.822918] inet_sendmsg+0x4e9/0x800 [ 476.826716] __sys_sendto+0x940/0xb80 [ 476.830523] __se_sys_sendto+0x107/0x130 [ 476.834575] __x64_sys_sendto+0x6e/0x90 [ 476.838556] do_syscall_64+0xcf/0x110 [ 476.842369] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.847542] [ 476.849157] Uninit was stored to memory at: [ 476.853478] kmsan_internal_chain_origin+0x136/0x240 [ 476.858571] __msan_chain_origin+0x6d/0xb0 [ 476.862810] __save_stack_trace+0x8be/0xc60 [ 476.867294] save_stack_trace+0xc6/0x110 [ 476.871358] kmsan_internal_chain_origin+0x136/0x240 [ 476.876453] kmsan_memcpy_origins+0x13d/0x190 [ 476.880944] __msan_memcpy+0x6f/0x80 [ 476.885401] pskb_expand_head+0x436/0x1d20 [ 476.889626] skb_shift+0xce2/0x2d10 [ 476.893248] tcp_sacktag_walk+0x2156/0x29d0 [ 476.897559] tcp_sacktag_write_queue+0x2805/0x4630 [ 476.902500] tcp_ack+0x2888/0xa010 [ 476.906033] tcp_rcv_established+0xf7e/0x2940 [ 476.910523] tcp_v6_do_rcv+0x9f8/0x21b0 [ 476.914486] __release_sock+0x32d/0x750 [ 476.918451] __sk_flush_backlog+0x52/0x70 [ 476.922590] tcp_sendmsg_locked+0xd72/0x6c30 [ 476.926988] tcp_sendmsg+0xb2/0x100 [ 476.930611] inet_sendmsg+0x4e9/0x800 [ 476.934403] __sys_sendto+0x940/0xb80 [ 476.938201] __se_sys_sendto+0x107/0x130 [ 476.942254] __x64_sys_sendto+0x6e/0x90 [ 476.946217] do_syscall_64+0xcf/0x110 [ 476.950009] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 476.955189] [ 476.956806] Uninit was stored to memory at: [ 476.961133] kmsan_internal_chain_origin+0x136/0x240 [ 476.966228] __msan_chain_origin+0x6d/0xb0 [ 476.970480] __save_stack_trace+0x8be/0xc60 [ 476.974801] save_stack_trace+0xc6/0x110 [ 476.978857] kmsan_internal_chain_origin+0x136/0x240 [ 476.984706] kmsan_memcpy_origins+0x13d/0x190 [ 476.989201] __msan_memcpy+0x6f/0x80 [ 476.992909] pskb_expand_head+0x436/0x1d20 [ 476.997147] skb_shift+0xce2/0x2d10 [ 477.000762] tcp_sacktag_walk+0x2156/0x29d0 [ 477.005075] tcp_sacktag_write_queue+0x2805/0x4630 [ 477.009993] tcp_ack+0x2888/0xa010 [ 477.013538] tcp_rcv_established+0xf7e/0x2940 [ 477.018029] tcp_v6_do_rcv+0x9f8/0x21b0 [ 477.021994] __release_sock+0x32d/0x750 [ 477.025967] __sk_flush_backlog+0x52/0x70 [ 477.030108] tcp_sendmsg_locked+0xd72/0x6c30 [ 477.034509] tcp_sendmsg+0xb2/0x100 [ 477.038132] inet_sendmsg+0x4e9/0x800 [ 477.041922] __sys_sendto+0x940/0xb80 [ 477.045716] __se_sys_sendto+0x107/0x130 [ 477.049768] __x64_sys_sendto+0x6e/0x90 [ 477.053981] do_syscall_64+0xcf/0x110 [ 477.057777] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 477.062959] [ 477.064573] Uninit was stored to memory at: [ 477.068891] kmsan_internal_chain_origin+0x136/0x240 [ 477.073989] __msan_chain_origin+0x6d/0xb0 [ 477.078218] __save_stack_trace+0x8be/0xc60 [ 477.083224] save_stack_trace+0xc6/0x110 [ 477.087275] kmsan_internal_chain_origin+0x136/0x240 [ 477.092374] kmsan_memcpy_origins+0x13d/0x190 [ 477.096859] __msan_memcpy+0x6f/0x80 [ 477.100568] pskb_expand_head+0x436/0x1d20 [ 477.104795] skb_shift+0xce2/0x2d10 [ 477.108412] tcp_sacktag_walk+0x2156/0x29d0 [ 477.112724] tcp_sacktag_write_queue+0x2805/0x4630 [ 477.117642] tcp_ack+0x2888/0xa010 [ 477.121174] tcp_rcv_established+0xf7e/0x2940 [ 477.125675] tcp_v6_do_rcv+0x9f8/0x21b0 [ 477.129642] __release_sock+0x32d/0x750 [ 477.133611] __sk_flush_backlog+0x52/0x70 [ 477.137750] tcp_sendmsg_locked+0xd72/0x6c30 [ 477.142153] tcp_sendmsg+0xb2/0x100 [ 477.145777] inet_sendmsg+0x4e9/0x800 [ 477.149694] __sys_sendto+0x940/0xb80 [ 477.153490] __se_sys_sendto+0x107/0x130 [ 477.157542] __x64_sys_sendto+0x6e/0x90 [ 477.161512] do_syscall_64+0xcf/0x110 [ 477.165308] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 477.170484] [ 477.172101] Local variable description: ----old.addr.i.i.i@should_fail [ 477.178747] Variable was created at: [ 477.183194] should_fail+0x123/0x13c0 [ 477.186995] __should_failslab+0x278/0x2a0 03:46:37 executing program 0 (fault-call:4 fault-nth:1): preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:37 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 477.492533] FAULT_INJECTION: forcing a failure. [ 477.492533] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 477.504402] CPU: 1 PID: 12908 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 477.511675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.521030] Call Trace: [ 477.523637] dump_stack+0x32d/0x480 [ 477.527289] should_fail+0x11e5/0x13c0 [ 477.531214] ? INIT_INT+0xc/0x30 [ 477.534592] ? __msan_memset+0x29/0xd0 03:46:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 477.538495] __alloc_pages_nodemask+0x6f7/0x64d0 [ 477.543279] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 477.548750] ? __save_stack_trace+0x9f2/0xc60 [ 477.553265] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 477.558649] ? __wake_up_common+0x126/0xa20 [ 477.563000] ? __msan_poison_alloca+0x1e0/0x270 [ 477.567690] ? __inc_numa_state+0x96/0x4a0 [ 477.571950] ? zone_statistics+0x26b/0x2f0 [ 477.576316] ? __inc_numa_state+0xec/0x4a0 [ 477.580589] kmsan_internal_alloc_meta_for_pages+0x9d/0x740 [ 477.587078] ? kmsan_internal_unpoison_shadow+0x83/0xd0 03:46:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 477.592467] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 477.597941] ? prep_compound_page+0x49b/0x570 [ 477.602464] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 477.607951] ? get_page_from_freelist+0x1617/0x1c90 [ 477.613021] kmsan_alloc_page+0x77/0xc0 [ 477.617020] __alloc_pages_nodemask+0x12ac/0x64d0 [ 477.621888] ? kmsan_set_origin+0x7f/0x100 [ 477.626142] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 477.631537] ? mntput_no_expire+0xa0/0x1860 [ 477.635892] ? lockref_put_or_lock+0x57a/0x6a0 [ 477.640524] alloc_pages_current+0x55d/0x7d0 [ 477.644969] kmalloc_order_trace+0xd9/0x470 [ 477.649322] __kmalloc+0x4b2/0x4d0 [ 477.652885] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 477.658271] rw_copy_check_uvector+0x1a4/0x770 [ 477.662888] import_iovec+0x187/0x680 [ 477.666724] do_preadv+0x34d/0x5e0 [ 477.670303] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 477.675772] ? prepare_exit_to_usermode+0x182/0x4c0 [ 477.680856] __se_sys_preadv+0xc6/0xe0 [ 477.685528] __x64_sys_preadv+0x62/0x80 [ 477.689516] do_syscall_64+0xcf/0x110 [ 477.693340] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 477.698544] RIP: 0033:0x457569 [ 477.701754] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 477.720661] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 477.728392] RAX: ffffffffffffffda RBX: 00007f2d33e94c90 RCX: 0000000000457569 [ 477.735673] RDX: 0000000000000258 RSI: 0000000020000480 RDI: 0000000000000003 [ 477.742959] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 477.750245] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 477.757539] R13: 00000000004c3384 R14: 00000000004d5100 R15: 0000000000000005 [ 477.852363] print_req_error: 361 callbacks suppressed [ 477.852392] print_req_error: I/O error, dev loop3, sector 0 [ 477.863739] buffer_io_error: 361 callbacks suppressed [ 477.863765] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 477.876906] print_req_error: I/O error, dev loop3, sector 8 [ 477.883592] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 477.891380] print_req_error: I/O error, dev loop3, sector 16 03:46:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 477.897449] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 477.905353] print_req_error: I/O error, dev loop3, sector 24 [ 477.911224] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 477.919116] print_req_error: I/O error, dev loop3, sector 32 [ 477.925071] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 477.933004] print_req_error: I/O error, dev loop3, sector 40 [ 477.938868] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 477.946757] print_req_error: I/O error, dev loop3, sector 48 [ 477.952719] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 477.960476] print_req_error: I/O error, dev loop3, sector 56 [ 477.966468] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 477.974353] print_req_error: I/O error, dev loop3, sector 64 [ 477.980223] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 477.988850] print_req_error: I/O error, dev loop3, sector 72 [ 477.994797] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:38 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:38 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 478.348072] not chained 460000 origins [ 478.352015] CPU: 1 PID: 12931 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 478.359292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.368648] Call Trace: [ 478.371231] [ 478.373397] dump_stack+0x32d/0x480 [ 478.377046] kmsan_internal_chain_origin+0x222/0x240 [ 478.382166] ? native_sched_clock+0x166/0x230 [ 478.387428] ? __msan_poison_alloca+0x1e0/0x270 [ 478.392133] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 478.397527] ? __module_address+0x6a/0x5f0 [ 478.401796] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 478.407172] ? is_bpf_text_address+0x49e/0x4d0 [ 478.411777] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 478.417257] __msan_chain_origin+0x6d/0xb0 [ 478.421499] ? tcp_v6_rcv+0x45ba/0x5df0 [ 478.425481] __save_stack_trace+0x8be/0xc60 [ 478.429833] ? tcp_v6_rcv+0x45ba/0x5df0 [ 478.433823] save_stack_trace+0xc6/0x110 [ 478.437920] kmsan_internal_chain_origin+0x136/0x240 [ 478.443045] ? local_bh_enable+0x36/0x40 [ 478.447127] ? __sk_flush_backlog+0x52/0x70 [ 478.451467] ? kmsan_internal_chain_origin+0x136/0x240 [ 478.456760] ? kmsan_memcpy_origins+0x13d/0x190 [ 478.461438] ? __msan_memcpy+0x6f/0x80 [ 478.465341] ? pskb_expand_head+0x436/0x1d20 [ 478.469767] ? ___pskb_trim+0x3c9/0x1bf0 [ 478.473838] ? sk_filter_trim_cap+0x5ac/0xa60 [ 478.478343] ? tcp_filter+0x10c/0x260 [ 478.482155] ? tcp_v6_rcv+0x45ba/0x5df0 [ 478.486891] ? ip6_input_finish+0xb53/0x2450 [ 478.491316] ? ip6_input+0x29d/0x340 [ 478.495042] ? ip6_rcv_finish+0x4d2/0x710 [ 478.499204] ? ipv6_rcv+0x34b/0x3f0 [ 478.502845] ? process_backlog+0x82b/0x11e0 [ 478.507205] ? net_rx_action+0x98f/0x1d50 [ 478.511370] ? __do_softirq+0x721/0xc7f [ 478.515357] ? do_softirq_own_stack+0x49/0x80 [ 478.519875] ? __local_bh_enable_ip+0x228/0x260 [ 478.524555] ? local_bh_enable+0x36/0x40 [ 478.528629] ? ip6_finish_output2+0x1b1a/0x22d0 [ 478.533324] ? ip6_finish_output+0xc13/0xca0 [ 478.537748] ? ip6_output+0x5e4/0x720 [ 478.541562] ? ip6_xmit+0x216d/0x26a0 [ 478.545375] ? inet6_csk_xmit+0x3e0/0x4f0 [ 478.549529] ? __tcp_transmit_skb+0x425c/0x5e00 [ 478.554213] ? tcp_write_xmit+0x389a/0xacc0 [ 478.558543] ? __tcp_push_pending_frames+0x124/0x4e0 [ 478.563661] ? tcp_data_snd_check+0x1ec/0x1080 [ 478.568258] ? tcp_rcv_established+0x1bb2/0x2940 [ 478.573032] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 478.577199] ? __release_sock+0x32d/0x750 [ 478.581359] ? __sk_flush_backlog+0x52/0x70 [ 478.586383] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 478.590978] ? tcp_sendmsg+0xb2/0x100 [ 478.594792] ? inet_sendmsg+0x4e9/0x800 [ 478.598782] ? __sys_sendto+0x940/0xb80 [ 478.602774] ? __se_sys_sendto+0x107/0x130 [ 478.605495] FAULT_INJECTION: forcing a failure. [ 478.605495] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 478.607053] ? __x64_sys_sendto+0x6e/0x90 [ 478.623060] ? do_syscall_64+0xcf/0x110 [ 478.627041] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 478.632415] ? __msan_get_context_state+0x9/0x20 [ 478.637174] ? INIT_INT+0xc/0x30 [ 478.640563] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 478.645948] kmsan_memcpy_origins+0x13d/0x190 [ 478.650451] __msan_memcpy+0x6f/0x80 [ 478.654171] pskb_expand_head+0x436/0x1d20 [ 478.658434] ___pskb_trim+0x3c9/0x1bf0 [ 478.662346] sk_filter_trim_cap+0x5ac/0xa60 [ 478.666681] tcp_filter+0x10c/0x260 [ 478.670319] tcp_v6_rcv+0x45ba/0x5df0 [ 478.674123] ? __msan_poison_alloca+0x1e0/0x270 [ 478.678831] ? tcp_v6_early_demux+0xc80/0xc80 [ 478.684025] ? tcp_v6_early_demux+0xc80/0xc80 [ 478.688524] ip6_input_finish+0xb53/0x2450 [ 478.692804] ? ip6_input_finish+0x13e1/0x2450 [ 478.697319] ip6_input+0x29d/0x340 [ 478.700867] ? ip6_input+0x340/0x340 [ 478.704586] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 478.708995] ip6_rcv_finish+0x4d2/0x710 [ 478.712978] ipv6_rcv+0x34b/0x3f0 [ 478.716555] ? dst_hold+0x5e0/0x5e0 [ 478.720210] process_backlog+0x82b/0x11e0 [ 478.724364] ? __msan_poison_alloca+0x1e0/0x270 [ 478.729040] ? ip6_rcv_finish+0x710/0x710 [ 478.733213] ? rps_trigger_softirq+0x2e0/0x2e0 [ 478.737796] net_rx_action+0x98f/0x1d50 [ 478.741796] ? net_tx_action+0xf20/0xf20 [ 478.745859] __do_softirq+0x721/0xc7f [ 478.749678] do_softirq_own_stack+0x49/0x80 [ 478.753991] [ 478.756228] __local_bh_enable_ip+0x228/0x260 [ 478.760729] local_bh_enable+0x36/0x40 [ 478.764621] ip6_finish_output2+0x1b1a/0x22d0 [ 478.769134] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 478.774496] ? ip6_mtu+0x289/0x330 [ 478.778040] ip6_finish_output+0xc13/0xca0 [ 478.782295] ip6_output+0x5e4/0x720 [ 478.786632] ? ip6_output+0x720/0x720 [ 478.790437] ? ac6_seq_show+0x200/0x200 [ 478.794412] ip6_xmit+0x216d/0x26a0 [ 478.798066] ? ip6_xmit+0x26a0/0x26a0 [ 478.801869] inet6_csk_xmit+0x3e0/0x4f0 [ 478.805861] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 478.810814] __tcp_transmit_skb+0x425c/0x5e00 [ 478.815342] tcp_write_xmit+0x389a/0xacc0 [ 478.819550] __tcp_push_pending_frames+0x124/0x4e0 [ 478.824503] tcp_data_snd_check+0x1ec/0x1080 [ 478.828922] tcp_rcv_established+0x1bb2/0x2940 [ 478.833534] tcp_v6_do_rcv+0x9f8/0x21b0 [ 478.837528] ? tcp_v6_destroy_sock+0x60/0x60 [ 478.841946] __release_sock+0x32d/0x750 [ 478.845941] __sk_flush_backlog+0x52/0x70 [ 478.850091] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 478.854328] tcp_sendmsg_locked+0xd72/0x6c30 [ 478.858759] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 478.864159] tcp_sendmsg+0xb2/0x100 [ 478.867799] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 478.872469] inet_sendmsg+0x4e9/0x800 [ 478.876290] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 478.881657] ? security_socket_sendmsg+0x1bd/0x200 [ 478.887106] ? inet_getname+0x490/0x490 [ 478.891168] __sys_sendto+0x940/0xb80 [ 478.895003] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 478.900454] ? prepare_exit_to_usermode+0x182/0x4c0 [ 478.905478] __se_sys_sendto+0x107/0x130 [ 478.909548] __x64_sys_sendto+0x6e/0x90 [ 478.913521] do_syscall_64+0xcf/0x110 [ 478.917332] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 478.922607] RIP: 0033:0x457569 [ 478.925804] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 478.944706] RSP: 002b:00007f66e0f8bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 478.952412] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 478.959679] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 478.966951] RBP: 000000000072bfa0 R08: 0000000020000080 R09: 000000000000001c [ 478.974219] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0f8c6d4 [ 478.981485] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 478.989316] Uninit was stored to memory at: [ 478.989328] CPU: 0 PID: 12938 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 478.989341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.993653] kmsan_internal_chain_origin+0x136/0x240 [ 479.000903] Call Trace: [ 479.010260] __msan_chain_origin+0x6d/0xb0 [ 479.015346] dump_stack+0x32d/0x480 [ 479.017911] __save_stack_trace+0x8be/0xc60 [ 479.022145] should_fail+0x11e5/0x13c0 [ 479.025741] save_stack_trace+0xc6/0x110 [ 479.030055] ? __msan_memset+0x29/0xd0 [ 479.033922] kmsan_internal_chain_origin+0x136/0x240 [ 479.037971] __alloc_pages_nodemask+0x6f7/0x64d0 [ 479.041839] kmsan_memcpy_origins+0x13d/0x190 [ 479.046927] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 479.051883] __msan_memcpy+0x6f/0x80 [ 479.056379] ? __save_stack_trace+0x9f2/0xc60 [ 479.061927] pskb_expand_head+0x436/0x1d20 [ 479.065624] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 479.070108] ___pskb_trim+0x3c9/0x1bf0 [ 479.074325] ? __wake_up_common+0x126/0xa20 [ 479.079682] sk_filter_trim_cap+0x5ac/0xa60 [ 479.083890] ? __inc_numa_state+0x96/0x4a0 [ 479.088191] tcp_filter+0x10c/0x260 [ 479.092516] kmsan_internal_alloc_meta_for_pages+0x109/0x740 [ 479.096712] tcp_v6_rcv+0x45ba/0x5df0 [ 479.100331] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 479.106106] ip6_input_finish+0xb53/0x2450 [ 479.109901] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 479.115238] ip6_input+0x29d/0x340 [ 479.119460] ? prep_compound_page+0x49b/0x570 [ 479.124890] ip6_rcv_finish+0x4d2/0x710 [ 479.128423] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 479.132895] ipv6_rcv+0x34b/0x3f0 [ 479.136851] ? get_page_from_freelist+0x1617/0x1c90 [ 479.142297] process_backlog+0x82b/0x11e0 [ 479.145752] kmsan_alloc_page+0x77/0xc0 [ 479.150735] net_rx_action+0x98f/0x1d50 [ 479.154870] __alloc_pages_nodemask+0x12ac/0x64d0 [ 479.158826] __do_softirq+0x721/0xc7f [ 479.162791] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 479.167609] [ 479.171401] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 479.176745] kmsan_internal_chain_origin+0x136/0x240 [ 479.178362] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 479.184194] __msan_chain_origin+0x6d/0xb0 [ 479.189276] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 479.194622] __save_stack_trace+0x8be/0xc60 [ 479.198855] ? update_cfs_rq_load_avg+0x5e1/0xa10 [ 479.203924] save_stack_trace+0xc6/0x110 [ 479.208246] alloc_pages_current+0x55d/0x7d0 [ 479.213054] kmsan_internal_chain_origin+0x136/0x240 [ 479.217104] kmalloc_order_trace+0xd9/0x470 [ 479.222002] kmsan_memcpy_origins+0x13d/0x190 [ 479.227096] __kmalloc+0x4b2/0x4d0 [ 479.231412] __msan_memcpy+0x6f/0x80 [ 479.235892] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 479.239418] pskb_expand_head+0x436/0x1d20 [ 479.243116] rw_copy_check_uvector+0x1a4/0x770 [ 479.248459] ___pskb_trim+0x3c9/0x1bf0 [ 479.252704] import_iovec+0x187/0x680 [ 479.257252] sk_filter_trim_cap+0x5ac/0xa60 [ 479.257271] tcp_filter+0x10c/0x260 [ 479.261154] do_preadv+0x34d/0x5e0 [ 479.264924] tcp_v6_rcv+0x45ba/0x5df0 [ 479.269243] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 479.272836] ip6_input_finish+0xb53/0x2450 [ 479.276359] ? prepare_exit_to_usermode+0x182/0x4c0 [ 479.280140] ip6_input+0x29d/0x340 [ 479.285884] __se_sys_preadv+0xc6/0xe0 [ 479.290096] ip6_rcv_finish+0x4d2/0x710 [ 479.295102] __x64_sys_preadv+0x62/0x80 [ 479.298616] ipv6_rcv+0x34b/0x3f0 [ 479.302489] do_syscall_64+0xcf/0x110 [ 479.306447] process_backlog+0x82b/0x11e0 [ 479.310417] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 479.313848] net_rx_action+0x98f/0x1d50 [ 479.317631] RIP: 0033:0x457569 [ 479.321764] __do_softirq+0x721/0xc7f [ 479.326934] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.330883] [ 479.334060] RSP: 002b:00007f2d33e94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 479.337853] kmsan_internal_chain_origin+0x136/0x240 [ 479.356733] RAX: ffffffffffffffda RBX: 00007f2d33e94c90 RCX: 0000000000457569 [ 479.358350] __msan_chain_origin+0x6d/0xb0 [ 479.366055] RDX: 0000000000000258 RSI: 0000000020000480 RDI: 0000000000000003 [ 479.371144] __save_stack_trace+0x8be/0xc60 [ 479.378486] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 03:46:38 executing program 0 (fault-call:4 fault-nth:2): preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 479.383421] save_stack_trace+0xc6/0x110 [ 479.390676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d33e956d4 [ 479.394998] kmsan_internal_chain_origin+0x136/0x240 [ 479.402259] R13: 00000000004c3384 R14: 00000000004d5100 R15: 0000000000000005 [ 479.406306] kmsan_memcpy_origins+0x13d/0x190 [ 479.430396] __msan_memcpy+0x6f/0x80 [ 479.434121] pskb_expand_head+0x436/0x1d20 [ 479.438369] ___pskb_trim+0x3c9/0x1bf0 [ 479.442269] sk_filter_trim_cap+0x5ac/0xa60 [ 479.446619] tcp_filter+0x10c/0x260 [ 479.450255] tcp_v6_rcv+0x45ba/0x5df0 [ 479.454062] ip6_input_finish+0xb53/0x2450 [ 479.458306] ip6_input+0x29d/0x340 [ 479.461855] ip6_rcv_finish+0x4d2/0x710 [ 479.465844] ipv6_rcv+0x34b/0x3f0 [ 479.469316] process_backlog+0x82b/0x11e0 [ 479.473478] net_rx_action+0x98f/0x1d50 [ 479.477476] __do_softirq+0x721/0xc7f [ 479.481284] [ 479.483676] Uninit was stored to memory at: [ 479.488008] kmsan_internal_chain_origin+0x136/0x240 [ 479.493119] __msan_chain_origin+0x6d/0xb0 [ 479.497371] __save_stack_trace+0x8be/0xc60 [ 479.501706] save_stack_trace+0xc6/0x110 [ 479.505785] kmsan_internal_chain_origin+0x136/0x240 [ 479.510899] kmsan_memcpy_origins+0x13d/0x190 [ 479.515410] __msan_memcpy+0x6f/0x80 [ 479.519139] pskb_expand_head+0x436/0x1d20 [ 479.523393] ___pskb_trim+0x3c9/0x1bf0 [ 479.527295] sk_filter_trim_cap+0x5ac/0xa60 [ 479.531728] tcp_filter+0x10c/0x260 [ 479.535366] tcp_v6_rcv+0x45ba/0x5df0 [ 479.539173] ip6_input_finish+0xb53/0x2450 [ 479.543513] ip6_input+0x29d/0x340 [ 479.547061] ip6_rcv_finish+0x4d2/0x710 [ 479.551047] ipv6_rcv+0x34b/0x3f0 [ 479.554509] process_backlog+0x82b/0x11e0 [ 479.558690] net_rx_action+0x98f/0x1d50 [ 479.562699] __do_softirq+0x721/0xc7f [ 479.566498] [ 479.568126] Uninit was stored to memory at: [ 479.572461] kmsan_internal_chain_origin+0x136/0x240 [ 479.577574] __msan_chain_origin+0x6d/0xb0 [ 479.581826] __save_stack_trace+0x8be/0xc60 [ 479.586899] save_stack_trace+0xc6/0x110 [ 479.590976] kmsan_internal_chain_origin+0x136/0x240 [ 479.596090] kmsan_memcpy_origins+0x13d/0x190 [ 479.600596] __msan_memcpy+0x6f/0x80 [ 479.604317] pskb_expand_head+0x436/0x1d20 [ 479.608564] ___pskb_trim+0x3c9/0x1bf0 [ 479.612457] sk_filter_trim_cap+0x5ac/0xa60 [ 479.616789] tcp_filter+0x10c/0x260 [ 479.620425] tcp_v6_rcv+0x45ba/0x5df0 [ 479.624232] ip6_input_finish+0xb53/0x2450 [ 479.628476] ip6_input+0x29d/0x340 [ 479.632021] ip6_rcv_finish+0x4d2/0x710 [ 479.635997] ipv6_rcv+0x34b/0x3f0 [ 479.639460] process_backlog+0x82b/0x11e0 [ 479.643620] net_rx_action+0x98f/0x1d50 [ 479.647600] __do_softirq+0x721/0xc7f [ 479.651398] [ 479.653026] Uninit was stored to memory at: [ 479.657358] kmsan_internal_chain_origin+0x136/0x240 [ 479.662484] __msan_chain_origin+0x6d/0xb0 [ 479.666732] __save_stack_trace+0x8be/0xc60 [ 479.671068] save_stack_trace+0xc6/0x110 [ 479.675142] kmsan_internal_chain_origin+0x136/0x240 [ 479.680257] kmsan_memcpy_origins+0x13d/0x190 [ 479.685515] __msan_memcpy+0x6f/0x80 [ 479.689243] pskb_expand_head+0x436/0x1d20 [ 479.693496] ___pskb_trim+0x3c9/0x1bf0 [ 479.697399] sk_filter_trim_cap+0x5ac/0xa60 [ 479.701736] tcp_filter+0x10c/0x260 [ 479.705395] tcp_v6_rcv+0x45ba/0x5df0 [ 479.709227] ip6_input_finish+0xb53/0x2450 [ 479.713471] ip6_input+0x29d/0x340 [ 479.717021] ip6_rcv_finish+0x4d2/0x710 [ 479.721008] ipv6_rcv+0x34b/0x3f0 [ 479.724488] process_backlog+0x82b/0x11e0 [ 479.728646] net_rx_action+0x98f/0x1d50 [ 479.732630] __do_softirq+0x721/0xc7f [ 479.736426] [ 479.738056] Uninit was stored to memory at: [ 479.742394] kmsan_internal_chain_origin+0x136/0x240 [ 479.747509] __msan_chain_origin+0x6d/0xb0 [ 479.751750] __save_stack_trace+0x8be/0xc60 [ 479.756078] save_stack_trace+0xc6/0x110 [ 479.760149] kmsan_internal_chain_origin+0x136/0x240 [ 479.765274] kmsan_memcpy_origins+0x13d/0x190 [ 479.769787] __msan_memcpy+0x6f/0x80 [ 479.773513] pskb_expand_head+0x436/0x1d20 [ 479.777757] ___pskb_trim+0x3c9/0x1bf0 [ 479.781658] sk_filter_trim_cap+0x5ac/0xa60 [ 479.786716] tcp_filter+0x10c/0x260 [ 479.790350] tcp_v6_rcv+0x45ba/0x5df0 [ 479.794158] ip6_input_finish+0xb53/0x2450 [ 479.798406] ip6_input+0x29d/0x340 03:46:39 executing program 5: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r1, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 479.801958] ip6_rcv_finish+0x4d2/0x710 [ 479.805940] ipv6_rcv+0x34b/0x3f0 [ 479.809401] process_backlog+0x82b/0x11e0 [ 479.813561] net_rx_action+0x98f/0x1d50 [ 479.817558] __do_softirq+0x721/0xc7f [ 479.821352] [ 479.822983] Local variable description: ----v.addr.i.i.i@should_fail [ 479.829490] Variable was created at: [ 479.833220] should_fail+0x14d/0x13c0 [ 479.837027] __should_failslab+0x278/0x2a0 03:46:40 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:40 executing program 0 (fault-call:4 fault-nth:3): preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r2 = accept$alg(r0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:40 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, {0x100000001, 0x8, 0x8, 0x58, 0x80000000, 0x8000}, 0xb3}, 0xa) 03:46:40 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 480.424509] not chained 470000 origins [ 480.428462] CPU: 1 PID: 12968 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 480.435748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 480.445107] Call Trace: [ 480.447692] [ 480.449857] dump_stack+0x32d/0x480 [ 480.453593] ? save_stack_trace+0xc6/0x110 [ 480.457851] kmsan_internal_chain_origin+0x222/0x240 [ 480.462986] ? kmsan_internal_chain_origin+0x136/0x240 [ 480.468274] ? __msan_chain_origin+0x6d/0xb0 [ 480.472702] ? __save_stack_trace+0x8be/0xc60 [ 480.477216] ? save_stack_trace+0xc6/0x110 [ 480.481555] ? kmsan_internal_chain_origin+0x136/0x240 [ 480.487587] ? kmsan_memcpy_origins+0x13d/0x190 [ 480.492284] ? __msan_memcpy+0x6f/0x80 [ 480.496222] ? pskb_expand_head+0x436/0x1d20 [ 480.500644] ? ___pskb_trim+0x3c9/0x1bf0 [ 480.504719] ? sk_filter_trim_cap+0x5ac/0xa60 [ 480.509247] ? tcp_filter+0x10c/0x260 [ 480.513055] ? tcp_v6_rcv+0x45ba/0x5df0 [ 480.517044] ? ip6_input_finish+0xb53/0x2450 [ 480.521464] ? ip6_input+0x29d/0x340 [ 480.525214] ? ip6_rcv_finish+0x4d2/0x710 [ 480.529367] ? ipv6_rcv+0x34b/0x3f0 [ 480.533006] ? process_backlog+0x82b/0x11e0 [ 480.537346] ? net_rx_action+0x98f/0x1d50 [ 480.541503] ? __do_softirq+0x721/0xc7f [ 480.545491] ? do_softirq_own_stack+0x49/0x80 [ 480.549999] ? __local_bh_enable_ip+0x228/0x260 [ 480.554679] ? local_bh_enable+0x36/0x40 [ 480.558748] ? ip6_finish_output2+0x1b1a/0x22d0 [ 480.563443] ? ip6_finish_output+0xc13/0xca0 [ 480.567865] ? ip6_output+0x5e4/0x720 [ 480.571695] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 480.577071] ? __module_address+0x6a/0x5f0 [ 480.581330] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 480.587514] ? in_task_stack+0x12c/0x210 [ 480.591597] ? get_stack_info+0x206/0x220 [ 480.595769] __msan_chain_origin+0x6d/0xb0 [ 480.600019] ? __sys_sendto+0x940/0xb80 [ 480.604009] __save_stack_trace+0x8be/0xc60 [ 480.608366] ? __sys_sendto+0x940/0xb80 [ 480.612361] save_stack_trace+0xc6/0x110 [ 480.616439] kmsan_internal_chain_origin+0x136/0x240 [ 480.621552] ? local_bh_enable+0x36/0x40 [ 480.625628] ? __se_sys_sendto+0x107/0x130 [ 480.629872] ? kmsan_internal_chain_origin+0x136/0x240 [ 480.635161] ? kmsan_memcpy_origins+0x13d/0x190 [ 480.639851] ? __msan_memcpy+0x6f/0x80 [ 480.643751] ? pskb_expand_head+0x436/0x1d20 [ 480.648173] ? ___pskb_trim+0x3c9/0x1bf0 [ 480.652258] ? sk_filter_trim_cap+0x5ac/0xa60 [ 480.656763] ? tcp_filter+0x10c/0x260 [ 480.660571] ? tcp_v6_rcv+0x45ba/0x5df0 [ 480.664558] ? ip6_input_finish+0xb53/0x2450 [ 480.668986] ? ip6_input+0x29d/0x340 [ 480.672710] ? ip6_rcv_finish+0x4d2/0x710 [ 480.676862] ? ipv6_rcv+0x34b/0x3f0 [ 480.680502] ? process_backlog+0x82b/0x11e0 [ 480.685600] ? net_rx_action+0x98f/0x1d50 [ 480.689760] ? __do_softirq+0x721/0xc7f [ 480.693750] ? do_softirq_own_stack+0x49/0x80 [ 480.698263] ? __local_bh_enable_ip+0x228/0x260 [ 480.702948] ? local_bh_enable+0x36/0x40 [ 480.707023] ? ip6_finish_output2+0x1b1a/0x22d0 [ 480.711708] ? ip6_finish_output+0xc13/0xca0 [ 480.716139] ? ip6_output+0x5e4/0x720 [ 480.719965] ? ip6_xmit+0x216d/0x26a0 [ 480.723778] ? inet6_csk_xmit+0x3e0/0x4f0 [ 480.727940] ? __tcp_transmit_skb+0x425c/0x5e00 [ 480.732620] ? tcp_write_xmit+0x389a/0xacc0 [ 480.736959] ? __tcp_push_pending_frames+0x124/0x4e0 [ 480.742074] ? tcp_sendmsg_locked+0x44bf/0x6c30 [ 480.746756] ? tcp_sendmsg+0xb2/0x100 [ 480.750566] ? inet_sendmsg+0x4e9/0x800 [ 480.754550] ? __sys_sendto+0x940/0xb80 [ 480.758535] ? __se_sys_sendto+0x107/0x130 [ 480.762777] ? __x64_sys_sendto+0x6e/0x90 [ 480.766932] ? do_syscall_64+0xcf/0x110 [ 480.770922] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 480.776316] ? __msan_get_context_state+0x9/0x20 [ 480.781085] ? INIT_INT+0xc/0x30 [ 480.785161] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 480.790559] kmsan_memcpy_origins+0x13d/0x190 [ 480.795073] __msan_memcpy+0x6f/0x80 [ 480.798801] pskb_expand_head+0x436/0x1d20 [ 480.803073] ___pskb_trim+0x3c9/0x1bf0 [ 480.806999] sk_filter_trim_cap+0x5ac/0xa60 [ 480.811347] tcp_filter+0x10c/0x260 [ 480.815000] tcp_v6_rcv+0x45ba/0x5df0 [ 480.818820] ? __msan_poison_alloca+0x1e0/0x270 03:46:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 480.823542] ? tcp_v6_early_demux+0xc80/0xc80 [ 480.828050] ? tcp_v6_early_demux+0xc80/0xc80 [ 480.832563] ip6_input_finish+0xb53/0x2450 [ 480.836834] ? ip6_input_finish+0x13e1/0x2450 [ 480.841349] ip6_input+0x29d/0x340 [ 480.844913] ? ip6_input+0x340/0x340 [ 480.848644] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 480.853065] ip6_rcv_finish+0x4d2/0x710 [ 480.857060] ipv6_rcv+0x34b/0x3f0 [ 480.860527] ? dst_hold+0x5e0/0x5e0 [ 480.864171] process_backlog+0x82b/0x11e0 [ 480.868351] ? __msan_poison_alloca+0x1e0/0x270 03:46:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 480.873037] ? ip6_rcv_finish+0x710/0x710 [ 480.877220] ? rps_trigger_softirq+0x2e0/0x2e0 [ 480.881821] net_rx_action+0x98f/0x1d50 [ 480.886558] ? net_tx_action+0xf20/0xf20 [ 480.890630] __do_softirq+0x721/0xc7f [ 480.894460] do_softirq_own_stack+0x49/0x80 [ 480.898788] [ 480.901038] __local_bh_enable_ip+0x228/0x260 [ 480.905554] local_bh_enable+0x36/0x40 [ 480.909454] ip6_finish_output2+0x1b1a/0x22d0 [ 480.913992] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 480.919369] ? ip6_mtu+0x289/0x330 [ 480.922932] ip6_finish_output+0xc13/0xca0 03:46:41 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000000040), 0x1000000000000229, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 480.927205] ip6_output+0x5e4/0x720 [ 480.930858] ? ip6_output+0x720/0x720 [ 480.934674] ? ac6_seq_show+0x200/0x200 [ 480.938751] ip6_xmit+0x216d/0x26a0 [ 480.942417] ? ip6_xmit+0x26a0/0x26a0 [ 480.946233] inet6_csk_xmit+0x3e0/0x4f0 [ 480.950239] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 480.955190] __tcp_transmit_skb+0x425c/0x5e00 [ 480.959737] tcp_write_xmit+0x389a/0xacc0 [ 480.963966] __tcp_push_pending_frames+0x124/0x4e0 [ 480.968916] tcp_sendmsg_locked+0x44bf/0x6c30 [ 480.973446] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 480.978865] tcp_sendmsg+0xb2/0x100 [ 480.982518] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 480.987762] inet_sendmsg+0x4e9/0x800 [ 480.991582] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 480.996964] ? security_socket_sendmsg+0x1bd/0x200 [ 481.001913] ? inet_getname+0x490/0x490 [ 481.005909] __sys_sendto+0x940/0xb80 [ 481.009752] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 481.015221] ? prepare_exit_to_usermode+0x182/0x4c0 [ 481.020261] __se_sys_sendto+0x107/0x130 [ 481.024346] __x64_sys_sendto+0x6e/0x90 [ 481.028331] do_syscall_64+0xcf/0x110 [ 481.032152] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 481.037359] RIP: 0033:0x457569 [ 481.040567] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 481.059712] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 481.067431] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 481.074712] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000004 [ 481.081994] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 481.090011] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 481.097293] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 481.104585] Uninit was stored to memory at: [ 481.108923] kmsan_internal_chain_origin+0x136/0x240 [ 481.114044] __msan_chain_origin+0x6d/0xb0 [ 481.118288] __save_stack_trace+0x8be/0xc60 [ 481.122628] save_stack_trace+0xc6/0x110 [ 481.126708] kmsan_internal_chain_origin+0x136/0x240 [ 481.131822] kmsan_memcpy_origins+0x13d/0x190 [ 481.136336] __msan_memcpy+0x6f/0x80 [ 481.140066] pskb_expand_head+0x436/0x1d20 [ 481.144327] ___pskb_trim+0x3c9/0x1bf0 [ 481.148234] sk_filter_trim_cap+0x5ac/0xa60 [ 481.152851] tcp_filter+0x10c/0x260 [ 481.156487] tcp_v6_rcv+0x45ba/0x5df0 [ 481.160301] ip6_input_finish+0xb53/0x2450 [ 481.164546] ip6_input+0x29d/0x340 [ 481.168101] ip6_rcv_finish+0x4d2/0x710 [ 481.172089] ipv6_rcv+0x34b/0x3f0 [ 481.175556] process_backlog+0x82b/0x11e0 [ 481.179715] net_rx_action+0x98f/0x1d50 [ 481.184459] __do_softirq+0x721/0xc7f [ 481.188266] [ 481.189895] Uninit was stored to memory at: [ 481.194234] kmsan_internal_chain_origin+0x136/0x240 [ 481.199361] __msan_chain_origin+0x6d/0xb0 [ 481.203613] __save_stack_trace+0x8be/0xc60 [ 481.207952] save_stack_trace+0xc6/0x110 [ 481.212041] kmsan_internal_chain_origin+0x136/0x240 [ 481.217154] kmsan_memcpy_origins+0x13d/0x190 [ 481.222222] __msan_memcpy+0x6f/0x80 [ 481.225955] pskb_expand_head+0x436/0x1d20 [ 481.230213] ___pskb_trim+0x3c9/0x1bf0 [ 481.234110] sk_filter_trim_cap+0x5ac/0xa60 [ 481.238443] tcp_filter+0x10c/0x260 [ 481.242082] tcp_v6_rcv+0x45ba/0x5df0 [ 481.245888] ip6_input_finish+0xb53/0x2450 [ 481.250127] ip6_input+0x29d/0x340 [ 481.253682] ip6_rcv_finish+0x4d2/0x710 [ 481.257665] ipv6_rcv+0x34b/0x3f0 [ 481.261128] process_backlog+0x82b/0x11e0 [ 481.265283] net_rx_action+0x98f/0x1d50 [ 481.269263] __do_softirq+0x721/0xc7f [ 481.273069] [ 481.274692] Uninit was stored to memory at: [ 481.279024] kmsan_internal_chain_origin+0x136/0x240 [ 481.284891] __msan_chain_origin+0x6d/0xb0 [ 481.289134] __save_stack_trace+0x8be/0xc60 [ 481.293468] save_stack_trace+0xc6/0x110 [ 481.297539] kmsan_internal_chain_origin+0x136/0x240 [ 481.302657] kmsan_memcpy_origins+0x13d/0x190 [ 481.307163] __msan_memcpy+0x6f/0x80 [ 481.310897] pskb_expand_head+0x436/0x1d20 [ 481.315150] ___pskb_trim+0x3c9/0x1bf0 [ 481.319071] sk_filter_trim_cap+0x5ac/0xa60 [ 481.323400] tcp_filter+0x10c/0x260 03:46:41 executing program 5 (fault-call:2 fault-nth:0): r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 481.327033] tcp_v6_rcv+0x45ba/0x5df0 [ 481.330839] ip6_input_finish+0xb53/0x2450 [ 481.335082] ip6_input+0x29d/0x340 [ 481.338632] ip6_rcv_finish+0x4d2/0x710 [ 481.342611] ipv6_rcv+0x34b/0x3f0 [ 481.346090] process_backlog+0x82b/0x11e0 [ 481.350250] net_rx_action+0x98f/0x1d50 [ 481.354232] __do_softirq+0x721/0xc7f [ 481.358031] [ 481.359656] Uninit was stored to memory at: [ 481.363986] kmsan_internal_chain_origin+0x136/0x240 [ 481.369097] __msan_chain_origin+0x6d/0xb0 [ 481.373354] __save_stack_trace+0x8be/0xc60 [ 481.377684] save_stack_trace+0xc6/0x110 [ 481.381757] kmsan_internal_chain_origin+0x136/0x240 [ 481.387594] kmsan_memcpy_origins+0x13d/0x190 [ 481.392102] __msan_memcpy+0x6f/0x80 [ 481.395825] pskb_expand_head+0x436/0x1d20 [ 481.400070] ___pskb_trim+0x3c9/0x1bf0 [ 481.403972] sk_filter_trim_cap+0x5ac/0xa60 [ 481.408301] tcp_filter+0x10c/0x260 [ 481.411940] tcp_v6_rcv+0x45ba/0x5df0 [ 481.415751] ip6_input_finish+0xb53/0x2450 [ 481.419993] ip6_input+0x29d/0x340 [ 481.423540] ip6_rcv_finish+0x4d2/0x710 03:46:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 481.427516] ipv6_rcv+0x34b/0x3f0 [ 481.430979] process_backlog+0x82b/0x11e0 [ 481.435139] net_rx_action+0x98f/0x1d50 [ 481.439133] __do_softirq+0x721/0xc7f [ 481.442933] [ 481.444569] Uninit was stored to memory at: [ 481.448909] kmsan_internal_chain_origin+0x136/0x240 [ 481.454036] __msan_chain_origin+0x6d/0xb0 [ 481.458284] __save_stack_trace+0x8be/0xc60 [ 481.462617] save_stack_trace+0xc6/0x110 [ 481.466690] kmsan_internal_chain_origin+0x136/0x240 [ 481.471799] kmsan_memcpy_origins+0x13d/0x190 03:46:41 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x0, 0x40000000003) syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x9, 0x220080) [ 481.476302] __msan_memcpy+0x6f/0x80 [ 481.480026] pskb_expand_head+0x436/0x1d20 [ 481.484976] ___pskb_trim+0x3c9/0x1bf0 [ 481.488873] sk_filter_trim_cap+0x5ac/0xa60 [ 481.493210] tcp_filter+0x10c/0x260 [ 481.496842] tcp_v6_rcv+0x45ba/0x5df0 [ 481.500652] ip6_input_finish+0xb53/0x2450 [ 481.504898] ip6_input+0x29d/0x340 [ 481.508449] ip6_rcv_finish+0x4d2/0x710 [ 481.512430] ipv6_rcv+0x34b/0x3f0 [ 481.515903] process_backlog+0x82b/0x11e0 [ 481.520065] net_rx_action+0x98f/0x1d50 [ 481.524047] __do_softirq+0x721/0xc7f [ 481.527844] [ 481.529472] Uninit was stored to memory at: [ 481.533809] kmsan_internal_chain_origin+0x136/0x240 [ 481.538924] __msan_chain_origin+0x6d/0xb0 [ 481.543188] __save_stack_trace+0x8be/0xc60 [ 481.547527] save_stack_trace+0xc6/0x110 [ 481.551601] kmsan_internal_chain_origin+0x136/0x240 [ 481.556720] kmsan_memcpy_origins+0x13d/0x190 [ 481.561228] __msan_memcpy+0x6f/0x80 [ 481.564960] pskb_expand_head+0x436/0x1d20 [ 481.569216] ___pskb_trim+0x3c9/0x1bf0 [ 481.573118] sk_filter_trim_cap+0x5ac/0xa60 [ 481.577451] tcp_filter+0x10c/0x260 [ 481.581087] tcp_v6_rcv+0x45ba/0x5df0 [ 481.585603] ip6_input_finish+0xb53/0x2450 [ 481.589848] ip6_input+0x29d/0x340 [ 481.593403] ip6_rcv_finish+0x4d2/0x710 [ 481.597388] ipv6_rcv+0x34b/0x3f0 [ 481.600850] process_backlog+0x82b/0x11e0 [ 481.605010] net_rx_action+0x98f/0x1d50 [ 481.608996] __do_softirq+0x721/0xc7f [ 481.612799] [ 481.614429] Uninit was stored to memory at: [ 481.618765] kmsan_internal_chain_origin+0x136/0x240 [ 481.623880] __msan_chain_origin+0x6d/0xb0 [ 481.628127] __save_stack_trace+0x8be/0xc60 [ 481.632463] save_stack_trace+0xc6/0x110 [ 481.636541] kmsan_internal_chain_origin+0x136/0x240 [ 481.641662] kmsan_memcpy_origins+0x13d/0x190 [ 481.646172] __msan_memcpy+0x6f/0x80 [ 481.649909] pskb_expand_head+0x436/0x1d20 [ 481.654161] ___pskb_trim+0x3c9/0x1bf0 [ 481.658071] sk_filter_trim_cap+0x5ac/0xa60 [ 481.662407] tcp_filter+0x10c/0x260 [ 481.666046] tcp_v6_rcv+0x45ba/0x5df0 [ 481.669855] ip6_input_finish+0xb53/0x2450 [ 481.674100] ip6_input+0x29d/0x340 [ 481.677651] ip6_rcv_finish+0x4d2/0x710 [ 481.681633] ipv6_rcv+0x34b/0x3f0 [ 481.685860] process_backlog+0x82b/0x11e0 [ 481.690023] net_rx_action+0x98f/0x1d50 [ 481.694009] __do_softirq+0x721/0xc7f [ 481.697813] [ 481.699445] Local variable description: ----v.addr.i.i.i@should_fail [ 481.705941] Variable was created at: [ 481.709673] should_fail+0x14d/0x13c0 [ 481.713488] __should_failslab+0x278/0x2a0 [ 481.746536] not chained 480000 origins [ 481.750481] CPU: 1 PID: 12968 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 481.757773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.767137] Call Trace: [ 481.769753] dump_stack+0x32d/0x480 [ 481.773432] kmsan_internal_chain_origin+0x222/0x240 [ 481.778588] ? save_stack_trace+0xc6/0x110 [ 481.783242] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 481.784554] FAULT_INJECTION: forcing a failure. [ 481.784554] name failslab, interval 1, probability 0, space 0, times 1 [ 481.788359] ? kmsan_internal_chain_origin+0x90/0x240 [ 481.788404] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 481.810112] ? is_bpf_text_address+0x49e/0x4d0 [ 481.814740] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 481.820201] ? in_task_stack+0x12c/0x210 [ 481.824280] __msan_chain_origin+0x6d/0xb0 [ 481.828522] ? __se_sys_sendto+0x107/0x130 [ 481.832768] __save_stack_trace+0x8be/0xc60 [ 481.837113] ? __se_sys_sendto+0x107/0x130 [ 481.841358] save_stack_trace+0xc6/0x110 [ 481.845430] kmsan_internal_chain_origin+0x136/0x240 [ 481.850537] ? do_syscall_64+0xcf/0x110 [ 481.854525] ? kmsan_internal_chain_origin+0x136/0x240 [ 481.859807] ? kmsan_memcpy_origins+0x13d/0x190 [ 481.864488] ? __msan_memcpy+0x6f/0x80 [ 481.868384] ? pskb_expand_head+0x436/0x1d20 [ 481.872796] ? __tcp_retransmit_skb+0xdf6/0x46c0 [ 481.877558] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 481.883415] ? tcp_ack+0x91b2/0xa010 [ 481.887138] ? tcp_rcv_established+0xf7e/0x2940 [ 481.891812] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 481.895967] ? __release_sock+0x32d/0x750 [ 481.900126] ? __sk_flush_backlog+0x52/0x70 [ 481.904455] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 481.909043] ? tcp_sendmsg+0xb2/0x100 [ 481.912854] ? inet_sendmsg+0x4e9/0x800 [ 481.916850] ? __sys_sendto+0x940/0xb80 [ 481.920823] ? __se_sys_sendto+0x107/0x130 [ 481.925058] ? __x64_sys_sendto+0x6e/0x90 [ 481.929216] ? do_syscall_64+0xcf/0x110 [ 481.933204] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 481.938593] ? __msan_get_context_state+0x9/0x20 [ 481.943352] ? INIT_INT+0xc/0x30 [ 481.946719] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 481.952107] kmsan_memcpy_origins+0x13d/0x190 [ 481.956629] __msan_memcpy+0x6f/0x80 [ 481.960351] pskb_expand_head+0x436/0x1d20 [ 481.964612] __tcp_retransmit_skb+0xdf6/0x46c0 [ 481.969211] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 481.974587] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 481.979958] ? __list_del_entry_valid+0x123/0x450 [ 481.985519] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 481.990572] tcp_ack+0x91b2/0xa010 [ 481.994131] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 481.999637] tcp_rcv_established+0xf7e/0x2940 [ 482.004160] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.008158] ? tcp_v6_destroy_sock+0x60/0x60 [ 482.012600] __release_sock+0x32d/0x750 [ 482.016592] __sk_flush_backlog+0x52/0x70 [ 482.020746] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 482.024986] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.029421] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 482.034827] tcp_sendmsg+0xb2/0x100 [ 482.038463] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 482.043136] inet_sendmsg+0x4e9/0x800 [ 482.046954] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 482.052320] ? security_socket_sendmsg+0x1bd/0x200 [ 482.057258] ? inet_getname+0x490/0x490 [ 482.061238] __sys_sendto+0x940/0xb80 [ 482.065065] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 482.070519] ? prepare_exit_to_usermode+0x182/0x4c0 [ 482.075546] __se_sys_sendto+0x107/0x130 [ 482.079618] __x64_sys_sendto+0x6e/0x90 [ 482.084282] do_syscall_64+0xcf/0x110 [ 482.088093] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.093287] RIP: 0033:0x457569 [ 482.096484] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.115387] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 482.123097] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 482.130369] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000004 [ 482.137639] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 482.144909] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 482.152196] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 482.159483] Uninit was stored to memory at: [ 482.159521] CPU: 0 PID: 13008 Comm: syz-executor5 Not tainted 4.20.0-rc2+ #85 [ 482.163808] kmsan_internal_chain_origin+0x136/0x240 [ 482.163836] __msan_chain_origin+0x6d/0xb0 [ 482.171111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.176200] __save_stack_trace+0x8be/0xc60 [ 482.176225] save_stack_trace+0xc6/0x110 [ 482.180530] Call Trace: [ 482.190610] kmsan_internal_chain_origin+0x136/0x240 [ 482.190637] kmsan_memcpy_origins+0x13d/0x190 [ 482.194978] dump_stack+0x32d/0x480 [ 482.198989] __msan_memcpy+0x6f/0x80 [ 482.199016] pskb_expand_head+0x436/0x1d20 [ 482.201647] should_fail+0x11e5/0x13c0 [ 482.206672] __tcp_retransmit_skb+0xdf6/0x46c0 [ 482.206696] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 482.211252] __should_failslab+0x278/0x2a0 [ 482.214788] tcp_ack+0x91b2/0xa010 [ 482.214811] tcp_rcv_established+0xf7e/0x2940 [ 482.218565] should_failslab+0x29/0x70 [ 482.222736] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.222760] __release_sock+0x32d/0x750 [ 482.226668] kmem_cache_alloc+0x146/0xe20 [ 482.231198] __sk_flush_backlog+0x52/0x70 [ 482.231223] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.236240] ? INIT_BOOL+0xc/0x30 [ 482.240441] tcp_sendmsg+0xb2/0x100 [ 482.240466] inet_sendmsg+0x4e9/0x800 [ 482.244039] ? sctp_get_port_local+0xcdd/0x1cc0 [ 482.248465] __sys_sendto+0x940/0xb80 [ 482.248487] __se_sys_sendto+0x107/0x130 [ 482.252399] ? do_raw_spin_lock+0x2c3/0x410 [ 482.256323] __x64_sys_sendto+0x6e/0x90 [ 482.256346] do_syscall_64+0xcf/0x110 [ 482.260377] sctp_get_port_local+0xcdd/0x1cc0 [ 482.264453] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.264479] kmsan_internal_chain_origin+0x136/0x240 [ 482.268681] sctp_get_port+0x140/0x1e0 [ 482.273005] __msan_chain_origin+0x6d/0xb0 [ 482.273030] __save_stack_trace+0x8be/0xc60 [ 482.276496] inet_sendmsg+0x6eb/0x800 [ 482.280074] save_stack_trace+0xc6/0x110 [ 482.280100] kmsan_internal_chain_origin+0x136/0x240 [ 482.284261] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 482.288890] kmsan_memcpy_origins+0x13d/0x190 [ 482.288915] __msan_memcpy+0x6f/0x80 [ 482.292721] ? security_socket_sendmsg+0x1bd/0x200 [ 482.296748] pskb_expand_head+0x436/0x1d20 [ 482.296772] __tcp_retransmit_skb+0xdf6/0x46c0 [ 482.301133] ? sctp_unhash+0x10/0x10 [ 482.305043] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 482.305065] tcp_ack+0x91b2/0xa010 [ 482.308874] ? inet_getname+0x490/0x490 [ 482.313330] tcp_rcv_established+0xf7e/0x2940 [ 482.313356] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.318547] __sys_sendto+0x940/0xb80 [ 482.323613] __release_sock+0x32d/0x750 [ 482.323638] __sk_flush_backlog+0x52/0x70 [ 482.327581] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 482.331729] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.331754] tcp_sendmsg+0xb2/0x100 [ 482.336101] ? prepare_exit_to_usermode+0x182/0x4c0 [ 482.339845] inet_sendmsg+0x4e9/0x800 [ 482.339867] __sys_sendto+0x940/0xb80 [ 482.343934] __se_sys_sendto+0x107/0x130 [ 482.349000] __se_sys_sendto+0x107/0x130 [ 482.349023] __x64_sys_sendto+0x6e/0x90 [ 482.354398] __x64_sys_sendto+0x6e/0x90 [ 482.358864] do_syscall_64+0xcf/0x110 [ 482.358891] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.362607] do_syscall_64+0xcf/0x110 [ 482.367501] [ 482.367518] Uninit was stored to memory at: [ 482.367535] kmsan_internal_chain_origin+0x136/0x240 [ 482.371782] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.376322] __msan_chain_origin+0x6d/0xb0 [ 482.376347] __save_stack_trace+0x8be/0xc60 [ 482.380059] RIP: 0033:0x457569 [ 482.385744] save_stack_trace+0xc6/0x110 [ 482.385769] kmsan_internal_chain_origin+0x136/0x240 [ 482.389318] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.393252] kmsan_memcpy_origins+0x13d/0x190 [ 482.393276] __msan_memcpy+0x6f/0x80 [ 482.397761] RSP: 002b:00007f4c0cc31c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 482.401714] pskb_expand_head+0x436/0x1d20 [ 482.401737] __tcp_retransmit_skb+0xdf6/0x46c0 [ 482.405540] RAX: ffffffffffffffda RBX: 00007f4c0cc31c90 RCX: 0000000000457569 [ 482.409482] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 482.409504] tcp_ack+0x91b2/0xa010 [ 482.413645] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003 [ 482.419069] tcp_rcv_established+0xf7e/0x2940 [ 482.419095] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.423495] RBP: 000000000072bf00 R08: 0000000020000100 R09: 000000000000001c [ 482.427096] __release_sock+0x32d/0x750 [ 482.427120] __sk_flush_backlog+0x52/0x70 [ 482.432131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c0cc326d4 [ 482.435911] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.435939] tcp_sendmsg+0xb2/0x100 [ 482.439726] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 0000000000000004 [ 482.443758] inet_sendmsg+0x4e9/0x800 [ 482.443779] __sys_sendto+0x940/0xb80 [ 482.627631] __se_sys_sendto+0x107/0x130 [ 482.631694] __x64_sys_sendto+0x6e/0x90 [ 482.635668] do_syscall_64+0xcf/0x110 [ 482.639465] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.644642] [ 482.646260] Uninit was stored to memory at: [ 482.650574] kmsan_internal_chain_origin+0x136/0x240 [ 482.655670] __msan_chain_origin+0x6d/0xb0 [ 482.659901] __save_stack_trace+0x8be/0xc60 [ 482.664214] save_stack_trace+0xc6/0x110 [ 482.668271] kmsan_internal_chain_origin+0x136/0x240 [ 482.673368] kmsan_memcpy_origins+0x13d/0x190 [ 482.677855] __msan_memcpy+0x6f/0x80 [ 482.681575] pskb_expand_head+0x436/0x1d20 [ 482.686523] __tcp_retransmit_skb+0xdf6/0x46c0 [ 482.691099] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 482.696105] tcp_ack+0x91b2/0xa010 [ 482.699639] tcp_rcv_established+0xf7e/0x2940 [ 482.704129] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.708099] __release_sock+0x32d/0x750 [ 482.712075] __sk_flush_backlog+0x52/0x70 [ 482.716228] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.720626] tcp_sendmsg+0xb2/0x100 [ 482.724248] inet_sendmsg+0x4e9/0x800 [ 482.728043] __sys_sendto+0x940/0xb80 [ 482.731836] __se_sys_sendto+0x107/0x130 [ 482.735885] __x64_sys_sendto+0x6e/0x90 [ 482.739849] do_syscall_64+0xcf/0x110 [ 482.743644] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.748817] [ 482.750434] Uninit was stored to memory at: [ 482.754753] kmsan_internal_chain_origin+0x136/0x240 [ 482.759860] __msan_chain_origin+0x6d/0xb0 [ 482.764101] __save_stack_trace+0x8be/0xc60 [ 482.768415] save_stack_trace+0xc6/0x110 [ 482.772474] kmsan_internal_chain_origin+0x136/0x240 [ 482.777568] kmsan_memcpy_origins+0x13d/0x190 [ 482.782055] __msan_memcpy+0x6f/0x80 [ 482.786271] pskb_expand_head+0x436/0x1d20 [ 482.790511] __tcp_retransmit_skb+0xdf6/0x46c0 [ 482.795086] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 482.800097] tcp_ack+0x91b2/0xa010 [ 482.803633] tcp_rcv_established+0xf7e/0x2940 [ 482.808124] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.812113] __release_sock+0x32d/0x750 [ 482.816078] __sk_flush_backlog+0x52/0x70 [ 482.820221] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.824620] tcp_sendmsg+0xb2/0x100 [ 482.828240] inet_sendmsg+0x4e9/0x800 [ 482.832029] __sys_sendto+0x940/0xb80 [ 482.835820] __se_sys_sendto+0x107/0x130 [ 482.839870] __x64_sys_sendto+0x6e/0x90 [ 482.843835] do_syscall_64+0xcf/0x110 [ 482.847634] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.852810] [ 482.854428] Uninit was stored to memory at: [ 482.858752] kmsan_internal_chain_origin+0x136/0x240 [ 482.863848] __msan_chain_origin+0x6d/0xb0 [ 482.868074] __save_stack_trace+0x8be/0xc60 [ 482.872386] save_stack_trace+0xc6/0x110 [ 482.876438] kmsan_internal_chain_origin+0x136/0x240 [ 482.881534] kmsan_memcpy_origins+0x13d/0x190 [ 482.886696] __msan_memcpy+0x6f/0x80 [ 482.890419] pskb_expand_head+0x436/0x1d20 [ 482.894648] __tcp_retransmit_skb+0xdf6/0x46c0 [ 482.899224] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 482.904229] tcp_ack+0x91b2/0xa010 [ 482.907758] tcp_rcv_established+0xf7e/0x2940 [ 482.912249] tcp_v6_do_rcv+0x9f8/0x21b0 [ 482.916215] __release_sock+0x32d/0x750 [ 482.920191] __sk_flush_backlog+0x52/0x70 [ 482.924332] tcp_sendmsg_locked+0xd72/0x6c30 [ 482.928733] tcp_sendmsg+0xb2/0x100 [ 482.932359] inet_sendmsg+0x4e9/0x800 [ 482.936148] __sys_sendto+0x940/0xb80 [ 482.939949] __se_sys_sendto+0x107/0x130 [ 482.944015] __x64_sys_sendto+0x6e/0x90 [ 482.947981] do_syscall_64+0xcf/0x110 [ 482.951777] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 482.956956] [ 482.958569] Uninit was stored to memory at: [ 482.962886] kmsan_internal_chain_origin+0x136/0x240 [ 482.967999] __msan_chain_origin+0x6d/0xb0 [ 482.972228] __save_stack_trace+0x8be/0xc60 [ 482.976561] save_stack_trace+0xc6/0x110 [ 482.980618] kmsan_internal_chain_origin+0x136/0x240 [ 482.986445] kmsan_memcpy_origins+0x13d/0x190 [ 482.990939] __msan_memcpy+0x6f/0x80 [ 482.994654] pskb_expand_head+0x436/0x1d20 [ 482.998882] __tcp_retransmit_skb+0xdf6/0x46c0 [ 483.003457] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 483.008463] tcp_ack+0x91b2/0xa010 [ 483.011993] tcp_rcv_established+0xf7e/0x2940 [ 483.016481] tcp_v6_do_rcv+0x9f8/0x21b0 [ 483.020456] __release_sock+0x32d/0x750 [ 483.024424] __sk_flush_backlog+0x52/0x70 [ 483.028564] tcp_sendmsg_locked+0xd72/0x6c30 [ 483.032964] tcp_sendmsg+0xb2/0x100 [ 483.036584] inet_sendmsg+0x4e9/0x800 [ 483.040377] __sys_sendto+0x940/0xb80 [ 483.044169] __se_sys_sendto+0x107/0x130 [ 483.048231] __x64_sys_sendto+0x6e/0x90 [ 483.052406] do_syscall_64+0xcf/0x110 [ 483.056212] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 483.061401] [ 483.063025] Local variable description: ----old.addr.i.i.i@should_fail [ 483.069678] Variable was created at: [ 483.073386] should_fail+0x123/0x13c0 [ 483.077185] __should_failslab+0x278/0x2a0 03:46:43 executing program 3 (fault-call:11 fault-nth:0): read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:43 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000080)={{0x4, 0x1, 0x1, 0x101, 0x6, 0xfffffffffffffffa}, 0x0, 0x7fff, 0xfffffffffffffbff, 0xbb5a, 0xfffffffffffffff7, "1f02cab1d22ec9827b49be35127327475b9402bc65322710d4e49280876480a077b7abacc1889f01ab3ddc83bb410670a62271d7d8658e3466eeba76d6bcbd332faeed3298e4e3bd467eb278aed3ef3cabc608a81470b4b0a59266bde93c5ca104878a11a6d3b34df2da98c3a133209edaa95d4f03f541a942651bd68d92cf33"}) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r1, &(0x7f0000000480), 0x258, 0x0) 03:46:43 executing program 5 (fault-call:2 fault-nth:1): r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:43 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 483.596345] FAULT_INJECTION: forcing a failure. [ 483.596345] name failslab, interval 1, probability 0, space 0, times 0 [ 483.607915] CPU: 1 PID: 13031 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 483.615241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.624640] Call Trace: [ 483.627296] dump_stack+0x32d/0x480 [ 483.631008] should_fail+0x11e5/0x13c0 [ 483.634988] __should_failslab+0x278/0x2a0 [ 483.639329] should_failslab+0x29/0x70 [ 483.643300] __kmalloc+0xcf/0x4d0 [ 483.646853] ? tcp_sendmsg_locked+0x640c/0x6c30 [ 483.651590] ? tcp_sendmsg+0xb2/0x100 [ 483.655485] tcp_sendmsg_locked+0x640c/0x6c30 [ 483.660083] ? aa_label_sk_perm+0xda/0x960 [ 483.664414] ? kmsan_set_origin+0x7f/0x100 [ 483.668720] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 483.674191] ? __msan_poison_alloca+0x1e0/0x270 [ 483.678943] ? __local_bh_enable_ip+0x46/0x260 [ 483.684379] ? __msan_poison_alloca+0x1e0/0x270 [ 483.689141] tcp_sendmsg+0xb2/0x100 [ 483.692850] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 483.697616] inet_sendmsg+0x4e9/0x800 [ 483.701512] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 483.706971] ? security_socket_sendmsg+0x1bd/0x200 [ 483.711975] ? inet_getname+0x490/0x490 [ 483.716013] __sys_sendto+0x940/0xb80 [ 483.719930] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 483.725401] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 483.730945] ? prepare_exit_to_usermode+0x182/0x4c0 [ 483.736051] __se_sys_sendto+0x107/0x130 [ 483.740198] __x64_sys_sendto+0x6e/0x90 [ 483.744236] do_syscall_64+0xcf/0x110 [ 483.748108] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 483.753352] RIP: 0033:0x457569 [ 483.756604] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 483.775556] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 483.784048] RAX: ffffffffffffffda RBX: 00007f66e0facc90 RCX: 0000000000457569 03:46:43 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000040)={0x0, 0x2, 0x100, 0x9, 0x9, 0xbfa, 0x2, 0x7fffffff, {0x0, @in={{0x2, 0x4e24, @multicast2}}, 0x64e, 0x80, 0x8001, 0x7ff, 0xffff}}, &(0x7f0000000100)=0xb0) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000280)=0x164, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={r2, 0x5, 0x10, 0x200, 0x1}, &(0x7f0000000240)=0x18) 03:46:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 483.791374] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 483.798698] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 483.806018] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 483.813339] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 0000000000000006 [ 483.874094] print_req_error: 120 callbacks suppressed [ 483.874122] print_req_error: I/O error, dev loop3, sector 0 [ 483.886539] buffer_io_error: 120 callbacks suppressed [ 483.886565] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 483.899692] print_req_error: I/O error, dev loop3, sector 8 [ 483.905557] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 483.913483] print_req_error: I/O error, dev loop3, sector 16 [ 483.919348] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 483.927225] print_req_error: I/O error, dev loop3, sector 24 [ 483.933169] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 483.940967] print_req_error: I/O error, dev loop3, sector 32 [ 483.946912] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 483.954778] print_req_error: I/O error, dev loop3, sector 40 [ 483.960643] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 483.968499] print_req_error: I/O error, dev loop3, sector 48 [ 483.974441] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 483.982307] print_req_error: I/O error, dev loop3, sector 56 [ 483.988744] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 483.996662] print_req_error: I/O error, dev loop3, sector 64 [ 484.002610] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 484.010395] print_req_error: I/O error, dev loop3, sector 72 [ 484.016403] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000001200)) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:44 executing program 0: r0 = syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r1, &(0x7f0000000480), 0x258, 0x0) 03:46:44 executing program 3 (fault-call:11 fault-nth:1): read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:44 executing program 5: r0 = socket$inet6(0xa, 0x802, 0x4) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x2) ioctl$NBD_SET_TIMEOUT(r1, 0xab09, 0x46a0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:44 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:44 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00') accept4$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000002c0)=0x14, 0x800) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000580)=0xe8) getpeername$packet(r0, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000600)=0x14) clock_gettime(0x4000000000006, &(0x7f0000000300)) getgroups(0x5, &(0x7f0000000340)=[0xee00, 0xee01, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff]) lchown(&(0x7f0000000240)='./file0\x00', r5, r7) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f00000000c0)={'nat\x00'}, &(0x7f0000000140)=0x78) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000800)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x18}, 0xc, &(0x7f00000007c0)={&(0x7f0000000640)={0x164, r2, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x148, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xfffffffffffffbff}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x24, 0x4, [{0x9, 0xffffffffffff8000, 0x2, 0x3f}, {0x3, 0x101, 0x7, 0x17}, {0x9, 0x8, 0x5, 0x6}, {0x400, 0x100000000, 0x5, 0x59}]}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x69}}, {0x8, 0x6, r6}}}]}}]}, 0x164}, 0x1, 0x0, 0x0, 0x8010}, 0x8000) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:45 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:45 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:45 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0xfffffffffffffd9e, 0x4000000, &(0x7f0000000100)={0xa, 0x3, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x80000001}, 0x6c) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x7, 0x20e000) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000140)={r2, 0x1}) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000200)={0x4, &(0x7f0000000180)=[{0x0, 0x0, 0x0, @remote}, {}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @remote}]}) 03:46:45 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x4, &(0x7f00000001c0)="0a452d0240316287717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 485.391616] FAULT_INJECTION: forcing a failure. [ 485.391616] name failslab, interval 1, probability 0, space 0, times 0 [ 485.403025] CPU: 1 PID: 13101 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 485.410347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.419747] Call Trace: [ 485.422405] dump_stack+0x32d/0x480 [ 485.426114] should_fail+0x11e5/0x13c0 [ 485.430095] __should_failslab+0x278/0x2a0 [ 485.434403] should_failslab+0x29/0x70 03:46:45 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 485.438353] kmem_cache_alloc+0x146/0xe20 [ 485.442573] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 485.448018] ? __inet_hash_connect+0xd70/0x1d90 [ 485.452744] ? vmalloc_to_page+0x585/0x6c0 [ 485.457060] __inet_hash_connect+0xd70/0x1d90 [ 485.461610] ? inet6_hash_connect+0x1a0/0x1a0 [ 485.466263] inet6_hash_connect+0x179/0x1a0 [ 485.470671] tcp_v6_connect+0x22a7/0x2ab0 [ 485.474951] ? __msan_poison_alloca+0x1e0/0x270 [ 485.479701] ? tcp_v6_pre_connect+0x1e0/0x1e0 [ 485.485024] __inet_stream_connect+0x3f1/0x15d0 [ 485.489795] tcp_sendmsg_locked+0x6655/0x6c30 [ 485.494396] ? aa_label_sk_perm+0xda/0x960 [ 485.498729] ? kmsan_set_origin+0x7f/0x100 [ 485.503026] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 485.508487] ? __msan_poison_alloca+0x1e0/0x270 [ 485.513251] ? __local_bh_enable_ip+0x46/0x260 [ 485.517954] ? __msan_poison_alloca+0x1e0/0x270 [ 485.522739] tcp_sendmsg+0xb2/0x100 [ 485.526439] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 485.531165] inet_sendmsg+0x4e9/0x800 [ 485.535044] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 485.540466] ? security_socket_sendmsg+0x1bd/0x200 [ 485.545464] ? inet_getname+0x490/0x490 [ 485.549500] __sys_sendto+0x940/0xb80 [ 485.553425] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 485.558964] ? prepare_exit_to_usermode+0x182/0x4c0 [ 485.564067] __se_sys_sendto+0x107/0x130 [ 485.568202] __x64_sys_sendto+0x6e/0x90 [ 485.572242] do_syscall_64+0xcf/0x110 [ 485.576109] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 485.581447] RIP: 0033:0x457569 03:46:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 485.585450] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 485.604405] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 485.612186] RAX: ffffffffffffffda RBX: 00007f66e0facc90 RCX: 0000000000457569 [ 485.619508] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 485.626829] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 485.634155] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 485.641480] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 0000000000000006 03:46:46 executing program 3 (fault-call:11 fault-nth:2): read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:46 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, 0x0, &(0x7f0000000580)="8adb07b2c2017f9577a86ba3a7a68677dc3f2b0fbd3a6ba6f892e604d80e66bcee3b0fa0ce290f394eafc38e217f0784540bea2ffce9a854b76f1f04de9ccc4f4cc665bb2a931cc81a4dca909128519bf5e266f9cc58ba739de367cd10c1d81e8bdc487c38eed3d3297beac35fbc1a1c6f87c3ac53ace1d9767e16342463ffcaa21fd7c264199976ef", 0x89) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:46 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000080)=0x20, 0x4) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:46 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x101000, 0x4) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x6, 0x4) pread64(r0, &(0x7f0000000140)=""/68, 0x44, 0x0) r2 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r2, &(0x7f0000000240)={0xf, 0x8, 0xfa00, {r3, 0x3}}, 0x10) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000000)={0x5000200e}) 03:46:46 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 486.336482] FAULT_INJECTION: forcing a failure. [ 486.336482] name failslab, interval 1, probability 0, space 0, times 0 [ 486.348013] CPU: 1 PID: 13135 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 486.355331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.364728] Call Trace: [ 486.367393] dump_stack+0x32d/0x480 [ 486.371105] should_fail+0x11e5/0x13c0 [ 486.375088] __should_failslab+0x278/0x2a0 [ 486.379396] should_failslab+0x29/0x70 03:46:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:46 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x800, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000040)={0x12, 0xc2, &(0x7f0000000140)="ff8ad77896755c3c662a548da74ef8f444fef8ed2cf9f8b6f8fe5fd66c7afe10eb62ac42b33b54b2809181aa639384b9cb435cd255e9a6e557287c50daadadaa1c3a166f9d26d15c8b466361e5f54d04ccd6f747493242a1b5b3e7205763225053324ef5ad247c4de8d2b62ba285e9cd758fae1a5cbaef7c5b87f4940a88489c6f9a118588f6ad89f172bcdc02b0dd39f5654c7012867d82bfc003d0393c9010bfaa70a639bf83a7519a5b3d1c33f6d5ff9e9ce98008758e831c26d986d69fdb5f82"}) r1 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r1, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x10001) 03:46:46 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000040)={0x5, 0x6, 0x301a, 0x0, 0x7fff, 0x1ff, 0x10001, 0x1}) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:46 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 486.384068] kmem_cache_alloc_node+0x164/0xec0 [ 486.388751] ? __alloc_skb+0x32e/0xeb0 [ 486.392754] __alloc_skb+0x32e/0xeb0 [ 486.396565] ? __msan_poison_alloca+0x1e0/0x270 [ 486.401352] sk_stream_alloc_skb+0x236/0xe60 [ 486.405860] tcp_connect+0x298e/0x6220 [ 486.409852] tcp_v6_connect+0x2977/0x2ab0 [ 486.414120] ? __msan_poison_alloca+0x1e0/0x270 [ 486.418900] ? tcp_v6_pre_connect+0x1e0/0x1e0 [ 486.423496] __inet_stream_connect+0x3f1/0x15d0 [ 486.428300] tcp_sendmsg_locked+0x6655/0x6c30 [ 486.432900] ? aa_label_sk_perm+0xda/0x960 [ 486.437213] ? kmsan_set_origin+0x7f/0x100 [ 486.441468] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 486.446868] ? __msan_poison_alloca+0x1e0/0x270 [ 486.451561] ? __local_bh_enable_ip+0x46/0x260 [ 486.456191] ? __msan_poison_alloca+0x1e0/0x270 [ 486.460893] tcp_sendmsg+0xb2/0x100 [ 486.464539] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 486.469333] inet_sendmsg+0x4e9/0x800 [ 486.473168] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 486.478562] ? security_socket_sendmsg+0x1bd/0x200 [ 486.483512] ? inet_getname+0x490/0x490 [ 486.487645] __sys_sendto+0x940/0xb80 [ 486.491496] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 486.496982] ? prepare_exit_to_usermode+0x182/0x4c0 [ 486.502393] __se_sys_sendto+0x107/0x130 [ 486.506483] __x64_sys_sendto+0x6e/0x90 [ 486.510469] do_syscall_64+0xcf/0x110 [ 486.514294] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 486.519493] RIP: 0033:0x457569 [ 486.522703] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 486.541872] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 486.549624] RAX: ffffffffffffffda RBX: 00007f66e0facc90 RCX: 0000000000457569 [ 486.556901] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 486.564185] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 486.571462] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 486.578737] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 0000000000000006 03:46:46 executing program 3 (fault-call:11 fault-nth:3): read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) [ 486.966317] FAULT_INJECTION: forcing a failure. [ 486.966317] name failslab, interval 1, probability 0, space 0, times 0 [ 486.978283] CPU: 1 PID: 13155 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 486.985612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.995011] Call Trace: [ 486.997673] dump_stack+0x32d/0x480 [ 487.002132] should_fail+0x11e5/0x13c0 [ 487.006119] __should_failslab+0x278/0x2a0 [ 487.010437] should_failslab+0x29/0x70 [ 487.014397] __kmalloc_node_track_caller+0x279/0x14e0 [ 487.019652] ? __msan_get_context_state+0x9/0x20 [ 487.024456] ? INIT_INT+0xc/0x30 [ 487.027876] ? kmem_cache_alloc_node+0x27b/0xec0 [ 487.032727] ? sk_stream_alloc_skb+0x236/0xe60 [ 487.037386] ? sk_stream_alloc_skb+0x236/0xe60 [ 487.042057] __alloc_skb+0x42b/0xeb0 [ 487.045870] ? __msan_poison_alloca+0x1e0/0x270 [ 487.050858] sk_stream_alloc_skb+0x236/0xe60 [ 487.055376] tcp_connect+0x298e/0x6220 [ 487.059366] tcp_v6_connect+0x2977/0x2ab0 [ 487.063636] ? __msan_poison_alloca+0x1e0/0x270 [ 487.068379] ? tcp_v6_pre_connect+0x1e0/0x1e0 [ 487.072972] __inet_stream_connect+0x3f1/0x15d0 [ 487.077774] tcp_sendmsg_locked+0x6655/0x6c30 [ 487.082366] ? aa_label_sk_perm+0xda/0x960 [ 487.086699] ? kmsan_set_origin+0x7f/0x100 [ 487.091095] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 487.096555] ? __msan_poison_alloca+0x1e0/0x270 [ 487.102037] ? __local_bh_enable_ip+0x46/0x260 [ 487.106744] ? __msan_poison_alloca+0x1e0/0x270 [ 487.111605] tcp_sendmsg+0xb2/0x100 03:46:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 487.115297] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 487.120071] inet_sendmsg+0x4e9/0x800 [ 487.123968] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 487.129408] ? security_socket_sendmsg+0x1bd/0x200 [ 487.134405] ? inet_getname+0x490/0x490 [ 487.138433] __sys_sendto+0x940/0xb80 [ 487.142337] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 487.147787] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 487.153318] ? prepare_exit_to_usermode+0x182/0x4c0 [ 487.158426] __se_sys_sendto+0x107/0x130 [ 487.162563] __x64_sys_sendto+0x6e/0x90 03:46:47 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000240)={{0x80000000, 0x3}, 0x1, 0x8001, 0x8001, {0x5, 0x7}, 0x7, 0x9}) preadv(r0, &(0x7f0000000480), 0x258, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000080)={0x1, 0x1, 0xf9, 'queue0\x00', 0x7fffffff}) [ 487.166594] do_syscall_64+0xcf/0x110 [ 487.170468] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 487.175711] RIP: 0033:0x457569 [ 487.178969] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 487.197927] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 487.206425] RAX: ffffffffffffffda RBX: 00007f66e0facc90 RCX: 0000000000457569 03:46:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 487.213745] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 487.221617] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 487.228947] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 487.236267] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 0000000000000006 03:46:47 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x1) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000040)={0x2}) ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430) 03:46:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:47 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000040)) flock(r0, 0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:46:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:47 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:48 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 03:46:48 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x10002) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff000000000000000000e6ff000000020205", 0x18) syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xfe99, 0x20000) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:48 executing program 3 (fault-call:11 fault-nth:4): read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:48 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x840, 0x0) preadv(r0, &(0x7f0000000080), 0x100000000000027e, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r1, &(0x7f0000000480), 0x258, 0x0) 03:46:48 executing program 5: r0 = socket$inet6(0xa, 0xe, 0x2d6) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'os2.', 'wlan0%self\x00'}, &(0x7f0000000140)=""/4096, 0x1000) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x2, 0x2, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 488.650681] FAULT_INJECTION: forcing a failure. [ 488.650681] name failslab, interval 1, probability 0, space 0, times 0 [ 488.662310] CPU: 0 PID: 13226 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 488.669646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 488.679059] Call Trace: [ 488.681740] dump_stack+0x32d/0x480 [ 488.685593] should_fail+0x11e5/0x13c0 [ 488.689595] __should_failslab+0x278/0x2a0 [ 488.693916] should_failslab+0x29/0x70 [ 488.697876] kmem_cache_alloc+0x146/0xe20 [ 488.702397] ? __nf_conntrack_alloc+0x310/0xad0 [ 488.707160] ? kmsan_set_origin+0x7f/0x100 [ 488.711502] __nf_conntrack_alloc+0x310/0xad0 [ 488.716086] init_conntrack+0x739/0x24a0 [ 488.720253] nf_conntrack_in+0x10ec/0x1edd [ 488.724600] ipv6_conntrack_local+0x68/0x80 [ 488.729001] ? ipv6_conntrack_in+0x80/0x80 [ 488.733299] nf_hook_slow+0x15c/0x3d0 [ 488.737188] ip6_xmit+0x2025/0x26a0 [ 488.740909] ? ip6_xmit+0x26a0/0x26a0 [ 488.744774] inet6_csk_xmit+0x3e0/0x4f0 [ 488.748828] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 488.753824] __tcp_transmit_skb+0x425c/0x5e00 [ 488.758473] tcp_connect+0x508a/0x6220 [ 488.762472] tcp_v6_connect+0x2977/0x2ab0 [ 488.766775] ? __msan_poison_alloca+0x1e0/0x270 [ 488.771540] ? tcp_v6_pre_connect+0x1e0/0x1e0 [ 488.776134] __inet_stream_connect+0x3f1/0x15d0 [ 488.780938] tcp_sendmsg_locked+0x6655/0x6c30 [ 488.785513] ? aa_label_sk_perm+0xda/0x960 [ 488.789857] ? kmsan_set_origin+0x7f/0x100 [ 488.794164] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 488.800005] ? __msan_poison_alloca+0x1e0/0x270 [ 488.804757] ? __local_bh_enable_ip+0x46/0x260 [ 488.809477] ? __msan_poison_alloca+0x1e0/0x270 [ 488.814264] tcp_sendmsg+0xb2/0x100 [ 488.817966] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 488.822699] inet_sendmsg+0x4e9/0x800 [ 488.826605] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 488.832054] ? security_socket_sendmsg+0x1bd/0x200 [ 488.837055] ? inet_getname+0x490/0x490 [ 488.841180] __sys_sendto+0x940/0xb80 [ 488.845111] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 488.850655] ? prepare_exit_to_usermode+0x182/0x4c0 [ 488.855738] __se_sys_sendto+0x107/0x130 [ 488.859866] __x64_sys_sendto+0x6e/0x90 [ 488.863918] do_syscall_64+0xcf/0x110 [ 488.868396] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 488.873637] RIP: 0033:0x457569 [ 488.876896] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:46:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)='\n\a', 0x2) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:49 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 488.895938] RSP: 002b:00007f66e0f8bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 488.904203] RAX: ffffffffffffffda RBX: 00007f66e0f8bc90 RCX: 0000000000457569 [ 488.911531] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 488.918852] RBP: 000000000072bfa0 R08: 0000000020000080 R09: 000000000000001c [ 488.926171] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0f8c6d4 [ 488.933499] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 0000000000000006 03:46:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:49 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = gettid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@mcast2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@remote}}, &(0x7f0000000440)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f00000004c0)=0xc) sendmsg$unix(r0, &(0x7f0000000540)={&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000240)="16b2597e6633fc65fc22ef233e9d7a15c3abb237232a0b59842a14d52ecd8e173d4043883054f364b540b2f4b7b0216fb3acf31d75c280f06a20b51b307dfd5b44fc7cbe61cb235fd249816587784ab72709dcfe73672e32282384998846064561fa23334fdf0845c2c6af746d94105fd9948a1c012080b642a27d8ad5d688b7ec2afa575efa1314c6c4f88de21ecfbb4e9623cc03b85f9a0f6633b709df", 0x9e}], 0x1, &(0x7f0000000500)=[@rights={0x20, 0x1, 0x1, [r1, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}], 0x40, 0x4044}, 0x8000) socketpair(0xa, 0x0, 0x5, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PIO_FONTX(r6, 0x4b6c, &(0x7f0000000080)="931a3619b8aea965953fea4adcb4479f1eec4f573eca78588675d48153522c070a067627fe8b6b5f89b45ce36cfa6b27b11cb2c92caa481dca001f5fd6879717a22d81a5c57b128a0b9fb5127be91b8eb0ff89f4610fd0e072133ef39a430e75239603b36b2032e289c9c5473e8402307d7ccbb902106bb170db35c8") ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") sendfile(r1, r5, 0x0, 0x3) preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 489.316948] print_req_error: 250 callbacks suppressed [ 489.316976] print_req_error: I/O error, dev loop3, sector 0 [ 489.328230] buffer_io_error: 250 callbacks suppressed [ 489.328258] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 489.341390] print_req_error: I/O error, dev loop3, sector 8 [ 489.347306] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 489.355192] print_req_error: I/O error, dev loop3, sector 16 03:46:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 489.361052] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 489.368972] print_req_error: I/O error, dev loop3, sector 24 [ 489.374912] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 489.383677] print_req_error: I/O error, dev loop3, sector 32 [ 489.389550] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 489.397444] print_req_error: I/O error, dev loop3, sector 40 [ 489.404067] Buffer I/O error on dev loop3, logical block 5, lost async page write 03:46:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)='\n\au', 0x3) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 489.411960] print_req_error: I/O error, dev loop3, sector 48 [ 489.417820] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 489.425704] print_req_error: I/O error, dev loop3, sector 56 [ 489.431575] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 489.439478] print_req_error: I/O error, dev loop3, sector 64 [ 489.445395] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 489.453330] print_req_error: I/O error, dev loop3, sector 72 [ 489.459218] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:49 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f0000000000)="45a2d2596b05080208588e454c30e44328aafb826398de181c62403b625d129cab2fa4aab6fdc15e933b382537b08a63af6a5b4d693cad6d1a3c684aff", 0x1c194d24ebc21635, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) 03:46:49 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:49 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vsock\x00', 0x400000, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000001480)={0x0, 0x2, 0x9, 0xfff}) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r2 = accept$inet6(r1, &(0x7f0000000200), &(0x7f0000000240)=0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_ro(r5, &(0x7f00000002c0)='cpuacct.usage_all\x00', 0x0, 0x0) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x9, @remote, 0x1}, 0xffffffffffffffcd) listen(r3, 0x3) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000300)="000001f0ffff", 0x50f6694eef7abddc) sendto$inet6(r6, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) ioctl$BLKSECDISCARD(r4, 0x127d, &(0x7f0000000380)=0x5) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) r7 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x2, 0x40800) syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0xab7c, 0x82000) write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000440)={0xe, 0x3, 0x7, 0xffffffff85480f34, 0x1000, "08acb8115cdd184832a0fb4fcffaed57be50481b210a1f025342ea967529ed2ad02331f9e48937d2818e0e9b8123310b428c72eb637bb0b8988405683471c3d4eb925e4b6a61bcffdbfd05a72ce2fd37f306d73f8ca9af7622cf8d223f09a096e3ed29781108fd13eec5b955aa5667428c6653f6dcbe75d7221e9776fd02d07bcb3def095a8029a009f74a306cf5c25b5330a5ad659ee56d68a54a59c327e6cc3bad1599eb6e595063614cb7644cd73890beb24ca923c6b963929b5a4e454db016d4196c5084e14f45d510eb53e4e88217cba8d57b463fb98794ed77805110b6dff27217a695a6cfb9e099aaf2fad82daec53dfd3e2862432ea74c38e15c8496202bedbd4f81bcd7cb495739fecfc0d819b1a0d979ec7bc8741c50b6e41f70d510fbaf3c46c7914743c887a1b240f4cc4d5c365121c7edca2242a67f5944e1c2bf965bbd1e0a5c235e6ccede7abb880637ca9de53aa43ea42af994eb042d76b16896ecb0f7561e600873a6a6a9e7f4c825a2efe40469a505a31944c44a8ad2f7fc35cac199d7cdc7ddbd496e6350e18580791badb6c546b4603867fe59cd3c39a13f1079e82fda2100b43580b105030e3368c3d21e3b221cf46f86c4dd83c54a06176e922ab2a9cda17555790a27757b18d503509ce885a87ad5ce26f912aa827426efa235898f5c47065f2a7774e45feb49cc466d1fff0b888545271a74aa790f922d8b177a84452ea85d441638a1906adf58b96ee8cc0d9d4b24a1944fd24f06ed76acf90dfb5d94717d56c4ea569f8086cff73cc37d2702c718e4bd21765781aa9e871c09a6a9852cc73c645b536910a50f89060c8a9b204df39b1d9d8390b3efdbfac352ed7045264863e5f2843502b1b20dbb165972a2f20a1cd09711c4ec579cd36e3b3c2794b1b5c5e77c9515836f202e3d4a8f664ce2267ee02725cc17dfc4860f73c522b265e093e156042f3f787f9d2298a6fcf08ed6758a529be7fb5de1d5db1c4f10e1aec5311a45c552b1590e4b51a08acbec39eb537bdaa240b808df5ed0c5898f9fc4053a1bbc6efeb21ad354401bf6f702925f22515e41200d01e3b7b5c76f626cd43caa74f1ad3b37c2dfd7aedd34e8d8ca03ac8a63e8b864844ca93e503711e2ae3677857dd2e91aaec3f1f339c783f281e8fda8d5a03591f39d768ce29336089c720ade964e241dbea8ddaf7e4cd450d265a998e8f27495fd625e0ac3e456e57786f26bde759c4253c955e63f1b628c96dc2c8355c89430b2eef8d54d5d9d3a2a93bd5cc5645e2122a8bd9a5b055f693a300e09c93e55abdf2c3f389a6deed31bc1a039682e5c97b5c5ff2b4d18ef1b4651e4c058086dc52c2976f440f8ae709735805c7e1ac189ea42e53f8022f229257210bbed3cc2877c1ba8221f68688935a84fa35d6023bad4b59623177ae9c806c35f0758f60f3ec393bc841b3cf7ac38131128556c7589d0d302f3d7e363d2f3991a2d393cb352a6550a8a57abd65d2e430dd3ffdf018e67d4e991c4f8b2e7b0d5308a30ff47100951f97a83950f8951ac5f728c358c7f5d3a0b958cee1cbc4dc48c7f890f5eb74b4abf5834c47b7dae177be13a785d54eeb6d147d7d081a10a181a413e2d7b8ab800c363e29dafd30aeda117d9f4491affa92abc53746065520e50ded31de508bfaac4c641058b8c3177956a5d334ffabb69334cc3358d3bc6b6df3dbdf8e14b73af885218bd5d1563a936d7458d0b1f7839e58d4eb29ba17bb405176e43061825beb0207ca7b7a3deeb5a8c5102c031a8aa58f2b186b44bafb48877c82977027f5bc509e83a2c4fa89aa4b50c873588be61b6552a182d8583ad9d63c43c68d26aa6af1f42e7c5119725b45ff38bed0c61f1a7aa1523970f4881bfe87640980a6dc5a5af1a549876edebf1edf82fb261e35e9114717b97a1e974fdbeb3ad428d6315efd204ee5bf0f8f8387e2cc447209622f89c8c1c9d45805aa2dfcaf3dde1a097f5227ee9b330d8819e981428472a4eaaf3fc2a658f31bc089576b70f863db875360d4f897cfdd75cede72df73aa3b09d5a431315555df2da0f7e5cd2c84c5d1a73f630191b05c2b822bdb3593a3515c896c86d7a49f4f2902d8ca0dabdbd0d700f32eaebedc5343911cb7bcc6429c1e3590b26db11f2d4edf523cba6ad9f5ee8e2f3609f5ad00d50edf0a524c02dc77e861221d85673a08d5bfcbe7a4d62b13455f74ed889c4bb03091c7e85c653144fe52f423511eb84a7e0a19bb6136a280913c6137dadccb897241c489afa6cc003e9bd29041c9f394cf349e3076e75f5a0e2ac516927cfb4fa9c532a283613616509c7b567c14e8a122571bae017ed75a1ad50486279cb898d2ea2becc8145b68928b91a31d06405080cce975b38507b472576913aeee1dd1c7a22ab438fe477c30ac3fb6c46cac163dc76f68baf85ed70f58e088e9304756ebb4af7ba26b6032f614bc7b2bb251dddfa60ea2fe4f335d82b79661d4e54e194a70681e9f4bc67382c62a74b503fd48518e4e860d524d386a99a10b16842696a5753561aa168089134a629eedb2087ec8eaae9867034dd50d09fcf7feeba1dd765a089c999c59b97c1a4aae97a0479c01a775f849eeb11c47061d7f9d8f0d6de3332a45be8bc1480fcc54dc8c85c80400eed46bf9c79c8850dd2f75654c439de02ffd1198f2cd7abf50cc57eeeaa7c525e608f93fba0b910844cae7a7858733e7219fda8ed78df1c4cc273df72c24c4875a4e256d6ef0a5b38430db2a7be4ff6f504fe49bd1caf0d5c97f129dcd855dbda2dcfeed0f2fa67950eb1575d3fc2fae2093a3dab46a8e60d82aba5d3135f174d863ed49bc74ef851e0347ae293a7bb750e88325a329e28d556def54e0a5c760a5f150726ad329e457cec2448289cc16c45dc220486c22dcabdb0660f5a1c78e9b4261f66fe827c8864c044f39ed9a9aa410424bb86fc73183e191973e14a4a63057a4787a736abc9ac8f97afae3e8a8c9644c4ad60ce6ad0963de9ebadddcc02fed952fb46a4f7745d65a798d6ad6e31b31107ed64f84e972fab4dc9f45294dac0791e7b41612da243e54e43aaad866edce655e60ff09e40c781bf65fd0054e00dcf11121582f2e35f3f20ab2a597065be3fddc397f2f41862482a51e10a423fd80c6cbfb2bc91baad0018f890d3f22e045605013257032e4b7672a5e751e86b9ce9512b21e7553655e424705da18db90c52bf19515077b26c1105dee89cb38a0c6ac082d679c49e6691cdd72c26d698b6a3a4ec9e713d6141e932ee0a8c783763d18ba8f2f7b7bcd24b436a85c9d8c3e06e4cd6692ee4c750177b69117bd3099571e818f05f28ed7e5b686d5575f251e5ee6f04eedf630d71f8e0d78434566e74f61ae981e67805e148a62b5418352059197aba03d8d89d9e4b41c81fc33b191b3a823bcab4c9ed67ae9907e6cbb735648a13e417d823d14d2d5f52bc6bc8fece618441f8d4600018c05ab03cdb34878469b7cd26967eb83127087d2c6a685dac7edb578b1c00c710b89cef8bbf0d4210f29c98975eb29e7f2ceec375e23152bd9851a6ba42dc4fddc6efcb1925c3026945d6ca0a3e3317aa3457e7bca516329c6229ae24ad89bac01eb8c32ede91b8885627dc32e4d65b90906da52d07010467a47497e605074c13984671b1046e8172a07dd150d9043a67771f56c99c165e01b50a1324627fc4fccaf90f10cdf0e292c7cb1ab719347ecb74aa73c9cb805267ed151d368d25e0f99541087346a19c4a97fba0abaeb035b547580048cd01ea46797f793d80613d5de23fdfa1c96d7d1d3ff508383ecd080780227b52312fbcb0ab11ba1bc2a2cf61e4dd0e9146f75e42920fe41063a5f73e01ac088d09de3360d664fe711d0bdc1dd8c0df2a9b9c1c6fb46b404fdab42f725d8290411f9acdbb2f6ddef9c401f683cd709970fb510e38137e61965982a3d19d2ceccc6e06d1d17b57ec4cfd219257cbe081412d0bd5717926c0a119c6eb02ea709ace701e6ac4f516d999c39e835ba888fe781f36055a6da5a6efe93452c2863e2dc399700b6bc4cb9eb9a610591f8ce87cf7575523b1c1ce5c649c14ebd501a9e2acc457fd4c534aa2947bb89b0f994cd699a06436f50cd9b38e73ee67c92b844b94ec7e046dd640ee98636a8381f8b2ddc92191e159934fe9a72148b155d94c505a75d303ee0658e667602b4c6370ee77f0458215ab1faf009a7ecf13c841bb6243e7b56c555c7c90cb88688640e42d0120c329374cdb9168d64abaa9275ea1e0a266b4b756f2ef35f519c81bdd0c65685cf955fe58cf1484b61d954e24e3202c0439f91f6fbd547735f75a9a642b4d68c800f58a3a89487e82cbb553ba60490deca98bb8534dd0b2dda1e0d6a49ed9fb59dbb22f5c618ead384b621eb04a6cfee0aa72f49eac1360e8cb391219b2515853879bda50428ed6dcecbeba8e7673a5220e89f186db70f309ee56d40a8ec4d7c13e7ce05473307c866ad6482b7d3e79de9aa4ccdb6aa3bfb995c001ff0f9d3550036df0a5eba890c79c9ed2fba14e7c79e07f929664a6744c27e6447c4fe85d1d4a5865caba210fff9bdff6c10ee3b7437097e903c03de68dbf5ec9a9094a2fa8e484ff0351fd283e7cbe1dce98e576cf21ae70b1cc54cfe93888188c663d43a910e3d2f74cfa2873c221d09c0087b79a8cb505aa69892f4659ecf73202f1b173fb973cb27ea264dadaef989b1034db72a63355619f87ba9c8da7d32c7a3f74a888c6fb6cbe8d208d91d05333262f1a1bf3a96e5fca3f88723942e6ec20e3dcfa32b8ab071c0daab96b6f0aaf459e1ec659596d55a82edbd3fe7f15856ef7b4d22ee3fb6bac9c110ccfd959be7a289248e0a840d66a4dc94025ee31f1b47bb79915a0ff39801092a9eee882883e3c60cfc10ed9b471896137d8f6bd5ee31d46d3cf03315365c00b106013bb45253195217548a5b8155cb68ab737ef8f0de57d58a7a78df6dc74cb5a7c2627f52d55df1b26e9f2d5433f958ca9ff3f158075af976003070301b5fcf031e9ddf1d8b798b97c13d2d94f3362889e0f85408a7778fc1ca26125596924ae166cb539ee6435992867ec992e0e6eed42612f7dc912549e9cde7f30f2085e055737cf31cd5ae2da5d401ced5bf3823955acae5f998f8c1370f2013e734ef5a5088766c90d4de716f45127695c9443a21405d436fcae661ebbe493f69e26b1a688523976ce7be45e5ee636493b5f79b3eda67ef89876816dfb0f05a164188615a2439e7b5db25c610c093fab4de1f95ee3000134da9690e86b9b5f1b4347664df5928433d18940545dc18a0cc459caf967351e490afcf2d39d569c18e891e22061ff626cce87c417fc7482f7999c2e611a7e26379262a6e388168edd7ed407322a7bfbe163fcef8f16f39a6caa750124d675652dda35d4e211e2de8cfb5f32fe6895d0932342bae89406a5216240f7e30ddf16be831d0c191e286b3d96574deaac5f2fc7623fe1764d0c8f4c85c1f1968e6fc3366f1104f2bd303769e78467455a2648aee6502919c9769c6ac7a3954f92ffba68bbbfc0e3ad3003a60bc16e1e91aca1e56bd7200d511145337d58c33e4e5b7eb4b542246c245952f5d65bec0a8440daa428b3927517696fcfe0ec8bbf578930bf5f3aad8e1ab7115cb9f79a64ceeeaf47d3f85de941d8f007491e1a65cd0a18f22b865b6e38582c36a8d5659ad3c1f499719c45d27cde2c0766b2d2070f92f117e78621d9b8fcad03082c461c4a9d066573f33167f162cb0067df0b"}, 0x100c) mq_getsetattr(r7, &(0x7f0000000140)={0x9, 0xff, 0x7fffffff, 0x2, 0x7ff, 0xee5, 0xfff, 0x1}, &(0x7f0000000180)) 03:46:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:50 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x101000, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:50 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000c80)=[{&(0x7f0000000640)=""/138, 0x8a}, {&(0x7f0000000700)=""/248, 0xf8}, {&(0x7f0000000800)=""/191, 0xbf}, {&(0x7f00000008c0)=""/199, 0xc7}, {&(0x7f00000009c0)=""/176, 0xb0}, {&(0x7f0000000a80)=""/249, 0xf9}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/209, 0xd1}], 0x8, 0x0) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000080)=""/193) preadv(r0, &(0x7f0000000480), 0x258, 0x0) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x80, 0x0) write$binfmt_elf64(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x10000, 0x559, 0x31c, 0xfffffffffffffffa, 0x2, 0x3e, 0x4, 0x2ef, 0x40, 0x1c8, 0xcfb0, 0x101, 0x38, 0x6, 0x0, 0x5, 0x3}, [{0x0, 0x1, 0xfffffffffffff28f, 0x8, 0xfc9a, 0x40, 0x2, 0x8}, {0x5, 0x6, 0x8000, 0x0, 0x8, 0x200, 0x0, 0x1}], "3bf4807016f72fd59c4baa69a592afd88fb2a17841bade692fe98fed035447c76e64a61520817d228b5d04f5a8b3261e", [[], [], []]}, 0x3e0) 03:46:50 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:50 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x2000000000890f, &(0x7f0000000540)='\x00 \x00\x00\x00\x00\v\x00\x00\x00\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)="d543146338320211feae7d2ce3f7eaec74af3c11d641795510900181b2227f6c609bed07ca81069009879c4a0c0555e066d3265e", 0x34, 0xfffffffffffffffe) sendto(r0, &(0x7f0000000a80)="63b054e31791c11a8266ec087a0c5f7789f5e67b5f16da93cd7d46f7645484cb4928471ea9b8037c0dc0eb60f60ad4d2e2a476b8303823ae3edfd0f6f95d", 0x3e, 0x800, &(0x7f0000000ac0)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @multicast1}, 0x3, 0x0, 0x4}}, 0x80) r2 = add_key(&(0x7f0000000200)='id_legacy\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="b57aafb07fc0296bf7bf76bdebd142383bdb5e1a751d8d4c0f971d81ad4146aee9599442b7329f7333b4c7036818a7e31ed6", 0x32, 0xfffffffffffffff9) r3 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000440)="ce8e2dfac5a3b70781e76e0fe4ba556ea268952289534051b98c0ff30a40e2827f901fecc8754bae0e4eca44e72de2f8a8fbe4018a291c4bd2e0fb03db9d02507d0f47ce2d0072ac1cac673ffe2d801e540b58f6afee9855dcc5885142f49fc7cf8485cbd24aea98c4f3663db897d61219961ec48fb4f1316c67a5ba46c14990ee7c83845f0e73e5cdd8ac2ca1ed3414c1bb0603a68998e5993ad1c2eadc63e41c04e6cf48749b26738a15e147e24d604cfe37cbcf5f8cd206bcc6d90a7712b5d7608a02645b10af878baad836c3ca7b1dc7fa2c72", 0xd5, 0xfffffffffffffff9) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000380)={'tunl0\x00', {0x2, 0x4e22, @local}}) keyctl$instantiate_iov(0x14, r3, &(0x7f0000000280), 0x1000000000000131, r2) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) r4 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x20000, 0x100) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) io_setup(0x0, &(0x7f0000000640)=0x0) io_submit(r5, 0x4, &(0x7f0000000a40)=[&(0x7f0000000740)={0x0, 0x0, 0x0, 0x5, 0x3, r4, &(0x7f0000000680)="d63412f92c0b81a96b538a876ce4217bfe34f819f949ed1dabdc62835ed1881ba41690b36b2ae4471aea1ee101a7bc86300b00c9bbd566bf569d778de7d9ec7c6c34145d0bf03e6e4fc4d9961223f036e7d7f225a603ef04f87588c05316c1b3f11b435ae9e92df4f0e9081333232b37edb3728770ce0acdc9296ffda0a00c391f4a7311225686bc9dae583446719a", 0x8f, 0x7, 0x0, 0x1, r4}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x7, 0x200, r0, &(0x7f0000000780)="d1f50560b747ddd6ec952c3292a27ab889dd82ccfb9e27579ccffa916977fa080421bdc39d9fd42092aa09a1da6c4c78a5eccc4b", 0x34, 0x8, 0x0, 0x2, r4}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x3, r4, &(0x7f0000000800)="c9b0ebd153ea16e167533b57849b61d35a2cf0b9b82f19a887682b76a52a8a23467ac66dacf078aa99bbb6a56af980c53b2df24155da9fff40a4668895d828a1e02493f79fe36b2ecde9763e7473baf8e0e087dc73a3cbd7c7089f89ce523b48eacfcf0f0497f74e8d7623d03f80b21f3085982c05f93accea40056305cb4ec98da76eda1655da8ec38b0e995b81a4aa37aea37136d578ba777ef3c08d8c7fbdc88e0772ea8e827b3b02c7f46718fdb92aa0652aed5234d3", 0xb8, 0x67f, 0x0, 0x1, r4}, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x7, 0x2a, r1, &(0x7f0000000900)="b4fe6bed015773333131b8d97bf6e15f457dc7098d03eaead8c3fd1c56780d8a0a74a79f5002fc00a65ba1e14240a99f5d8d452e9867284740428628d4e0b2446ebc5d582f92a6d23d487a93a32187e7d474ed43d598bcba83c4fae5aa3f2b8ea73abf161ff964f2f486bbfd0033c35a071b28839007f1730614a886b425eb623148c72d5244ac291a87024b544234bdedbbe0fa7bac5fff3f755610668b5b69e047ef171bcd92fc8b9310cb1784620e2e30b4cd68769d788b06909501b528ec11c0faae0ecc9b6e2aa7647fa563cb7d0b6b5f1742ce51c47be6825c57a213cd5a1ad75a47", 0xe5, 0x4, 0x0, 0x0, r4}]) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = open(&(0x7f0000000600)='./file0\x00', 0x0, 0x1) ioctl$KVM_SET_PIT2(r4, 0x4070aea0, &(0x7f0000000580)={[{0x80, 0x8, 0x5, 0x5000000, 0x5, 0x8, 0x7, 0x3f, 0x7, 0x8, 0x3, 0x9, 0x8}, {0x1000, 0x1ff, 0x3, 0x9, 0x4, 0x8, 0x8d0e, 0x6, 0xed29, 0x4, 0x4, 0x3ff, 0xd701}, {0x6, 0x6, 0x10000, 0x8, 0x1, 0x10001, 0x8, 0x942c, 0x8, 0x4, 0x9, 0xfffffffffffffff8, 0xe5}], 0x7f}) ioctl$DRM_IOCTL_GET_MAP(r4, 0xc0286404, &(0x7f00000003c0)={&(0x7f0000d62000/0x3000)=nil, 0x7, 0x5, 0x2, &(0x7f0000b81000/0x4000)=nil, 0x5}) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000bc0)='veno\x00', 0xffffffffffffff1f) sendto$inet6(r6, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000b40)={'veth0\x00', 0x1}) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:50 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 490.659731] not chained 490000 origins [ 490.663817] CPU: 1 PID: 13293 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 490.671097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 490.680458] Call Trace: [ 490.683047] [ 490.685222] dump_stack+0x32d/0x480 [ 490.688875] kmsan_internal_chain_origin+0x222/0x240 [ 490.694005] ? __local_bh_enable_ip+0x11f/0x260 [ 490.698698] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 490.704755] ? __module_address+0x6a/0x5f0 03:46:50 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000004c0)=[@in6={0xa, 0x4e24, 0x6, @local, 0x3}, @in6={0xa, 0x4e23, 0x22, @local, 0x7}, @in={0x2, 0x4e24}, @in6={0xa, 0x0, 0x80000000, @mcast1, 0x7}, @in={0x2, 0x4e20, @rand_addr=0x1}, @in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0x16}, 0x29f}, @in6={0xa, 0x4e21, 0x580, @mcast2, 0xfffffffffffffff9}, @in6={0xa, 0x4e24, 0x0, @remote, 0x3}, @in={0x2, 0x4e24, @rand_addr=0x100000000}], 0xd8) preadv(r0, &(0x7f0000000440)=[{&(0x7f0000000040)=""/130, 0x82}, {&(0x7f0000000100)=""/15, 0xf}, {&(0x7f0000000240)=""/225, 0x534}, {&(0x7f0000000340)=""/223, 0xdf}, {&(0x7f00000013c0)=""/4096, 0x1000}], 0x5, 0x0) [ 490.709010] ? is_bpf_text_address+0x3e5/0x4d0 [ 490.713609] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 490.718984] ? is_bpf_text_address+0x49e/0x4d0 [ 490.723696] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 490.729071] ? __module_address+0x6a/0x5f0 [ 490.733334] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 490.738709] ? is_bpf_text_address+0x49e/0x4d0 [ 490.743315] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 490.748786] __msan_chain_origin+0x6d/0xb0 [ 490.753033] ? __do_softirq+0x721/0xc7f [ 490.757025] __save_stack_trace+0x8be/0xc60 [ 490.761395] ? __do_softirq+0x721/0xc7f [ 490.765391] save_stack_trace+0xc6/0x110 [ 490.769473] kmsan_internal_chain_origin+0x136/0x240 [ 490.774584] ? local_bh_enable+0x36/0x40 [ 490.778663] ? __sk_flush_backlog+0x52/0x70 [ 490.782993] ? kmsan_internal_chain_origin+0x136/0x240 [ 490.788380] ? kmsan_memcpy_origins+0x13d/0x190 [ 490.793059] ? __msan_memcpy+0x6f/0x80 [ 490.796964] ? pskb_expand_head+0x436/0x1d20 [ 490.802144] ? ___pskb_trim+0x3c9/0x1bf0 [ 490.806228] ? sk_filter_trim_cap+0x5ac/0xa60 [ 490.810728] ? tcp_filter+0x10c/0x260 [ 490.814542] ? tcp_v6_rcv+0x45ba/0x5df0 [ 490.818524] ? ip6_input_finish+0xb53/0x2450 [ 490.822949] ? ip6_input+0x29d/0x340 [ 490.826677] ? ip6_rcv_finish+0x4d2/0x710 [ 490.830832] ? ipv6_rcv+0x34b/0x3f0 [ 490.834472] ? process_backlog+0x82b/0x11e0 [ 490.838807] ? net_rx_action+0x98f/0x1d50 [ 490.842971] ? __do_softirq+0x721/0xc7f [ 490.846961] ? do_softirq_own_stack+0x49/0x80 [ 490.851470] ? __local_bh_enable_ip+0x228/0x260 [ 490.856148] ? local_bh_enable+0x36/0x40 [ 490.860243] ? ip6_finish_output2+0x1b1a/0x22d0 [ 490.865014] ? ip6_finish_output+0xc13/0xca0 [ 490.869438] ? ip6_output+0x5e4/0x720 [ 490.873256] ? ip6_xmit+0x216d/0x26a0 [ 490.877066] ? inet6_csk_xmit+0x3e0/0x4f0 [ 490.881254] ? __tcp_transmit_skb+0x425c/0x5e00 [ 490.885942] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 490.890798] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 490.896006] ? tcp_ack+0x91b2/0xa010 [ 490.900490] ? tcp_rcv_established+0xf7e/0x2940 [ 490.905182] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 490.909341] ? __release_sock+0x32d/0x750 [ 490.913500] ? __sk_flush_backlog+0x52/0x70 [ 490.917829] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 490.922422] ? tcp_sendmsg+0xb2/0x100 [ 490.926260] ? inet_sendmsg+0x4e9/0x800 [ 490.930239] ? __sys_sendto+0x940/0xb80 [ 490.934220] ? __se_sys_sendto+0x107/0x130 [ 490.938461] ? __x64_sys_sendto+0x6e/0x90 [ 490.942628] ? do_syscall_64+0xcf/0x110 [ 490.946608] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 490.952003] ? __msan_get_context_state+0x9/0x20 [ 490.956768] ? INIT_INT+0xc/0x30 [ 490.960143] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 490.965535] kmsan_memcpy_origins+0x13d/0x190 [ 490.970048] __msan_memcpy+0x6f/0x80 [ 490.973777] pskb_expand_head+0x436/0x1d20 [ 490.978048] ___pskb_trim+0x3c9/0x1bf0 [ 490.981978] sk_filter_trim_cap+0x5ac/0xa60 [ 490.986328] tcp_filter+0x10c/0x260 [ 490.989980] tcp_v6_rcv+0x45ba/0x5df0 [ 490.993795] ? __msan_poison_alloca+0x1e0/0x270 [ 490.998510] ? tcp_v6_early_demux+0xc80/0xc80 [ 491.003717] ? tcp_v6_early_demux+0xc80/0xc80 03:46:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 491.008221] ip6_input_finish+0xb53/0x2450 [ 491.012486] ? ip6_input_finish+0x13e1/0x2450 [ 491.016997] ip6_input+0x29d/0x340 [ 491.020552] ? ip6_input+0x340/0x340 [ 491.024274] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 491.028696] ip6_rcv_finish+0x4d2/0x710 [ 491.032688] ipv6_rcv+0x34b/0x3f0 [ 491.036159] ? dst_hold+0x5e0/0x5e0 [ 491.039808] process_backlog+0x82b/0x11e0 [ 491.043969] ? __msan_poison_alloca+0x1e0/0x270 [ 491.048661] ? ip6_rcv_finish+0x710/0x710 [ 491.053055] ? rps_trigger_softirq+0x2e0/0x2e0 [ 491.057658] net_rx_action+0x98f/0x1d50 [ 491.061667] ? net_tx_action+0xf20/0xf20 [ 491.065748] __do_softirq+0x721/0xc7f [ 491.069577] do_softirq_own_stack+0x49/0x80 [ 491.073899] [ 491.076163] __local_bh_enable_ip+0x228/0x260 [ 491.080694] local_bh_enable+0x36/0x40 [ 491.084604] ip6_finish_output2+0x1b1a/0x22d0 [ 491.089130] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 491.094504] ? ip6_mtu+0x289/0x330 [ 491.098066] ip6_finish_output+0xc13/0xca0 [ 491.103041] ip6_output+0x5e4/0x720 [ 491.106695] ? ip6_output+0x720/0x720 03:46:51 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x80, &(0x7f0000000040)="0a452d0240316285717070") stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f00000000c0)='./file0\x00', r2, r3) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x200000, 0x0) fcntl$setstatus(r1, 0x4, 0x400) preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 491.110507] ? ac6_seq_show+0x200/0x200 [ 491.114497] ip6_xmit+0x216d/0x26a0 [ 491.118165] ? ip6_xmit+0x26a0/0x26a0 [ 491.122115] inet6_csk_xmit+0x3e0/0x4f0 [ 491.126116] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 491.131058] __tcp_transmit_skb+0x425c/0x5e00 [ 491.135601] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 491.140287] ? __mod_timer+0x271f/0x2d70 [ 491.144374] ? __msan_poison_alloca+0x1a0/0x270 [ 491.149079] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 491.154141] tcp_ack+0x91b2/0xa010 03:46:51 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 491.157710] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 491.163233] tcp_rcv_established+0xf7e/0x2940 [ 491.167773] tcp_v6_do_rcv+0x9f8/0x21b0 [ 491.171780] ? tcp_v6_destroy_sock+0x60/0x60 [ 491.176213] __release_sock+0x32d/0x750 [ 491.180221] __sk_flush_backlog+0x52/0x70 [ 491.184383] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 491.188633] tcp_sendmsg_locked+0xd72/0x6c30 [ 491.193075] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 491.198574] tcp_sendmsg+0xb2/0x100 [ 491.202947] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 491.207648] inet_sendmsg+0x4e9/0x800 03:46:51 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2, 0x0) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000040)) [ 491.211467] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 491.216843] ? security_socket_sendmsg+0x1bd/0x200 [ 491.222278] ? inet_getname+0x490/0x490 [ 491.226258] __sys_sendto+0x940/0xb80 [ 491.230099] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 491.235567] ? prepare_exit_to_usermode+0x182/0x4c0 [ 491.240600] __se_sys_sendto+0x107/0x130 [ 491.244679] __x64_sys_sendto+0x6e/0x90 [ 491.248672] do_syscall_64+0xcf/0x110 [ 491.252490] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 491.257686] RIP: 0033:0x457569 [ 491.260893] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 491.279813] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 491.287535] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 491.294817] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 491.302837] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 491.310116] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 491.317394] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 491.324683] Uninit was stored to memory at: [ 491.329024] kmsan_internal_chain_origin+0x136/0x240 [ 491.334144] __msan_chain_origin+0x6d/0xb0 [ 491.338393] __save_stack_trace+0x8be/0xc60 [ 491.342722] save_stack_trace+0xc6/0x110 [ 491.346796] kmsan_internal_chain_origin+0x136/0x240 [ 491.351923] kmsan_memcpy_origins+0x13d/0x190 [ 491.356462] __msan_memcpy+0x6f/0x80 03:46:51 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 491.360206] pskb_expand_head+0x436/0x1d20 [ 491.364455] ___pskb_trim+0x3c9/0x1bf0 [ 491.368356] sk_filter_trim_cap+0x5ac/0xa60 [ 491.372690] tcp_filter+0x10c/0x260 [ 491.376327] tcp_v6_rcv+0x45ba/0x5df0 [ 491.380144] ip6_input_finish+0xb53/0x2450 [ 491.384399] ip6_input+0x29d/0x340 [ 491.387952] ip6_rcv_finish+0x4d2/0x710 [ 491.391940] ipv6_rcv+0x34b/0x3f0 [ 491.395406] process_backlog+0x82b/0x11e0 [ 491.400235] net_rx_action+0x98f/0x1d50 [ 491.404222] __do_softirq+0x721/0xc7f [ 491.408020] [ 491.409649] Uninit was stored to memory at: [ 491.413985] kmsan_internal_chain_origin+0x136/0x240 [ 491.419099] __msan_chain_origin+0x6d/0xb0 [ 491.423348] __save_stack_trace+0x8be/0xc60 [ 491.427683] save_stack_trace+0xc6/0x110 [ 491.431772] kmsan_internal_chain_origin+0x136/0x240 [ 491.436884] kmsan_memcpy_origins+0x13d/0x190 [ 491.441389] __msan_memcpy+0x6f/0x80 [ 491.445112] pskb_expand_head+0x436/0x1d20 [ 491.449359] ___pskb_trim+0x3c9/0x1bf0 [ 491.453258] sk_filter_trim_cap+0x5ac/0xa60 [ 491.457591] tcp_filter+0x10c/0x260 [ 491.459982] QAT: Invalid ioctl [ 491.461222] tcp_v6_rcv+0x45ba/0x5df0 [ 491.461238] ip6_input_finish+0xb53/0x2450 [ 491.461252] ip6_input+0x29d/0x340 [ 491.461267] ip6_rcv_finish+0x4d2/0x710 [ 491.461280] ipv6_rcv+0x34b/0x3f0 [ 491.461295] process_backlog+0x82b/0x11e0 [ 491.461321] net_rx_action+0x98f/0x1d50 [ 491.491584] __do_softirq+0x721/0xc7f [ 491.495379] [ 491.497004] Uninit was stored to memory at: [ 491.502070] kmsan_internal_chain_origin+0x136/0x240 [ 491.507223] __msan_chain_origin+0x6d/0xb0 [ 491.511499] __save_stack_trace+0x8be/0xc60 [ 491.515835] save_stack_trace+0xc6/0x110 [ 491.519909] kmsan_internal_chain_origin+0x136/0x240 [ 491.525030] kmsan_memcpy_origins+0x13d/0x190 [ 491.529539] __msan_memcpy+0x6f/0x80 [ 491.533267] pskb_expand_head+0x436/0x1d20 [ 491.537519] ___pskb_trim+0x3c9/0x1bf0 [ 491.541416] sk_filter_trim_cap+0x5ac/0xa60 [ 491.545831] tcp_filter+0x10c/0x260 [ 491.549472] tcp_v6_rcv+0x45ba/0x5df0 [ 491.553280] ip6_input_finish+0xb53/0x2450 [ 491.557523] ip6_input+0x29d/0x340 [ 491.561067] ip6_rcv_finish+0x4d2/0x710 [ 491.565057] ipv6_rcv+0x34b/0x3f0 [ 491.567283] QAT: Invalid ioctl [ 491.568517] process_backlog+0x82b/0x11e0 [ 491.568533] net_rx_action+0x98f/0x1d50 [ 491.568550] __do_softirq+0x721/0xc7f [ 491.568556] [ 491.568563] Uninit was stored to memory at: [ 491.568581] kmsan_internal_chain_origin+0x136/0x240 [ 491.568594] __msan_chain_origin+0x6d/0xb0 [ 491.568622] __save_stack_trace+0x8be/0xc60 [ 491.604061] save_stack_trace+0xc6/0x110 [ 491.608136] kmsan_internal_chain_origin+0x136/0x240 03:46:51 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 491.613254] kmsan_memcpy_origins+0x13d/0x190 [ 491.617759] __msan_memcpy+0x6f/0x80 [ 491.621504] pskb_expand_head+0x436/0x1d20 [ 491.625752] ___pskb_trim+0x3c9/0x1bf0 [ 491.629653] sk_filter_trim_cap+0x5ac/0xa60 [ 491.633985] tcp_filter+0x10c/0x260 [ 491.637622] tcp_v6_rcv+0x45ba/0x5df0 [ 491.641437] ip6_input_finish+0xb53/0x2450 [ 491.645683] ip6_input+0x29d/0x340 [ 491.649234] ip6_rcv_finish+0x4d2/0x710 [ 491.653219] ipv6_rcv+0x34b/0x3f0 [ 491.656688] process_backlog+0x82b/0x11e0 [ 491.660849] net_rx_action+0x98f/0x1d50 [ 491.664831] __do_softirq+0x721/0xc7f [ 491.668635] [ 491.670269] Uninit was stored to memory at: [ 491.674620] kmsan_internal_chain_origin+0x136/0x240 [ 491.679738] __msan_chain_origin+0x6d/0xb0 [ 491.683984] __save_stack_trace+0x8be/0xc60 [ 491.688315] save_stack_trace+0xc6/0x110 [ 491.692388] kmsan_internal_chain_origin+0x136/0x240 [ 491.697517] kmsan_memcpy_origins+0x13d/0x190 [ 491.702758] __msan_memcpy+0x6f/0x80 [ 491.706490] pskb_expand_head+0x436/0x1d20 [ 491.710737] ___pskb_trim+0x3c9/0x1bf0 [ 491.714633] sk_filter_trim_cap+0x5ac/0xa60 [ 491.718967] tcp_filter+0x10c/0x260 [ 491.722606] tcp_v6_rcv+0x45ba/0x5df0 [ 491.726417] ip6_input_finish+0xb53/0x2450 [ 491.730786] ip6_input+0x29d/0x340 [ 491.734333] ip6_rcv_finish+0x4d2/0x710 [ 491.738313] ipv6_rcv+0x34b/0x3f0 [ 491.741782] process_backlog+0x82b/0x11e0 [ 491.745942] net_rx_action+0x98f/0x1d50 [ 491.749927] __do_softirq+0x721/0xc7f [ 491.753728] [ 491.755363] Uninit was stored to memory at: [ 491.759700] kmsan_internal_chain_origin+0x136/0x240 [ 491.764815] __msan_chain_origin+0x6d/0xb0 [ 491.769061] __save_stack_trace+0x8be/0xc60 [ 491.773487] save_stack_trace+0xc6/0x110 [ 491.777558] kmsan_internal_chain_origin+0x136/0x240 [ 491.782673] kmsan_memcpy_origins+0x13d/0x190 [ 491.787191] __msan_memcpy+0x6f/0x80 [ 491.790938] pskb_expand_head+0x436/0x1d20 [ 491.795215] ___pskb_trim+0x3c9/0x1bf0 [ 491.799112] sk_filter_trim_cap+0x5ac/0xa60 [ 491.803799] tcp_filter+0x10c/0x260 [ 491.807432] tcp_v6_rcv+0x45ba/0x5df0 [ 491.811242] ip6_input_finish+0xb53/0x2450 [ 491.815493] ip6_input+0x29d/0x340 [ 491.819035] ip6_rcv_finish+0x4d2/0x710 [ 491.823016] ipv6_rcv+0x34b/0x3f0 [ 491.826477] process_backlog+0x82b/0x11e0 [ 491.830635] net_rx_action+0x98f/0x1d50 [ 491.834621] __do_softirq+0x721/0xc7f [ 491.838415] [ 491.840040] Uninit was stored to memory at: [ 491.844373] kmsan_internal_chain_origin+0x136/0x240 [ 491.849485] __msan_chain_origin+0x6d/0xb0 [ 491.853735] __save_stack_trace+0x8be/0xc60 [ 491.858069] save_stack_trace+0xc6/0x110 [ 491.862143] kmsan_internal_chain_origin+0x136/0x240 [ 491.867264] kmsan_memcpy_origins+0x13d/0x190 [ 491.871769] __msan_memcpy+0x6f/0x80 [ 491.875496] pskb_expand_head+0x436/0x1d20 [ 491.879741] ___pskb_trim+0x3c9/0x1bf0 [ 491.883640] sk_filter_trim_cap+0x5ac/0xa60 [ 491.887972] tcp_filter+0x10c/0x260 [ 491.891605] tcp_v6_rcv+0x45ba/0x5df0 [ 491.895433] ip6_input_finish+0xb53/0x2450 [ 491.900012] ip6_input+0x29d/0x340 [ 491.903565] ip6_rcv_finish+0x4d2/0x710 [ 491.907549] ipv6_rcv+0x34b/0x3f0 [ 491.911008] process_backlog+0x82b/0x11e0 03:46:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:51 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0xca, &(0x7f0000000180)="ff02040000eeffeafa81f409624f2ff72408000000fc0e00000000000000000000000000ee010205", 0x2b4) sendto$inet6(r0, &(0x7f00000001c0)="00ccd3574e6717b523a0f6bdf1e6a3b4e2a887ba344f6d70f1a42b2603505b4bdec2e505b836c83ab27d5455ae277e41239bae5158f250fb0dceb9d56ab24cfb5159fe7ac7310e24d64c73e3b8e0ead0856286f4f0dc43a981a92d636e46ea99d29bbf586cd4ce0f9ffd34dbeea051ce5ab7d639250ae77479749bcf2b8f0354f6e51b976a89d3587fa4329b30416f4ad0836211ae11522c7e8870c4238e50e9682106f1ab9da243", 0xffffffffffffffbb, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x40000, 0x0) ioctl$KDMKTONE(r1, 0x4b30, 0x400) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000080), &(0x7f00000000c0)=0x4) [ 491.915160] net_rx_action+0x98f/0x1d50 [ 491.919157] __do_softirq+0x721/0xc7f [ 491.922975] [ 491.924603] Local variable description: ----v.addr.i.i.i@should_fail [ 491.931094] Variable was created at: [ 491.934816] should_fail+0x14d/0x13c0 [ 491.938639] __should_failslab+0x278/0x2a0 [ 491.973080] not chained 500000 origins [ 491.977011] CPU: 1 PID: 13293 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 491.984287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.993647] Call Trace: [ 491.996230] [ 491.998394] dump_stack+0x32d/0x480 [ 492.002407] kmsan_internal_chain_origin+0x222/0x240 [ 492.007535] ? __local_bh_enable_ip+0x11f/0x260 [ 492.012228] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 492.017607] ? __module_address+0x6a/0x5f0 [ 492.021854] ? is_bpf_text_address+0x3e5/0x4d0 [ 492.026457] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 492.031851] ? is_bpf_text_address+0x49e/0x4d0 [ 492.036456] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 492.041835] ? __module_address+0x6a/0x5f0 [ 492.046094] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 492.051556] ? in_task_stack+0x12c/0x210 [ 492.055636] ? get_stack_info+0x206/0x220 [ 492.059803] __msan_chain_origin+0x6d/0xb0 [ 492.064083] ? __x64_sys_sendto+0x6e/0x90 [ 492.068358] __save_stack_trace+0x8be/0xc60 [ 492.072702] ? __x64_sys_sendto+0x6e/0x90 [ 492.076849] save_stack_trace+0xc6/0x110 [ 492.080908] kmsan_internal_chain_origin+0x136/0x240 [ 492.086011] ? local_bh_enable+0x36/0x40 [ 492.090073] ? __sk_flush_backlog+0x52/0x70 [ 492.094390] ? kmsan_internal_chain_origin+0x136/0x240 [ 492.099998] ? kmsan_memcpy_origins+0x13d/0x190 [ 492.104663] ? __msan_memcpy+0x6f/0x80 [ 492.108545] ? pskb_expand_head+0x436/0x1d20 [ 492.112950] ? ___pskb_trim+0x3c9/0x1bf0 [ 492.117004] ? sk_filter_trim_cap+0x5ac/0xa60 [ 492.121490] ? tcp_filter+0x10c/0x260 [ 492.125281] ? tcp_v6_rcv+0x45ba/0x5df0 [ 492.129244] ? ip6_input_finish+0xb53/0x2450 [ 492.133644] ? ip6_input+0x29d/0x340 [ 492.137345] ? ip6_rcv_finish+0x4d2/0x710 [ 492.141480] ? ipv6_rcv+0x34b/0x3f0 [ 492.145096] ? process_backlog+0x82b/0x11e0 [ 492.149423] ? net_rx_action+0x98f/0x1d50 [ 492.153568] ? __do_softirq+0x721/0xc7f [ 492.157537] ? do_softirq_own_stack+0x49/0x80 [ 492.162028] ? __local_bh_enable_ip+0x228/0x260 [ 492.166687] ? local_bh_enable+0x36/0x40 [ 492.170738] ? ip6_finish_output2+0x1b1a/0x22d0 [ 492.175403] ? ip6_finish_output+0xc13/0xca0 [ 492.179804] ? ip6_output+0x5e4/0x720 [ 492.183601] ? ip6_xmit+0x216d/0x26a0 [ 492.187390] ? inet6_csk_xmit+0x3e0/0x4f0 [ 492.191529] ? __tcp_transmit_skb+0x425c/0x5e00 [ 492.196194] ? tcp_write_xmit+0x389a/0xacc0 [ 492.200796] ? __tcp_push_pending_frames+0x124/0x4e0 [ 492.205910] ? tcp_data_snd_check+0x1ec/0x1080 [ 492.210484] ? tcp_rcv_established+0x1bb2/0x2940 [ 492.215234] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 492.219378] ? __release_sock+0x32d/0x750 [ 492.223519] ? __sk_flush_backlog+0x52/0x70 [ 492.227835] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 492.232409] ? tcp_sendmsg+0xb2/0x100 [ 492.236204] ? inet_sendmsg+0x4e9/0x800 [ 492.240166] ? __sys_sendto+0x940/0xb80 [ 492.244153] ? __se_sys_sendto+0x107/0x130 [ 492.248393] ? __x64_sys_sendto+0x6e/0x90 [ 492.252534] ? do_syscall_64+0xcf/0x110 [ 492.256504] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 492.261868] ? __msan_get_context_state+0x9/0x20 [ 492.266618] ? INIT_INT+0xc/0x30 [ 492.269976] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 492.275345] kmsan_memcpy_origins+0x13d/0x190 [ 492.279839] __msan_memcpy+0x6f/0x80 [ 492.283551] pskb_expand_head+0x436/0x1d20 [ 492.287793] ___pskb_trim+0x3c9/0x1bf0 [ 492.291720] sk_filter_trim_cap+0x5ac/0xa60 [ 492.296045] tcp_filter+0x10c/0x260 [ 492.300218] tcp_v6_rcv+0x45ba/0x5df0 [ 492.304013] ? __msan_poison_alloca+0x1e0/0x270 [ 492.308701] ? tcp_v6_early_demux+0xc80/0xc80 [ 492.313195] ? tcp_v6_early_demux+0xc80/0xc80 [ 492.317689] ip6_input_finish+0xb53/0x2450 [ 492.321942] ? ip6_input_finish+0x13e1/0x2450 [ 492.326437] ip6_input+0x29d/0x340 [ 492.329974] ? ip6_input+0x340/0x340 [ 492.333681] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 492.338080] ip6_rcv_finish+0x4d2/0x710 [ 492.342052] ipv6_rcv+0x34b/0x3f0 [ 492.345516] ? dst_hold+0x5e0/0x5e0 [ 492.349137] process_backlog+0x82b/0x11e0 [ 492.353280] ? __msan_poison_alloca+0x1e0/0x270 [ 492.357954] ? ip6_rcv_finish+0x710/0x710 [ 492.362104] ? rps_trigger_softirq+0x2e0/0x2e0 [ 492.366679] net_rx_action+0x98f/0x1d50 [ 492.370666] ? net_tx_action+0xf20/0xf20 [ 492.374720] __do_softirq+0x721/0xc7f [ 492.378528] do_softirq_own_stack+0x49/0x80 [ 492.382835] [ 492.385068] __local_bh_enable_ip+0x228/0x260 [ 492.389557] local_bh_enable+0x36/0x40 [ 492.393442] ip6_finish_output2+0x1b1a/0x22d0 [ 492.397947] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 492.404045] ? ip6_mtu+0x289/0x330 [ 492.407599] ip6_finish_output+0xc13/0xca0 [ 492.411837] ip6_output+0x5e4/0x720 [ 492.415468] ? ip6_output+0x720/0x720 [ 492.419263] ? ac6_seq_show+0x200/0x200 [ 492.423227] ip6_xmit+0x216d/0x26a0 [ 492.426865] ? ip6_xmit+0x26a0/0x26a0 [ 492.430657] inet6_csk_xmit+0x3e0/0x4f0 [ 492.434635] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 492.439556] __tcp_transmit_skb+0x425c/0x5e00 [ 492.444065] tcp_write_xmit+0x389a/0xacc0 [ 492.448255] __tcp_push_pending_frames+0x124/0x4e0 [ 492.453205] tcp_data_snd_check+0x1ec/0x1080 [ 492.457637] tcp_rcv_established+0x1bb2/0x2940 [ 492.462236] tcp_v6_do_rcv+0x9f8/0x21b0 [ 492.466217] ? tcp_v6_destroy_sock+0x60/0x60 [ 492.470622] __release_sock+0x32d/0x750 [ 492.474600] __sk_flush_backlog+0x52/0x70 [ 492.478742] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 492.482973] tcp_sendmsg_locked+0xd72/0x6c30 [ 492.487386] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 492.492772] tcp_sendmsg+0xb2/0x100 [ 492.496407] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 492.501794] inet_sendmsg+0x4e9/0x800 [ 492.505611] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 492.510969] ? security_socket_sendmsg+0x1bd/0x200 [ 492.515912] ? inet_getname+0x490/0x490 [ 492.519886] __sys_sendto+0x940/0xb80 [ 492.523698] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 492.529152] ? prepare_exit_to_usermode+0x182/0x4c0 [ 492.534178] __se_sys_sendto+0x107/0x130 [ 492.538238] __x64_sys_sendto+0x6e/0x90 [ 492.542210] do_syscall_64+0xcf/0x110 [ 492.546007] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 492.551193] RIP: 0033:0x457569 [ 492.554384] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 492.573280] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 492.580979] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 492.588242] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 492.595503] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 492.603513] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 492.610774] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 492.618044] Uninit was stored to memory at: [ 492.622375] kmsan_internal_chain_origin+0x136/0x240 [ 492.627553] __msan_chain_origin+0x6d/0xb0 [ 492.631796] __save_stack_trace+0x8be/0xc60 [ 492.636108] save_stack_trace+0xc6/0x110 [ 492.640165] kmsan_internal_chain_origin+0x136/0x240 [ 492.645266] kmsan_memcpy_origins+0x13d/0x190 [ 492.649751] __msan_memcpy+0x6f/0x80 [ 492.653463] pskb_expand_head+0x436/0x1d20 [ 492.657703] ___pskb_trim+0x3c9/0x1bf0 [ 492.661584] sk_filter_trim_cap+0x5ac/0xa60 [ 492.665897] tcp_filter+0x10c/0x260 [ 492.669515] tcp_v6_rcv+0x45ba/0x5df0 [ 492.673308] ip6_input_finish+0xb53/0x2450 [ 492.677536] ip6_input+0x29d/0x340 [ 492.681070] ip6_rcv_finish+0x4d2/0x710 [ 492.685033] ipv6_rcv+0x34b/0x3f0 [ 492.688479] process_backlog+0x82b/0x11e0 [ 492.692621] net_rx_action+0x98f/0x1d50 [ 492.696588] __do_softirq+0x721/0xc7f [ 492.701080] [ 492.702695] Uninit was stored to memory at: [ 492.707022] kmsan_internal_chain_origin+0x136/0x240 [ 492.712120] __msan_chain_origin+0x6d/0xb0 [ 492.716347] __save_stack_trace+0x8be/0xc60 [ 492.720678] save_stack_trace+0xc6/0x110 [ 492.724731] kmsan_internal_chain_origin+0x136/0x240 [ 492.729822] kmsan_memcpy_origins+0x13d/0x190 [ 492.734311] __msan_memcpy+0x6f/0x80 [ 492.738023] pskb_expand_head+0x436/0x1d20 [ 492.742250] ___pskb_trim+0x3c9/0x1bf0 [ 492.746129] sk_filter_trim_cap+0x5ac/0xa60 [ 492.750445] tcp_filter+0x10c/0x260 [ 492.754060] tcp_v6_rcv+0x45ba/0x5df0 [ 492.757939] ip6_input_finish+0xb53/0x2450 [ 492.762160] ip6_input+0x29d/0x340 [ 492.765697] ip6_rcv_finish+0x4d2/0x710 [ 492.769660] ipv6_rcv+0x34b/0x3f0 [ 492.773107] process_backlog+0x82b/0x11e0 [ 492.777245] net_rx_action+0x98f/0x1d50 [ 492.781223] __do_softirq+0x721/0xc7f [ 492.785017] [ 492.786631] Uninit was stored to memory at: [ 492.790948] kmsan_internal_chain_origin+0x136/0x240 [ 492.796042] __msan_chain_origin+0x6d/0xb0 [ 492.801006] __save_stack_trace+0x8be/0xc60 [ 492.805322] save_stack_trace+0xc6/0x110 [ 492.809393] kmsan_internal_chain_origin+0x136/0x240 [ 492.814490] kmsan_memcpy_origins+0x13d/0x190 [ 492.818977] __msan_memcpy+0x6f/0x80 [ 492.822684] pskb_expand_head+0x436/0x1d20 [ 492.826908] ___pskb_trim+0x3c9/0x1bf0 [ 492.830790] sk_filter_trim_cap+0x5ac/0xa60 [ 492.835107] tcp_filter+0x10c/0x260 [ 492.838727] tcp_v6_rcv+0x45ba/0x5df0 [ 492.842519] ip6_input_finish+0xb53/0x2450 [ 492.846744] ip6_input+0x29d/0x340 [ 492.850274] ip6_rcv_finish+0x4d2/0x710 [ 492.854238] ipv6_rcv+0x34b/0x3f0 [ 492.857687] process_backlog+0x82b/0x11e0 [ 492.861824] net_rx_action+0x98f/0x1d50 [ 492.865788] __do_softirq+0x721/0xc7f [ 492.869570] [ 492.871186] Uninit was stored to memory at: [ 492.875499] kmsan_internal_chain_origin+0x136/0x240 [ 492.880596] __msan_chain_origin+0x6d/0xb0 [ 492.884832] __save_stack_trace+0x8be/0xc60 [ 492.889144] save_stack_trace+0xc6/0x110 [ 492.893209] kmsan_internal_chain_origin+0x136/0x240 [ 492.898304] kmsan_memcpy_origins+0x13d/0x190 [ 492.903521] __msan_memcpy+0x6f/0x80 [ 492.907227] pskb_expand_head+0x436/0x1d20 [ 492.911468] ___pskb_trim+0x3c9/0x1bf0 [ 492.915349] sk_filter_trim_cap+0x5ac/0xa60 [ 492.919661] tcp_filter+0x10c/0x260 [ 492.923283] tcp_v6_rcv+0x45ba/0x5df0 [ 492.927071] ip6_input_finish+0xb53/0x2450 [ 492.931305] ip6_input+0x29d/0x340 [ 492.934836] ip6_rcv_finish+0x4d2/0x710 [ 492.938800] ipv6_rcv+0x34b/0x3f0 [ 492.942246] process_backlog+0x82b/0x11e0 [ 492.946388] net_rx_action+0x98f/0x1d50 [ 492.950352] __do_softirq+0x721/0xc7f [ 492.954137] [ 492.955750] Uninit was stored to memory at: [ 492.960066] kmsan_internal_chain_origin+0x136/0x240 [ 492.965161] __msan_chain_origin+0x6d/0xb0 [ 492.969392] __save_stack_trace+0x8be/0xc60 [ 492.973703] save_stack_trace+0xc6/0x110 [ 492.977756] kmsan_internal_chain_origin+0x136/0x240 [ 492.982851] kmsan_memcpy_origins+0x13d/0x190 [ 492.987336] __msan_memcpy+0x6f/0x80 [ 492.991039] pskb_expand_head+0x436/0x1d20 [ 492.995267] ___pskb_trim+0x3c9/0x1bf0 [ 492.999144] sk_filter_trim_cap+0x5ac/0xa60 [ 493.004045] tcp_filter+0x10c/0x260 [ 493.007669] tcp_v6_rcv+0x45ba/0x5df0 [ 493.011459] ip6_input_finish+0xb53/0x2450 [ 493.015698] ip6_input+0x29d/0x340 [ 493.019243] ip6_rcv_finish+0x4d2/0x710 [ 493.023211] ipv6_rcv+0x34b/0x3f0 [ 493.026655] process_backlog+0x82b/0x11e0 [ 493.030795] net_rx_action+0x98f/0x1d50 [ 493.034761] __do_softirq+0x721/0xc7f [ 493.038556] [ 493.040168] Uninit was stored to memory at: [ 493.044493] kmsan_internal_chain_origin+0x136/0x240 [ 493.049587] __msan_chain_origin+0x6d/0xb0 [ 493.054126] __save_stack_trace+0x8be/0xc60 [ 493.058441] save_stack_trace+0xc6/0x110 [ 493.062506] kmsan_internal_chain_origin+0x136/0x240 [ 493.067597] kmsan_memcpy_origins+0x13d/0x190 [ 493.072084] __msan_memcpy+0x6f/0x80 [ 493.075793] pskb_expand_head+0x436/0x1d20 [ 493.080022] ___pskb_trim+0x3c9/0x1bf0 [ 493.083901] sk_filter_trim_cap+0x5ac/0xa60 [ 493.088218] tcp_filter+0x10c/0x260 [ 493.091835] tcp_v6_rcv+0x45ba/0x5df0 [ 493.095624] ip6_input_finish+0xb53/0x2450 [ 493.100572] ip6_input+0x29d/0x340 [ 493.104106] ip6_rcv_finish+0x4d2/0x710 [ 493.108073] ipv6_rcv+0x34b/0x3f0 [ 493.111520] process_backlog+0x82b/0x11e0 [ 493.115657] net_rx_action+0x98f/0x1d50 [ 493.119622] __do_softirq+0x721/0xc7f [ 493.123411] [ 493.125025] Uninit was stored to memory at: [ 493.129337] kmsan_internal_chain_origin+0x136/0x240 [ 493.134436] __msan_chain_origin+0x6d/0xb0 [ 493.138664] __save_stack_trace+0x8be/0xc60 [ 493.142976] save_stack_trace+0xc6/0x110 [ 493.147028] kmsan_internal_chain_origin+0x136/0x240 [ 493.152142] kmsan_memcpy_origins+0x13d/0x190 [ 493.156636] __msan_memcpy+0x6f/0x80 [ 493.160340] pskb_expand_head+0x436/0x1d20 [ 493.164570] ___pskb_trim+0x3c9/0x1bf0 [ 493.168449] sk_filter_trim_cap+0x5ac/0xa60 [ 493.172763] tcp_filter+0x10c/0x260 [ 493.176378] tcp_v6_rcv+0x45ba/0x5df0 [ 493.180167] ip6_input_finish+0xb53/0x2450 [ 493.184403] ip6_input+0x29d/0x340 [ 493.187938] ip6_rcv_finish+0x4d2/0x710 [ 493.191904] ipv6_rcv+0x34b/0x3f0 [ 493.195350] process_backlog+0x82b/0x11e0 [ 493.199488] net_rx_action+0x98f/0x1d50 [ 493.203971] __do_softirq+0x721/0xc7f [ 493.207757] [ 493.209375] Local variable description: ----v.addr.i.i.i@should_fail [ 493.215853] Variable was created at: [ 493.220084] should_fail+0x14d/0x13c0 [ 493.223880] __should_failslab+0x278/0x2a0 03:46:53 executing program 0: r0 = memfd_create(&(0x7f0000000000)='/!em0proc\x00', 0x4) preadv(r0, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_crypto(0x10, 0x3, 0x15) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x258, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000040)=0x3) 03:46:53 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) accept4(r1, &(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000040)=0x80, 0x80800) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000200)={0x0, 0x6}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={r3, 0xffffffff}, 0x8) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) keyctl$join(0x1, &(0x7f00000002c0)={'syz', 0x0}) sendto$inet6(r4, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:46:53 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:53 executing program 5: r0 = socket$inet6(0xa, 0x80001, 0x3) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 493.615056] not chained 510000 origins [ 493.618998] CPU: 1 PID: 13340 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 493.626276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 493.635637] Call Trace: [ 493.638228] [ 493.640396] dump_stack+0x32d/0x480 [ 493.644043] ? save_stack_trace+0xc6/0x110 [ 493.648298] kmsan_internal_chain_origin+0x222/0x240 [ 493.653427] ? kmsan_internal_chain_origin+0x136/0x240 [ 493.658723] ? __msan_chain_origin+0x6d/0xb0 [ 493.663147] ? __save_stack_trace+0x8be/0xc60 [ 493.667663] ? save_stack_trace+0xc6/0x110 [ 493.671917] ? kmsan_internal_chain_origin+0x136/0x240 [ 493.677221] ? kmsan_memcpy_origins+0x13d/0x190 [ 493.681901] ? __msan_memcpy+0x6f/0x80 [ 493.685807] ? pskb_expand_head+0x436/0x1d20 [ 493.690224] ? ___pskb_trim+0x3c9/0x1bf0 [ 493.694303] ? sk_filter_trim_cap+0x5ac/0xa60 [ 493.698812] ? tcp_filter+0x10c/0x260 [ 493.703378] ? tcp_v6_rcv+0x45ba/0x5df0 [ 493.707370] ? ip6_input_finish+0xb53/0x2450 [ 493.711790] ? ip6_input+0x29d/0x340 [ 493.715524] ? ip6_rcv_finish+0x4d2/0x710 [ 493.719687] ? ipv6_rcv+0x34b/0x3f0 [ 493.723327] ? process_backlog+0x82b/0x11e0 [ 493.727664] ? net_rx_action+0x98f/0x1d50 [ 493.731829] ? __do_softirq+0x721/0xc7f [ 493.735824] ? do_softirq_own_stack+0x49/0x80 [ 493.740336] ? __local_bh_enable_ip+0x228/0x260 [ 493.745017] ? local_bh_enable+0x36/0x40 [ 493.749086] ? ip6_finish_output2+0x1b1a/0x22d0 [ 493.753767] ? ip6_finish_output+0xc13/0xca0 [ 493.758204] ? ip6_output+0x5e4/0x720 [ 493.762030] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 493.767404] ? __module_address+0x6a/0x5f0 [ 493.771658] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 493.777031] ? is_bpf_text_address+0x49e/0x4d0 [ 493.781639] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 493.787109] __msan_chain_origin+0x6d/0xb0 [ 493.791360] ? kmsan_internal_chain_origin+0x136/0x240 [ 493.796651] __save_stack_trace+0x8be/0xc60 [ 493.801569] ? kmsan_internal_chain_origin+0x136/0x240 [ 493.806862] save_stack_trace+0xc6/0x110 [ 493.810950] kmsan_internal_chain_origin+0x136/0x240 [ 493.816062] ? local_bh_enable+0x36/0x40 [ 493.820140] ? __se_sys_sendto+0x107/0x130 [ 493.824397] ? kmsan_internal_chain_origin+0x136/0x240 [ 493.829705] ? kmsan_memcpy_origins+0x13d/0x190 [ 493.834396] ? __msan_memcpy+0x6f/0x80 [ 493.838308] ? pskb_expand_head+0x436/0x1d20 [ 493.842734] ? ___pskb_trim+0x3c9/0x1bf0 [ 493.846809] ? sk_filter_trim_cap+0x5ac/0xa60 [ 493.851318] ? tcp_filter+0x10c/0x260 [ 493.855132] ? tcp_v6_rcv+0x45ba/0x5df0 [ 493.859116] ? ip6_input_finish+0xb53/0x2450 [ 493.863532] ? ip6_input+0x29d/0x340 [ 493.867260] ? ip6_rcv_finish+0x4d2/0x710 [ 493.871444] ? ipv6_rcv+0x34b/0x3f0 [ 493.875088] ? process_backlog+0x82b/0x11e0 [ 493.879419] ? net_rx_action+0x98f/0x1d50 [ 493.883578] ? __do_softirq+0x721/0xc7f [ 493.887560] ? do_softirq_own_stack+0x49/0x80 [ 493.892069] ? __local_bh_enable_ip+0x228/0x260 [ 493.896752] ? local_bh_enable+0x36/0x40 [ 493.901548] ? ip6_finish_output2+0x1b1a/0x22d0 [ 493.906231] ? ip6_finish_output+0xc13/0xca0 [ 493.910658] ? ip6_output+0x5e4/0x720 [ 493.914469] ? ip6_xmit+0x216d/0x26a0 [ 493.918281] ? inet6_csk_xmit+0x3e0/0x4f0 [ 493.922445] ? __tcp_transmit_skb+0x425c/0x5e00 [ 493.927124] ? tcp_write_xmit+0x389a/0xacc0 [ 493.931457] ? __tcp_push_pending_frames+0x124/0x4e0 [ 493.936574] ? tcp_sendmsg_locked+0x44bf/0x6c30 [ 493.941251] ? tcp_sendmsg+0xb2/0x100 [ 493.945060] ? inet_sendmsg+0x4e9/0x800 [ 493.949131] ? __sys_sendto+0x940/0xb80 [ 493.953112] ? __se_sys_sendto+0x107/0x130 [ 493.957360] ? __x64_sys_sendto+0x6e/0x90 [ 493.961518] ? do_syscall_64+0xcf/0x110 [ 493.965507] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 493.970897] ? __msan_get_context_state+0x9/0x20 [ 493.975665] ? INIT_INT+0xc/0x30 [ 493.979039] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 493.984428] kmsan_memcpy_origins+0x13d/0x190 [ 493.988947] __msan_memcpy+0x6f/0x80 [ 493.992679] pskb_expand_head+0x436/0x1d20 [ 493.996950] ___pskb_trim+0x3c9/0x1bf0 [ 494.001586] sk_filter_trim_cap+0x5ac/0xa60 [ 494.005938] tcp_filter+0x10c/0x260 [ 494.009590] tcp_v6_rcv+0x45ba/0x5df0 03:46:54 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={0x0, 0x3, 0xa10b}, &(0x7f0000000080)=0xfffffffffffffe6c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r1, 0x1000000000000000}, 0xc) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x1ff) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 494.013407] ? __msan_poison_alloca+0x1e0/0x270 [ 494.018136] ? tcp_v6_early_demux+0xc80/0xc80 [ 494.022662] ? tcp_v6_early_demux+0xc80/0xc80 [ 494.027183] ip6_input_finish+0xb53/0x2450 [ 494.031458] ? ip6_input_finish+0x13e1/0x2450 [ 494.035979] ip6_input+0x29d/0x340 [ 494.039540] ? ip6_input+0x340/0x340 [ 494.043265] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 494.047687] ip6_rcv_finish+0x4d2/0x710 [ 494.051679] ipv6_rcv+0x34b/0x3f0 [ 494.055152] ? dst_hold+0x5e0/0x5e0 [ 494.058805] process_backlog+0x82b/0x11e0 03:46:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 494.062972] ? __msan_poison_alloca+0x1e0/0x270 [ 494.067670] ? ip6_rcv_finish+0x710/0x710 [ 494.071846] ? rps_trigger_softirq+0x2e0/0x2e0 [ 494.076441] net_rx_action+0x98f/0x1d50 [ 494.080450] ? net_tx_action+0xf20/0xf20 [ 494.084527] __do_softirq+0x721/0xc7f [ 494.088360] do_softirq_own_stack+0x49/0x80 [ 494.092687] [ 494.094945] __local_bh_enable_ip+0x228/0x260 [ 494.100199] local_bh_enable+0x36/0x40 [ 494.104104] ip6_finish_output2+0x1b1a/0x22d0 [ 494.108640] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 494.114016] ? ip6_mtu+0x289/0x330 [ 494.117576] ip6_finish_output+0xc13/0xca0 [ 494.121843] ip6_output+0x5e4/0x720 [ 494.125495] ? ip6_output+0x720/0x720 [ 494.129312] ? ac6_seq_show+0x200/0x200 [ 494.133308] ip6_xmit+0x216d/0x26a0 [ 494.136986] ? ip6_xmit+0x26a0/0x26a0 [ 494.140803] inet6_csk_xmit+0x3e0/0x4f0 [ 494.144809] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 494.149758] __tcp_transmit_skb+0x425c/0x5e00 [ 494.154298] tcp_write_xmit+0x389a/0xacc0 [ 494.158518] __tcp_push_pending_frames+0x124/0x4e0 [ 494.163468] tcp_sendmsg_locked+0x44bf/0x6c30 [ 494.168036] tcp_sendmsg+0xb2/0x100 [ 494.171686] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 494.176373] inet_sendmsg+0x4e9/0x800 [ 494.180211] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 494.185592] ? security_socket_sendmsg+0x1bd/0x200 [ 494.190544] ? inet_getname+0x490/0x490 [ 494.194532] __sys_sendto+0x940/0xb80 [ 494.198366] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 494.204594] ? prepare_exit_to_usermode+0x182/0x4c0 [ 494.209644] __se_sys_sendto+0x107/0x130 [ 494.213733] __x64_sys_sendto+0x6e/0x90 [ 494.217722] do_syscall_64+0xcf/0x110 [ 494.221545] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 494.226743] RIP: 0033:0x457569 [ 494.229952] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 494.248862] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 494.256580] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 03:46:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 494.263859] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 494.271136] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 494.278431] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 494.285708] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 494.292996] Uninit was stored to memory at: [ 494.297333] kmsan_internal_chain_origin+0x136/0x240 [ 494.303204] __msan_chain_origin+0x6d/0xb0 [ 494.307450] __save_stack_trace+0x8be/0xc60 [ 494.311801] save_stack_trace+0xc6/0x110 [ 494.315889] kmsan_internal_chain_origin+0x136/0x240 [ 494.321000] kmsan_memcpy_origins+0x13d/0x190 [ 494.325506] __msan_memcpy+0x6f/0x80 [ 494.329236] pskb_expand_head+0x436/0x1d20 [ 494.333480] ___pskb_trim+0x3c9/0x1bf0 [ 494.337380] sk_filter_trim_cap+0x5ac/0xa60 [ 494.341712] tcp_filter+0x10c/0x260 [ 494.345345] tcp_v6_rcv+0x45ba/0x5df0 [ 494.349153] ip6_input_finish+0xb53/0x2450 [ 494.353420] ip6_input+0x29d/0x340 [ 494.356971] ip6_rcv_finish+0x4d2/0x710 [ 494.360956] ipv6_rcv+0x34b/0x3f0 [ 494.364421] process_backlog+0x82b/0x11e0 [ 494.368576] net_rx_action+0x98f/0x1d50 [ 494.372559] __do_softirq+0x721/0xc7f [ 494.376356] [ 494.378003] Uninit was stored to memory at: [ 494.382338] kmsan_internal_chain_origin+0x136/0x240 [ 494.387491] __msan_chain_origin+0x6d/0xb0 [ 494.391745] __save_stack_trace+0x8be/0xc60 [ 494.396079] save_stack_trace+0xc6/0x110 [ 494.400856] kmsan_internal_chain_origin+0x136/0x240 [ 494.406060] kmsan_memcpy_origins+0x13d/0x190 [ 494.410647] __msan_memcpy+0x6f/0x80 [ 494.414379] pskb_expand_head+0x436/0x1d20 03:46:54 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000000)='security.ima\x00', &(0x7f0000000040)=@sha1={0x1, "2e7d132fe5a60e91b2561dec4d5c7ce663bed70f"}, 0x15, 0x3) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) r1 = syz_open_dev$vcsn(&(0x7f0000000540)='/dev/vcs#\x00', 0x4, 0x40) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f0000000580)=0x8001) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r2 = syz_open_dev$vcsa(&(0x7f00000004c0)='/dev/vcsa#\x00', 0x1, 0x100) ioctl$TCXONC(r2, 0x540a, 0x5) write$binfmt_elf32(r0, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0xe7, 0x342a, 0xfffffffffffffff9, 0x716, 0x3ff, 0x2, 0x6, 0x1b7, 0x76, 0x38, 0x9c, 0x6, 0x3, 0x20, 0x2, 0x100000001, 0xfffffffffffffffb, 0x8001}, [{0x70000007, 0x3, 0x4, 0x1, 0x2, 0x2, 0xfffffffeffffffff, 0x9}, {0x6474e551, 0x49c, 0x4, 0x10001, 0xe4, 0x7ff, 0xff, 0x1ff}], "17364fe60141eea64de1d31c92a10445e03224c0a884500d8e0928867a36215b98fb83d97abc346fdcd31ef7427682cac7be21a327e8a057b47a20d079211914fd4488a786d7d0a0e0e9b5b226adcb546f14b962bfb9a5d0833cd307f85af071ba9b6edcd6d88086a0e1b781233670c81d9ae909d9f77109b468ffd7a0f7f37650aec41f464bef42dc326125e57b46b920911390b287da5c4dafebd37c4738d4da870b209bb362056dc1523f14004d04824174620f97127f762fbe8772991693db4972e58350f874a27f4c003db291e86f", [[], []]}, 0x349) ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000000500)={0x4, 0xdd4, 0x5d8799dc, 0x40}) [ 494.418627] ___pskb_trim+0x3c9/0x1bf0 [ 494.422529] sk_filter_trim_cap+0x5ac/0xa60 [ 494.426860] tcp_filter+0x10c/0x260 [ 494.430494] tcp_v6_rcv+0x45ba/0x5df0 [ 494.434302] ip6_input_finish+0xb53/0x2450 [ 494.438536] ip6_input+0x29d/0x340 [ 494.442088] ip6_rcv_finish+0x4d2/0x710 [ 494.446069] ipv6_rcv+0x34b/0x3f0 [ 494.449533] process_backlog+0x82b/0x11e0 [ 494.453690] net_rx_action+0x98f/0x1d50 [ 494.457678] __do_softirq+0x721/0xc7f [ 494.461474] [ 494.463106] Uninit was stored to memory at: [ 494.467445] kmsan_internal_chain_origin+0x136/0x240 [ 494.472560] __msan_chain_origin+0x6d/0xb0 [ 494.476804] __save_stack_trace+0x8be/0xc60 [ 494.481135] save_stack_trace+0xc6/0x110 [ 494.485218] kmsan_internal_chain_origin+0x136/0x240 [ 494.490335] kmsan_memcpy_origins+0x13d/0x190 [ 494.494858] __msan_memcpy+0x6f/0x80 [ 494.498583] pskb_expand_head+0x436/0x1d20 [ 494.503538] ___pskb_trim+0x3c9/0x1bf0 [ 494.507437] sk_filter_trim_cap+0x5ac/0xa60 [ 494.511770] tcp_filter+0x10c/0x260 [ 494.515489] tcp_v6_rcv+0x45ba/0x5df0 [ 494.519298] ip6_input_finish+0xb53/0x2450 [ 494.523539] ip6_input+0x29d/0x340 [ 494.527087] ip6_rcv_finish+0x4d2/0x710 [ 494.531074] ipv6_rcv+0x34b/0x3f0 [ 494.534540] process_backlog+0x82b/0x11e0 [ 494.538700] net_rx_action+0x98f/0x1d50 [ 494.542686] __do_softirq+0x721/0xc7f [ 494.546487] [ 494.548115] Uninit was stored to memory at: [ 494.552449] kmsan_internal_chain_origin+0x136/0x240 [ 494.557570] __msan_chain_origin+0x6d/0xb0 [ 494.561819] __save_stack_trace+0x8be/0xc60 [ 494.566151] save_stack_trace+0xc6/0x110 [ 494.570235] kmsan_internal_chain_origin+0x136/0x240 [ 494.575350] kmsan_memcpy_origins+0x13d/0x190 [ 494.579854] __msan_memcpy+0x6f/0x80 [ 494.583600] pskb_expand_head+0x436/0x1d20 [ 494.587853] ___pskb_trim+0x3c9/0x1bf0 [ 494.591755] sk_filter_trim_cap+0x5ac/0xa60 [ 494.596088] tcp_filter+0x10c/0x260 [ 494.600411] tcp_v6_rcv+0x45ba/0x5df0 [ 494.604217] ip6_input_finish+0xb53/0x2450 [ 494.608463] ip6_input+0x29d/0x340 [ 494.612018] ip6_rcv_finish+0x4d2/0x710 [ 494.616000] ipv6_rcv+0x34b/0x3f0 [ 494.619465] process_backlog+0x82b/0x11e0 [ 494.623627] net_rx_action+0x98f/0x1d50 [ 494.627610] __do_softirq+0x721/0xc7f [ 494.631411] [ 494.633048] Uninit was stored to memory at: [ 494.637386] kmsan_internal_chain_origin+0x136/0x240 [ 494.642510] __msan_chain_origin+0x6d/0xb0 [ 494.646756] __save_stack_trace+0x8be/0xc60 [ 494.651089] save_stack_trace+0xc6/0x110 [ 494.655158] kmsan_internal_chain_origin+0x136/0x240 [ 494.660273] kmsan_memcpy_origins+0x13d/0x190 [ 494.664777] __msan_memcpy+0x6f/0x80 03:46:54 executing program 0: r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x1, 0x8000) preadv(r0, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0xfffffffffffffffc) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r1, &(0x7f0000000480), 0x258, 0x0) [ 494.668500] pskb_expand_head+0x436/0x1d20 [ 494.672741] ___pskb_trim+0x3c9/0x1bf0 [ 494.676660] sk_filter_trim_cap+0x5ac/0xa60 [ 494.676676] tcp_filter+0x10c/0x260 [ 494.676690] tcp_v6_rcv+0x45ba/0x5df0 [ 494.676705] ip6_input_finish+0xb53/0x2450 [ 494.676718] ip6_input+0x29d/0x340 [ 494.676731] ip6_rcv_finish+0x4d2/0x710 [ 494.676744] ipv6_rcv+0x34b/0x3f0 [ 494.676761] process_backlog+0x82b/0x11e0 [ 494.676776] net_rx_action+0x98f/0x1d50 [ 494.676792] __do_softirq+0x721/0xc7f [ 494.676798] [ 494.676804] Uninit was stored to memory at: [ 494.676822] kmsan_internal_chain_origin+0x136/0x240 03:46:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 494.676838] __msan_chain_origin+0x6d/0xb0 [ 494.676856] __save_stack_trace+0x8be/0xc60 [ 494.676871] save_stack_trace+0xc6/0x110 [ 494.676887] kmsan_internal_chain_origin+0x136/0x240 [ 494.676902] kmsan_memcpy_origins+0x13d/0x190 [ 494.676918] __msan_memcpy+0x6f/0x80 [ 494.676940] pskb_expand_head+0x436/0x1d20 [ 494.676957] ___pskb_trim+0x3c9/0x1bf0 [ 494.676972] sk_filter_trim_cap+0x5ac/0xa60 [ 494.676987] tcp_filter+0x10c/0x260 [ 494.677000] tcp_v6_rcv+0x45ba/0x5df0 [ 494.677013] ip6_input_finish+0xb53/0x2450 [ 494.677026] ip6_input+0x29d/0x340 [ 494.677040] ip6_rcv_finish+0x4d2/0x710 [ 494.677053] ipv6_rcv+0x34b/0x3f0 [ 494.677068] process_backlog+0x82b/0x11e0 [ 494.677083] net_rx_action+0x98f/0x1d50 [ 494.677096] __do_softirq+0x721/0xc7f [ 494.677101] [ 494.677107] Uninit was stored to memory at: [ 494.677124] kmsan_internal_chain_origin+0x136/0x240 [ 494.677140] __msan_chain_origin+0x6d/0xb0 [ 494.677155] __save_stack_trace+0x8be/0xc60 [ 494.677178] save_stack_trace+0xc6/0x110 03:46:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 494.677195] kmsan_internal_chain_origin+0x136/0x240 [ 494.677210] kmsan_memcpy_origins+0x13d/0x190 [ 494.677226] __msan_memcpy+0x6f/0x80 [ 494.677244] pskb_expand_head+0x436/0x1d20 [ 494.677260] ___pskb_trim+0x3c9/0x1bf0 [ 494.677276] sk_filter_trim_cap+0x5ac/0xa60 [ 494.677290] tcp_filter+0x10c/0x260 [ 494.677302] tcp_v6_rcv+0x45ba/0x5df0 [ 494.677316] ip6_input_finish+0xb53/0x2450 [ 494.677329] ip6_input+0x29d/0x340 [ 494.677342] ip6_rcv_finish+0x4d2/0x710 [ 494.677354] ipv6_rcv+0x34b/0x3f0 [ 494.677370] process_backlog+0x82b/0x11e0 [ 494.677386] net_rx_action+0x98f/0x1d50 [ 494.677399] __do_softirq+0x721/0xc7f [ 494.677405] [ 494.677412] Local variable description: ----v.addr.i.i.i@should_fail [ 494.677418] Variable was created at: [ 494.677435] should_fail+0x14d/0x13c0 [ 494.677451] __should_failslab+0x278/0x2a0 03:46:55 executing program 5: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x288802, 0x0) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) r1 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r1, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 495.029701] not chained 520000 origins [ 495.033638] CPU: 1 PID: 13340 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 495.040936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.050573] Call Trace: [ 495.053190] dump_stack+0x32d/0x480 [ 495.056836] ? save_stack_trace+0xc6/0x110 [ 495.061098] kmsan_internal_chain_origin+0x222/0x240 [ 495.066322] ? kmsan_internal_chain_origin+0x136/0x240 [ 495.071621] ? __msan_chain_origin+0x6d/0xb0 [ 495.076049] ? __save_stack_trace+0x8be/0xc60 [ 495.080713] ? save_stack_trace+0xc6/0x110 [ 495.084973] ? kmsan_internal_chain_origin+0x136/0x240 [ 495.090269] ? kmsan_memcpy_origins+0x13d/0x190 [ 495.094964] ? __msan_memcpy+0x6f/0x80 [ 495.098869] ? pskb_expand_head+0x436/0x1d20 [ 495.103979] ? skb_shift+0xce2/0x2d10 [ 495.107795] ? tcp_sacktag_walk+0x2156/0x29d0 [ 495.112310] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 495.117428] ? tcp_ack+0x2888/0xa010 [ 495.121158] ? tcp_rcv_established+0xf7e/0x2940 [ 495.125855] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.130022] ? __release_sock+0x32d/0x750 [ 495.134192] ? __sk_flush_backlog+0x52/0x70 [ 495.138535] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 495.143231] ? tcp_sendmsg+0xb2/0x100 [ 495.147045] ? inet_sendmsg+0x4e9/0x800 [ 495.151031] ? __sys_sendto+0x940/0xb80 [ 495.155020] ? __se_sys_sendto+0x107/0x130 [ 495.159287] ? __x64_sys_sendto+0x6e/0x90 [ 495.163452] ? do_syscall_64+0xcf/0x110 [ 495.167449] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.172842] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 495.178225] ? __module_address+0x6a/0x5f0 [ 495.182490] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 495.187876] ? is_bpf_text_address+0x49e/0x4d0 [ 495.192484] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 495.197961] ? in_task_stack+0x12c/0x210 [ 495.202764] __msan_chain_origin+0x6d/0xb0 [ 495.207023] ? __sk_flush_backlog+0x52/0x70 [ 495.211367] __save_stack_trace+0x8be/0xc60 [ 495.215724] ? __sk_flush_backlog+0x52/0x70 [ 495.220532] save_stack_trace+0xc6/0x110 [ 495.224623] kmsan_internal_chain_origin+0x136/0x240 [ 495.229738] ? __x64_sys_sendto+0x6e/0x90 [ 495.233907] ? kmsan_internal_chain_origin+0x136/0x240 [ 495.239211] ? kmsan_memcpy_origins+0x13d/0x190 [ 495.243900] ? __msan_memcpy+0x6f/0x80 [ 495.247921] ? pskb_expand_head+0x436/0x1d20 [ 495.252355] ? skb_shift+0xce2/0x2d10 [ 495.256169] ? tcp_sacktag_walk+0x2156/0x29d0 [ 495.260686] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 495.265798] ? tcp_ack+0x2888/0xa010 [ 495.269524] ? tcp_rcv_established+0xf7e/0x2940 [ 495.274215] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.278373] ? __release_sock+0x32d/0x750 [ 495.282530] ? __sk_flush_backlog+0x52/0x70 [ 495.286870] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 495.291472] ? tcp_sendmsg+0xb2/0x100 [ 495.295295] ? inet_sendmsg+0x4e9/0x800 [ 495.299284] ? __sys_sendto+0x940/0xb80 [ 495.303974] ? __se_sys_sendto+0x107/0x130 [ 495.308216] ? __x64_sys_sendto+0x6e/0x90 [ 495.312376] ? do_syscall_64+0xcf/0x110 [ 495.316370] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.321776] ? __msan_get_context_state+0x9/0x20 [ 495.326571] ? INIT_INT+0xc/0x30 [ 495.329956] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 495.335358] ? ip6_finish_output+0xc13/0xca0 [ 495.339805] kmsan_memcpy_origins+0x13d/0x190 [ 495.344323] __msan_memcpy+0x6f/0x80 [ 495.348080] pskb_expand_head+0x436/0x1d20 [ 495.352365] skb_shift+0xce2/0x2d10 [ 495.356050] tcp_sacktag_walk+0x2156/0x29d0 [ 495.360439] tcp_sacktag_write_queue+0x2805/0x4630 [ 495.365418] tcp_ack+0x2888/0xa010 [ 495.368969] ? tcp_parse_options+0xbe/0x1cf0 [ 495.373388] ? tcp_validate_incoming+0x50b/0x29d0 [ 495.378248] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 495.383710] ? tcp_parse_options+0x1c55/0x1cf0 [ 495.388355] tcp_rcv_established+0xf7e/0x2940 [ 495.392888] tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.396897] ? tcp_v6_destroy_sock+0x60/0x60 [ 495.402063] __release_sock+0x32d/0x750 [ 495.406062] __sk_flush_backlog+0x52/0x70 [ 495.410239] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 495.414490] tcp_sendmsg_locked+0xd72/0x6c30 [ 495.418992] tcp_sendmsg+0xb2/0x100 [ 495.422654] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 495.427337] inet_sendmsg+0x4e9/0x800 [ 495.431153] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 495.436541] ? security_socket_sendmsg+0x1bd/0x200 [ 495.441494] ? inet_getname+0x490/0x490 [ 495.445483] __sys_sendto+0x940/0xb80 [ 495.449323] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 495.454786] ? prepare_exit_to_usermode+0x182/0x4c0 [ 495.459831] __se_sys_sendto+0x107/0x130 [ 495.463916] __x64_sys_sendto+0x6e/0x90 [ 495.467916] do_syscall_64+0xcf/0x110 [ 495.471744] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.476950] RIP: 0033:0x457569 [ 495.480159] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 495.499089] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 495.507522] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 495.514801] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 495.522082] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 495.529376] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 495.536660] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 495.543972] Uninit was stored to memory at: [ 495.548318] kmsan_internal_chain_origin+0x136/0x240 [ 495.553437] __msan_chain_origin+0x6d/0xb0 [ 495.557689] __save_stack_trace+0x8be/0xc60 [ 495.562028] save_stack_trace+0xc6/0x110 [ 495.566104] kmsan_internal_chain_origin+0x136/0x240 [ 495.571223] kmsan_memcpy_origins+0x13d/0x190 [ 495.575748] __msan_memcpy+0x6f/0x80 [ 495.579476] pskb_expand_head+0x436/0x1d20 [ 495.583734] skb_shift+0xce2/0x2d10 [ 495.587372] tcp_sacktag_walk+0x2156/0x29d0 [ 495.591702] tcp_sacktag_write_queue+0x2805/0x4630 [ 495.596643] tcp_ack+0x2888/0xa010 [ 495.600924] tcp_rcv_established+0xf7e/0x2940 [ 495.605432] tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.609413] __release_sock+0x32d/0x750 [ 495.613395] __sk_flush_backlog+0x52/0x70 [ 495.617555] tcp_sendmsg_locked+0xd72/0x6c30 [ 495.621973] tcp_sendmsg+0xb2/0x100 [ 495.625610] inet_sendmsg+0x4e9/0x800 [ 495.629422] __sys_sendto+0x940/0xb80 [ 495.633231] __se_sys_sendto+0x107/0x130 [ 495.637304] __x64_sys_sendto+0x6e/0x90 [ 495.641287] do_syscall_64+0xcf/0x110 [ 495.645105] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.650293] [ 495.651922] Uninit was stored to memory at: [ 495.656263] kmsan_internal_chain_origin+0x136/0x240 [ 495.661380] __msan_chain_origin+0x6d/0xb0 [ 495.665633] __save_stack_trace+0x8be/0xc60 [ 495.669980] save_stack_trace+0xc6/0x110 [ 495.674056] kmsan_internal_chain_origin+0x136/0x240 [ 495.679179] kmsan_memcpy_origins+0x13d/0x190 [ 495.683688] __msan_memcpy+0x6f/0x80 [ 495.687429] pskb_expand_head+0x436/0x1d20 [ 495.691683] skb_shift+0xce2/0x2d10 [ 495.695326] tcp_sacktag_walk+0x2156/0x29d0 [ 495.700425] tcp_sacktag_write_queue+0x2805/0x4630 [ 495.705364] tcp_ack+0x2888/0xa010 [ 495.708916] tcp_rcv_established+0xf7e/0x2940 [ 495.713431] tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.717420] __release_sock+0x32d/0x750 [ 495.721405] __sk_flush_backlog+0x52/0x70 [ 495.725568] tcp_sendmsg_locked+0xd72/0x6c30 [ 495.729994] tcp_sendmsg+0xb2/0x100 [ 495.733638] inet_sendmsg+0x4e9/0x800 [ 495.737447] __sys_sendto+0x940/0xb80 [ 495.741260] __se_sys_sendto+0x107/0x130 [ 495.745352] __x64_sys_sendto+0x6e/0x90 [ 495.749355] do_syscall_64+0xcf/0x110 [ 495.753181] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.758371] [ 495.760023] Uninit was stored to memory at: [ 495.764356] kmsan_internal_chain_origin+0x136/0x240 [ 495.769562] __msan_chain_origin+0x6d/0xb0 [ 495.773793] __save_stack_trace+0x8be/0xc60 [ 495.778107] save_stack_trace+0xc6/0x110 [ 495.782164] kmsan_internal_chain_origin+0x136/0x240 [ 495.787266] kmsan_memcpy_origins+0x13d/0x190 [ 495.791755] __msan_memcpy+0x6f/0x80 [ 495.795466] pskb_expand_head+0x436/0x1d20 [ 495.800398] skb_shift+0xce2/0x2d10 [ 495.804021] tcp_sacktag_walk+0x2156/0x29d0 [ 495.808335] tcp_sacktag_write_queue+0x2805/0x4630 [ 495.813281] tcp_ack+0x2888/0xa010 [ 495.816833] tcp_rcv_established+0xf7e/0x2940 [ 495.821325] tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.825290] __release_sock+0x32d/0x750 [ 495.829259] __sk_flush_backlog+0x52/0x70 [ 495.833400] tcp_sendmsg_locked+0xd72/0x6c30 [ 495.837799] tcp_sendmsg+0xb2/0x100 [ 495.841419] inet_sendmsg+0x4e9/0x800 [ 495.845211] __sys_sendto+0x940/0xb80 [ 495.849003] __se_sys_sendto+0x107/0x130 [ 495.853059] __x64_sys_sendto+0x6e/0x90 [ 495.857027] do_syscall_64+0xcf/0x110 [ 495.860834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.866009] [ 495.867624] Uninit was stored to memory at: [ 495.871948] kmsan_internal_chain_origin+0x136/0x240 [ 495.877045] __msan_chain_origin+0x6d/0xb0 [ 495.881290] __save_stack_trace+0x8be/0xc60 [ 495.885623] save_stack_trace+0xc6/0x110 [ 495.889692] kmsan_internal_chain_origin+0x136/0x240 [ 495.894799] kmsan_memcpy_origins+0x13d/0x190 [ 495.899304] __msan_memcpy+0x6f/0x80 [ 495.903799] pskb_expand_head+0x436/0x1d20 [ 495.908022] skb_shift+0xce2/0x2d10 [ 495.911644] tcp_sacktag_walk+0x2156/0x29d0 [ 495.915966] tcp_sacktag_write_queue+0x2805/0x4630 [ 495.920884] tcp_ack+0x2888/0xa010 [ 495.924439] tcp_rcv_established+0xf7e/0x2940 [ 495.928926] tcp_v6_do_rcv+0x9f8/0x21b0 [ 495.932911] __release_sock+0x32d/0x750 [ 495.936902] __sk_flush_backlog+0x52/0x70 [ 495.941046] tcp_sendmsg_locked+0xd72/0x6c30 [ 495.945446] tcp_sendmsg+0xb2/0x100 [ 495.949069] inet_sendmsg+0x4e9/0x800 [ 495.952860] __sys_sendto+0x940/0xb80 [ 495.956649] __se_sys_sendto+0x107/0x130 [ 495.960706] __x64_sys_sendto+0x6e/0x90 [ 495.964690] do_syscall_64+0xcf/0x110 [ 495.968488] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 495.973662] [ 495.975279] Uninit was stored to memory at: [ 495.979596] kmsan_internal_chain_origin+0x136/0x240 [ 495.984694] __msan_chain_origin+0x6d/0xb0 [ 495.988923] __save_stack_trace+0x8be/0xc60 [ 495.993240] save_stack_trace+0xc6/0x110 [ 495.997293] kmsan_internal_chain_origin+0x136/0x240 [ 496.003094] kmsan_memcpy_origins+0x13d/0x190 [ 496.007602] __msan_memcpy+0x6f/0x80 [ 496.011320] pskb_expand_head+0x436/0x1d20 [ 496.015549] skb_shift+0xce2/0x2d10 [ 496.019176] tcp_sacktag_walk+0x2156/0x29d0 [ 496.023494] tcp_sacktag_write_queue+0x2805/0x4630 [ 496.028420] tcp_ack+0x2888/0xa010 [ 496.031966] tcp_rcv_established+0xf7e/0x2940 [ 496.036453] tcp_v6_do_rcv+0x9f8/0x21b0 [ 496.040418] __release_sock+0x32d/0x750 [ 496.044388] __sk_flush_backlog+0x52/0x70 [ 496.048528] tcp_sendmsg_locked+0xd72/0x6c30 [ 496.052946] tcp_sendmsg+0xb2/0x100 [ 496.056566] inet_sendmsg+0x4e9/0x800 [ 496.060357] __sys_sendto+0x940/0xb80 [ 496.064155] __se_sys_sendto+0x107/0x130 [ 496.068218] __x64_sys_sendto+0x6e/0x90 [ 496.072198] do_syscall_64+0xcf/0x110 [ 496.075997] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 496.081169] [ 496.082806] Uninit was stored to memory at: [ 496.087122] kmsan_internal_chain_origin+0x136/0x240 [ 496.092217] __msan_chain_origin+0x6d/0xb0 [ 496.096443] __save_stack_trace+0x8be/0xc60 [ 496.101445] save_stack_trace+0xc6/0x110 [ 496.105499] kmsan_internal_chain_origin+0x136/0x240 [ 496.110592] kmsan_memcpy_origins+0x13d/0x190 [ 496.115096] __msan_memcpy+0x6f/0x80 [ 496.118798] pskb_expand_head+0x436/0x1d20 [ 496.123044] skb_shift+0xce2/0x2d10 [ 496.126665] tcp_sacktag_walk+0x2156/0x29d0 [ 496.130993] tcp_sacktag_write_queue+0x2805/0x4630 [ 496.135919] tcp_ack+0x2888/0xa010 [ 496.139458] tcp_rcv_established+0xf7e/0x2940 [ 496.143948] tcp_v6_do_rcv+0x9f8/0x21b0 [ 496.147914] __release_sock+0x32d/0x750 [ 496.151888] __sk_flush_backlog+0x52/0x70 [ 496.156029] tcp_sendmsg_locked+0xd72/0x6c30 [ 496.160434] tcp_sendmsg+0xb2/0x100 [ 496.164058] inet_sendmsg+0x4e9/0x800 [ 496.167948] __sys_sendto+0x940/0xb80 [ 496.171742] __se_sys_sendto+0x107/0x130 [ 496.175795] __x64_sys_sendto+0x6e/0x90 [ 496.179774] do_syscall_64+0xcf/0x110 [ 496.183586] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 496.188757] [ 496.190374] Uninit was stored to memory at: [ 496.194690] kmsan_internal_chain_origin+0x136/0x240 [ 496.200490] __msan_chain_origin+0x6d/0xb0 [ 496.204721] __save_stack_trace+0x8be/0xc60 [ 496.209038] save_stack_trace+0xc6/0x110 [ 496.213107] kmsan_internal_chain_origin+0x136/0x240 [ 496.218204] kmsan_memcpy_origins+0x13d/0x190 [ 496.222695] __msan_memcpy+0x6f/0x80 [ 496.226409] pskb_expand_head+0x436/0x1d20 [ 496.230637] skb_shift+0xce2/0x2d10 [ 496.234272] tcp_sacktag_walk+0x2156/0x29d0 [ 496.238584] tcp_sacktag_write_queue+0x2805/0x4630 [ 496.243503] tcp_ack+0x2888/0xa010 [ 496.247037] tcp_rcv_established+0xf7e/0x2940 [ 496.251523] tcp_v6_do_rcv+0x9f8/0x21b0 [ 496.255488] __release_sock+0x32d/0x750 [ 496.259453] __sk_flush_backlog+0x52/0x70 [ 496.263610] tcp_sendmsg_locked+0xd72/0x6c30 [ 496.268016] tcp_sendmsg+0xb2/0x100 [ 496.271638] inet_sendmsg+0x4e9/0x800 [ 496.275439] __sys_sendto+0x940/0xb80 [ 496.279231] __se_sys_sendto+0x107/0x130 [ 496.283283] __x64_sys_sendto+0x6e/0x90 [ 496.287274] do_syscall_64+0xcf/0x110 [ 496.291067] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 496.296241] [ 496.297858] Local variable description: ----state@__save_stack_trace [ 496.305077] Variable was created at: [ 496.308787] __save_stack_trace+0xae/0xc60 [ 496.313013] save_stack_trace+0xc6/0x110 03:46:56 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x40006, 0x0, 0x20000000000000, 0x3ff}]}, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) r3 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) write$UHID_CREATE2(r3, &(0x7f0000000440)={0xb, 'syz0\x00', 'syz0\x00', 'syz1\x00', 0x9a, 0x2, 0x20, 0x14, 0xfffffffffffffb48, 0xf3c2, "7a51ea4d945cd0053333a7334a982799e8ddae87be4658fddc1abf3cce7fb69fac53568b5c3e8d23ca34502b8803797f79b260cb8bd607cc7f563484d0ee68be6d3c312403bbaf3cc05c07b03c945a84e19b0a50d66bb7724de73b6299e0797fb09319493a7b93b5704f7b22f421cb71122b838c7dca4a5b9325836177b991015b8cac6a49d9b54619b6dc155721092350f0e6c8641ea05b7822"}, 0x1b2) mmap(&(0x7f0000b74000/0x1000)=nil, 0x1000, 0xffffffffffffffff, 0x64031, 0xffffffffffffffff, 0x0) 03:46:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)='\n\a', 0x2) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:56 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:56 executing program 5: r0 = socket$inet6(0xa, 0x4000000000000805, 0x1) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff10040000eeff00000000", 0xb) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x101240, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r1, 0x80845663, &(0x7f0000000180)={0x0, @reserved}) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000040)=0x40) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000005c0)=0xe8) bind$can_raw(r1, &(0x7f0000000600)={0x1d, r3}, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000240)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000000340)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) write$P9_RGETATTR(r2, &(0x7f0000000400)={0xa0, 0x19, 0x2, {0x3802, {0x10, 0x3, 0x1}, 0x100, r4, r5, 0x4, 0x1, 0x8, 0x101, 0x3, 0x0, 0x2f002633, 0xd56a, 0x3, 0x5, 0x229f, 0x5, 0x0, 0x3, 0x5}}, 0xa0) 03:46:56 executing program 0: removexattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000340)=@known='com.apple.FinderInfo\x00') preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) socketpair$inet(0x2, 0x800, 0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0xaea2, 0x3ff}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000100)={r1, 0x100000000, 0x7fff}, 0x8) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$TIOCSTI(r2, 0x5412, 0x1) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r3, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r2, &(0x7f0000000480), 0x258, 0x0) 03:46:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)='\n\au', 0x3) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 496.968077] print_req_error: 120 callbacks suppressed [ 496.968106] print_req_error: I/O error, dev loop3, sector 0 [ 496.979646] buffer_io_error: 120 callbacks suppressed [ 496.979672] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 496.992886] print_req_error: I/O error, dev loop3, sector 8 [ 496.998654] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 497.006846] print_req_error: I/O error, dev loop3, sector 16 [ 497.012813] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 497.020596] print_req_error: I/O error, dev loop3, sector 24 [ 497.026550] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 497.034455] print_req_error: I/O error, dev loop3, sector 32 [ 497.040319] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 497.048234] print_req_error: I/O error, dev loop3, sector 40 [ 497.054721] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 497.062652] print_req_error: I/O error, dev loop3, sector 48 [ 497.068512] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 497.076569] print_req_error: I/O error, dev loop3, sector 56 [ 497.082549] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 497.090296] print_req_error: I/O error, dev loop3, sector 64 [ 497.093550] print_req_error: I/O error, dev loop3, sector 72 [ 497.096356] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 497.102826] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:46:57 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) r1 = dup3(r0, r0, 0x80000) r2 = fcntl$getown(r0, 0x9) sendmsg$nl_generic(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10080000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x1c, 0x13, 0x801, 0x70bd26, 0x25dfdbff, {0x1e}, [@typed={0x8, 0x28, @pid=r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:46:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:57 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$packet(0x11, 0x3, 0x300) mmap$xdp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4, 0xc031, 0xffffffffffffffff, 0x180000000) ioctl$int_out(r1, 0x0, &(0x7f0000000040)) ioctl(r0, 0x420040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(0xffffffffffffffff, &(0x7f0000000480), 0x258, 0x0) 03:46:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:57 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f00000002c0)) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) pwrite64(r0, &(0x7f0000000540)="01079ff78e3612109e5a72319e20d73273da4b4fcd790e10fd67fd3d5df855602ea0a1e0cfaae4c8c9ae47787a362c75f4853e847699bc7f2839327253933cb0623a5fb16cf97b4667d68a4098f32433af59a574ab73bdd555f31fd4118105a4d086892dd1d0b4d05a84a8749c7de0cd92645ea7f57fab78d160559b03242361090b694108989d6cc943c2f2bccfec83cea8c832e4f6e506c809d5853f57b27ba49cd568a064d7c8df984a8520c2ecd29d", 0xb1, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhci\x00', 0x88000, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000240)={[{0x8, 0x4, 0x80000000, 0x6, 0x7, 0x5, 0x7, 0x20, 0x7, 0x7, 0x1f, 0x4, 0xffffffffffff0001}, {0x5, 0x4, 0x8001, 0x6, 0x200, 0xa9, 0x6, 0x81, 0x7, 0x2, 0x462d, 0x5, 0x7f}, {0x1, 0x1fb8, 0x2, 0x10001, 0x0, 0x9, 0x1, 0x9, 0x6, 0x100000000, 0x0, 0x2, 0x5}], 0x4}) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r3, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000440)={{{@in=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @rand_addr}}, 0x0, @in=@multicast1}}, &(0x7f0000000300)=0xe8) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@dev={0xfe, 0x80, [], 0x21}, @dev={0xfe, 0x80, [], 0x1a}, @empty, 0x4, 0xe0d, 0x4, 0x400, 0x1, 0x4000040, r4}) sendto$inet6(r1, &(0x7f0000000140)="0cfe2de7461b87c36a6f71d784972f5d63d94102dbadd335fd0b803d89e60bd1c176bf76bb2b89d2369590fd2c821846ee3db25525954435ae3f56ec3ecdd1d0f0b37218018dc10aa5df2ed230aa217ad06a68c546f488b8aa05", 0x5a, 0x0, &(0x7f0000000040)={0xa, 0x4e20, 0x100, @ipv4={[], [], @local}}, 0x1c) 03:46:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:46:58 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:46:58 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000380)="ff02048200eeff00c90000000000000000000000000202052c91adf6f28648edd1e9e41fa01f5cda7ce219d3e4742e4838a33e6b78f7d9c99b8fcd748be55d0200070000000000001a73e160003cb7bf129c696e919e74c036a639222959ce30f4692d50938b104af8676ff1049f462f4402b73c8e756d7df1f238e4845988ae6973d19004da4105b9905951463c561f555b8301348132a60c3b9fb63974a50b351b181929eb22d2f628eb44335ee9a6c712eaba925654347457d54a43c22875fefbe2012f19b49dff78c72710f889f778f594ffa4bc4a717b791991921ca45a1d435cdc38b8875e0000000001000000b535c087dd9235546fa9a3b48365620f2b83bdb314c7c889b722d46da21c931959989a88d044adc2dc85041323eef859e82b0e589ea9ca", 0x4b3) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x50000, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000140)={0x0, &(0x7f00000000c0)}) sendto$inet6(r0, &(0x7f0000000040)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x8, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[{0x6, 0x6000000000000}, {0x4, 0xfffffffffffffffd}, {0xc, 0x6}, {0x0, 0x4}], 0x4) [ 498.044033] not chained 530000 origins [ 498.048081] CPU: 1 PID: 13453 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 498.055360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.064722] Call Trace: [ 498.067311] [ 498.069484] dump_stack+0x32d/0x480 [ 498.073143] kmsan_internal_chain_origin+0x222/0x240 [ 498.078284] ? __msan_poison_alloca+0x1e0/0x270 [ 498.083106] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 498.088580] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 498.093959] ? __module_address+0x6a/0x5f0 [ 498.098219] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 498.104434] ? in_task_stack+0x12c/0x210 [ 498.108517] ? get_stack_info+0x206/0x220 [ 498.112680] __msan_chain_origin+0x6d/0xb0 [ 498.116946] ? do_syscall_64+0xcf/0x110 [ 498.120950] __save_stack_trace+0x8be/0xc60 [ 498.125312] ? do_syscall_64+0xcf/0x110 [ 498.129303] save_stack_trace+0xc6/0x110 [ 498.133386] kmsan_internal_chain_origin+0x136/0x240 [ 498.138503] ? local_bh_enable+0x36/0x40 [ 498.142601] ? __sk_flush_backlog+0x52/0x70 [ 498.146945] ? kmsan_internal_chain_origin+0x136/0x240 [ 498.152239] ? kmsan_memcpy_origins+0x13d/0x190 [ 498.156927] ? __msan_memcpy+0x6f/0x80 [ 498.160834] ? pskb_expand_head+0x436/0x1d20 [ 498.165518] ? ___pskb_trim+0x3c9/0x1bf0 [ 498.169587] ? sk_filter_trim_cap+0x5ac/0xa60 [ 498.174093] ? tcp_filter+0x10c/0x260 [ 498.177932] ? tcp_v6_rcv+0x45ba/0x5df0 [ 498.181951] ? ip6_input_finish+0xb53/0x2450 [ 498.186370] ? ip6_input+0x29d/0x340 [ 498.190099] ? ip6_rcv_finish+0x4d2/0x710 [ 498.194260] ? ipv6_rcv+0x34b/0x3f0 [ 498.197901] ? process_backlog+0x82b/0x11e0 [ 498.202944] ? net_rx_action+0x98f/0x1d50 [ 498.207102] ? __do_softirq+0x721/0xc7f [ 498.211085] ? do_softirq_own_stack+0x49/0x80 [ 498.215590] ? __local_bh_enable_ip+0x228/0x260 [ 498.220787] ? local_bh_enable+0x36/0x40 [ 498.224857] ? ip6_finish_output2+0x1b1a/0x22d0 [ 498.229542] ? ip6_finish_output+0xc13/0xca0 [ 498.233970] ? ip6_output+0x5e4/0x720 [ 498.237778] ? ip6_xmit+0x216d/0x26a0 03:46:58 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000000)="ff02040000eeff0000000000000000000000000000020205", 0x18) [ 498.241584] ? inet6_csk_xmit+0x3e0/0x4f0 [ 498.245740] ? __tcp_transmit_skb+0x425c/0x5e00 [ 498.250420] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 498.255270] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 498.260468] ? tcp_ack+0x91b2/0xa010 [ 498.264194] ? tcp_rcv_established+0xf7e/0x2940 [ 498.268877] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 498.273057] ? __release_sock+0x32d/0x750 [ 498.277221] ? __sk_flush_backlog+0x52/0x70 [ 498.281558] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 498.286161] ? tcp_sendmsg+0xb2/0x100 [ 498.289987] ? inet_sendmsg+0x4e9/0x800 [ 498.293967] ? __sys_sendto+0x940/0xb80 [ 498.298037] ? __se_sys_sendto+0x107/0x130 [ 498.303013] ? __x64_sys_sendto+0x6e/0x90 [ 498.307183] ? do_syscall_64+0xcf/0x110 [ 498.311193] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 498.316578] ? __msan_get_context_state+0x9/0x20 [ 498.321364] ? INIT_INT+0xc/0x30 [ 498.324763] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 498.330150] kmsan_memcpy_origins+0x13d/0x190 [ 498.334668] __msan_memcpy+0x6f/0x80 [ 498.338395] pskb_expand_head+0x436/0x1d20 03:46:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 498.342838] ___pskb_trim+0x3c9/0x1bf0 [ 498.346756] sk_filter_trim_cap+0x5ac/0xa60 [ 498.351102] tcp_filter+0x10c/0x260 [ 498.354750] tcp_v6_rcv+0x45ba/0x5df0 [ 498.358565] ? __msan_poison_alloca+0x1e0/0x270 [ 498.363280] ? tcp_v6_early_demux+0xc80/0xc80 [ 498.367782] ? tcp_v6_early_demux+0xc80/0xc80 [ 498.372307] ip6_input_finish+0xb53/0x2450 [ 498.376580] ? ip6_input_finish+0x13e1/0x2450 [ 498.381088] ip6_input+0x29d/0x340 [ 498.384640] ? ip6_input+0x340/0x340 [ 498.388369] ? ip6_sublist_rcv+0x1ab0/0x1ab0 03:46:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 498.392788] ip6_rcv_finish+0x4d2/0x710 [ 498.396782] ipv6_rcv+0x34b/0x3f0 [ 498.400764] ? dst_hold+0x5e0/0x5e0 [ 498.404429] process_backlog+0x82b/0x11e0 [ 498.408596] ? __msan_poison_alloca+0x1e0/0x270 [ 498.413290] ? ip6_rcv_finish+0x710/0x710 [ 498.417469] ? rps_trigger_softirq+0x2e0/0x2e0 [ 498.422155] net_rx_action+0x98f/0x1d50 [ 498.426177] ? net_tx_action+0xf20/0xf20 [ 498.430247] __do_softirq+0x721/0xc7f [ 498.434088] do_softirq_own_stack+0x49/0x80 [ 498.438408] [ 498.440662] __local_bh_enable_ip+0x228/0x260 [ 498.445182] local_bh_enable+0x36/0x40 [ 498.449082] ip6_finish_output2+0x1b1a/0x22d0 [ 498.453616] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 498.458991] ? ip6_mtu+0x289/0x330 [ 498.462575] ip6_finish_output+0xc13/0xca0 [ 498.466837] ip6_output+0x5e4/0x720 [ 498.470501] ? ip6_output+0x720/0x720 [ 498.474315] ? ac6_seq_show+0x200/0x200 [ 498.478389] ip6_xmit+0x216d/0x26a0 [ 498.482069] ? ip6_xmit+0x26a0/0x26a0 [ 498.485891] inet6_csk_xmit+0x3e0/0x4f0 [ 498.489897] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 498.494846] __tcp_transmit_skb+0x425c/0x5e00 [ 498.499391] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 498.504577] ? __mod_timer+0x271f/0x2d70 [ 498.508660] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 498.514043] ? __list_del_entry_valid+0x123/0x450 [ 498.518933] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 498.524003] tcp_ack+0x91b2/0xa010 [ 498.527567] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 498.533083] tcp_rcv_established+0xf7e/0x2940 [ 498.537622] tcp_v6_do_rcv+0x9f8/0x21b0 [ 498.541746] ? tcp_v6_destroy_sock+0x60/0x60 [ 498.546183] __release_sock+0x32d/0x750 [ 498.550197] __sk_flush_backlog+0x52/0x70 [ 498.554364] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 498.558620] tcp_sendmsg_locked+0xd72/0x6c30 [ 498.563061] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 498.568476] tcp_sendmsg+0xb2/0x100 [ 498.572124] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 498.576807] inet_sendmsg+0x4e9/0x800 [ 498.580626] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 498.586005] ? security_socket_sendmsg+0x1bd/0x200 [ 498.590961] ? inet_getname+0x490/0x490 [ 498.594962] __sys_sendto+0x940/0xb80 [ 498.598798] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 498.605012] ? prepare_exit_to_usermode+0x182/0x4c0 [ 498.610042] __se_sys_sendto+0x107/0x130 [ 498.614123] __x64_sys_sendto+0x6e/0x90 [ 498.618107] do_syscall_64+0xcf/0x110 [ 498.621937] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 498.627177] RIP: 0033:0x457569 [ 498.630377] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 498.649287] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 498.657015] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 498.664290] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000006 [ 498.671560] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 498.678833] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 498.686112] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 498.693400] Uninit was stored to memory at: [ 498.697733] kmsan_internal_chain_origin+0x136/0x240 [ 498.703541] __msan_chain_origin+0x6d/0xb0 [ 498.707788] __save_stack_trace+0x8be/0xc60 [ 498.712122] save_stack_trace+0xc6/0x110 [ 498.716203] kmsan_internal_chain_origin+0x136/0x240 [ 498.721320] kmsan_memcpy_origins+0x13d/0x190 [ 498.725827] __msan_memcpy+0x6f/0x80 [ 498.729555] pskb_expand_head+0x436/0x1d20 [ 498.733800] ___pskb_trim+0x3c9/0x1bf0 [ 498.737698] sk_filter_trim_cap+0x5ac/0xa60 [ 498.742029] tcp_filter+0x10c/0x260 03:46:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 498.745660] tcp_v6_rcv+0x45ba/0x5df0 [ 498.749469] ip6_input_finish+0xb53/0x2450 [ 498.753713] ip6_input+0x29d/0x340 [ 498.757256] ip6_rcv_finish+0x4d2/0x710 [ 498.761237] ipv6_rcv+0x34b/0x3f0 [ 498.764701] process_backlog+0x82b/0x11e0 [ 498.768858] net_rx_action+0x98f/0x1d50 [ 498.772853] __do_softirq+0x721/0xc7f [ 498.776656] [ 498.778286] Uninit was stored to memory at: [ 498.782623] kmsan_internal_chain_origin+0x136/0x240 [ 498.787753] __msan_chain_origin+0x6d/0xb0 [ 498.792004] __save_stack_trace+0x8be/0xc60 03:46:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 498.796341] save_stack_trace+0xc6/0x110 [ 498.801112] kmsan_internal_chain_origin+0x136/0x240 [ 498.806222] kmsan_memcpy_origins+0x13d/0x190 [ 498.810732] __msan_memcpy+0x6f/0x80 [ 498.814462] pskb_expand_head+0x436/0x1d20 [ 498.818708] ___pskb_trim+0x3c9/0x1bf0 [ 498.822609] sk_filter_trim_cap+0x5ac/0xa60 [ 498.826951] tcp_filter+0x10c/0x260 [ 498.830587] tcp_v6_rcv+0x45ba/0x5df0 [ 498.834406] ip6_input_finish+0xb53/0x2450 [ 498.838652] ip6_input+0x29d/0x340 [ 498.842204] ip6_rcv_finish+0x4d2/0x710 [ 498.846196] ipv6_rcv+0x34b/0x3f0 [ 498.849667] process_backlog+0x82b/0x11e0 [ 498.853824] net_rx_action+0x98f/0x1d50 [ 498.857819] __do_softirq+0x721/0xc7f [ 498.861628] [ 498.863259] Uninit was stored to memory at: [ 498.867592] kmsan_internal_chain_origin+0x136/0x240 [ 498.872704] __msan_chain_origin+0x6d/0xb0 [ 498.876958] __save_stack_trace+0x8be/0xc60 [ 498.881291] save_stack_trace+0xc6/0x110 [ 498.885364] kmsan_internal_chain_origin+0x136/0x240 [ 498.890479] kmsan_memcpy_origins+0x13d/0x190 [ 498.894985] __msan_memcpy+0x6f/0x80 [ 498.898711] pskb_expand_head+0x436/0x1d20 [ 498.903803] ___pskb_trim+0x3c9/0x1bf0 [ 498.907703] sk_filter_trim_cap+0x5ac/0xa60 [ 498.912045] tcp_filter+0x10c/0x260 [ 498.915681] tcp_v6_rcv+0x45ba/0x5df0 [ 498.919505] ip6_input_finish+0xb53/0x2450 [ 498.923753] ip6_input+0x29d/0x340 [ 498.927300] ip6_rcv_finish+0x4d2/0x710 [ 498.931288] ipv6_rcv+0x34b/0x3f0 [ 498.934758] process_backlog+0x82b/0x11e0 [ 498.938921] net_rx_action+0x98f/0x1d50 [ 498.942937] __do_softirq+0x721/0xc7f [ 498.946735] [ 498.948361] Uninit was stored to memory at: [ 498.952694] kmsan_internal_chain_origin+0x136/0x240 [ 498.957841] __msan_chain_origin+0x6d/0xb0 [ 498.962088] __save_stack_trace+0x8be/0xc60 [ 498.966423] save_stack_trace+0xc6/0x110 [ 498.970499] kmsan_internal_chain_origin+0x136/0x240 [ 498.975611] kmsan_memcpy_origins+0x13d/0x190 [ 498.980121] __msan_memcpy+0x6f/0x80 [ 498.983845] pskb_expand_head+0x436/0x1d20 [ 498.988089] ___pskb_trim+0x3c9/0x1bf0 [ 498.991995] sk_filter_trim_cap+0x5ac/0xa60 [ 498.996330] tcp_filter+0x10c/0x260 [ 499.000672] tcp_v6_rcv+0x45ba/0x5df0 [ 499.004482] ip6_input_finish+0xb53/0x2450 [ 499.008729] ip6_input+0x29d/0x340 [ 499.012285] ip6_rcv_finish+0x4d2/0x710 [ 499.016265] ipv6_rcv+0x34b/0x3f0 [ 499.019729] process_backlog+0x82b/0x11e0 [ 499.023885] net_rx_action+0x98f/0x1d50 [ 499.027864] __do_softirq+0x721/0xc7f [ 499.031658] [ 499.033283] Uninit was stored to memory at: [ 499.037614] kmsan_internal_chain_origin+0x136/0x240 [ 499.042734] __msan_chain_origin+0x6d/0xb0 [ 499.046979] __save_stack_trace+0x8be/0xc60 [ 499.051556] save_stack_trace+0xc6/0x110 [ 499.055630] kmsan_internal_chain_origin+0x136/0x240 [ 499.060744] kmsan_memcpy_origins+0x13d/0x190 [ 499.065248] __msan_memcpy+0x6f/0x80 [ 499.068979] pskb_expand_head+0x436/0x1d20 [ 499.073223] ___pskb_trim+0x3c9/0x1bf0 [ 499.077118] sk_filter_trim_cap+0x5ac/0xa60 [ 499.081443] tcp_filter+0x10c/0x260 [ 499.085071] tcp_v6_rcv+0x45ba/0x5df0 [ 499.088876] ip6_input_finish+0xb53/0x2450 [ 499.093116] ip6_input+0x29d/0x340 [ 499.096667] ip6_rcv_finish+0x4d2/0x710 [ 499.101362] ipv6_rcv+0x34b/0x3f0 [ 499.104827] process_backlog+0x82b/0x11e0 [ 499.108981] net_rx_action+0x98f/0x1d50 [ 499.112967] __do_softirq+0x721/0xc7f [ 499.116784] [ 499.118412] Uninit was stored to memory at: [ 499.122745] kmsan_internal_chain_origin+0x136/0x240 [ 499.127861] __msan_chain_origin+0x6d/0xb0 [ 499.132103] __save_stack_trace+0x8be/0xc60 [ 499.136428] save_stack_trace+0xc6/0x110 [ 499.140495] kmsan_internal_chain_origin+0x136/0x240 03:46:59 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 499.145620] kmsan_memcpy_origins+0x13d/0x190 [ 499.150120] __msan_memcpy+0x6f/0x80 [ 499.153846] pskb_expand_head+0x436/0x1d20 [ 499.158086] ___pskb_trim+0x3c9/0x1bf0 [ 499.161979] sk_filter_trim_cap+0x5ac/0xa60 [ 499.166312] tcp_filter+0x10c/0x260 [ 499.169953] tcp_v6_rcv+0x45ba/0x5df0 [ 499.173764] ip6_input_finish+0xb53/0x2450 [ 499.178003] ip6_input+0x29d/0x340 [ 499.181551] ip6_rcv_finish+0x4d2/0x710 [ 499.185532] ipv6_rcv+0x34b/0x3f0 [ 499.188994] process_backlog+0x82b/0x11e0 [ 499.193153] net_rx_action+0x98f/0x1d50 [ 499.197163] __do_softirq+0x721/0xc7f [ 499.201516] [ 499.203147] Uninit was stored to memory at: [ 499.207488] kmsan_internal_chain_origin+0x136/0x240 [ 499.212604] __msan_chain_origin+0x6d/0xb0 [ 499.216849] __save_stack_trace+0x8be/0xc60 [ 499.221662] save_stack_trace+0xc6/0x110 [ 499.225732] kmsan_internal_chain_origin+0x136/0x240 [ 499.230843] kmsan_memcpy_origins+0x13d/0x190 [ 499.235348] __msan_memcpy+0x6f/0x80 [ 499.239076] pskb_expand_head+0x436/0x1d20 [ 499.243326] ___pskb_trim+0x3c9/0x1bf0 [ 499.247232] sk_filter_trim_cap+0x5ac/0xa60 [ 499.251567] tcp_filter+0x10c/0x260 [ 499.255213] tcp_v6_rcv+0x45ba/0x5df0 [ 499.259035] ip6_input_finish+0xb53/0x2450 [ 499.263283] ip6_input+0x29d/0x340 [ 499.266833] ip6_rcv_finish+0x4d2/0x710 [ 499.270817] ipv6_rcv+0x34b/0x3f0 [ 499.274869] process_backlog+0x82b/0x11e0 [ 499.279029] net_rx_action+0x98f/0x1d50 [ 499.283020] __do_softirq+0x721/0xc7f [ 499.286826] [ 499.288460] Local variable description: ----v.addr.i.i.i@should_fail [ 499.294958] Variable was created at: [ 499.298684] should_fail+0x14d/0x13c0 [ 499.303201] __should_failslab+0x278/0x2a0 [ 499.349569] not chained 540000 origins [ 499.353498] CPU: 1 PID: 13453 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 499.360776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.370133] Call Trace: [ 499.372728] [ 499.374902] dump_stack+0x32d/0x480 [ 499.378562] kmsan_internal_chain_origin+0x222/0x240 [ 499.383686] ? __local_bh_enable_ip+0x11f/0x260 [ 499.388397] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 499.393775] ? __module_address+0x6a/0x5f0 [ 499.398026] ? is_bpf_text_address+0x3e5/0x4d0 [ 499.403375] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 499.408773] ? is_bpf_text_address+0x49e/0x4d0 [ 499.413386] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 499.418763] ? __module_address+0x6a/0x5f0 [ 499.423020] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 499.428485] ? in_task_stack+0x12c/0x210 [ 499.432572] ? get_stack_info+0x206/0x220 [ 499.436746] __msan_chain_origin+0x6d/0xb0 [ 499.440999] ? ip6_output+0x5e4/0x720 [ 499.444814] __save_stack_trace+0x8be/0xc60 [ 499.449181] ? ip6_output+0x5e4/0x720 [ 499.452999] save_stack_trace+0xc6/0x110 [ 499.457078] kmsan_internal_chain_origin+0x136/0x240 [ 499.462277] ? local_bh_enable+0x36/0x40 [ 499.466362] ? __sk_flush_backlog+0x52/0x70 [ 499.470697] ? kmsan_internal_chain_origin+0x136/0x240 [ 499.475991] ? kmsan_memcpy_origins+0x13d/0x190 [ 499.480676] ? __msan_memcpy+0x6f/0x80 [ 499.484576] ? pskb_expand_head+0x436/0x1d20 [ 499.488995] ? ___pskb_trim+0x3c9/0x1bf0 [ 499.493069] ? sk_filter_trim_cap+0x5ac/0xa60 [ 499.497575] ? tcp_filter+0x10c/0x260 [ 499.502064] ? tcp_v6_rcv+0x45ba/0x5df0 [ 499.506055] ? ip6_input_finish+0xb53/0x2450 [ 499.510472] ? ip6_input+0x29d/0x340 [ 499.514207] ? ip6_rcv_finish+0x4d2/0x710 [ 499.518368] ? ipv6_rcv+0x34b/0x3f0 [ 499.522003] ? process_backlog+0x82b/0x11e0 [ 499.526338] ? net_rx_action+0x98f/0x1d50 [ 499.530493] ? __do_softirq+0x721/0xc7f [ 499.534479] ? do_softirq_own_stack+0x49/0x80 [ 499.538989] ? __local_bh_enable_ip+0x228/0x260 [ 499.543675] ? local_bh_enable+0x36/0x40 [ 499.547748] ? ip6_finish_output2+0x1b1a/0x22d0 [ 499.552430] ? ip6_finish_output+0xc13/0xca0 [ 499.556849] ? ip6_output+0x5e4/0x720 [ 499.560660] ? ip6_xmit+0x216d/0x26a0 [ 499.564474] ? inet6_csk_xmit+0x3e0/0x4f0 [ 499.568632] ? __tcp_transmit_skb+0x425c/0x5e00 [ 499.573310] ? tcp_write_xmit+0x389a/0xacc0 [ 499.577647] ? __tcp_push_pending_frames+0x124/0x4e0 [ 499.582761] ? tcp_data_snd_check+0x1ec/0x1080 [ 499.587356] ? tcp_rcv_established+0x1bb2/0x2940 [ 499.592126] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 499.596287] ? __release_sock+0x32d/0x750 [ 499.601201] ? __sk_flush_backlog+0x52/0x70 [ 499.605532] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 499.610102] ? tcp_sendmsg+0xb2/0x100 [ 499.613891] ? inet_sendmsg+0x4e9/0x800 [ 499.617893] ? __sys_sendto+0x940/0xb80 [ 499.621880] ? __se_sys_sendto+0x107/0x130 [ 499.626126] ? __x64_sys_sendto+0x6e/0x90 [ 499.630290] ? do_syscall_64+0xcf/0x110 [ 499.634281] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 499.639666] ? __msan_get_context_state+0x9/0x20 [ 499.644428] ? INIT_INT+0xc/0x30 [ 499.647793] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 499.653153] kmsan_memcpy_origins+0x13d/0x190 [ 499.657650] __msan_memcpy+0x6f/0x80 [ 499.661354] pskb_expand_head+0x436/0x1d20 [ 499.665590] ___pskb_trim+0x3c9/0x1bf0 [ 499.669477] sk_filter_trim_cap+0x5ac/0xa60 [ 499.673812] tcp_filter+0x10c/0x260 [ 499.677444] tcp_v6_rcv+0x45ba/0x5df0 [ 499.681235] ? __msan_poison_alloca+0x1e0/0x270 [ 499.685944] ? tcp_v6_early_demux+0xc80/0xc80 [ 499.690451] ? tcp_v6_early_demux+0xc80/0xc80 [ 499.694956] ip6_input_finish+0xb53/0x2450 [ 499.699210] ? ip6_input_finish+0x13e1/0x2450 [ 499.703709] ip6_input+0x29d/0x340 [ 499.707286] ? ip6_input+0x340/0x340 [ 499.711002] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 499.715410] ip6_rcv_finish+0x4d2/0x710 [ 499.719393] ipv6_rcv+0x34b/0x3f0 [ 499.722847] ? dst_hold+0x5e0/0x5e0 [ 499.726464] process_backlog+0x82b/0x11e0 [ 499.730945] ? __msan_poison_alloca+0x1e0/0x270 [ 499.735605] ? ip6_rcv_finish+0x710/0x710 [ 499.739748] ? rps_trigger_softirq+0x2e0/0x2e0 [ 499.744332] net_rx_action+0x98f/0x1d50 [ 499.748337] ? net_tx_action+0xf20/0xf20 [ 499.752409] __do_softirq+0x721/0xc7f [ 499.756237] do_softirq_own_stack+0x49/0x80 [ 499.760548] [ 499.762809] __local_bh_enable_ip+0x228/0x260 [ 499.767307] local_bh_enable+0x36/0x40 [ 499.771199] ip6_finish_output2+0x1b1a/0x22d0 [ 499.775705] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 499.781058] ? ip6_mtu+0x289/0x330 [ 499.784590] ip6_finish_output+0xc13/0xca0 [ 499.788835] ip6_output+0x5e4/0x720 [ 499.792458] ? ip6_output+0x720/0x720 [ 499.796267] ? ac6_seq_show+0x200/0x200 [ 499.800325] ip6_xmit+0x216d/0x26a0 [ 499.803980] ? ip6_xmit+0x26a0/0x26a0 [ 499.807775] inet6_csk_xmit+0x3e0/0x4f0 [ 499.811775] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 499.816713] __tcp_transmit_skb+0x425c/0x5e00 [ 499.821268] tcp_write_xmit+0x389a/0xacc0 [ 499.825477] __tcp_push_pending_frames+0x124/0x4e0 [ 499.830536] tcp_data_snd_check+0x1ec/0x1080 [ 499.834979] tcp_rcv_established+0x1bb2/0x2940 [ 499.839601] tcp_v6_do_rcv+0x9f8/0x21b0 [ 499.843576] ? tcp_v6_destroy_sock+0x60/0x60 [ 499.848043] __release_sock+0x32d/0x750 [ 499.852594] __sk_flush_backlog+0x52/0x70 [ 499.856738] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 499.860982] tcp_sendmsg_locked+0xd72/0x6c30 [ 499.865404] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 499.870820] tcp_sendmsg+0xb2/0x100 [ 499.874445] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 499.879118] inet_sendmsg+0x4e9/0x800 [ 499.882945] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 499.888326] ? security_socket_sendmsg+0x1bd/0x200 [ 499.893277] ? inet_getname+0x490/0x490 [ 499.897261] __sys_sendto+0x940/0xb80 [ 499.901078] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 499.906518] ? prepare_exit_to_usermode+0x182/0x4c0 [ 499.911522] __se_sys_sendto+0x107/0x130 [ 499.915590] __x64_sys_sendto+0x6e/0x90 [ 499.919579] do_syscall_64+0xcf/0x110 [ 499.923368] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 499.928555] RIP: 0033:0x457569 [ 499.931756] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 499.950660] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 499.958482] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 499.965867] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000006 [ 499.973134] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 499.980514] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 499.987779] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 499.995054] Uninit was stored to memory at: [ 499.999377] kmsan_internal_chain_origin+0x136/0x240 [ 500.004575] __msan_chain_origin+0x6d/0xb0 [ 500.008811] __save_stack_trace+0x8be/0xc60 [ 500.013121] save_stack_trace+0xc6/0x110 [ 500.017191] kmsan_internal_chain_origin+0x136/0x240 [ 500.022301] kmsan_memcpy_origins+0x13d/0x190 [ 500.026787] __msan_memcpy+0x6f/0x80 [ 500.030513] pskb_expand_head+0x436/0x1d20 [ 500.034746] ___pskb_trim+0x3c9/0x1bf0 [ 500.038627] sk_filter_trim_cap+0x5ac/0xa60 [ 500.042950] tcp_filter+0x10c/0x260 [ 500.046582] tcp_v6_rcv+0x45ba/0x5df0 [ 500.050370] ip6_input_finish+0xb53/0x2450 [ 500.054606] ip6_input+0x29d/0x340 [ 500.058144] ip6_rcv_finish+0x4d2/0x710 [ 500.062120] ipv6_rcv+0x34b/0x3f0 [ 500.065579] process_backlog+0x82b/0x11e0 [ 500.069724] net_rx_action+0x98f/0x1d50 [ 500.073695] __do_softirq+0x721/0xc7f [ 500.077494] [ 500.079126] Uninit was stored to memory at: [ 500.083454] kmsan_internal_chain_origin+0x136/0x240 [ 500.088560] __msan_chain_origin+0x6d/0xb0 [ 500.092797] __save_stack_trace+0x8be/0xc60 [ 500.097115] save_stack_trace+0xc6/0x110 [ 500.101183] kmsan_internal_chain_origin+0x136/0x240 [ 500.106272] kmsan_memcpy_origins+0x13d/0x190 [ 500.110864] __msan_memcpy+0x6f/0x80 [ 500.114589] pskb_expand_head+0x436/0x1d20 [ 500.118834] ___pskb_trim+0x3c9/0x1bf0 [ 500.122724] sk_filter_trim_cap+0x5ac/0xa60 [ 500.127033] tcp_filter+0x10c/0x260 [ 500.130658] tcp_v6_rcv+0x45ba/0x5df0 [ 500.134454] ip6_input_finish+0xb53/0x2450 [ 500.138680] ip6_input+0x29d/0x340 [ 500.142215] ip6_rcv_finish+0x4d2/0x710 [ 500.146193] ipv6_rcv+0x34b/0x3f0 [ 500.149661] process_backlog+0x82b/0x11e0 [ 500.153812] net_rx_action+0x98f/0x1d50 [ 500.157784] __do_softirq+0x721/0xc7f [ 500.161560] [ 500.163183] Uninit was stored to memory at: [ 500.167520] kmsan_internal_chain_origin+0x136/0x240 [ 500.172632] __msan_chain_origin+0x6d/0xb0 [ 500.176867] __save_stack_trace+0x8be/0xc60 [ 500.181199] save_stack_trace+0xc6/0x110 [ 500.185263] kmsan_internal_chain_origin+0x136/0x240 [ 500.190352] kmsan_memcpy_origins+0x13d/0x190 [ 500.194924] __msan_memcpy+0x6f/0x80 [ 500.198633] pskb_expand_head+0x436/0x1d20 [ 500.202857] ___pskb_trim+0x3c9/0x1bf0 [ 500.206732] sk_filter_trim_cap+0x5ac/0xa60 [ 500.211223] tcp_filter+0x10c/0x260 [ 500.214858] tcp_v6_rcv+0x45ba/0x5df0 [ 500.218710] ip6_input_finish+0xb53/0x2450 [ 500.222966] ip6_input+0x29d/0x340 [ 500.226511] ip6_rcv_finish+0x4d2/0x710 [ 500.230578] ipv6_rcv+0x34b/0x3f0 [ 500.234016] process_backlog+0x82b/0x11e0 [ 500.238157] net_rx_action+0x98f/0x1d50 [ 500.242156] __do_softirq+0x721/0xc7f [ 500.245964] [ 500.247589] Uninit was stored to memory at: [ 500.251897] kmsan_internal_chain_origin+0x136/0x240 [ 500.257020] __msan_chain_origin+0x6d/0xb0 [ 500.261256] __save_stack_trace+0x8be/0xc60 [ 500.265576] save_stack_trace+0xc6/0x110 [ 500.269630] kmsan_internal_chain_origin+0x136/0x240 [ 500.274722] kmsan_memcpy_origins+0x13d/0x190 [ 500.279218] __msan_memcpy+0x6f/0x80 [ 500.282947] pskb_expand_head+0x436/0x1d20 [ 500.287187] ___pskb_trim+0x3c9/0x1bf0 [ 500.291070] sk_filter_trim_cap+0x5ac/0xa60 [ 500.295379] tcp_filter+0x10c/0x260 [ 500.299002] tcp_v6_rcv+0x45ba/0x5df0 [ 500.302802] ip6_input_finish+0xb53/0x2450 [ 500.307017] ip6_input+0x29d/0x340 [ 500.310540] ip6_rcv_finish+0x4d2/0x710 [ 500.314512] ipv6_rcv+0x34b/0x3f0 [ 500.317983] process_backlog+0x82b/0x11e0 [ 500.322142] net_rx_action+0x98f/0x1d50 [ 500.326103] __do_softirq+0x721/0xc7f [ 500.329973] [ 500.331617] Uninit was stored to memory at: [ 500.335953] kmsan_internal_chain_origin+0x136/0x240 [ 500.341054] __msan_chain_origin+0x6d/0xb0 [ 500.345277] __save_stack_trace+0x8be/0xc60 [ 500.349598] save_stack_trace+0xc6/0x110 [ 500.353657] kmsan_internal_chain_origin+0x136/0x240 [ 500.358756] kmsan_memcpy_origins+0x13d/0x190 [ 500.363249] __msan_memcpy+0x6f/0x80 [ 500.366951] pskb_expand_head+0x436/0x1d20 [ 500.371191] ___pskb_trim+0x3c9/0x1bf0 [ 500.375083] sk_filter_trim_cap+0x5ac/0xa60 [ 500.379400] tcp_filter+0x10c/0x260 [ 500.383018] tcp_v6_rcv+0x45ba/0x5df0 [ 500.386829] ip6_input_finish+0xb53/0x2450 [ 500.391070] ip6_input+0x29d/0x340 [ 500.394619] ip6_rcv_finish+0x4d2/0x710 [ 500.398598] ipv6_rcv+0x34b/0x3f0 [ 500.402053] process_backlog+0x82b/0x11e0 [ 500.406212] net_rx_action+0x98f/0x1d50 [ 500.410199] __do_softirq+0x721/0xc7f [ 500.413991] [ 500.415602] Uninit was stored to memory at: [ 500.419909] kmsan_internal_chain_origin+0x136/0x240 [ 500.425026] __msan_chain_origin+0x6d/0xb0 [ 500.429257] __save_stack_trace+0x8be/0xc60 [ 500.433576] save_stack_trace+0xc6/0x110 [ 500.437636] kmsan_internal_chain_origin+0x136/0x240 [ 500.442739] kmsan_memcpy_origins+0x13d/0x190 [ 500.447226] __msan_memcpy+0x6f/0x80 [ 500.450952] pskb_expand_head+0x436/0x1d20 [ 500.455198] ___pskb_trim+0x3c9/0x1bf0 [ 500.459094] sk_filter_trim_cap+0x5ac/0xa60 [ 500.463424] tcp_filter+0x10c/0x260 [ 500.467062] tcp_v6_rcv+0x45ba/0x5df0 [ 500.470846] ip6_input_finish+0xb53/0x2450 [ 500.475076] ip6_input+0x29d/0x340 [ 500.478618] ip6_rcv_finish+0x4d2/0x710 [ 500.482586] ipv6_rcv+0x34b/0x3f0 [ 500.486047] process_backlog+0x82b/0x11e0 [ 500.490197] net_rx_action+0x98f/0x1d50 [ 500.494195] __do_softirq+0x721/0xc7f [ 500.497989] [ 500.499597] Uninit was stored to memory at: [ 500.503917] kmsan_internal_chain_origin+0x136/0x240 [ 500.509040] __msan_chain_origin+0x6d/0xb0 [ 500.513274] __save_stack_trace+0x8be/0xc60 [ 500.517589] save_stack_trace+0xc6/0x110 [ 500.521661] kmsan_internal_chain_origin+0x136/0x240 [ 500.526775] kmsan_memcpy_origins+0x13d/0x190 [ 500.531270] __msan_memcpy+0x6f/0x80 [ 500.534982] pskb_expand_head+0x436/0x1d20 [ 500.539201] ___pskb_trim+0x3c9/0x1bf0 [ 500.543075] sk_filter_trim_cap+0x5ac/0xa60 [ 500.547395] tcp_filter+0x10c/0x260 [ 500.551017] tcp_v6_rcv+0x45ba/0x5df0 [ 500.554806] ip6_input_finish+0xb53/0x2450 [ 500.559035] ip6_input+0x29d/0x340 [ 500.562583] ip6_rcv_finish+0x4d2/0x710 [ 500.566561] ipv6_rcv+0x34b/0x3f0 [ 500.570021] process_backlog+0x82b/0x11e0 [ 500.574160] net_rx_action+0x98f/0x1d50 [ 500.578160] __do_softirq+0x721/0xc7f [ 500.581963] [ 500.583584] Local variable description: ----v.addr.i.i.i@should_fail [ 500.590070] Variable was created at: [ 500.593787] should_fail+0x14d/0x13c0 [ 500.597606] __should_failslab+0x278/0x2a0 03:47:00 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) getrusage(0x1, &(0x7f00000000c0)) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:09 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:09 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x1000000004) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) pread64(r0, &(0x7f0000000280)=""/106, 0x6a, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000300)=""/225, 0xe1}, {&(0x7f0000000400)=""/193, 0xc1}, {&(0x7f0000000500)=""/65, 0x41}, {&(0x7f0000000580)=""/204, 0xcc}, {&(0x7f0000000680)=""/114, 0x72}], 0x5, 0x17) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, &(0x7f0000000040)=0x10, 0x80000) syz_open_dev$sndctrl(&(0x7f0000000240)='/dev/snd/controlC#\x00', 0x6, 0x98800) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000140)={0x0, 0x6a9b, 0x9, 0x1, 0x0, 0x2, 0x1, 0x5, {0x0, @in6={{0xa, 0x4e22, 0x8000, @mcast2, 0x29e8}}, 0x7, 0x7ff, 0x3, 0xfffffffffffffffd, 0x7}}, &(0x7f0000000200)=0xb0) mknod$loop(&(0x7f0000000800)='./file0\x00', 0x7800, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000780), &(0x7f00000007c0)=0x4) 03:47:09 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) io_destroy(0x0) r0 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) 03:47:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:09 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x3) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000140)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r1, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:09 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000004c0)="0a452d0240316285717070") ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000040)={0xfffffffffffffffc, 0x0, 0x200, 0x10001, [], [], [], 0x401, 0x6, 0x400, 0x1, "ab31134bbe81438e468ee06cae56e594"}) ioctl$RTC_VL_CLR(r0, 0x7014) preadv(r1, &(0x7f0000000680)=[{&(0x7f0000000240)=""/112, 0xfffffffffffffc37}, {&(0x7f00000002c0)=""/252}, {&(0x7f00000003c0)=""/209}, {&(0x7f0000000700)=""/253}, {&(0x7f00000005c0)=""/167}], 0x133c, 0x0) 03:47:10 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:10 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000000040)=""/202, &(0x7f0000000140)=0xca) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@rand_addr, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@remote}}, &(0x7f0000000340)=0xe8) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000380)={r2, 0x1, 0x6, @local}, 0x10) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:10 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:10 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000000)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:10 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) io_destroy(0x0) r0 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) 03:47:10 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$vsock_dgram(0x28, 0x2, 0x0) fcntl$addseals(r0, 0x409, 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f0000000440)="0a5c2d0240316285717078a86d1340a3c8b97953fc166d481305cb30b63eda9942fcc34fea5e26b4c0e83e37cc378e675ecfdafae4e72a5e36c8365a7f2e0ef8272b9083268713f985f08a7942d6ac30fae0f6701bcf97cb9efc3d78da2239dd36820594f7069afd5fd4e631122dfb4be8dd9f4e4b0db4c5b503cf88ebb5d1d0cf9b54aa14b995b0a21828e7fe216cb3b40329e1bd512884f395b6b3eb4c00455d66e1f95bf8e5b8c560dadae4b9312c535a1e38f42d4b9699f66e6161b99cb006d3f7a7f00ccf8326c5d63e94dc123341a55a2c9915ba0b83da1b3a0b2b2994cfe3676c4955b867f116dbafbb9b1d7de9baff802e81a4630000000000000000f55842ad58295a83180f204687655c5cf047d16ea2216ec054cac0184b8b4c7f59b1603e61545fb1ccb6d60e9eb7d735c4bd503b74292fe4c78d707bdbb3920e26ff77") r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x100, 0x0) ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x40, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0xffffffffffffffff, 0x400}]}, 0xfffffffffffffeb8) setsockopt$inet6_tcp_int(r2, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r2, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r2, 0x3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r4, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:10 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:10 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:10 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000080)=0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x9, &(0x7f00000001c0)="0a452d0240316285717070") setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040)={0x7, 0x401, 0x7, 0x9}, 0x10) preadv(r0, &(0x7f0000000480), 0x258, 0x0) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, 0x6, {0x7, 0x1c, 0x0, 0x480, 0x94ca, 0x9, 0x3, 0x2}}, 0x50) 03:47:11 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) io_destroy(0x0) r0 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) 03:47:11 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) 03:47:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:11 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) tee(r0, r0, 0xffffffffffffffff, 0x5) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") fstatfs(r1, &(0x7f0000000080)=""/229) preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:11 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:11 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@mcast2, @in6=@mcast1}}, {{@in6}, 0x0, @in=@loopback}}, &(0x7f0000000040)=0xfffffd41) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, [0x8dffffff]}, 0x409}, 0x1c) 03:47:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:11 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='k', 0x13c) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80), 0x0, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:11 executing program 0: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000080)={0x1ff, 0x80}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r2, 0x10004}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r4, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r3, &(0x7f0000000480), 0x258, 0x0) [ 511.803829] print_req_error: 120 callbacks suppressed [ 511.803857] print_req_error: I/O error, dev loop3, sector 0 [ 511.815081] buffer_io_error: 120 callbacks suppressed [ 511.815107] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 511.828351] print_req_error: I/O error, dev loop3, sector 8 [ 511.834227] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 511.842420] print_req_error: I/O error, dev loop3, sector 16 [ 511.848376] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 511.856320] print_req_error: I/O error, dev loop3, sector 24 [ 511.862341] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 511.870120] print_req_error: I/O error, dev loop3, sector 32 [ 511.876064] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 511.883964] print_req_error: I/O error, dev loop3, sector 40 [ 511.889831] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 511.891879] not chained 550000 origins [ 511.897679] print_req_error: I/O error, dev loop3, sector 48 [ 511.901364] CPU: 1 PID: 6613 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #85 [ 511.901383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.907348] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 511.914426] Call Trace: [ 511.914435] [ 511.914458] dump_stack+0x32d/0x480 [ 511.914483] ? save_stack_trace+0xc6/0x110 [ 511.914506] kmsan_internal_chain_origin+0x222/0x240 [ 511.914536] ? kmsan_internal_chain_origin+0x136/0x240 [ 511.924038] print_req_error: I/O error, dev loop3, sector 56 [ 511.931489] ? __msan_chain_origin+0x6d/0xb0 [ 511.931511] ? __save_stack_trace+0x8be/0xc60 [ 511.934161] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 511.936211] ? save_stack_trace+0xc6/0x110 [ 511.936235] ? kmsan_internal_chain_origin+0x136/0x240 [ 511.940317] print_req_error: I/O error, dev loop3, sector 64 [ 511.944392] ? kmsan_memcpy_origins+0x13d/0x190 [ 511.944426] ? __msan_memcpy+0x6f/0x80 [ 511.944445] ? pskb_expand_head+0x436/0x1d20 [ 511.944461] ? tcp_fragment+0x378/0x21d0 [ 511.944476] ? tcp_send_loss_probe+0x6a2/0xc00 [ 511.944491] ? tcp_write_timer_handler+0x691/0xe80 [ 511.944515] ? tcp_write_timer+0x139/0x250 [ 511.949618] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 511.954864] ? call_timer_fn+0x356/0x7c0 [ 511.954881] ? __run_timers+0xe95/0x1300 [ 511.954897] ? run_timer_softirq+0x55/0xa0 [ 511.954913] ? __do_softirq+0x721/0xc7f [ 511.954934] ? irq_exit+0x305/0x340 [ 511.954958] ? exiting_irq+0xe/0x10 [ 511.960824] print_req_error: I/O error, dev loop3, sector 72 [ 511.965136] ? smp_apic_timer_interrupt+0x64/0x90 [ 511.965151] ? apic_timer_interrupt+0xf/0x20 [ 511.965176] ? kmsan_get_metadata_or_null+0x32f/0x380 [ 511.965193] ? __msan_poison_alloca+0xbd/0x270 [ 511.965211] ? should_fail+0x10e/0x13c0 [ 511.965237] ? __should_failslab+0x278/0x2a0 [ 511.969741] Buffer I/O error on dev loop3, logical block 9, lost async page write [ 511.977335] ? should_failslab+0x29/0x70 [ 511.977351] ? kmem_cache_alloc+0x146/0xe20 [ 511.977366] ? anon_vma_fork+0x29d/0xe80 [ 511.977382] ? copy_process+0x691d/0xc3c0 [ 511.977397] ? _do_fork+0x3e3/0x1370 [ 511.977422] ? __se_sys_clone+0xf6/0x110 [ 512.120209] ? __x64_sys_clone+0x62/0x80 [ 512.124274] ? do_syscall_64+0xcf/0x110 [ 512.128245] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 512.133602] ? INIT_INT+0xc/0x30 [ 512.136968] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 512.142848] ? in_task_stack+0x12c/0x210 [ 512.146907] ? get_stack_info+0x206/0x220 [ 512.151065] __msan_chain_origin+0x6d/0xb0 [ 512.155299] ? __se_sys_clone+0xf6/0x110 [ 512.159364] __save_stack_trace+0x8be/0xc60 [ 512.163692] ? __se_sys_clone+0xf6/0x110 [ 512.167749] save_stack_trace+0xc6/0x110 [ 512.171811] kmsan_internal_chain_origin+0x136/0x240 [ 512.176909] ? __msan_poison_alloca+0xbd/0x270 [ 512.181496] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 512.186858] ? kmsan_internal_chain_origin+0x136/0x240 [ 512.192137] ? kmsan_memcpy_origins+0x13d/0x190 [ 512.196802] ? __msan_memcpy+0x6f/0x80 [ 512.200680] ? pskb_expand_head+0x436/0x1d20 [ 512.205096] ? tcp_fragment+0x378/0x21d0 [ 512.209150] ? tcp_send_loss_probe+0x6a2/0xc00 [ 512.213734] ? tcp_write_timer_handler+0x691/0xe80 [ 512.219099] ? tcp_write_timer+0x139/0x250 [ 512.223327] ? call_timer_fn+0x356/0x7c0 [ 512.227384] ? __run_timers+0xe95/0x1300 [ 512.231437] ? run_timer_softirq+0x55/0xa0 [ 512.235664] ? __do_softirq+0x721/0xc7f [ 512.240386] ? irq_exit+0x305/0x340 [ 512.244008] ? exiting_irq+0xe/0x10 [ 512.247638] ? smp_apic_timer_interrupt+0x64/0x90 [ 512.252470] ? apic_timer_interrupt+0xf/0x20 [ 512.256871] ? kmsan_get_metadata_or_null+0x32f/0x380 [ 512.262062] ? __msan_poison_alloca+0xbd/0x270 [ 512.266636] ? should_fail+0x10e/0x13c0 [ 512.270602] ? __should_failslab+0x278/0x2a0 [ 512.275015] ? should_failslab+0x29/0x70 [ 512.279070] ? kmem_cache_alloc+0x146/0xe20 [ 512.283379] ? anon_vma_fork+0x29d/0xe80 [ 512.287432] ? copy_process+0x691d/0xc3c0 [ 512.291571] ? _do_fork+0x3e3/0x1370 [ 512.295295] ? __msan_get_context_state+0x9/0x20 [ 512.300041] ? INIT_INT+0xc/0x30 [ 512.303404] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 512.308770] kmsan_memcpy_origins+0x13d/0x190 [ 512.313265] __msan_memcpy+0x6f/0x80 [ 512.316973] pskb_expand_head+0x436/0x1d20 [ 512.321219] tcp_fragment+0x378/0x21d0 [ 512.325116] tcp_send_loss_probe+0x6a2/0xc00 [ 512.329527] tcp_write_timer_handler+0x691/0xe80 [ 512.334284] tcp_write_timer+0x139/0x250 [ 512.339087] call_timer_fn+0x356/0x7c0 [ 512.342983] ? tcp_init_xmit_timers+0x130/0x130 [ 512.347651] __run_timers+0xe95/0x1300 [ 512.351532] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 512.356889] ? tcp_init_xmit_timers+0x130/0x130 [ 512.361568] run_timer_softirq+0x55/0xa0 [ 512.365620] ? timers_dead_cpu+0xb70/0xb70 [ 512.369847] __do_softirq+0x721/0xc7f [ 512.373649] irq_exit+0x305/0x340 [ 512.377101] exiting_irq+0xe/0x10 [ 512.380548] smp_apic_timer_interrupt+0x64/0x90 [ 512.385213] apic_timer_interrupt+0xf/0x20 [ 512.389435] [ 512.391678] RIP: 0010:kmsan_get_metadata_or_null+0x32f/0x380 [ 512.397475] Code: 00 80 7f 77 00 00 4c 01 e0 48 c1 e8 0c 48 8d 04 40 48 c1 e0 05 49 bd 00 00 00 00 00 ea ff ff 49 01 c5 0f 85 3a fe ff ff 31 c0 <48> 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 49 81 fc ff ff ff 1f [ 512.416366] RSP: 0018:ffff888152fdf718 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 512.424070] RAX: ffff888152fef890 RBX: ffff888152fdf890 RCX: 00000000003f8fcd [ 512.431340] RDX: 0000000152fef890 RSI: 0000000000000008 RDI: ffff888152fdf890 [ 512.439336] RBP: ffff888152fdf750 R08: 0000000000480020 R09: 0000000000000002 [ 512.446598] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d2fdf890 [ 512.453856] R13: ffffea0007f1f3e8 R14: 0000000000000890 R15: 0000000000000008 [ 512.461143] __msan_poison_alloca+0xbd/0x270 [ 512.465555] ? should_fail+0xf9/0x13c0 [ 512.469456] ? __should_failslab+0x278/0x2a0 [ 512.473859] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 512.479214] should_fail+0x10e/0x13c0 [ 512.483018] __should_failslab+0x278/0x2a0 [ 512.487252] should_failslab+0x29/0x70 [ 512.491137] kmem_cache_alloc+0x146/0xe20 [ 512.495298] ? anon_vma_fork+0x29d/0xe80 [ 512.499362] anon_vma_fork+0x29d/0xe80 [ 512.503255] copy_process+0x691d/0xc3c0 [ 512.507261] _do_fork+0x3e3/0x1370 [ 512.510806] ? prepare_exit_to_usermode+0x182/0x4c0 [ 512.515825] __se_sys_clone+0xf6/0x110 [ 512.519711] __x64_sys_clone+0x62/0x80 [ 512.523591] do_syscall_64+0xcf/0x110 [ 512.527387] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 512.532585] RIP: 0033:0x455b1a [ 512.535775] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 512.555391] RSP: 002b:0000000000a3fd50 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 512.563088] RAX: ffffffffffffffda RBX: 0000000000a3fd50 RCX: 0000000000455b1a [ 512.570362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 512.577715] RBP: 0000000000a3fd90 R08: 0000000000000001 R09: 0000000001a50940 [ 512.584974] R10: 0000000001a50c10 R11: 0000000000000246 R12: 0000000000000001 [ 512.592234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 512.599502] Uninit was stored to memory at: [ 512.603823] kmsan_internal_chain_origin+0x136/0x240 [ 512.608919] __msan_chain_origin+0x6d/0xb0 [ 512.613152] __save_stack_trace+0x8be/0xc60 [ 512.617477] save_stack_trace+0xc6/0x110 [ 512.621532] kmsan_internal_chain_origin+0x136/0x240 [ 512.626623] kmsan_memcpy_origins+0x13d/0x190 [ 512.631118] __msan_memcpy+0x6f/0x80 [ 512.634823] pskb_expand_head+0x436/0x1d20 [ 512.639513] tcp_fragment+0x378/0x21d0 [ 512.643389] tcp_send_loss_probe+0x6a2/0xc00 [ 512.647787] tcp_write_timer_handler+0x691/0xe80 [ 512.652544] tcp_write_timer+0x139/0x250 [ 512.656598] call_timer_fn+0x356/0x7c0 [ 512.660594] __run_timers+0xe95/0x1300 [ 512.664478] run_timer_softirq+0x55/0xa0 [ 512.668530] __do_softirq+0x721/0xc7f [ 512.672312] [ 512.673931] Uninit was stored to memory at: [ 512.678244] kmsan_internal_chain_origin+0x136/0x240 [ 512.683341] __msan_chain_origin+0x6d/0xb0 [ 512.687567] __save_stack_trace+0x8be/0xc60 [ 512.691879] save_stack_trace+0xc6/0x110 [ 512.695938] kmsan_internal_chain_origin+0x136/0x240 [ 512.701036] kmsan_memcpy_origins+0x13d/0x190 [ 512.705524] __msan_memcpy+0x6f/0x80 [ 512.709231] pskb_expand_head+0x436/0x1d20 [ 512.713455] tcp_fragment+0x378/0x21d0 [ 512.717335] tcp_send_loss_probe+0x6a2/0xc00 [ 512.721738] tcp_write_timer_handler+0x691/0xe80 [ 512.726485] tcp_write_timer+0x139/0x250 [ 512.730538] call_timer_fn+0x356/0x7c0 [ 512.734419] __run_timers+0xe95/0x1300 [ 512.738994] run_timer_softirq+0x55/0xa0 [ 512.743049] __do_softirq+0x721/0xc7f [ 512.746834] [ 512.748446] Uninit was stored to memory at: [ 512.752761] kmsan_internal_chain_origin+0x136/0x240 [ 512.757862] __msan_chain_origin+0x6d/0xb0 [ 512.762085] __save_stack_trace+0x8be/0xc60 [ 512.766399] save_stack_trace+0xc6/0x110 [ 512.770456] kmsan_internal_chain_origin+0x136/0x240 [ 512.775551] kmsan_memcpy_origins+0x13d/0x190 [ 512.780041] __msan_memcpy+0x6f/0x80 [ 512.783746] pskb_expand_head+0x436/0x1d20 [ 512.787969] tcp_fragment+0x378/0x21d0 [ 512.791849] tcp_send_loss_probe+0x6a2/0xc00 [ 512.796252] tcp_write_timer_handler+0x691/0xe80 [ 512.801002] tcp_write_timer+0x139/0x250 [ 512.805054] call_timer_fn+0x356/0x7c0 [ 512.808938] __run_timers+0xe95/0x1300 [ 512.812816] run_timer_softirq+0x55/0xa0 [ 512.816869] __do_softirq+0x721/0xc7f [ 512.820671] [ 512.822286] Uninit was stored to memory at: [ 512.826601] kmsan_internal_chain_origin+0x136/0x240 [ 512.831699] __msan_chain_origin+0x6d/0xb0 [ 512.835928] __save_stack_trace+0x8be/0xc60 [ 512.840993] save_stack_trace+0xc6/0x110 [ 512.845049] kmsan_internal_chain_origin+0x136/0x240 [ 512.850144] kmsan_memcpy_origins+0x13d/0x190 [ 512.854637] __msan_memcpy+0x6f/0x80 [ 512.858346] pskb_expand_head+0x436/0x1d20 [ 512.862575] tcp_fragment+0x378/0x21d0 [ 512.866449] tcp_send_loss_probe+0x6a2/0xc00 [ 512.870849] tcp_write_timer_handler+0x691/0xe80 [ 512.875594] tcp_write_timer+0x139/0x250 [ 512.879645] call_timer_fn+0x356/0x7c0 [ 512.883531] __run_timers+0xe95/0x1300 [ 512.887431] run_timer_softirq+0x55/0xa0 [ 512.891503] __do_softirq+0x721/0xc7f [ 512.895286] [ 512.896899] Uninit was stored to memory at: [ 512.901215] kmsan_internal_chain_origin+0x136/0x240 [ 512.906309] __msan_chain_origin+0x6d/0xb0 [ 512.910537] __save_stack_trace+0x8be/0xc60 [ 512.914848] save_stack_trace+0xc6/0x110 [ 512.918898] kmsan_internal_chain_origin+0x136/0x240 [ 512.923999] kmsan_memcpy_origins+0x13d/0x190 [ 512.928499] __msan_memcpy+0x6f/0x80 [ 512.932206] pskb_expand_head+0x436/0x1d20 [ 512.936428] tcp_fragment+0x378/0x21d0 [ 512.940993] tcp_send_loss_probe+0x6a2/0xc00 [ 512.945393] tcp_write_timer_handler+0x691/0xe80 [ 512.950142] tcp_write_timer+0x139/0x250 [ 512.954204] call_timer_fn+0x356/0x7c0 [ 512.958085] __run_timers+0xe95/0x1300 [ 512.961964] run_timer_softirq+0x55/0xa0 [ 512.966019] __do_softirq+0x721/0xc7f [ 512.969801] [ 512.971415] Uninit was stored to memory at: [ 512.975730] kmsan_internal_chain_origin+0x136/0x240 [ 512.980826] __msan_chain_origin+0x6d/0xb0 [ 512.985051] __save_stack_trace+0x8be/0xc60 [ 512.989363] save_stack_trace+0xc6/0x110 [ 512.993419] kmsan_internal_chain_origin+0x136/0x240 [ 512.998517] kmsan_memcpy_origins+0x13d/0x190 [ 513.003002] __msan_memcpy+0x6f/0x80 [ 513.006710] pskb_expand_head+0x436/0x1d20 [ 513.010937] tcp_fragment+0x378/0x21d0 [ 513.014817] tcp_send_loss_probe+0x6a2/0xc00 [ 513.019217] tcp_write_timer_handler+0x691/0xe80 [ 513.023967] tcp_write_timer+0x139/0x250 [ 513.028016] call_timer_fn+0x356/0x7c0 [ 513.031897] __run_timers+0xe95/0x1300 [ 513.035778] run_timer_softirq+0x55/0xa0 [ 513.040558] __do_softirq+0x721/0xc7f [ 513.044346] [ 513.045960] Uninit was stored to memory at: [ 513.050577] kmsan_internal_chain_origin+0x136/0x240 [ 513.055677] __msan_chain_origin+0x6d/0xb0 [ 513.059906] __save_stack_trace+0x8be/0xc60 [ 513.064237] save_stack_trace+0xc6/0x110 [ 513.068290] kmsan_internal_chain_origin+0x136/0x240 [ 513.073382] kmsan_memcpy_origins+0x13d/0x190 [ 513.077888] __msan_memcpy+0x6f/0x80 [ 513.081600] pskb_expand_head+0x436/0x1d20 [ 513.085845] tcp_fragment+0x378/0x21d0 [ 513.089722] tcp_send_loss_probe+0x6a2/0xc00 [ 513.094121] tcp_write_timer_handler+0x691/0xe80 [ 513.098866] tcp_write_timer+0x139/0x250 [ 513.102919] call_timer_fn+0x356/0x7c0 03:47:13 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') preadv(r0, &(0x7f0000000940)=[{&(0x7f0000000500)=""/112, 0xfffffd73}], 0x1, 0x0) [ 513.106805] __run_timers+0xe95/0x1300 [ 513.110682] run_timer_softirq+0x55/0xa0 [ 513.114732] __do_softirq+0x721/0xc7f [ 513.118515] [ 513.120130] Local variable description: ----__ai_new.i@sched_clock_cpu [ 513.126778] Variable was created at: [ 513.130488] sched_clock_cpu+0x75/0x770 [ 513.134450] try_to_wake_up+0x15c4/0x24c0 03:47:13 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x100000000, 0x40000) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r1 = open(&(0x7f0000000200)='./file0\x00', 0x2000, 0x0) r2 = inotify_add_watch(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) inotify_rm_watch(r1, r2) r3 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x304a8d9, 0x2800) ioctl$SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f0000000380)) ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f0000000140)={0x0, 0x80a, [], @bt={0x8dc, 0x682c8ff2, 0x7, 0x3, 0xec, 0x2, 0x4, 0xa}}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000280)=[@in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e20, 0x5, @local, 0x13}, @in6={0xa, 0x4e20, 0x1, @ipv4={[], [], @local}, 0xfffffffffffffffb}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x18}}, @in6={0xa, 0x4e22, 0x8000, @loopback}, @in={0x2, 0x4e21}, @in={0x2, 0x4e20, @multicast1}, @in6={0xa, 0x4e23, 0x1000, @mcast2, 0xee}, @in={0x2, 0x4e21}, @in6={0xa, 0x4e20, 0x100000001, @empty, 0x4}], 0xdc) 03:47:13 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:13 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 513.547175] not chained 560000 origins [ 513.551099] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.20.0-rc2+ #85 [ 513.557870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.567245] Call Trace: [ 513.569845] dump_stack+0x32d/0x480 [ 513.573489] kmsan_internal_chain_origin+0x222/0x240 [ 513.578610] ? ret_from_fork+0x35/0x40 [ 513.582518] ? save_stack_trace+0xc6/0x110 [ 513.586755] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 513.591886] ? kmsan_internal_chain_origin+0x90/0x240 [ 513.597090] ? task_kmsan_context_state+0x51/0x90 [ 513.601944] ? __msan_get_context_state+0x9/0x20 [ 513.606710] ? __kernel_text_address+0x19/0x350 [ 513.611377] ? ret_from_fork+0x35/0x40 [ 513.615277] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 513.620749] ? in_task_stack+0x12c/0x210 [ 513.624829] __msan_chain_origin+0x6d/0xb0 [ 513.629070] ? ipv6_rcv+0x34b/0x3f0 [ 513.632703] __save_stack_trace+0x8be/0xc60 [ 513.637044] ? ipv6_rcv+0x34b/0x3f0 [ 513.640975] save_stack_trace+0xc6/0x110 [ 513.645051] kmsan_internal_chain_origin+0x136/0x240 [ 513.650179] ? __do_softirq+0x721/0xc7f [ 513.654178] ? kmsan_internal_chain_origin+0x136/0x240 [ 513.659456] ? kmsan_memcpy_origins+0x13d/0x190 [ 513.664130] ? __msan_memcpy+0x6f/0x80 [ 513.668035] ? pskb_expand_head+0x436/0x1d20 [ 513.672451] ? skb_shift+0xfc3/0x2d10 [ 513.676264] ? tcp_sacktag_walk+0x2156/0x29d0 [ 513.680771] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 513.685895] ? tcp_ack+0x2888/0xa010 [ 513.689607] ? tcp_rcv_established+0xf7e/0x2940 [ 513.694289] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 513.698443] ? tcp_v6_rcv+0x5a52/0x5df0 [ 513.702426] ? ip6_input_finish+0xb53/0x2450 [ 513.706834] ? ip6_input+0x29d/0x340 [ 513.710551] ? ip6_rcv_finish+0x4d2/0x710 [ 513.714697] ? ipv6_rcv+0x34b/0x3f0 [ 513.718327] ? process_backlog+0x82b/0x11e0 [ 513.722652] ? net_rx_action+0x98f/0x1d50 [ 513.726802] ? __do_softirq+0x721/0xc7f [ 513.730790] ? run_ksoftirqd+0x37/0x60 [ 513.734690] ? smpboot_thread_fn+0x69c/0xb30 [ 513.739401] ? kthread+0x5e7/0x620 [ 513.742966] ? ret_from_fork+0x35/0x40 [ 513.746877] ? __msan_get_context_state+0x9/0x20 [ 513.751636] ? INIT_INT+0xc/0x30 [ 513.755006] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 513.760388] kmsan_memcpy_origins+0x13d/0x190 [ 513.764915] __msan_memcpy+0x6f/0x80 [ 513.768642] pskb_expand_head+0x436/0x1d20 [ 513.772897] skb_shift+0xfc3/0x2d10 [ 513.776553] tcp_sacktag_walk+0x2156/0x29d0 [ 513.780903] tcp_sacktag_write_queue+0x2805/0x4630 [ 513.785875] tcp_ack+0x2888/0xa010 [ 513.789418] ? tcp_parse_options+0xbe/0x1cf0 [ 513.793838] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 513.799293] ? tcp_parse_options+0x1c55/0x1cf0 [ 513.803947] tcp_rcv_established+0xf7e/0x2940 [ 513.808553] tcp_v6_do_rcv+0x9f8/0x21b0 [ 513.812548] tcp_v6_rcv+0x5a52/0x5df0 [ 513.816361] ? __msan_poison_alloca+0x1e0/0x270 [ 513.821073] ? tcp_v6_early_demux+0xc80/0xc80 [ 513.825571] ? tcp_v6_early_demux+0xc80/0xc80 [ 513.830076] ip6_input_finish+0xb53/0x2450 [ 513.834338] ? ip6_input_finish+0x13e1/0x2450 [ 513.839124] ip6_input+0x29d/0x340 [ 513.842675] ? ip6_input+0x340/0x340 [ 513.846395] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 513.850815] ip6_rcv_finish+0x4d2/0x710 [ 513.854812] ipv6_rcv+0x34b/0x3f0 [ 513.858284] ? dst_hold+0x5e0/0x5e0 [ 513.861926] process_backlog+0x82b/0x11e0 [ 513.866083] ? ip6_rcv_finish+0x710/0x710 [ 513.870247] ? rps_trigger_softirq+0x2e0/0x2e0 [ 513.874836] net_rx_action+0x98f/0x1d50 [ 513.878833] ? net_tx_action+0xf20/0xf20 [ 513.882903] __do_softirq+0x721/0xc7f [ 513.886717] ? ksoftirqd_should_run+0x50/0x50 [ 513.891224] run_ksoftirqd+0x37/0x60 [ 513.894945] smpboot_thread_fn+0x69c/0xb30 [ 513.899204] kthread+0x5e7/0x620 [ 513.902575] ? cpu_report_death+0x4a0/0x4a0 [ 513.906906] ? INIT_BOOL+0x30/0x30 [ 513.910469] ret_from_fork+0x35/0x40 [ 513.914207] Uninit was stored to memory at: [ 513.918541] kmsan_internal_chain_origin+0x136/0x240 [ 513.923649] __msan_chain_origin+0x6d/0xb0 [ 513.927889] __save_stack_trace+0x8be/0xc60 [ 513.932217] save_stack_trace+0xc6/0x110 [ 513.936281] kmsan_internal_chain_origin+0x136/0x240 [ 513.941719] kmsan_memcpy_origins+0x13d/0x190 [ 513.946221] __msan_memcpy+0x6f/0x80 [ 513.949939] pskb_expand_head+0x436/0x1d20 [ 513.954183] skb_shift+0xce2/0x2d10 [ 513.957816] tcp_sacktag_walk+0x2156/0x29d0 [ 513.962137] tcp_sacktag_write_queue+0x2805/0x4630 [ 513.967076] tcp_ack+0x2888/0xa010 [ 513.970625] tcp_rcv_established+0xf7e/0x2940 [ 513.975132] tcp_v6_do_rcv+0x9f8/0x21b0 [ 513.979118] tcp_v6_rcv+0x5a52/0x5df0 [ 513.982930] ip6_input_finish+0xb53/0x2450 [ 513.987180] ip6_input+0x29d/0x340 [ 513.990728] ip6_rcv_finish+0x4d2/0x710 [ 513.994713] ipv6_rcv+0x34b/0x3f0 03:47:14 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000040)='syzkaller0\x00') preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:14 executing program 1: [ 513.998183] process_backlog+0x82b/0x11e0 [ 514.002340] net_rx_action+0x98f/0x1d50 [ 514.006324] __do_softirq+0x721/0xc7f [ 514.010120] [ 514.011750] Uninit was stored to memory at: [ 514.016178] kmsan_internal_chain_origin+0x136/0x240 [ 514.021292] __msan_chain_origin+0x6d/0xb0 [ 514.025536] __save_stack_trace+0x8be/0xc60 [ 514.029866] save_stack_trace+0xc6/0x110 [ 514.033944] kmsan_internal_chain_origin+0x136/0x240 [ 514.039446] kmsan_memcpy_origins+0x13d/0x190 [ 514.043954] __msan_memcpy+0x6f/0x80 [ 514.047674] pskb_expand_head+0x436/0x1d20 [ 514.051904] skb_shift+0xce2/0x2d10 [ 514.055531] tcp_sacktag_walk+0x2156/0x29d0 [ 514.059851] tcp_sacktag_write_queue+0x2805/0x4630 [ 514.064771] tcp_ack+0x2888/0xa010 [ 514.068297] tcp_rcv_established+0xf7e/0x2940 [ 514.072780] tcp_v6_do_rcv+0x9f8/0x21b0 [ 514.076748] tcp_v6_rcv+0x5a52/0x5df0 [ 514.080554] ip6_input_finish+0xb53/0x2450 [ 514.084805] ip6_input+0x29d/0x340 [ 514.088339] ip6_rcv_finish+0x4d2/0x710 [ 514.092319] ipv6_rcv+0x34b/0x3f0 [ 514.095773] process_backlog+0x82b/0x11e0 [ 514.099907] net_rx_action+0x98f/0x1d50 [ 514.103871] __do_softirq+0x721/0xc7f [ 514.107654] [ 514.109265] Uninit was stored to memory at: [ 514.113584] kmsan_internal_chain_origin+0x136/0x240 [ 514.118792] __msan_chain_origin+0x6d/0xb0 [ 514.123039] __save_stack_trace+0x8be/0xc60 [ 514.127382] save_stack_trace+0xc6/0x110 [ 514.131451] kmsan_internal_chain_origin+0x136/0x240 [ 514.136564] kmsan_memcpy_origins+0x13d/0x190 [ 514.141371] __msan_memcpy+0x6f/0x80 [ 514.145074] pskb_expand_head+0x436/0x1d20 [ 514.149313] skb_shift+0xce2/0x2d10 [ 514.152927] tcp_sacktag_walk+0x2156/0x29d0 [ 514.157234] tcp_sacktag_write_queue+0x2805/0x4630 [ 514.162155] tcp_ack+0x2888/0xa010 [ 514.165717] tcp_rcv_established+0xf7e/0x2940 [ 514.170211] tcp_v6_do_rcv+0x9f8/0x21b0 [ 514.174190] tcp_v6_rcv+0x5a52/0x5df0 [ 514.178016] ip6_input_finish+0xb53/0x2450 [ 514.182258] ip6_input+0x29d/0x340 [ 514.185817] ip6_rcv_finish+0x4d2/0x710 [ 514.189782] ipv6_rcv+0x34b/0x3f0 [ 514.193227] process_backlog+0x82b/0x11e0 [ 514.197367] net_rx_action+0x98f/0x1d50 [ 514.201335] __do_softirq+0x721/0xc7f [ 514.205121] [ 514.206738] Uninit was stored to memory at: [ 514.211050] kmsan_internal_chain_origin+0x136/0x240 [ 514.216182] __msan_chain_origin+0x6d/0xb0 [ 514.220413] __save_stack_trace+0x8be/0xc60 [ 514.224730] save_stack_trace+0xc6/0x110 [ 514.228785] kmsan_internal_chain_origin+0x136/0x240 [ 514.233882] kmsan_memcpy_origins+0x13d/0x190 [ 514.238686] __msan_memcpy+0x6f/0x80 [ 514.242394] pskb_expand_head+0x436/0x1d20 [ 514.246621] skb_shift+0xce2/0x2d10 [ 514.250240] tcp_sacktag_walk+0x2156/0x29d0 [ 514.254551] tcp_sacktag_write_queue+0x2805/0x4630 [ 514.259467] tcp_ack+0x2888/0xa010 [ 514.262997] tcp_rcv_established+0xf7e/0x2940 [ 514.267483] tcp_v6_do_rcv+0x9f8/0x21b0 [ 514.271448] tcp_v6_rcv+0x5a52/0x5df0 [ 514.275244] ip6_input_finish+0xb53/0x2450 [ 514.279479] ip6_input+0x29d/0x340 [ 514.283024] ip6_rcv_finish+0x4d2/0x710 [ 514.286986] ipv6_rcv+0x34b/0x3f0 [ 514.290439] process_backlog+0x82b/0x11e0 [ 514.294579] net_rx_action+0x98f/0x1d50 [ 514.298544] __do_softirq+0x721/0xc7f [ 514.302325] [ 514.303934] Uninit was stored to memory at: [ 514.308247] kmsan_internal_chain_origin+0x136/0x240 [ 514.313343] __msan_chain_origin+0x6d/0xb0 [ 514.317580] __save_stack_trace+0x8be/0xc60 [ 514.321894] save_stack_trace+0xc6/0x110 [ 514.325959] kmsan_internal_chain_origin+0x136/0x240 [ 514.331053] kmsan_memcpy_origins+0x13d/0x190 [ 514.335543] __msan_memcpy+0x6f/0x80 [ 514.339605] pskb_expand_head+0x436/0x1d20 [ 514.343831] skb_shift+0xce2/0x2d10 [ 514.347450] tcp_sacktag_walk+0x2156/0x29d0 [ 514.351759] tcp_sacktag_write_queue+0x2805/0x4630 [ 514.356680] tcp_ack+0x2888/0xa010 [ 514.360302] tcp_rcv_established+0xf7e/0x2940 [ 514.364793] tcp_v6_do_rcv+0x9f8/0x21b0 [ 514.368756] tcp_v6_rcv+0x5a52/0x5df0 [ 514.372560] ip6_input_finish+0xb53/0x2450 [ 514.376786] ip6_input+0x29d/0x340 [ 514.380318] ip6_rcv_finish+0x4d2/0x710 [ 514.384281] ipv6_rcv+0x34b/0x3f0 [ 514.387729] process_backlog+0x82b/0x11e0 [ 514.391873] net_rx_action+0x98f/0x1d50 [ 514.395839] __do_softirq+0x721/0xc7f [ 514.399622] [ 514.401235] Uninit was stored to memory at: [ 514.405562] kmsan_internal_chain_origin+0x136/0x240 [ 514.410658] __msan_chain_origin+0x6d/0xb0 [ 514.414885] __save_stack_trace+0x8be/0xc60 [ 514.419197] save_stack_trace+0xc6/0x110 [ 514.423253] kmsan_internal_chain_origin+0x136/0x240 [ 514.428350] kmsan_memcpy_origins+0x13d/0x190 [ 514.432836] __msan_memcpy+0x6f/0x80 [ 514.436541] pskb_expand_head+0x436/0x1d20 [ 514.441115] skb_shift+0xce2/0x2d10 [ 514.444737] tcp_sacktag_walk+0x2156/0x29d0 [ 514.449050] tcp_sacktag_write_queue+0x2805/0x4630 [ 514.453968] tcp_ack+0x2888/0xa010 [ 514.457500] tcp_rcv_established+0xf7e/0x2940 [ 514.461989] tcp_v6_do_rcv+0x9f8/0x21b0 [ 514.465950] tcp_v6_rcv+0x5a52/0x5df0 [ 514.469740] ip6_input_finish+0xb53/0x2450 [ 514.473970] ip6_input+0x29d/0x340 [ 514.477503] ip6_rcv_finish+0x4d2/0x710 [ 514.481467] ipv6_rcv+0x34b/0x3f0 [ 514.484908] process_backlog+0x82b/0x11e0 [ 514.489047] net_rx_action+0x98f/0x1d50 [ 514.493016] __do_softirq+0x721/0xc7f [ 514.496798] [ 514.498411] Uninit was stored to memory at: [ 514.502731] kmsan_internal_chain_origin+0x136/0x240 [ 514.507839] __msan_chain_origin+0x6d/0xb0 [ 514.512067] __save_stack_trace+0x8be/0xc60 [ 514.516380] save_stack_trace+0xc6/0x110 [ 514.520439] kmsan_internal_chain_origin+0x136/0x240 [ 514.525537] kmsan_memcpy_origins+0x13d/0x190 [ 514.530029] __msan_memcpy+0x6f/0x80 [ 514.533735] pskb_expand_head+0x436/0x1d20 [ 514.538244] skb_shift+0xce2/0x2d10 [ 514.541865] tcp_sacktag_walk+0x2156/0x29d0 [ 514.546184] tcp_sacktag_write_queue+0x2805/0x4630 [ 514.551103] tcp_ack+0x2888/0xa010 [ 514.554638] tcp_rcv_established+0xf7e/0x2940 [ 514.559123] tcp_v6_do_rcv+0x9f8/0x21b0 [ 514.563087] tcp_v6_rcv+0x5a52/0x5df0 [ 514.566877] ip6_input_finish+0xb53/0x2450 [ 514.571103] ip6_input+0x29d/0x340 [ 514.574634] ip6_rcv_finish+0x4d2/0x710 [ 514.578599] ipv6_rcv+0x34b/0x3f0 [ 514.582045] process_backlog+0x82b/0x11e0 [ 514.586191] net_rx_action+0x98f/0x1d50 [ 514.590155] __do_softirq+0x721/0xc7f [ 514.593947] [ 514.595562] Local variable description: ----again@__dev_queue_xmit [ 514.601861] Variable was created at: [ 514.606013] __dev_queue_xmit+0x124/0x3e00 [ 514.610236] dev_queue_xmit+0x4b/0x60 03:47:14 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x8, 0x40000) write$UHID_CREATE2(r0, &(0x7f0000000440)={0xb, 'syz1\x00', 'syz1\x00', 'syz1\x00', 0x47, 0x1, 0x1d, 0x100000000, 0x8, 0x81, "ecd479211407c13d7fe6d043e64c2670b77f9a4f97336afdaf43851e08f433f269bd14f0386936d2141ed82cae4441cf19df339571c7416ac2514a14fa7d0ebdffa822e6e6c23c"}, 0x15f) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r2 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r2, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r2, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r2, 0x3) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r3, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:15 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x100) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000140)={0x5, {{0x2, 0x4e22, @broadcast}}}, 0x88) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000040)={0x10, 0x1, 0x8, 0x19, 0x9, 0x400, 0x0, 0xab, 0x1}) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:15 executing program 1: 03:47:15 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:15 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl(0xffffffffffffffff, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) [ 515.358477] not chained 570000 origins [ 515.362420] CPU: 0 PID: 13638 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 515.369689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.379037] Call Trace: [ 515.381610] [ 515.383764] dump_stack+0x32d/0x480 [ 515.387405] kmsan_internal_chain_origin+0x222/0x240 [ 515.392512] ? __local_bh_enable_ip+0x11f/0x260 [ 515.397198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 515.402815] ? __module_address+0x6a/0x5f0 [ 515.407042] ? is_bpf_text_address+0x3e5/0x4d0 [ 515.411882] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 515.417233] ? is_bpf_text_address+0x49e/0x4d0 [ 515.421813] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 515.427178] ? __module_address+0x6a/0x5f0 [ 515.431414] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 515.436861] ? in_task_stack+0x12c/0x210 [ 515.441279] ? get_stack_info+0x206/0x220 [ 515.445433] __msan_chain_origin+0x6d/0xb0 [ 515.449664] ? inet6_csk_xmit+0x3e0/0x4f0 [ 515.453809] __save_stack_trace+0x8be/0xc60 [ 515.458140] ? inet6_csk_xmit+0x3e0/0x4f0 [ 515.462306] save_stack_trace+0xc6/0x110 [ 515.466363] kmsan_internal_chain_origin+0x136/0x240 [ 515.471457] ? local_bh_enable+0x36/0x40 [ 515.475520] ? __sk_flush_backlog+0x52/0x70 [ 515.479836] ? kmsan_internal_chain_origin+0x136/0x240 [ 515.485106] ? kmsan_memcpy_origins+0x13d/0x190 [ 515.489768] ? __msan_memcpy+0x6f/0x80 [ 515.493647] ? pskb_expand_head+0x436/0x1d20 [ 515.498051] ? ___pskb_trim+0x3c9/0x1bf0 [ 515.502109] ? sk_filter_trim_cap+0x5ac/0xa60 [ 515.506612] ? tcp_filter+0x10c/0x260 [ 515.510429] ? tcp_v6_rcv+0x45ba/0x5df0 [ 515.514397] ? ip6_input_finish+0xb53/0x2450 [ 515.518802] ? ip6_input+0x29d/0x340 [ 515.522510] ? ip6_rcv_finish+0x4d2/0x710 [ 515.526650] ? ipv6_rcv+0x34b/0x3f0 [ 515.530274] ? process_backlog+0x82b/0x11e0 [ 515.534588] ? net_rx_action+0x98f/0x1d50 [ 515.539005] ? __do_softirq+0x721/0xc7f [ 515.542973] ? do_softirq_own_stack+0x49/0x80 [ 515.547464] ? __local_bh_enable_ip+0x228/0x260 [ 515.552124] ? local_bh_enable+0x36/0x40 [ 515.556183] ? ip6_finish_output2+0x1b1a/0x22d0 [ 515.560844] ? ip6_finish_output+0xc13/0xca0 [ 515.565245] ? ip6_output+0x5e4/0x720 [ 515.569037] ? ip6_xmit+0x216d/0x26a0 [ 515.572833] ? inet6_csk_xmit+0x3e0/0x4f0 [ 515.576973] ? __tcp_transmit_skb+0x425c/0x5e00 [ 515.581636] ? tcp_write_xmit+0x389a/0xacc0 [ 515.585953] ? __tcp_push_pending_frames+0x124/0x4e0 [ 515.591051] ? tcp_data_snd_check+0x1ec/0x1080 [ 515.595633] ? tcp_rcv_established+0x1bb2/0x2940 [ 515.600381] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 515.604525] ? __release_sock+0x32d/0x750 [ 515.608667] ? __sk_flush_backlog+0x52/0x70 [ 515.612984] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 515.617556] ? tcp_sendmsg+0xb2/0x100 [ 515.621357] ? inet_sendmsg+0x4e9/0x800 [ 515.625322] ? __sys_sendto+0x940/0xb80 [ 515.629288] ? __se_sys_sendto+0x107/0x130 [ 515.633516] ? __x64_sys_sendto+0x6e/0x90 [ 515.637656] ? do_syscall_64+0xcf/0x110 [ 515.641942] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 515.647321] ? __msan_get_context_state+0x9/0x20 [ 515.652068] ? INIT_INT+0xc/0x30 [ 515.655434] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 515.660796] kmsan_memcpy_origins+0x13d/0x190 [ 515.665298] __msan_memcpy+0x6f/0x80 [ 515.669011] pskb_expand_head+0x436/0x1d20 [ 515.673255] ___pskb_trim+0x3c9/0x1bf0 [ 515.677153] sk_filter_trim_cap+0x5ac/0xa60 [ 515.681492] tcp_filter+0x10c/0x260 [ 515.685119] tcp_v6_rcv+0x45ba/0x5df0 [ 515.688916] ? __msan_poison_alloca+0x1e0/0x270 [ 515.693607] ? tcp_v6_early_demux+0xc80/0xc80 [ 515.698107] ? tcp_v6_early_demux+0xc80/0xc80 [ 515.702596] ip6_input_finish+0xb53/0x2450 [ 515.706843] ? ip6_input_finish+0x13e1/0x2450 [ 515.711333] ip6_input+0x29d/0x340 [ 515.714869] ? ip6_input+0x340/0x340 [ 515.718576] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 515.722979] ip6_rcv_finish+0x4d2/0x710 [ 515.726949] ipv6_rcv+0x34b/0x3f0 [ 515.730402] ? dst_hold+0x5e0/0x5e0 [ 515.734029] process_backlog+0x82b/0x11e0 [ 515.738180] ? __msan_poison_alloca+0x1e0/0x270 [ 515.743151] ? ip6_rcv_finish+0x710/0x710 [ 515.747309] ? rps_trigger_softirq+0x2e0/0x2e0 [ 515.751898] net_rx_action+0x98f/0x1d50 [ 515.755885] ? net_tx_action+0xf20/0xf20 [ 515.759938] __do_softirq+0x721/0xc7f [ 515.763745] do_softirq_own_stack+0x49/0x80 [ 515.768051] [ 515.770282] __local_bh_enable_ip+0x228/0x260 [ 515.774774] local_bh_enable+0x36/0x40 [ 515.778654] ip6_finish_output2+0x1b1a/0x22d0 [ 515.783160] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 515.788526] ? ip6_mtu+0x289/0x330 [ 515.792063] ip6_finish_output+0xc13/0xca0 [ 515.796299] ip6_output+0x5e4/0x720 [ 515.800012] ? ip6_output+0x720/0x720 [ 515.803809] ? ac6_seq_show+0x200/0x200 [ 515.807791] ip6_xmit+0x216d/0x26a0 [ 515.811434] ? ip6_xmit+0x26a0/0x26a0 [ 515.815253] inet6_csk_xmit+0x3e0/0x4f0 [ 515.819235] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 515.824158] __tcp_transmit_skb+0x425c/0x5e00 [ 515.828682] tcp_write_xmit+0x389a/0xacc0 [ 515.832874] __tcp_push_pending_frames+0x124/0x4e0 [ 515.837817] tcp_data_snd_check+0x1ec/0x1080 [ 515.842546] tcp_rcv_established+0x1bb2/0x2940 [ 515.847138] tcp_v6_do_rcv+0x9f8/0x21b0 [ 515.851122] ? tcp_v6_destroy_sock+0x60/0x60 [ 515.855528] __release_sock+0x32d/0x750 [ 515.859507] __sk_flush_backlog+0x52/0x70 [ 515.863653] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 515.867880] tcp_sendmsg_locked+0xd72/0x6c30 [ 515.872296] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 515.877679] tcp_sendmsg+0xb2/0x100 [ 515.881307] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 515.885969] inet_sendmsg+0x4e9/0x800 [ 515.889779] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 515.895135] ? security_socket_sendmsg+0x1bd/0x200 [ 515.900067] ? inet_getname+0x490/0x490 [ 515.904032] __sys_sendto+0x940/0xb80 [ 515.907846] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 515.913291] ? prepare_exit_to_usermode+0x182/0x4c0 [ 515.918326] __se_sys_sendto+0x107/0x130 [ 515.922399] __x64_sys_sendto+0x6e/0x90 [ 515.926370] do_syscall_64+0xcf/0x110 [ 515.930178] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 515.935360] RIP: 0033:0x457569 [ 515.938552] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 515.957737] RSP: 002b:00007f66e0f8bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 515.965439] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 515.972702] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 515.979963] RBP: 000000000072bfa0 R08: 0000000020000080 R09: 000000000000001c [ 515.987224] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0f8c6d4 [ 515.994485] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 516.001771] Uninit was stored to memory at: [ 516.006091] kmsan_internal_chain_origin+0x136/0x240 [ 516.011188] __msan_chain_origin+0x6d/0xb0 [ 516.015418] __save_stack_trace+0x8be/0xc60 [ 516.019774] save_stack_trace+0xc6/0x110 [ 516.023826] kmsan_internal_chain_origin+0x136/0x240 [ 516.028919] kmsan_memcpy_origins+0x13d/0x190 [ 516.033408] __msan_memcpy+0x6f/0x80 [ 516.037121] pskb_expand_head+0x436/0x1d20 [ 516.041738] ___pskb_trim+0x3c9/0x1bf0 [ 516.045622] sk_filter_trim_cap+0x5ac/0xa60 [ 516.050175] tcp_filter+0x10c/0x260 [ 516.053811] tcp_v6_rcv+0x45ba/0x5df0 [ 516.057601] ip6_input_finish+0xb53/0x2450 [ 516.061826] ip6_input+0x29d/0x340 [ 516.065359] ip6_rcv_finish+0x4d2/0x710 [ 516.069348] ipv6_rcv+0x34b/0x3f0 [ 516.072824] process_backlog+0x82b/0x11e0 [ 516.076980] net_rx_action+0x98f/0x1d50 [ 516.080961] __do_softirq+0x721/0xc7f [ 516.084746] [ 516.086362] Uninit was stored to memory at: [ 516.090678] kmsan_internal_chain_origin+0x136/0x240 [ 516.095776] __msan_chain_origin+0x6d/0xb0 [ 516.100024] __save_stack_trace+0x8be/0xc60 [ 516.104339] save_stack_trace+0xc6/0x110 [ 516.108392] kmsan_internal_chain_origin+0x136/0x240 [ 516.113490] kmsan_memcpy_origins+0x13d/0x190 [ 516.117975] __msan_memcpy+0x6f/0x80 [ 516.121696] pskb_expand_head+0x436/0x1d20 [ 516.125922] ___pskb_trim+0x3c9/0x1bf0 [ 516.129803] sk_filter_trim_cap+0x5ac/0xa60 [ 516.134115] tcp_filter+0x10c/0x260 [ 516.137735] tcp_v6_rcv+0x45ba/0x5df0 [ 516.141880] ip6_input_finish+0xb53/0x2450 [ 516.146109] ip6_input+0x29d/0x340 [ 516.149639] ip6_rcv_finish+0x4d2/0x710 [ 516.153600] ipv6_rcv+0x34b/0x3f0 [ 516.157047] process_backlog+0x82b/0x11e0 [ 516.161196] net_rx_action+0x98f/0x1d50 [ 516.165172] __do_softirq+0x721/0xc7f [ 516.168954] [ 516.170572] Uninit was stored to memory at: [ 516.174886] kmsan_internal_chain_origin+0x136/0x240 [ 516.179981] __msan_chain_origin+0x6d/0xb0 [ 516.184206] __save_stack_trace+0x8be/0xc60 [ 516.188521] save_stack_trace+0xc6/0x110 [ 516.192574] kmsan_internal_chain_origin+0x136/0x240 [ 516.197668] kmsan_memcpy_origins+0x13d/0x190 [ 516.202159] __msan_memcpy+0x6f/0x80 [ 516.205874] pskb_expand_head+0x436/0x1d20 [ 516.210100] ___pskb_trim+0x3c9/0x1bf0 [ 516.213980] sk_filter_trim_cap+0x5ac/0xa60 [ 516.218294] tcp_filter+0x10c/0x260 [ 516.221911] tcp_v6_rcv+0x45ba/0x5df0 [ 516.225703] ip6_input_finish+0xb53/0x2450 [ 516.229927] ip6_input+0x29d/0x340 [ 516.233458] ip6_rcv_finish+0x4d2/0x710 [ 516.237539] ipv6_rcv+0x34b/0x3f0 [ 516.241326] process_backlog+0x82b/0x11e0 [ 516.245466] net_rx_action+0x98f/0x1d50 [ 516.249437] __do_softirq+0x721/0xc7f [ 516.253229] [ 516.254843] Uninit was stored to memory at: [ 516.259158] kmsan_internal_chain_origin+0x136/0x240 [ 516.264262] __msan_chain_origin+0x6d/0xb0 [ 516.268488] __save_stack_trace+0x8be/0xc60 [ 516.272801] save_stack_trace+0xc6/0x110 [ 516.276857] kmsan_internal_chain_origin+0x136/0x240 [ 516.281951] kmsan_memcpy_origins+0x13d/0x190 [ 516.286441] __msan_memcpy+0x6f/0x80 [ 516.290150] pskb_expand_head+0x436/0x1d20 [ 516.294387] ___pskb_trim+0x3c9/0x1bf0 [ 516.298266] sk_filter_trim_cap+0x5ac/0xa60 [ 516.302579] tcp_filter+0x10c/0x260 [ 516.306195] tcp_v6_rcv+0x45ba/0x5df0 [ 516.309988] ip6_input_finish+0xb53/0x2450 [ 516.314211] ip6_input+0x29d/0x340 [ 516.317740] ip6_rcv_finish+0x4d2/0x710 [ 516.321706] ipv6_rcv+0x34b/0x3f0 [ 516.325152] process_backlog+0x82b/0x11e0 [ 516.329294] net_rx_action+0x98f/0x1d50 [ 516.333259] __do_softirq+0x721/0xc7f [ 516.337057] [ 516.338985] Uninit was stored to memory at: [ 516.343294] kmsan_internal_chain_origin+0x136/0x240 [ 516.348387] __msan_chain_origin+0x6d/0xb0 [ 516.352613] __save_stack_trace+0x8be/0xc60 [ 516.356927] save_stack_trace+0xc6/0x110 [ 516.360982] kmsan_internal_chain_origin+0x136/0x240 [ 516.366183] kmsan_memcpy_origins+0x13d/0x190 [ 516.370670] __msan_memcpy+0x6f/0x80 [ 516.374390] pskb_expand_head+0x436/0x1d20 [ 516.378616] ___pskb_trim+0x3c9/0x1bf0 [ 516.382506] sk_filter_trim_cap+0x5ac/0xa60 [ 516.386821] tcp_filter+0x10c/0x260 [ 516.390442] tcp_v6_rcv+0x45ba/0x5df0 [ 516.394234] ip6_input_finish+0xb53/0x2450 [ 516.398457] ip6_input+0x29d/0x340 [ 516.401987] ip6_rcv_finish+0x4d2/0x710 [ 516.405950] ipv6_rcv+0x34b/0x3f0 [ 516.409390] process_backlog+0x82b/0x11e0 [ 516.413527] net_rx_action+0x98f/0x1d50 [ 516.417492] __do_softirq+0x721/0xc7f [ 516.421275] [ 516.422884] Uninit was stored to memory at: [ 516.427198] kmsan_internal_chain_origin+0x136/0x240 [ 516.432295] __msan_chain_origin+0x6d/0xb0 [ 516.436519] __save_stack_trace+0x8be/0xc60 [ 516.441155] save_stack_trace+0xc6/0x110 [ 516.445219] kmsan_internal_chain_origin+0x136/0x240 [ 516.450311] kmsan_memcpy_origins+0x13d/0x190 [ 516.454798] __msan_memcpy+0x6f/0x80 [ 516.458506] pskb_expand_head+0x436/0x1d20 [ 516.462733] ___pskb_trim+0x3c9/0x1bf0 [ 516.466611] sk_filter_trim_cap+0x5ac/0xa60 [ 516.470927] tcp_filter+0x10c/0x260 [ 516.474546] tcp_v6_rcv+0x45ba/0x5df0 [ 516.478427] ip6_input_finish+0xb53/0x2450 [ 516.482688] ip6_input+0x29d/0x340 [ 516.486218] ip6_rcv_finish+0x4d2/0x710 [ 516.490186] ipv6_rcv+0x34b/0x3f0 [ 516.493633] process_backlog+0x82b/0x11e0 [ 516.497772] net_rx_action+0x98f/0x1d50 [ 516.501736] __do_softirq+0x721/0xc7f [ 516.505520] [ 516.507134] Uninit was stored to memory at: [ 516.511470] kmsan_internal_chain_origin+0x136/0x240 [ 516.516568] __msan_chain_origin+0x6d/0xb0 [ 516.520799] __save_stack_trace+0x8be/0xc60 [ 516.525127] save_stack_trace+0xc6/0x110 [ 516.529189] kmsan_internal_chain_origin+0x136/0x240 [ 516.534282] kmsan_memcpy_origins+0x13d/0x190 [ 516.538964] __msan_memcpy+0x6f/0x80 [ 516.542671] pskb_expand_head+0x436/0x1d20 [ 516.546899] ___pskb_trim+0x3c9/0x1bf0 [ 516.550781] sk_filter_trim_cap+0x5ac/0xa60 [ 516.555094] tcp_filter+0x10c/0x260 [ 516.558708] tcp_v6_rcv+0x45ba/0x5df0 [ 516.562512] ip6_input_finish+0xb53/0x2450 [ 516.566735] ip6_input+0x29d/0x340 [ 516.570263] ip6_rcv_finish+0x4d2/0x710 [ 516.574238] ipv6_rcv+0x34b/0x3f0 [ 516.577680] process_backlog+0x82b/0x11e0 [ 516.581817] net_rx_action+0x98f/0x1d50 [ 516.585807] __do_softirq+0x721/0xc7f [ 516.589610] [ 516.591226] Local variable description: ----v.addr.i.i.i@should_fail [ 516.597704] Variable was created at: [ 516.601410] should_fail+0x14d/0x13c0 [ 516.605227] __should_failslab+0x278/0x2a0 [ 516.715234] not chained 580000 origins [ 516.719187] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.20.0-rc2+ #85 [ 516.725944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 516.735304] Call Trace: [ 516.737908] dump_stack+0x32d/0x480 [ 516.741891] kmsan_internal_chain_origin+0x222/0x240 [ 516.747027] ? ret_from_fork+0x35/0x40 [ 516.750934] ? save_stack_trace+0xc6/0x110 [ 516.755280] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 516.760402] ? kmsan_internal_chain_origin+0x90/0x240 [ 516.765630] ? task_kmsan_context_state+0x51/0x90 [ 516.770486] ? __msan_get_context_state+0x9/0x20 [ 516.775261] ? __kernel_text_address+0x19/0x350 [ 516.779935] ? ret_from_fork+0x35/0x40 [ 516.783835] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 516.789299] ? in_task_stack+0x12c/0x210 [ 516.793395] __msan_chain_origin+0x6d/0xb0 [ 516.797651] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 516.801811] __save_stack_trace+0x8be/0xc60 [ 516.806167] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 516.810328] save_stack_trace+0xc6/0x110 [ 516.814406] kmsan_internal_chain_origin+0x136/0x240 [ 516.819530] ? __do_softirq+0x721/0xc7f [ 516.823635] ? kmsan_internal_chain_origin+0x136/0x240 [ 516.828923] ? kmsan_memcpy_origins+0x13d/0x190 [ 516.833599] ? __msan_memcpy+0x6f/0x80 [ 516.837502] ? pskb_expand_head+0x436/0x1d20 [ 516.842217] ? skb_shift+0xce2/0x2d10 [ 516.846024] ? tcp_sacktag_walk+0x2156/0x29d0 [ 516.850523] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 516.855630] ? tcp_ack+0x2888/0xa010 [ 516.859354] ? tcp_rcv_established+0xf7e/0x2940 [ 516.864037] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 516.868202] ? tcp_v6_rcv+0x5a52/0x5df0 [ 516.872199] ? ip6_input_finish+0xb53/0x2450 [ 516.876616] ? ip6_input+0x29d/0x340 [ 516.880344] ? ip6_rcv_finish+0x4d2/0x710 [ 516.884501] ? ipv6_rcv+0x34b/0x3f0 [ 516.888141] ? process_backlog+0x82b/0x11e0 [ 516.892480] ? net_rx_action+0x98f/0x1d50 [ 516.896637] ? __do_softirq+0x721/0xc7f [ 516.900618] ? run_ksoftirqd+0x37/0x60 [ 516.904518] ? smpboot_thread_fn+0x69c/0xb30 [ 516.908939] ? kthread+0x5e7/0x620 [ 516.912487] ? ret_from_fork+0x35/0x40 [ 516.916426] ? __msan_get_context_state+0x9/0x20 [ 516.921197] ? INIT_INT+0xc/0x30 [ 516.924586] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 516.929975] kmsan_memcpy_origins+0x13d/0x190 [ 516.934485] __msan_memcpy+0x6f/0x80 [ 516.938213] pskb_expand_head+0x436/0x1d20 [ 516.942722] skb_shift+0xce2/0x2d10 [ 516.946394] tcp_sacktag_walk+0x2156/0x29d0 [ 516.950766] tcp_sacktag_write_queue+0x2805/0x4630 [ 516.955743] tcp_ack+0x2888/0xa010 [ 516.959287] ? tcp_parse_options+0xbe/0x1cf0 [ 516.963706] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 516.969174] ? tcp_parse_options+0x1c55/0x1cf0 [ 516.973816] tcp_rcv_established+0xf7e/0x2940 [ 516.978347] tcp_v6_do_rcv+0x9f8/0x21b0 [ 516.982350] tcp_v6_rcv+0x5a52/0x5df0 [ 516.986171] ? __msan_poison_alloca+0x1e0/0x270 [ 516.990889] ? tcp_v6_early_demux+0xc80/0xc80 [ 516.995394] ? tcp_v6_early_demux+0xc80/0xc80 [ 516.999906] ip6_input_finish+0xb53/0x2450 [ 517.004182] ? ip6_input_finish+0x13e1/0x2450 [ 517.008717] ip6_input+0x29d/0x340 [ 517.012294] ? ip6_input+0x340/0x340 [ 517.016021] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 517.020444] ip6_rcv_finish+0x4d2/0x710 [ 517.024453] ipv6_rcv+0x34b/0x3f0 [ 517.027925] ? dst_hold+0x5e0/0x5e0 [ 517.031569] process_backlog+0x82b/0x11e0 [ 517.035730] ? __msan_poison_alloca+0x1e0/0x270 [ 517.040753] ? ip6_rcv_finish+0x710/0x710 [ 517.044930] ? rps_trigger_softirq+0x2e0/0x2e0 [ 517.049528] net_rx_action+0x98f/0x1d50 [ 517.054007] ? net_tx_action+0xf20/0xf20 [ 517.058081] __do_softirq+0x721/0xc7f [ 517.061908] ? ksoftirqd_should_run+0x50/0x50 [ 517.066505] run_ksoftirqd+0x37/0x60 [ 517.070235] smpboot_thread_fn+0x69c/0xb30 [ 517.074496] kthread+0x5e7/0x620 [ 517.077866] ? cpu_report_death+0x4a0/0x4a0 [ 517.082205] ? INIT_BOOL+0x30/0x30 [ 517.085757] ret_from_fork+0x35/0x40 [ 517.089486] Uninit was stored to memory at: [ 517.093821] kmsan_internal_chain_origin+0x136/0x240 [ 517.098950] __msan_chain_origin+0x6d/0xb0 [ 517.103200] __save_stack_trace+0x8be/0xc60 [ 517.107533] save_stack_trace+0xc6/0x110 [ 517.111608] kmsan_internal_chain_origin+0x136/0x240 [ 517.116725] kmsan_memcpy_origins+0x13d/0x190 [ 517.121234] __msan_memcpy+0x6f/0x80 [ 517.124958] pskb_expand_head+0x436/0x1d20 [ 517.129201] skb_shift+0xce2/0x2d10 [ 517.132926] tcp_sacktag_walk+0x2156/0x29d0 [ 517.137262] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.142578] tcp_ack+0x2888/0xa010 [ 517.146135] tcp_rcv_established+0xf7e/0x2940 [ 517.150649] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.154644] tcp_v6_rcv+0x5a52/0x5df0 [ 517.158464] ip6_input_finish+0xb53/0x2450 [ 517.162705] ip6_input+0x29d/0x340 [ 517.166257] ip6_rcv_finish+0x4d2/0x710 [ 517.170243] ipv6_rcv+0x34b/0x3f0 [ 517.173712] process_backlog+0x82b/0x11e0 [ 517.177886] net_rx_action+0x98f/0x1d50 [ 517.181864] __do_softirq+0x721/0xc7f [ 517.185764] [ 517.187392] Uninit was stored to memory at: [ 517.191728] kmsan_internal_chain_origin+0x136/0x240 [ 517.196844] __msan_chain_origin+0x6d/0xb0 [ 517.201089] __save_stack_trace+0x8be/0xc60 [ 517.205434] save_stack_trace+0xc6/0x110 [ 517.209514] kmsan_internal_chain_origin+0x136/0x240 [ 517.214628] kmsan_memcpy_origins+0x13d/0x190 [ 517.219434] __msan_memcpy+0x6f/0x80 [ 517.223170] pskb_expand_head+0x436/0x1d20 [ 517.227431] skb_shift+0xce2/0x2d10 [ 517.231070] tcp_sacktag_walk+0x2156/0x29d0 [ 517.235401] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.240975] tcp_ack+0x2888/0xa010 [ 517.244522] tcp_rcv_established+0xf7e/0x2940 [ 517.249030] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.253026] tcp_v6_rcv+0x5a52/0x5df0 [ 517.256833] ip6_input_finish+0xb53/0x2450 [ 517.261076] ip6_input+0x29d/0x340 [ 517.264707] ip6_rcv_finish+0x4d2/0x710 [ 517.268695] ipv6_rcv+0x34b/0x3f0 [ 517.272174] process_backlog+0x82b/0x11e0 [ 517.276333] net_rx_action+0x98f/0x1d50 [ 517.280314] __do_softirq+0x721/0xc7f [ 517.284111] [ 517.285736] Uninit was stored to memory at: [ 517.290072] kmsan_internal_chain_origin+0x136/0x240 [ 517.295195] __msan_chain_origin+0x6d/0xb0 [ 517.299442] __save_stack_trace+0x8be/0xc60 [ 517.303769] save_stack_trace+0xc6/0x110 [ 517.307840] kmsan_internal_chain_origin+0x136/0x240 [ 517.312966] kmsan_memcpy_origins+0x13d/0x190 [ 517.317472] __msan_memcpy+0x6f/0x80 [ 517.321205] pskb_expand_head+0x436/0x1d20 [ 517.325454] skb_shift+0xce2/0x2d10 [ 517.329091] tcp_sacktag_walk+0x2156/0x29d0 [ 517.333429] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.338371] tcp_ack+0x2888/0xa010 [ 517.342293] tcp_rcv_established+0xf7e/0x2940 [ 517.346797] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.350778] tcp_v6_rcv+0x5a52/0x5df0 [ 517.354585] ip6_input_finish+0xb53/0x2450 [ 517.358827] ip6_input+0x29d/0x340 [ 517.362372] ip6_rcv_finish+0x4d2/0x710 [ 517.366356] ipv6_rcv+0x34b/0x3f0 [ 517.369826] process_backlog+0x82b/0x11e0 [ 517.373990] net_rx_action+0x98f/0x1d50 [ 517.377975] __do_softirq+0x721/0xc7f [ 517.381774] [ 517.383406] Uninit was stored to memory at: [ 517.387837] kmsan_internal_chain_origin+0x136/0x240 [ 517.392956] __msan_chain_origin+0x6d/0xb0 [ 517.397212] __save_stack_trace+0x8be/0xc60 [ 517.401542] save_stack_trace+0xc6/0x110 [ 517.405616] kmsan_internal_chain_origin+0x136/0x240 [ 517.410738] kmsan_memcpy_origins+0x13d/0x190 03:47:16 executing program 1: 03:47:16 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) fsetxattr$security_smack_entry(r0, &(0x7f0000000000)='security.SMACK64IPOUT\x00', &(0x7f0000000040)='%&\x00', 0x3, 0x3) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:17 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 517.415245] __msan_memcpy+0x6f/0x80 [ 517.418976] pskb_expand_head+0x436/0x1d20 [ 517.423238] skb_shift+0xce2/0x2d10 [ 517.426876] tcp_sacktag_walk+0x2156/0x29d0 [ 517.431209] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.436152] tcp_ack+0x2888/0xa010 [ 517.439971] tcp_rcv_established+0xf7e/0x2940 [ 517.444456] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.448418] tcp_v6_rcv+0x5a52/0x5df0 [ 517.452223] ip6_input_finish+0xb53/0x2450 [ 517.456446] ip6_input+0x29d/0x340 [ 517.459979] ip6_rcv_finish+0x4d2/0x710 [ 517.463947] ipv6_rcv+0x34b/0x3f0 [ 517.467395] process_backlog+0x82b/0x11e0 [ 517.471537] net_rx_action+0x98f/0x1d50 [ 517.475502] __do_softirq+0x721/0xc7f [ 517.479287] [ 517.480899] Uninit was stored to memory at: [ 517.485215] kmsan_internal_chain_origin+0x136/0x240 [ 517.490312] __msan_chain_origin+0x6d/0xb0 [ 517.494543] __save_stack_trace+0x8be/0xc60 [ 517.498858] save_stack_trace+0xc6/0x110 [ 517.502913] kmsan_internal_chain_origin+0x136/0x240 [ 517.508020] kmsan_memcpy_origins+0x13d/0x190 [ 517.512506] __msan_memcpy+0x6f/0x80 [ 517.516210] pskb_expand_head+0x436/0x1d20 [ 517.520441] skb_shift+0xce2/0x2d10 [ 517.524059] tcp_sacktag_walk+0x2156/0x29d0 [ 517.528374] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.533293] tcp_ack+0x2888/0xa010 [ 517.536822] tcp_rcv_established+0xf7e/0x2940 [ 517.541661] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.545633] tcp_v6_rcv+0x5a52/0x5df0 [ 517.549427] ip6_input_finish+0xb53/0x2450 [ 517.553650] ip6_input+0x29d/0x340 [ 517.557188] ip6_rcv_finish+0x4d2/0x710 [ 517.561150] ipv6_rcv+0x34b/0x3f0 [ 517.564605] process_backlog+0x82b/0x11e0 [ 517.568746] net_rx_action+0x98f/0x1d50 [ 517.572711] __do_softirq+0x721/0xc7f [ 517.576497] [ 517.578109] Uninit was stored to memory at: [ 517.582431] kmsan_internal_chain_origin+0x136/0x240 [ 517.587527] __msan_chain_origin+0x6d/0xb0 [ 517.591756] __save_stack_trace+0x8be/0xc60 [ 517.596070] save_stack_trace+0xc6/0x110 [ 517.600134] kmsan_internal_chain_origin+0x136/0x240 [ 517.605250] kmsan_memcpy_origins+0x13d/0x190 [ 517.609738] __msan_memcpy+0x6f/0x80 [ 517.613447] pskb_expand_head+0x436/0x1d20 [ 517.617672] skb_shift+0xce2/0x2d10 [ 517.621293] tcp_sacktag_walk+0x2156/0x29d0 [ 517.625606] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.630534] tcp_ack+0x2888/0xa010 [ 517.634064] tcp_rcv_established+0xf7e/0x2940 [ 517.638553] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.642857] tcp_v6_rcv+0x5a52/0x5df0 [ 517.646650] ip6_input_finish+0xb53/0x2450 [ 517.650875] ip6_input+0x29d/0x340 [ 517.654410] ip6_rcv_finish+0x4d2/0x710 [ 517.658384] ipv6_rcv+0x34b/0x3f0 [ 517.661833] process_backlog+0x82b/0x11e0 [ 517.665973] net_rx_action+0x98f/0x1d50 [ 517.669938] __do_softirq+0x721/0xc7f [ 517.673724] [ 517.675338] Uninit was stored to memory at: [ 517.679651] kmsan_internal_chain_origin+0x136/0x240 [ 517.684745] __msan_chain_origin+0x6d/0xb0 [ 517.688973] __save_stack_trace+0x8be/0xc60 [ 517.693288] save_stack_trace+0xc6/0x110 [ 517.697343] kmsan_internal_chain_origin+0x136/0x240 [ 517.702441] kmsan_memcpy_origins+0x13d/0x190 [ 517.706929] __msan_memcpy+0x6f/0x80 [ 517.710636] pskb_expand_head+0x436/0x1d20 [ 517.714861] skb_shift+0xce2/0x2d10 [ 517.718495] tcp_sacktag_walk+0x2156/0x29d0 [ 517.722807] tcp_sacktag_write_queue+0x2805/0x4630 [ 517.727812] tcp_ack+0x2888/0xa010 [ 517.731343] tcp_rcv_established+0xf7e/0x2940 [ 517.735850] tcp_v6_do_rcv+0x9f8/0x21b0 [ 517.740181] tcp_v6_rcv+0x5a52/0x5df0 [ 517.743976] ip6_input_finish+0xb53/0x2450 [ 517.748200] ip6_input+0x29d/0x340 [ 517.751732] ip6_rcv_finish+0x4d2/0x710 [ 517.755697] ipv6_rcv+0x34b/0x3f0 [ 517.759141] process_backlog+0x82b/0x11e0 [ 517.763291] net_rx_action+0x98f/0x1d50 [ 517.767255] __do_softirq+0x721/0xc7f [ 517.771075] [ 517.772691] Local variable description: ----again@__dev_queue_xmit [ 517.778991] Variable was created at: [ 517.782697] __dev_queue_xmit+0x124/0x3e00 [ 517.786922] dev_queue_xmit+0x4b/0x60 03:47:17 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}], 0x1, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xc, 0xe, &(0x7f0000000240)=ANY=[@ANYBLOB="b702000013000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000002b000000b70000000000000095000000000000003b0b"], &(0x7f00000000c0)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0x1000, &(0x7f0000000040)="e84373f460e0f11c39f9b7a31ba2", &(0x7f0000000500)=""/4096, 0x1283}, 0x28) 03:47:17 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:17 executing program 5: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x800, 0x0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="00fbdd05015e45b0a668e58870ccb5ab2ae934c4636321b982c386aea84c174e0e81e69db6362e29a0dfaa32cf3ed4a8da01470f7a6600f2704138e372d11a010062595e2f59dee16da50a972de1ec9f8ad775862b94d0894e2f336275855348d30802b1be29af7777241e87f04d37a137efdc7114fe68d264ff2e3b3d0a79f67b3017c6f3feb44a8ef4ea1eeb54bd240cffb15404d6aab8a67cd27b134ffd00c72987597a2d3d351f7c927f328c4652ed44a64e76f914d519b0f26a72089db15867f4f5798859d4c4e71eae53fd18003bf63add0300000000000000000000000000"], 0xdd, 0x1) r1 = socket$inet6(0xa, 0x805, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000240)={0x8, 0x8, 0x6}) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r1, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:18 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = creat(&(0x7f0000000280)='./file0\x00', 0x20) setsockopt$sock_int(r0, 0x1, 0x2d, &(0x7f0000000300)=0xff, 0x4) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000002c0)=0x1000, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r2 = open(&(0x7f0000000040)='./file0\x00', 0x80000, 0x80) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x80}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000200)={r3, 0x0, 0x81, 0x2}, &(0x7f0000000240)=0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r4, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r4, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r4, 0x7) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r5, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:18 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) epoll_wait(r0, &(0x7f0000000040)=[{}, {}, {}, {}, {}], 0x5, 0x6) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:18 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:18 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:18 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x153001, 0x0) setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f00000000c0), 0x4) syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000280)="f30f2b90f70f0000b9c6020000b808000000ba000000000f30c4c2cd3af226e3000f01d166baf80cb85f78c38cef66bafc0cecc4e1c6596800c7442400d8000000c74424027e860000c7442406000000000f011c24b907030000b80c0b0000ba000000000f3066baf80cb81285838fef66bafc0c66ed", 0x76}], 0x1, 0x10, &(0x7f0000000340), 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000140)={@loopback, 0x0, 0x39073032e2820942, 0x0, 0x0, 0x8, 0x7, 0x4}, 0x20) write$binfmt_misc(r0, &(0x7f0000000180)={'syz1', "f0f69e1b4c9f7feb9414c40bc5904c9df7872eb23185e49e5f4cf1bbd25af206e08d629c1bde87af98d2909d958770767db9361193a1b8fec22b2490c244d564ba6de1628d53432c2f04978d2ec2525de14fcb80d3fa2b278231c79c706126f5e21444ba719cef8b132c895e2dbadd3a195fef3f0caf6e40d2687f915823ebeb597fe5bd5e00094c6c1f6d9b21db4b9ccacd1491af970c20"}, 0x9c) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e26, 0x800000003e, @loopback, 0x6}, 0xfffffffffffffe0f) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ftruncate(r0, 0x2) setitimer(0x0, &(0x7f0000000240)={{0x77359400}, {r2, r3/1000+10000}}, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) 03:47:18 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000040)=0x6cf42807e1e0e674, 0x4) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x7, 0x21, 0x1}, 0x145) [ 518.537188] not chained 590000 origins [ 518.541444] CPU: 0 PID: 13680 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 518.548722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 518.558084] Call Trace: [ 518.561193] [ 518.563356] dump_stack+0x32d/0x480 [ 518.567013] kmsan_internal_chain_origin+0x222/0x240 [ 518.572150] ? __local_bh_enable_ip+0x11f/0x260 [ 518.576853] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 518.582232] ? __module_address+0x6a/0x5f0 [ 518.586485] ? is_bpf_text_address+0x3e5/0x4d0 [ 518.591084] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 518.596457] ? is_bpf_text_address+0x49e/0x4d0 [ 518.601054] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 518.606431] ? __module_address+0x6a/0x5f0 [ 518.610683] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 518.616060] ? is_bpf_text_address+0x49e/0x4d0 [ 518.620777] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 518.626251] __msan_chain_origin+0x6d/0xb0 [ 518.630499] ? ip6_rcv_finish+0x4d2/0x710 03:47:18 executing program 5: r0 = socket$inet6(0xa, 0x6, 0xfffffffffffffffd) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0xffffffffffffff3d) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x80, 0x0) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000001680)=""/237) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000001640)={&(0x7f0000000640)=""/4096, 0x1000000, 0x1000, 0x9}, 0x18) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000140)={{0x1, 0x3, 0x1f, 0x7, '\x00', 0x20}, 0x1, [0x2, 0x6, 0xfffffffffffffff7, 0x3, 0x80000001, 0x508000000000, 0x0, 0x4, 0x0, 0x8, 0x2, 0x58b1, 0x7, 0x1, 0x9, 0x5, 0x5e8, 0x8, 0x6, 0x9, 0x3f, 0x0, 0x2, 0xffffffffffffffc0, 0x7, 0x3, 0x6, 0x2, 0x9f0, 0x4, 0x9, 0xaec174b, 0x7176, 0xfffffffffffffff9, 0x9, 0x5, 0x5, 0x9, 0x551e, 0x12, 0x800, 0x6, 0xfa1, 0x2, 0x9, 0x200, 0x2, 0x3, 0xffffffffffffffa7, 0x9, 0x3, 0x0, 0x7, 0x8, 0x200, 0x7fff, 0xffffffff00000001, 0x41, 0x987, 0x400, 0x6, 0x8, 0xff, 0x5, 0xc2, 0xffffffffffffff08, 0x8, 0x4, 0xfffffffffffffffa, 0x20, 0xfffffffffffffff8, 0x4, 0x7, 0xffffffffffffffe0, 0x71, 0x400, 0x7f, 0x5, 0x7, 0x3c, 0x5, 0x455b842b, 0x6, 0x4, 0x8, 0x100000000, 0x100000000, 0x1, 0x1, 0x1, 0x1f, 0x1, 0x6a, 0x1, 0x1, 0x200, 0x3ff, 0x8, 0x1000, 0x0, 0x7fff, 0x8, 0x40, 0x10000, 0x5, 0x400, 0x401, 0xffffffffffff8000, 0x81, 0x100, 0x3ff, 0x2, 0x9683, 0xfffffffffffffffe, 0x3, 0x500000, 0x7, 0x8e, 0x9, 0x7fff, 0x1, 0x100, 0x5, 0xffffffffffffff4b, 0x9, 0x7, 0x5, 0x401]}) [ 518.634660] __save_stack_trace+0x8be/0xc60 [ 518.639010] ? ip6_rcv_finish+0x4d2/0x710 [ 518.643530] save_stack_trace+0xc6/0x110 [ 518.647607] kmsan_internal_chain_origin+0x136/0x240 [ 518.652722] ? local_bh_enable+0x36/0x40 [ 518.656799] ? __sk_flush_backlog+0x52/0x70 [ 518.661134] ? kmsan_internal_chain_origin+0x136/0x240 [ 518.666438] ? kmsan_memcpy_origins+0x13d/0x190 [ 518.671118] ? __msan_memcpy+0x6f/0x80 [ 518.675023] ? pskb_expand_head+0x436/0x1d20 [ 518.679454] ? ___pskb_trim+0x3c9/0x1bf0 [ 518.683528] ? sk_filter_trim_cap+0x5ac/0xa60 [ 518.688128] ? tcp_filter+0x10c/0x260 [ 518.691943] ? tcp_v6_rcv+0x45ba/0x5df0 [ 518.695926] ? ip6_input_finish+0xb53/0x2450 [ 518.700444] ? ip6_input+0x29d/0x340 [ 518.704177] ? ip6_rcv_finish+0x4d2/0x710 [ 518.708359] ? ipv6_rcv+0x34b/0x3f0 [ 518.712004] ? process_backlog+0x82b/0x11e0 [ 518.716336] ? net_rx_action+0x98f/0x1d50 [ 518.720498] ? __do_softirq+0x721/0xc7f [ 518.724482] ? do_softirq_own_stack+0x49/0x80 [ 518.728986] ? __local_bh_enable_ip+0x228/0x260 [ 518.733660] ? local_bh_enable+0x36/0x40 03:47:18 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 518.737733] ? ip6_finish_output2+0x1b1a/0x22d0 [ 518.742723] ? ip6_finish_output+0xc13/0xca0 [ 518.747147] ? ip6_output+0x5e4/0x720 [ 518.750975] ? ip6_xmit+0x216d/0x26a0 [ 518.754787] ? inet6_csk_xmit+0x3e0/0x4f0 [ 518.759049] ? __tcp_transmit_skb+0x425c/0x5e00 [ 518.763753] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 518.768609] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 518.773808] ? tcp_ack+0x91b2/0xa010 [ 518.777528] ? tcp_rcv_established+0xf7e/0x2940 [ 518.782208] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 518.786370] ? __release_sock+0x32d/0x750 [ 518.790531] ? __sk_flush_backlog+0x52/0x70 [ 518.794867] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 518.799467] ? tcp_sendmsg+0xb2/0x100 [ 518.803300] ? inet_sendmsg+0x4e9/0x800 [ 518.807287] ? __sys_sendto+0x940/0xb80 [ 518.811272] ? __se_sys_sendto+0x107/0x130 [ 518.815517] ? __x64_sys_sendto+0x6e/0x90 [ 518.819685] ? do_syscall_64+0xcf/0x110 [ 518.823671] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 518.829063] ? __msan_get_context_state+0x9/0x20 [ 518.833826] ? INIT_INT+0xc/0x30 [ 518.837202] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 518.842897] kmsan_memcpy_origins+0x13d/0x190 [ 518.847426] __msan_memcpy+0x6f/0x80 [ 518.851168] pskb_expand_head+0x436/0x1d20 [ 518.855442] ___pskb_trim+0x3c9/0x1bf0 [ 518.859362] sk_filter_trim_cap+0x5ac/0xa60 [ 518.863708] tcp_filter+0x10c/0x260 [ 518.867352] tcp_v6_rcv+0x45ba/0x5df0 [ 518.871172] ? __msan_poison_alloca+0x1e0/0x270 [ 518.875893] ? tcp_v6_early_demux+0xc80/0xc80 [ 518.880399] ? tcp_v6_early_demux+0xc80/0xc80 [ 518.884909] ip6_input_finish+0xb53/0x2450 03:47:18 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 518.889184] ? ip6_input_finish+0x13e1/0x2450 [ 518.893697] ip6_input+0x29d/0x340 [ 518.897251] ? ip6_input+0x340/0x340 [ 518.900980] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 518.905401] ip6_rcv_finish+0x4d2/0x710 [ 518.909397] ipv6_rcv+0x34b/0x3f0 [ 518.912866] ? dst_hold+0x5e0/0x5e0 [ 518.916508] process_backlog+0x82b/0x11e0 [ 518.920668] ? __msan_poison_alloca+0x1e0/0x270 [ 518.925352] ? ip6_rcv_finish+0x710/0x710 [ 518.929553] ? rps_trigger_softirq+0x2e0/0x2e0 [ 518.934146] net_rx_action+0x98f/0x1d50 [ 518.938169] ? net_tx_action+0xf20/0xf20 [ 518.942535] __do_softirq+0x721/0xc7f [ 518.946367] do_softirq_own_stack+0x49/0x80 [ 518.950693] [ 518.952945] __local_bh_enable_ip+0x228/0x260 [ 518.957462] local_bh_enable+0x36/0x40 [ 518.961370] ip6_finish_output2+0x1b1a/0x22d0 [ 518.965905] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 518.971307] ? ip6_mtu+0x289/0x330 [ 518.974867] ip6_finish_output+0xc13/0xca0 [ 518.979129] ip6_output+0x5e4/0x720 [ 518.983315] ? ip6_output+0x720/0x720 [ 518.987137] ? ac6_seq_show+0x200/0x200 [ 518.991132] ip6_xmit+0x216d/0x26a0 [ 518.994805] ? ip6_xmit+0x26a0/0x26a0 [ 518.998620] inet6_csk_xmit+0x3e0/0x4f0 [ 519.002622] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 519.007565] __tcp_transmit_skb+0x425c/0x5e00 [ 519.012109] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 519.016790] ? rb_next+0x161/0x2d0 [ 519.020382] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 519.025457] tcp_ack+0x91b2/0xa010 [ 519.029041] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 519.034650] tcp_rcv_established+0xf7e/0x2940 [ 519.039194] tcp_v6_do_rcv+0x9f8/0x21b0 [ 519.043513] ? tcp_v6_destroy_sock+0x60/0x60 [ 519.047943] __release_sock+0x32d/0x750 [ 519.052182] __sk_flush_backlog+0x52/0x70 [ 519.056384] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 519.060639] tcp_sendmsg_locked+0xd72/0x6c30 [ 519.065080] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 519.070501] tcp_sendmsg+0xb2/0x100 [ 519.074157] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 519.078862] inet_sendmsg+0x4e9/0x800 [ 519.082681] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 519.088052] ? security_socket_sendmsg+0x1bd/0x200 [ 519.092999] ? inet_getname+0x490/0x490 [ 519.096984] __sys_sendto+0x940/0xb80 [ 519.100819] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 519.106287] ? prepare_exit_to_usermode+0x182/0x4c0 [ 519.111308] __se_sys_sendto+0x107/0x130 [ 519.115389] __x64_sys_sendto+0x6e/0x90 [ 519.119377] do_syscall_64+0xcf/0x110 [ 519.123197] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 519.128391] RIP: 0033:0x457569 03:47:19 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 519.131596] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 519.150832] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 519.158552] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 519.165836] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000007 [ 519.173119] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 519.180400] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 519.187765] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 519.195054] Uninit was stored to memory at: [ 519.199393] kmsan_internal_chain_origin+0x136/0x240 [ 519.204522] __msan_chain_origin+0x6d/0xb0 [ 519.208773] __save_stack_trace+0x8be/0xc60 [ 519.213110] save_stack_trace+0xc6/0x110 [ 519.217195] kmsan_internal_chain_origin+0x136/0x240 [ 519.222632] kmsan_memcpy_origins+0x13d/0x190 [ 519.227145] __msan_memcpy+0x6f/0x80 [ 519.230893] pskb_expand_head+0x436/0x1d20 [ 519.235150] ___pskb_trim+0x3c9/0x1bf0 [ 519.239060] sk_filter_trim_cap+0x5ac/0xa60 [ 519.243754] tcp_filter+0x10c/0x260 [ 519.247392] tcp_v6_rcv+0x45ba/0x5df0 [ 519.251205] ip6_input_finish+0xb53/0x2450 [ 519.255454] ip6_input+0x29d/0x340 [ 519.259007] ip6_rcv_finish+0x4d2/0x710 [ 519.262996] ipv6_rcv+0x34b/0x3f0 [ 519.266463] process_backlog+0x82b/0x11e0 [ 519.270620] net_rx_action+0x98f/0x1d50 [ 519.274610] __do_softirq+0x721/0xc7f [ 519.278409] [ 519.280040] Uninit was stored to memory at: [ 519.284376] kmsan_internal_chain_origin+0x136/0x240 [ 519.289492] __msan_chain_origin+0x6d/0xb0 [ 519.293736] __save_stack_trace+0x8be/0xc60 [ 519.298065] save_stack_trace+0xc6/0x110 [ 519.302135] kmsan_internal_chain_origin+0x136/0x240 [ 519.307371] kmsan_memcpy_origins+0x13d/0x190 [ 519.311874] __msan_memcpy+0x6f/0x80 [ 519.315598] pskb_expand_head+0x436/0x1d20 [ 519.319848] ___pskb_trim+0x3c9/0x1bf0 [ 519.323750] sk_filter_trim_cap+0x5ac/0xa60 [ 519.328085] tcp_filter+0x10c/0x260 [ 519.331723] tcp_v6_rcv+0x45ba/0x5df0 [ 519.335535] ip6_input_finish+0xb53/0x2450 03:47:19 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x61, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0xfffffe45}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 519.340153] ip6_input+0x29d/0x340 [ 519.343708] ip6_rcv_finish+0x4d2/0x710 [ 519.347695] ipv6_rcv+0x34b/0x3f0 [ 519.351157] process_backlog+0x82b/0x11e0 [ 519.355323] net_rx_action+0x98f/0x1d50 [ 519.359306] __do_softirq+0x721/0xc7f [ 519.363102] [ 519.364728] Uninit was stored to memory at: [ 519.369058] kmsan_internal_chain_origin+0x136/0x240 [ 519.374186] __msan_chain_origin+0x6d/0xb0 [ 519.378437] __save_stack_trace+0x8be/0xc60 [ 519.382769] save_stack_trace+0xc6/0x110 [ 519.386843] kmsan_internal_chain_origin+0x136/0x240 [ 519.391965] kmsan_memcpy_origins+0x13d/0x190 [ 519.396475] __msan_memcpy+0x6f/0x80 [ 519.400208] pskb_expand_head+0x436/0x1d20 [ 519.404457] ___pskb_trim+0x3c9/0x1bf0 [ 519.408354] sk_filter_trim_cap+0x5ac/0xa60 [ 519.412689] tcp_filter+0x10c/0x260 [ 519.416326] tcp_v6_rcv+0x45ba/0x5df0 [ 519.420142] ip6_input_finish+0xb53/0x2450 [ 519.424392] ip6_input+0x29d/0x340 [ 519.427946] ip6_rcv_finish+0x4d2/0x710 [ 519.431923] ipv6_rcv+0x34b/0x3f0 [ 519.435382] process_backlog+0x82b/0x11e0 [ 519.439532] net_rx_action+0x98f/0x1d50 [ 519.443889] __do_softirq+0x721/0xc7f [ 519.447690] [ 519.449320] Uninit was stored to memory at: [ 519.453652] kmsan_internal_chain_origin+0x136/0x240 [ 519.458768] __msan_chain_origin+0x6d/0xb0 [ 519.463012] __save_stack_trace+0x8be/0xc60 [ 519.467349] save_stack_trace+0xc6/0x110 [ 519.471430] kmsan_internal_chain_origin+0x136/0x240 [ 519.476547] kmsan_memcpy_origins+0x13d/0x190 [ 519.481053] __msan_memcpy+0x6f/0x80 [ 519.484785] pskb_expand_head+0x436/0x1d20 [ 519.489036] ___pskb_trim+0x3c9/0x1bf0 [ 519.492935] sk_filter_trim_cap+0x5ac/0xa60 [ 519.497274] tcp_filter+0x10c/0x260 [ 519.500925] tcp_v6_rcv+0x45ba/0x5df0 [ 519.504735] ip6_input_finish+0xb53/0x2450 [ 519.508975] ip6_input+0x29d/0x340 [ 519.512578] ip6_rcv_finish+0x4d2/0x710 [ 519.516554] ipv6_rcv+0x34b/0x3f0 [ 519.520018] process_backlog+0x82b/0x11e0 [ 519.524180] net_rx_action+0x98f/0x1d50 [ 519.528169] __do_softirq+0x721/0xc7f [ 519.531972] [ 519.533599] Uninit was stored to memory at: [ 519.537931] kmsan_internal_chain_origin+0x136/0x240 [ 519.543382] __msan_chain_origin+0x6d/0xb0 [ 519.547631] __save_stack_trace+0x8be/0xc60 [ 519.551964] save_stack_trace+0xc6/0x110 [ 519.556035] kmsan_internal_chain_origin+0x136/0x240 [ 519.561143] kmsan_memcpy_origins+0x13d/0x190 [ 519.565674] __msan_memcpy+0x6f/0x80 [ 519.569400] pskb_expand_head+0x436/0x1d20 [ 519.573652] ___pskb_trim+0x3c9/0x1bf0 [ 519.577548] sk_filter_trim_cap+0x5ac/0xa60 [ 519.581882] tcp_filter+0x10c/0x260 [ 519.585717] tcp_v6_rcv+0x45ba/0x5df0 [ 519.589525] ip6_input_finish+0xb53/0x2450 [ 519.593767] ip6_input+0x29d/0x340 [ 519.597318] ip6_rcv_finish+0x4d2/0x710 [ 519.601311] ipv6_rcv+0x34b/0x3f0 [ 519.604774] process_backlog+0x82b/0x11e0 [ 519.608932] net_rx_action+0x98f/0x1d50 [ 519.612926] __do_softirq+0x721/0xc7f [ 519.616729] [ 519.618357] Uninit was stored to memory at: [ 519.622698] kmsan_internal_chain_origin+0x136/0x240 [ 519.627811] __msan_chain_origin+0x6d/0xb0 [ 519.632063] __save_stack_trace+0x8be/0xc60 [ 519.636398] save_stack_trace+0xc6/0x110 [ 519.640810] kmsan_internal_chain_origin+0x136/0x240 [ 519.645926] kmsan_memcpy_origins+0x13d/0x190 [ 519.650438] __msan_memcpy+0x6f/0x80 [ 519.654206] pskb_expand_head+0x436/0x1d20 [ 519.658457] ___pskb_trim+0x3c9/0x1bf0 [ 519.662372] sk_filter_trim_cap+0x5ac/0xa60 [ 519.666706] tcp_filter+0x10c/0x260 [ 519.670342] tcp_v6_rcv+0x45ba/0x5df0 [ 519.674170] ip6_input_finish+0xb53/0x2450 [ 519.678411] ip6_input+0x29d/0x340 [ 519.681969] ip6_rcv_finish+0x4d2/0x710 [ 519.685969] ipv6_rcv+0x34b/0x3f0 [ 519.689457] process_backlog+0x82b/0x11e0 [ 519.693612] net_rx_action+0x98f/0x1d50 [ 519.697598] __do_softirq+0x721/0xc7f [ 519.701394] [ 519.703028] Uninit was stored to memory at: [ 519.707364] kmsan_internal_chain_origin+0x136/0x240 [ 519.712485] __msan_chain_origin+0x6d/0xb0 [ 519.716746] __save_stack_trace+0x8be/0xc60 [ 519.721079] save_stack_trace+0xc6/0x110 [ 519.725154] kmsan_internal_chain_origin+0x136/0x240 [ 519.730281] kmsan_memcpy_origins+0x13d/0x190 [ 519.734787] __msan_memcpy+0x6f/0x80 [ 519.738514] pskb_expand_head+0x436/0x1d20 [ 519.743126] ___pskb_trim+0x3c9/0x1bf0 [ 519.747031] sk_filter_trim_cap+0x5ac/0xa60 [ 519.751456] tcp_filter+0x10c/0x260 [ 519.755096] tcp_v6_rcv+0x45ba/0x5df0 [ 519.758907] ip6_input_finish+0xb53/0x2450 [ 519.763152] ip6_input+0x29d/0x340 [ 519.766709] ip6_rcv_finish+0x4d2/0x710 [ 519.770698] ipv6_rcv+0x34b/0x3f0 [ 519.774170] process_backlog+0x82b/0x11e0 [ 519.778331] net_rx_action+0x98f/0x1d50 [ 519.782333] __do_softirq+0x721/0xc7f [ 519.786135] [ 519.787776] Local variable description: ----v.addr.i.i.i@should_fail [ 519.794283] Variable was created at: [ 519.798010] should_fail+0x14d/0x13c0 [ 519.801826] __should_failslab+0x278/0x2a0 [ 519.835281] not chained 600000 origins [ 519.839214] CPU: 0 PID: 13680 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 519.846800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.856171] Call Trace: [ 519.858779] dump_stack+0x32d/0x480 [ 519.862443] ? save_stack_trace+0xc6/0x110 [ 519.866706] kmsan_internal_chain_origin+0x222/0x240 [ 519.871839] ? kmsan_internal_chain_origin+0x136/0x240 [ 519.877127] ? __msan_chain_origin+0x6d/0xb0 [ 519.881562] ? __save_stack_trace+0x8be/0xc60 [ 519.886158] ? save_stack_trace+0xc6/0x110 [ 519.890428] ? kmsan_internal_chain_origin+0x136/0x240 [ 519.895723] ? kmsan_memcpy_origins+0x13d/0x190 [ 519.900410] ? __msan_memcpy+0x6f/0x80 [ 519.904324] ? pskb_expand_head+0x436/0x1d20 [ 519.908746] ? skb_shift+0xce2/0x2d10 [ 519.912580] ? tcp_sacktag_walk+0x2156/0x29d0 [ 519.917090] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 519.922209] ? tcp_ack+0x2888/0xa010 [ 519.925934] ? tcp_rcv_established+0xf7e/0x2940 [ 519.930626] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 519.934793] ? __release_sock+0x32d/0x750 [ 519.938982] ? __sk_flush_backlog+0x52/0x70 [ 519.943652] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 519.948256] ? tcp_sendmsg+0xb2/0x100 [ 519.952078] ? inet_sendmsg+0x4e9/0x800 [ 519.956085] ? __sys_sendto+0x940/0xb80 [ 519.960071] ? __se_sys_sendto+0x107/0x130 [ 519.964318] ? __x64_sys_sendto+0x6e/0x90 [ 519.968482] ? do_syscall_64+0xcf/0x110 [ 519.972493] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 519.977869] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 519.983221] ? __module_address+0x6a/0x5f0 [ 519.987454] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 519.992819] ? is_bpf_text_address+0x49e/0x4d0 [ 519.997404] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 520.002862] ? in_task_stack+0x12c/0x210 [ 520.006936] __msan_chain_origin+0x6d/0xb0 [ 520.011186] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 520.015779] __save_stack_trace+0x8be/0xc60 [ 520.020112] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 520.024684] save_stack_trace+0xc6/0x110 [ 520.028740] kmsan_internal_chain_origin+0x136/0x240 [ 520.033833] ? __x64_sys_sendto+0x6e/0x90 [ 520.037972] ? kmsan_internal_chain_origin+0x136/0x240 [ 520.043545] ? kmsan_memcpy_origins+0x13d/0x190 [ 520.048213] ? __msan_memcpy+0x6f/0x80 [ 520.052112] ? pskb_expand_head+0x436/0x1d20 [ 520.056511] ? skb_shift+0xce2/0x2d10 [ 520.060301] ? tcp_sacktag_walk+0x2156/0x29d0 [ 520.064793] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 520.069909] ? tcp_ack+0x2888/0xa010 [ 520.073636] ? tcp_rcv_established+0xf7e/0x2940 [ 520.078303] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.082448] ? __release_sock+0x32d/0x750 [ 520.086605] ? __sk_flush_backlog+0x52/0x70 [ 520.090932] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 520.095511] ? tcp_sendmsg+0xb2/0x100 [ 520.099326] ? inet_sendmsg+0x4e9/0x800 [ 520.103310] ? __sys_sendto+0x940/0xb80 [ 520.107291] ? __se_sys_sendto+0x107/0x130 [ 520.111547] ? __x64_sys_sendto+0x6e/0x90 [ 520.115701] ? do_syscall_64+0xcf/0x110 [ 520.119664] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.125059] ? __msan_get_context_state+0x9/0x20 [ 520.129811] ? INIT_INT+0xc/0x30 [ 520.133178] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 520.138532] ? ip6_finish_output+0xc13/0xca0 [ 520.143277] kmsan_memcpy_origins+0x13d/0x190 [ 520.147765] __msan_memcpy+0x6f/0x80 [ 520.151470] pskb_expand_head+0x436/0x1d20 [ 520.155704] skb_shift+0xce2/0x2d10 [ 520.159335] tcp_sacktag_walk+0x2156/0x29d0 [ 520.163658] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.168601] tcp_ack+0x2888/0xa010 [ 520.172126] ? tcp_parse_options+0xbe/0x1cf0 [ 520.176530] ? tcp_validate_incoming+0x50b/0x29d0 [ 520.181375] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 520.186825] ? tcp_parse_options+0x1c55/0x1cf0 [ 520.191438] tcp_rcv_established+0xf7e/0x2940 [ 520.195963] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.199952] ? tcp_v6_destroy_sock+0x60/0x60 [ 520.204352] __release_sock+0x32d/0x750 [ 520.208320] __sk_flush_backlog+0x52/0x70 [ 520.212475] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 520.216706] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.221112] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 520.226516] tcp_sendmsg+0xb2/0x100 [ 520.230149] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 520.234816] inet_sendmsg+0x4e9/0x800 [ 520.238610] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 520.244255] ? security_socket_sendmsg+0x1bd/0x200 [ 520.249231] ? inet_getname+0x490/0x490 [ 520.253205] __sys_sendto+0x940/0xb80 [ 520.257006] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 520.262456] ? prepare_exit_to_usermode+0x182/0x4c0 [ 520.267472] __se_sys_sendto+0x107/0x130 [ 520.271523] __x64_sys_sendto+0x6e/0x90 [ 520.275484] do_syscall_64+0xcf/0x110 [ 520.279279] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.284470] RIP: 0033:0x457569 [ 520.287663] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 520.306562] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 520.314279] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 520.321583] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000007 [ 520.328854] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 520.336207] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 520.343827] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 520.351100] Uninit was stored to memory at: [ 520.355427] kmsan_internal_chain_origin+0x136/0x240 [ 520.360541] __msan_chain_origin+0x6d/0xb0 [ 520.364799] __save_stack_trace+0x8be/0xc60 [ 520.369108] save_stack_trace+0xc6/0x110 [ 520.373197] kmsan_internal_chain_origin+0x136/0x240 [ 520.378311] kmsan_memcpy_origins+0x13d/0x190 [ 520.382806] __msan_memcpy+0x6f/0x80 [ 520.386510] pskb_expand_head+0x436/0x1d20 [ 520.390731] skb_shift+0xce2/0x2d10 [ 520.394344] tcp_sacktag_walk+0x2156/0x29d0 [ 520.398651] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.403597] tcp_ack+0x2888/0xa010 [ 520.407125] tcp_rcv_established+0xf7e/0x2940 [ 520.411609] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.415606] __release_sock+0x32d/0x750 [ 520.419593] __sk_flush_backlog+0x52/0x70 [ 520.423738] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.428148] tcp_sendmsg+0xb2/0x100 [ 520.431777] inet_sendmsg+0x4e9/0x800 [ 520.435565] __sys_sendto+0x940/0xb80 [ 520.439352] __se_sys_sendto+0x107/0x130 [ 520.443676] __x64_sys_sendto+0x6e/0x90 [ 520.447650] do_syscall_64+0xcf/0x110 [ 520.451452] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.456642] [ 520.458259] Uninit was stored to memory at: [ 520.462580] kmsan_internal_chain_origin+0x136/0x240 [ 520.467670] __msan_chain_origin+0x6d/0xb0 [ 520.471891] __save_stack_trace+0x8be/0xc60 [ 520.476229] save_stack_trace+0xc6/0x110 [ 520.480286] kmsan_internal_chain_origin+0x136/0x240 [ 520.485375] kmsan_memcpy_origins+0x13d/0x190 [ 520.489855] __msan_memcpy+0x6f/0x80 [ 520.493556] pskb_expand_head+0x436/0x1d20 [ 520.497782] skb_shift+0xce2/0x2d10 [ 520.501406] tcp_sacktag_walk+0x2156/0x29d0 [ 520.505729] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.510662] tcp_ack+0x2888/0xa010 [ 520.514201] tcp_rcv_established+0xf7e/0x2940 [ 520.518693] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.522666] __release_sock+0x32d/0x750 [ 520.526638] __sk_flush_backlog+0x52/0x70 [ 520.530773] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.535200] tcp_sendmsg+0xb2/0x100 [ 520.538835] inet_sendmsg+0x4e9/0x800 [ 520.542932] __sys_sendto+0x940/0xb80 [ 520.546731] __se_sys_sendto+0x107/0x130 [ 520.550798] __x64_sys_sendto+0x6e/0x90 [ 520.554781] do_syscall_64+0xcf/0x110 [ 520.558604] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.563792] [ 520.565405] Uninit was stored to memory at: [ 520.569718] kmsan_internal_chain_origin+0x136/0x240 [ 520.574807] __msan_chain_origin+0x6d/0xb0 [ 520.579038] __save_stack_trace+0x8be/0xc60 [ 520.583357] save_stack_trace+0xc6/0x110 [ 520.587401] kmsan_internal_chain_origin+0x136/0x240 [ 520.592488] kmsan_memcpy_origins+0x13d/0x190 [ 520.596979] __msan_memcpy+0x6f/0x80 [ 520.600718] pskb_expand_head+0x436/0x1d20 [ 520.604951] skb_shift+0xce2/0x2d10 [ 520.608572] tcp_sacktag_walk+0x2156/0x29d0 [ 520.612889] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.617804] tcp_ack+0x2888/0xa010 [ 520.621342] tcp_rcv_established+0xf7e/0x2940 [ 520.625885] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.629852] __release_sock+0x32d/0x750 [ 520.633817] __sk_flush_backlog+0x52/0x70 [ 520.637966] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.642936] tcp_sendmsg+0xb2/0x100 [ 520.646565] inet_sendmsg+0x4e9/0x800 [ 520.650348] __sys_sendto+0x940/0xb80 [ 520.654152] __se_sys_sendto+0x107/0x130 [ 520.658217] __x64_sys_sendto+0x6e/0x90 [ 520.662205] do_syscall_64+0xcf/0x110 [ 520.666022] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.671213] [ 520.672837] Uninit was stored to memory at: [ 520.677147] kmsan_internal_chain_origin+0x136/0x240 [ 520.682246] __msan_chain_origin+0x6d/0xb0 [ 520.686478] __save_stack_trace+0x8be/0xc60 [ 520.690794] save_stack_trace+0xc6/0x110 [ 520.694846] kmsan_internal_chain_origin+0x136/0x240 [ 520.699937] kmsan_memcpy_origins+0x13d/0x190 [ 520.704428] __msan_memcpy+0x6f/0x80 [ 520.708140] pskb_expand_head+0x436/0x1d20 [ 520.712377] skb_shift+0xce2/0x2d10 [ 520.716011] tcp_sacktag_walk+0x2156/0x29d0 [ 520.720330] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.725257] tcp_ack+0x2888/0xa010 [ 520.728797] tcp_rcv_established+0xf7e/0x2940 [ 520.733286] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.737245] __release_sock+0x32d/0x750 [ 520.741566] __sk_flush_backlog+0x52/0x70 [ 520.745700] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.750093] tcp_sendmsg+0xb2/0x100 [ 520.753725] inet_sendmsg+0x4e9/0x800 [ 520.757519] __sys_sendto+0x940/0xb80 [ 520.761317] __se_sys_sendto+0x107/0x130 [ 520.765371] __x64_sys_sendto+0x6e/0x90 [ 520.769341] do_syscall_64+0xcf/0x110 [ 520.773134] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.778324] [ 520.779932] Uninit was stored to memory at: [ 520.784274] kmsan_internal_chain_origin+0x136/0x240 [ 520.789388] __msan_chain_origin+0x6d/0xb0 [ 520.793635] __save_stack_trace+0x8be/0xc60 [ 520.797941] save_stack_trace+0xc6/0x110 [ 520.801992] kmsan_internal_chain_origin+0x136/0x240 [ 520.807093] kmsan_memcpy_origins+0x13d/0x190 [ 520.811587] __msan_memcpy+0x6f/0x80 [ 520.815307] pskb_expand_head+0x436/0x1d20 [ 520.819562] skb_shift+0xce2/0x2d10 [ 520.823204] tcp_sacktag_walk+0x2156/0x29d0 [ 520.827538] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.832453] tcp_ack+0x2888/0xa010 [ 520.835986] tcp_rcv_established+0xf7e/0x2940 [ 520.840800] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.844759] __release_sock+0x32d/0x750 [ 520.848721] __sk_flush_backlog+0x52/0x70 [ 520.852874] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.857291] tcp_sendmsg+0xb2/0x100 [ 520.860926] inet_sendmsg+0x4e9/0x800 [ 520.864733] __sys_sendto+0x940/0xb80 [ 520.868545] __se_sys_sendto+0x107/0x130 [ 520.872616] __x64_sys_sendto+0x6e/0x90 [ 520.876616] do_syscall_64+0xcf/0x110 [ 520.880437] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.885626] [ 520.887265] Uninit was stored to memory at: [ 520.891600] kmsan_internal_chain_origin+0x136/0x240 [ 520.896717] __msan_chain_origin+0x6d/0xb0 [ 520.900960] __save_stack_trace+0x8be/0xc60 [ 520.905294] save_stack_trace+0xc6/0x110 [ 520.909366] kmsan_internal_chain_origin+0x136/0x240 [ 520.914500] kmsan_memcpy_origins+0x13d/0x190 [ 520.919006] __msan_memcpy+0x6f/0x80 [ 520.922741] pskb_expand_head+0x436/0x1d20 [ 520.926999] skb_shift+0xce2/0x2d10 [ 520.930636] tcp_sacktag_walk+0x2156/0x29d0 [ 520.934968] tcp_sacktag_write_queue+0x2805/0x4630 [ 520.940265] tcp_ack+0x2888/0xa010 [ 520.943812] tcp_rcv_established+0xf7e/0x2940 [ 520.948318] tcp_v6_do_rcv+0x9f8/0x21b0 [ 520.952315] __release_sock+0x32d/0x750 [ 520.956298] __sk_flush_backlog+0x52/0x70 [ 520.960481] tcp_sendmsg_locked+0xd72/0x6c30 [ 520.964904] tcp_sendmsg+0xb2/0x100 [ 520.968542] inet_sendmsg+0x4e9/0x800 [ 520.972355] __sys_sendto+0x940/0xb80 [ 520.976176] __se_sys_sendto+0x107/0x130 [ 520.980245] __x64_sys_sendto+0x6e/0x90 [ 520.984232] do_syscall_64+0xcf/0x110 [ 520.988049] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 520.993235] [ 520.994867] Uninit was stored to memory at: [ 520.999203] kmsan_internal_chain_origin+0x136/0x240 [ 521.004318] __msan_chain_origin+0x6d/0xb0 [ 521.008567] __save_stack_trace+0x8be/0xc60 [ 521.012895] save_stack_trace+0xc6/0x110 [ 521.017051] kmsan_internal_chain_origin+0x136/0x240 [ 521.022176] kmsan_memcpy_origins+0x13d/0x190 [ 521.026683] __msan_memcpy+0x6f/0x80 [ 521.030412] pskb_expand_head+0x436/0x1d20 [ 521.034665] skb_shift+0xce2/0x2d10 [ 521.038300] tcp_sacktag_walk+0x2156/0x29d0 [ 521.042897] tcp_sacktag_write_queue+0x2805/0x4630 [ 521.047833] tcp_ack+0x2888/0xa010 [ 521.051899] tcp_rcv_established+0xf7e/0x2940 [ 521.056405] tcp_v6_do_rcv+0x9f8/0x21b0 [ 521.060415] __release_sock+0x32d/0x750 [ 521.064414] __sk_flush_backlog+0x52/0x70 [ 521.068558] tcp_sendmsg_locked+0xd72/0x6c30 [ 521.072970] tcp_sendmsg+0xb2/0x100 [ 521.076594] inet_sendmsg+0x4e9/0x800 [ 521.080389] __sys_sendto+0x940/0xb80 [ 521.084202] __se_sys_sendto+0x107/0x130 [ 521.088275] __x64_sys_sendto+0x6e/0x90 [ 521.092252] do_syscall_64+0xcf/0x110 [ 521.096042] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 521.101219] [ 521.102845] Local variable description: ----state@__save_stack_trace [ 521.109314] Variable was created at: [ 521.113014] __save_stack_trace+0xae/0xc60 [ 521.117243] save_stack_trace+0xc6/0x110 03:47:21 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:21 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:21 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000040)={r1, 0x8c2, 0x8, "e054212acd174d9e68521a058efdb7bd99b1b793168e2df48a7a43ed164defd681771bcd67d04232bafbe0c4bb2f14df72b9bc1c66ca2548c55b88df662ca90290c3ddb3e1501a6941f78e233483684bef6f360b2ca9b94652cb2420519f27"}) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:21 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x662000, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000140)={r1}) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000200)=0x6) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'bpq0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'bcsf0\x00', r5}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r6, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:21 executing program 1: r0 = memfd_create(&(0x7f0000000100)="0b656d31c1f8a68d4ec0a35ce2cba2bae5f497ac232aff", 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="3c00070003000100000000000000000000000000000025000000000000000000000000000000200000000000"], 0x2c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x4db, &(0x7f0000000000)=[{}]}, 0x10) 03:47:21 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x402, 0xe4) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000040)=0x5, 0x4) r1 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r1, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:21 executing program 0: ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0x8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x1, 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0xd058, &(0x7f0000000340)="0a452d02402e62857170420f9e1e11ac3c454817477db66c721e68502683b1ff6f493be3dc9ddd67d9052371f859a99533cdbb1442cd1c7b26d4fab734753f8ce28d6bafbfa57b9b2a1f3802ec46b2e634feff7c3af5f2d22df4cb764f0f808d23ceab0a7a78574eaa1b334cfd3da868cf036da2b122029613228f852275927df2c924fb52e0e73b212a197eb96cc54d775c52edd87c90a358b0dbe02c9d2d638d1373e00b7306ac51f0da49bcd4d89e7aec4bd2cc9243717f686af2d61ee606757660adbbbadc13a6e0cc6c58a72bac3caa537a77c897778cc866e1ca8bc78514b4eca0eed5e313739388c1b10986e9e3cef845b9") bind$unix(r1, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e) preadv(r1, &(0x7f0000000480), 0x1000000000000061, 0x0) [ 521.548467] print_req_error: 250 callbacks suppressed [ 521.548496] print_req_error: I/O error, dev loop3, sector 0 [ 521.559936] buffer_io_error: 250 callbacks suppressed [ 521.559964] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 521.573158] print_req_error: I/O error, dev loop3, sector 8 [ 521.579024] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 521.586885] print_req_error: I/O error, dev loop3, sector 16 [ 521.592844] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 521.600658] print_req_error: I/O error, dev loop3, sector 24 [ 521.606603] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 521.614478] print_req_error: I/O error, dev loop3, sector 32 [ 521.620334] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 521.628206] print_req_error: I/O error, dev loop3, sector 40 [ 521.634141] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 521.642776] print_req_error: I/O error, dev loop3, sector 48 03:47:21 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) [ 521.648635] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 521.656506] print_req_error: I/O error, dev loop3, sector 56 [ 521.662457] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 521.670246] print_req_error: I/O error, dev loop3, sector 64 [ 521.676202] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 521.684064] print_req_error: I/O error, dev loop3, sector 72 [ 521.689929] Buffer I/O error on dev loop3, logical block 9, lost async page write 03:47:22 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x8, 0x30400) r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x44, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x100}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xfffffffffffffff7}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2000000000000}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0xd4) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000002c0)={0x0, 0xb, 0x1, 0x64d, 0x2, [{0xe6cf, 0x4, 0x7, 0x0, 0x0, 0x800}, {0x4, 0x1, 0x1000, 0x0, 0x0, 0x187}]}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r3, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r2, &(0x7f0000000480), 0x258, 0x0) 03:47:22 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000040)={0xffffffffffffffff}) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000140), &(0x7f0000000180)=0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r2 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r2, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r2, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r2, 0x3) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r3, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:22 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000036c0)={&(0x7f0000000180)=@can, 0xfd28, &(0x7f00000035c0), 0x0, &(0x7f0000003680)=""/41, 0x29}, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b0", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 03:47:22 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000eeffffffff0000000000000000000000020205546de730ad7a", 0x18b) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:22 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:22 executing program 1: [ 522.381872] not chained 610000 origins [ 522.385825] CPU: 1 PID: 13764 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 522.393104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.402480] Call Trace: [ 522.405072] [ 522.407248] dump_stack+0x32d/0x480 [ 522.410903] kmsan_internal_chain_origin+0x222/0x240 [ 522.416047] ? __msan_poison_alloca+0x1e0/0x270 [ 522.420741] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 522.426115] ? __module_address+0x6a/0x5f0 [ 522.430390] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 522.435855] ? in_task_stack+0x12c/0x210 [ 522.440701] ? get_stack_info+0x206/0x220 [ 522.444872] __msan_chain_origin+0x6d/0xb0 [ 522.449126] ? __se_sys_sendto+0x107/0x130 [ 522.453382] __save_stack_trace+0x8be/0xc60 [ 522.457736] ? __se_sys_sendto+0x107/0x130 [ 522.461994] save_stack_trace+0xc6/0x110 [ 522.466074] kmsan_internal_chain_origin+0x136/0x240 [ 522.471197] ? local_bh_enable+0x36/0x40 [ 522.475278] ? __sk_flush_backlog+0x52/0x70 [ 522.479612] ? kmsan_internal_chain_origin+0x136/0x240 [ 522.484914] ? kmsan_memcpy_origins+0x13d/0x190 [ 522.489684] ? __msan_memcpy+0x6f/0x80 [ 522.493607] ? pskb_expand_head+0x436/0x1d20 [ 522.498025] ? ___pskb_trim+0x3c9/0x1bf0 [ 522.502098] ? sk_filter_trim_cap+0x5ac/0xa60 [ 522.506599] ? tcp_filter+0x10c/0x260 [ 522.510410] ? tcp_v6_rcv+0x45ba/0x5df0 [ 522.514395] ? ip6_input_finish+0xb53/0x2450 [ 522.518811] ? ip6_input+0x29d/0x340 [ 522.522530] ? ip6_rcv_finish+0x4d2/0x710 [ 522.526683] ? ipv6_rcv+0x34b/0x3f0 [ 522.530330] ? process_backlog+0x82b/0x11e0 [ 522.534672] ? net_rx_action+0x98f/0x1d50 [ 522.538832] ? __do_softirq+0x721/0xc7f [ 522.543528] ? do_softirq_own_stack+0x49/0x80 [ 522.548032] ? __local_bh_enable_ip+0x228/0x260 [ 522.552710] ? local_bh_enable+0x36/0x40 [ 522.556777] ? ip6_finish_output2+0x1b1a/0x22d0 [ 522.561457] ? ip6_finish_output+0xc13/0xca0 [ 522.565874] ? ip6_output+0x5e4/0x720 [ 522.569691] ? ip6_xmit+0x216d/0x26a0 [ 522.573503] ? inet6_csk_xmit+0x3e0/0x4f0 [ 522.577664] ? __tcp_transmit_skb+0x425c/0x5e00 [ 522.582342] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 522.587292] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 522.592490] ? tcp_ack+0x91b2/0xa010 [ 522.596210] ? tcp_rcv_established+0xf7e/0x2940 [ 522.600892] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 522.605053] ? __release_sock+0x32d/0x750 [ 522.609213] ? __sk_flush_backlog+0x52/0x70 [ 522.613544] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 522.618133] ? tcp_sendmsg+0xb2/0x100 [ 522.621959] ? inet_sendmsg+0x4e9/0x800 [ 522.625946] ? __sys_sendto+0x940/0xb80 [ 522.629935] ? __se_sys_sendto+0x107/0x130 [ 522.634190] ? __x64_sys_sendto+0x6e/0x90 [ 522.638346] ? do_syscall_64+0xcf/0x110 [ 522.643104] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 522.648493] ? __msan_get_context_state+0x9/0x20 [ 522.653263] ? INIT_INT+0xc/0x30 [ 522.656645] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 522.662029] kmsan_memcpy_origins+0x13d/0x190 [ 522.666542] __msan_memcpy+0x6f/0x80 [ 522.670275] pskb_expand_head+0x436/0x1d20 [ 522.674547] ___pskb_trim+0x3c9/0x1bf0 [ 522.678478] sk_filter_trim_cap+0x5ac/0xa60 [ 522.682827] tcp_filter+0x10c/0x260 [ 522.686472] tcp_v6_rcv+0x45ba/0x5df0 [ 522.690288] ? __msan_poison_alloca+0x1e0/0x270 [ 522.695009] ? tcp_v6_early_demux+0xc80/0xc80 [ 522.699514] ? tcp_v6_early_demux+0xc80/0xc80 [ 522.704025] ip6_input_finish+0xb53/0x2450 [ 522.708299] ? ip6_input_finish+0x13e1/0x2450 [ 522.712815] ip6_input+0x29d/0x340 [ 522.716379] ? ip6_input+0x340/0x340 [ 522.720108] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 522.724526] ip6_rcv_finish+0x4d2/0x710 [ 522.728517] ipv6_rcv+0x34b/0x3f0 [ 522.731991] ? dst_hold+0x5e0/0x5e0 [ 522.735650] process_backlog+0x82b/0x11e0 [ 522.740496] ? __msan_poison_alloca+0x1e0/0x270 [ 522.745194] ? ip6_rcv_finish+0x710/0x710 [ 522.749372] ? rps_trigger_softirq+0x2e0/0x2e0 [ 522.753967] net_rx_action+0x98f/0x1d50 [ 522.757981] ? net_tx_action+0xf20/0xf20 [ 522.762061] __do_softirq+0x721/0xc7f [ 522.765886] do_softirq_own_stack+0x49/0x80 [ 522.770215] [ 522.772470] __local_bh_enable_ip+0x228/0x260 [ 522.776983] local_bh_enable+0x36/0x40 [ 522.780885] ip6_finish_output2+0x1b1a/0x22d0 [ 522.785420] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 522.790810] ? ip6_mtu+0x289/0x330 [ 522.794372] ip6_finish_output+0xc13/0xca0 [ 522.798638] ip6_output+0x5e4/0x720 [ 522.802293] ? ip6_output+0x720/0x720 [ 522.806113] ? ac6_seq_show+0x200/0x200 [ 522.810099] ip6_xmit+0x216d/0x26a0 [ 522.813767] ? ip6_xmit+0x26a0/0x26a0 [ 522.817583] inet6_csk_xmit+0x3e0/0x4f0 [ 522.821580] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 522.826521] __tcp_transmit_skb+0x425c/0x5e00 [ 522.831086] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 522.835788] ? __mod_timer+0x271f/0x2d70 [ 522.840590] ? __msan_poison_alloca+0x1a0/0x270 [ 522.845307] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 522.850364] tcp_ack+0x91b2/0xa010 [ 522.853929] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 522.859448] tcp_rcv_established+0xf7e/0x2940 [ 522.864057] tcp_v6_do_rcv+0x9f8/0x21b0 [ 522.868071] ? tcp_v6_destroy_sock+0x60/0x60 [ 522.872509] __release_sock+0x32d/0x750 [ 522.876514] __sk_flush_backlog+0x52/0x70 [ 522.880684] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 522.884939] tcp_sendmsg_locked+0xd72/0x6c30 [ 522.889383] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 522.894804] tcp_sendmsg+0xb2/0x100 [ 522.898456] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 522.903137] inet_sendmsg+0x4e9/0x800 [ 522.906960] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 522.912340] ? security_socket_sendmsg+0x1bd/0x200 [ 522.917289] ? inet_getname+0x490/0x490 [ 522.921273] __sys_sendto+0x940/0xb80 [ 522.925113] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 522.930586] ? prepare_exit_to_usermode+0x182/0x4c0 [ 522.935619] __se_sys_sendto+0x107/0x130 [ 522.940413] __x64_sys_sendto+0x6e/0x90 [ 522.944417] do_syscall_64+0xcf/0x110 [ 522.948231] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 522.953426] RIP: 0033:0x457569 [ 522.956629] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 522.975538] RSP: 002b:00007f66e0f8bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 522.983261] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 522.990540] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 522.997815] RBP: 000000000072bfa0 R08: 0000000020000080 R09: 000000000000001c [ 523.005090] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0f8c6d4 [ 523.012371] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 523.019669] Uninit was stored to memory at: [ 523.024004] kmsan_internal_chain_origin+0x136/0x240 [ 523.029121] __msan_chain_origin+0x6d/0xb0 03:47:22 executing program 1: 03:47:22 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:22 executing program 0: syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x100000001, 0x4040) socket$pptp(0x18, 0x1, 0x2) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) preadv(r0, &(0x7f0000001380), 0x1000000000000144, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000004540)='/dev/vcs\x00', 0x2800, 0x0) fsetxattr(r1, &(0x7f0000004580)=ANY=[@ANYBLOB='btrfs2/dev-radio# '], &(0x7f00000045c0)='\x00', 0x1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)={{0x108, 0x28c6e16a, 0xe5cc, 0x329, 0x2a4, 0xffffffff, 0x2b8, 0x7}, "fa4d94d11ab145b71d6872ec2583f483b460a3278fd37ea773be5789f6291f21c959f698", [[], [], []]}, 0x344) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000040)={{0x0, 0x1000, 0x5, 0x100000001, 0x10001, 0x1000}, 0x401}) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r3, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r2, &(0x7f0000000480), 0x258, 0x0) 03:47:22 executing program 1: 03:47:23 executing program 5: getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000200)) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 523.033377] __save_stack_trace+0x8be/0xc60 [ 523.037716] save_stack_trace+0xc6/0x110 [ 523.042315] kmsan_internal_chain_origin+0x136/0x240 [ 523.047444] kmsan_memcpy_origins+0x13d/0x190 [ 523.052227] __msan_memcpy+0x6f/0x80 [ 523.055964] pskb_expand_head+0x436/0x1d20 [ 523.060223] ___pskb_trim+0x3c9/0x1bf0 [ 523.064128] sk_filter_trim_cap+0x5ac/0xa60 [ 523.068472] tcp_filter+0x10c/0x260 [ 523.072108] tcp_v6_rcv+0x45ba/0x5df0 [ 523.075925] ip6_input_finish+0xb53/0x2450 [ 523.080179] ip6_input+0x29d/0x340 [ 523.083734] ip6_rcv_finish+0x4d2/0x710 [ 523.087716] ipv6_rcv+0x34b/0x3f0 [ 523.091187] process_backlog+0x82b/0x11e0 [ 523.095350] net_rx_action+0x98f/0x1d50 [ 523.099338] __do_softirq+0x721/0xc7f [ 523.103137] [ 523.104768] Uninit was stored to memory at: [ 523.109103] kmsan_internal_chain_origin+0x136/0x240 [ 523.114234] __msan_chain_origin+0x6d/0xb0 [ 523.118478] __save_stack_trace+0x8be/0xc60 [ 523.122828] save_stack_trace+0xc6/0x110 [ 523.126907] kmsan_internal_chain_origin+0x136/0x240 03:47:23 executing program 1: [ 523.132032] kmsan_memcpy_origins+0x13d/0x190 [ 523.136541] __msan_memcpy+0x6f/0x80 [ 523.141012] pskb_expand_head+0x436/0x1d20 [ 523.145260] ___pskb_trim+0x3c9/0x1bf0 [ 523.149169] sk_filter_trim_cap+0x5ac/0xa60 [ 523.153499] tcp_filter+0x10c/0x260 [ 523.157132] tcp_v6_rcv+0x45ba/0x5df0 [ 523.160951] ip6_input_finish+0xb53/0x2450 [ 523.165197] ip6_input+0x29d/0x340 [ 523.168747] ip6_rcv_finish+0x4d2/0x710 [ 523.172726] ipv6_rcv+0x34b/0x3f0 [ 523.176211] process_backlog+0x82b/0x11e0 [ 523.180387] net_rx_action+0x98f/0x1d50 [ 523.184371] __do_softirq+0x721/0xc7f [ 523.188179] [ 523.189808] Uninit was stored to memory at: [ 523.194143] kmsan_internal_chain_origin+0x136/0x240 [ 523.199270] __msan_chain_origin+0x6d/0xb0 [ 523.203524] __save_stack_trace+0x8be/0xc60 [ 523.207856] save_stack_trace+0xc6/0x110 [ 523.211937] kmsan_internal_chain_origin+0x136/0x240 [ 523.217063] kmsan_memcpy_origins+0x13d/0x190 [ 523.222081] __msan_memcpy+0x6f/0x80 [ 523.225809] pskb_expand_head+0x436/0x1d20 [ 523.230055] ___pskb_trim+0x3c9/0x1bf0 [ 523.233971] sk_filter_trim_cap+0x5ac/0xa60 [ 523.238302] tcp_filter+0x10c/0x260 [ 523.242654] tcp_v6_rcv+0x45ba/0x5df0 [ 523.246465] ip6_input_finish+0xb53/0x2450 [ 523.250715] ip6_input+0x29d/0x340 [ 523.254266] ip6_rcv_finish+0x4d2/0x710 [ 523.258258] ipv6_rcv+0x34b/0x3f0 [ 523.261726] process_backlog+0x82b/0x11e0 [ 523.265885] net_rx_action+0x98f/0x1d50 [ 523.269877] __do_softirq+0x721/0xc7f [ 523.273672] [ 523.275298] Uninit was stored to memory at: [ 523.279630] kmsan_internal_chain_origin+0x136/0x240 03:47:23 executing program 2: [ 523.284746] __msan_chain_origin+0x6d/0xb0 [ 523.288990] __save_stack_trace+0x8be/0xc60 [ 523.293334] save_stack_trace+0xc6/0x110 [ 523.297410] kmsan_internal_chain_origin+0x136/0x240 [ 523.302542] kmsan_memcpy_origins+0x13d/0x190 [ 523.307045] __msan_memcpy+0x6f/0x80 [ 523.310772] pskb_expand_head+0x436/0x1d20 [ 523.315017] ___pskb_trim+0x3c9/0x1bf0 [ 523.318926] sk_filter_trim_cap+0x5ac/0xa60 [ 523.323258] tcp_filter+0x10c/0x260 [ 523.326910] tcp_v6_rcv+0x45ba/0x5df0 [ 523.326931] ip6_input_finish+0xb53/0x2450 [ 523.326944] ip6_input+0x29d/0x340 [ 523.326957] ip6_rcv_finish+0x4d2/0x710 [ 523.326970] ipv6_rcv+0x34b/0x3f0 [ 523.326987] process_backlog+0x82b/0x11e0 [ 523.327002] net_rx_action+0x98f/0x1d50 [ 523.327018] __do_softirq+0x721/0xc7f [ 523.327023] [ 523.327030] Uninit was stored to memory at: [ 523.327047] kmsan_internal_chain_origin+0x136/0x240 [ 523.327063] __msan_chain_origin+0x6d/0xb0 [ 523.327090] __save_stack_trace+0x8be/0xc60 [ 523.327105] save_stack_trace+0xc6/0x110 [ 523.327121] kmsan_internal_chain_origin+0x136/0x240 [ 523.327136] kmsan_memcpy_origins+0x13d/0x190 [ 523.327151] __msan_memcpy+0x6f/0x80 [ 523.327177] pskb_expand_head+0x436/0x1d20 [ 523.327192] ___pskb_trim+0x3c9/0x1bf0 [ 523.327225] sk_filter_trim_cap+0x5ac/0xa60 [ 523.327240] tcp_filter+0x10c/0x260 [ 523.327253] tcp_v6_rcv+0x45ba/0x5df0 [ 523.327266] ip6_input_finish+0xb53/0x2450 [ 523.327279] ip6_input+0x29d/0x340 [ 523.327292] ip6_rcv_finish+0x4d2/0x710 [ 523.327305] ipv6_rcv+0x34b/0x3f0 [ 523.327320] process_backlog+0x82b/0x11e0 [ 523.327335] net_rx_action+0x98f/0x1d50 [ 523.327349] __do_softirq+0x721/0xc7f [ 523.327355] [ 523.327361] Uninit was stored to memory at: [ 523.327377] kmsan_internal_chain_origin+0x136/0x240 [ 523.327393] __msan_chain_origin+0x6d/0xb0 [ 523.327408] __save_stack_trace+0x8be/0xc60 [ 523.327422] save_stack_trace+0xc6/0x110 [ 523.327439] kmsan_internal_chain_origin+0x136/0x240 [ 523.327454] kmsan_memcpy_origins+0x13d/0x190 [ 523.327469] __msan_memcpy+0x6f/0x80 [ 523.327486] pskb_expand_head+0x436/0x1d20 [ 523.327502] ___pskb_trim+0x3c9/0x1bf0 [ 523.327517] sk_filter_trim_cap+0x5ac/0xa60 [ 523.327532] tcp_filter+0x10c/0x260 [ 523.327545] tcp_v6_rcv+0x45ba/0x5df0 [ 523.327558] ip6_input_finish+0xb53/0x2450 [ 523.327571] ip6_input+0x29d/0x340 [ 523.327584] ip6_rcv_finish+0x4d2/0x710 [ 523.327597] ipv6_rcv+0x34b/0x3f0 [ 523.327612] process_backlog+0x82b/0x11e0 [ 523.327627] net_rx_action+0x98f/0x1d50 [ 523.327641] __do_softirq+0x721/0xc7f [ 523.327646] [ 523.327652] Uninit was stored to memory at: [ 523.327668] kmsan_internal_chain_origin+0x136/0x240 [ 523.327684] __msan_chain_origin+0x6d/0xb0 [ 523.327699] __save_stack_trace+0x8be/0xc60 [ 523.327714] save_stack_trace+0xc6/0x110 [ 523.327731] kmsan_internal_chain_origin+0x136/0x240 [ 523.327746] kmsan_memcpy_origins+0x13d/0x190 [ 523.327762] __msan_memcpy+0x6f/0x80 [ 523.327778] pskb_expand_head+0x436/0x1d20 [ 523.327794] ___pskb_trim+0x3c9/0x1bf0 [ 523.327809] sk_filter_trim_cap+0x5ac/0xa60 [ 523.327823] tcp_filter+0x10c/0x260 [ 523.327836] tcp_v6_rcv+0x45ba/0x5df0 [ 523.327850] ip6_input_finish+0xb53/0x2450 [ 523.327862] ip6_input+0x29d/0x340 [ 523.327876] ip6_rcv_finish+0x4d2/0x710 [ 523.327888] ipv6_rcv+0x34b/0x3f0 [ 523.327903] process_backlog+0x82b/0x11e0 [ 523.327924] net_rx_action+0x98f/0x1d50 [ 523.327938] __do_softirq+0x721/0xc7f [ 523.327944] [ 523.327952] Local variable description: ----v.addr.i.i.i@should_fail [ 523.327958] Variable was created at: [ 523.327974] should_fail+0x14d/0x13c0 [ 523.327990] __should_failslab+0x278/0x2a0 [ 523.381414] not chained 620000 origins [ 523.381434] CPU: 1 PID: 13764 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 523.381443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.381450] Call Trace: [ 523.381459] [ 523.381482] dump_stack+0x32d/0x480 [ 523.381512] kmsan_internal_chain_origin+0x222/0x240 [ 523.381537] ? __local_bh_enable_ip+0x11f/0x260 [ 523.381561] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 523.381577] ? __module_address+0x6a/0x5f0 [ 523.381595] ? is_bpf_text_address+0x3e5/0x4d0 [ 523.381616] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 523.381637] ? is_bpf_text_address+0x49e/0x4d0 [ 523.381660] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 523.381675] ? __module_address+0x6a/0x5f0 [ 523.381699] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 523.381716] ? is_bpf_text_address+0x49e/0x4d0 [ 523.381740] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 523.381766] __msan_chain_origin+0x6d/0xb0 [ 523.381784] ? ip6_input+0x29d/0x340 [ 523.381803] __save_stack_trace+0x8be/0xc60 [ 523.381837] ? ip6_input+0x29d/0x340 03:47:23 executing program 1: 03:47:23 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 523.381858] save_stack_trace+0xc6/0x110 [ 523.381881] kmsan_internal_chain_origin+0x136/0x240 [ 523.381895] ? local_bh_enable+0x36/0x40 [ 523.381927] ? __sk_flush_backlog+0x52/0x70 [ 523.381945] ? kmsan_internal_chain_origin+0x136/0x240 [ 523.381961] ? kmsan_memcpy_origins+0x13d/0x190 [ 523.381977] ? __msan_memcpy+0x6f/0x80 [ 523.381994] ? pskb_expand_head+0x436/0x1d20 [ 523.382010] ? ___pskb_trim+0x3c9/0x1bf0 [ 523.382028] ? sk_filter_trim_cap+0x5ac/0xa60 [ 523.382043] ? tcp_filter+0x10c/0x260 03:47:24 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) socketpair(0x4, 0x7, 0x5, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x113}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f0000000200)={0x14, 0x88, 0xfa00, {r4, 0x1c, 0x0, @ib={0x1b, 0x1f, 0x10000, {"475c8a0e12f62e4e1876103402671207"}, 0x4fb, 0xd0, 0x2}}}, 0x90) getsockopt$inet6_tcp_buf(r3, 0x6, 0x16, &(0x7f00000002c0)=""/18, &(0x7f0000000300)=0x12) listen(r1, 0x3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r5, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) [ 523.382058] ? tcp_v6_rcv+0x45ba/0x5df0 [ 523.382072] ? ip6_input_finish+0xb53/0x2450 [ 523.382086] ? ip6_input+0x29d/0x340 [ 523.382100] ? ip6_rcv_finish+0x4d2/0x710 [ 523.382113] ? ipv6_rcv+0x34b/0x3f0 [ 523.382131] ? process_backlog+0x82b/0x11e0 [ 523.382146] ? net_rx_action+0x98f/0x1d50 [ 523.382172] ? __do_softirq+0x721/0xc7f [ 523.382187] ? do_softirq_own_stack+0x49/0x80 [ 523.382203] ? __local_bh_enable_ip+0x228/0x260 [ 523.382217] ? local_bh_enable+0x36/0x40 [ 523.382232] ? ip6_finish_output2+0x1b1a/0x22d0 03:47:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000140)={@empty, 0x4, 0x0, 0x0, 0xd, 0x100000000}, 0x20) connect$netlink(r1, &(0x7f0000000200), 0xc) [ 523.382249] ? ip6_finish_output+0xc13/0xca0 [ 523.382266] ? ip6_output+0x5e4/0x720 [ 523.382282] ? ip6_xmit+0x216d/0x26a0 [ 523.382297] ? inet6_csk_xmit+0x3e0/0x4f0 [ 523.382311] ? __tcp_transmit_skb+0x425c/0x5e00 [ 523.382326] ? tcp_write_xmit+0x389a/0xacc0 [ 523.382341] ? __tcp_push_pending_frames+0x124/0x4e0 [ 523.382356] ? tcp_data_snd_check+0x1ec/0x1080 [ 523.382370] ? tcp_rcv_established+0x1bb2/0x2940 [ 523.382399] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 523.382415] ? __release_sock+0x32d/0x750 03:47:24 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) fcntl$getown(r0, 0x9) [ 523.382430] ? __sk_flush_backlog+0x52/0x70 [ 523.382447] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 523.382464] ? tcp_sendmsg+0xb2/0x100 [ 523.382481] ? inet_sendmsg+0x4e9/0x800 [ 523.382495] ? __sys_sendto+0x940/0xb80 [ 523.382510] ? __se_sys_sendto+0x107/0x130 [ 523.382523] ? __x64_sys_sendto+0x6e/0x90 [ 523.382539] ? do_syscall_64+0xcf/0x110 [ 523.382559] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 523.382582] ? __msan_get_context_state+0x9/0x20 [ 523.382597] ? INIT_INT+0xc/0x30 [ 523.382614] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 523.382642] kmsan_memcpy_origins+0x13d/0x190 [ 523.382667] __msan_memcpy+0x6f/0x80 [ 523.382687] pskb_expand_head+0x436/0x1d20 [ 523.382725] ___pskb_trim+0x3c9/0x1bf0 [ 523.382762] sk_filter_trim_cap+0x5ac/0xa60 [ 523.382793] tcp_filter+0x10c/0x260 [ 523.382816] tcp_v6_rcv+0x45ba/0x5df0 [ 523.382833] ? __msan_poison_alloca+0x1e0/0x270 [ 523.382887] ? tcp_v6_early_demux+0xc80/0xc80 [ 523.382902] ? tcp_v6_early_demux+0xc80/0xc80 [ 523.382926] ip6_input_finish+0xb53/0x2450 03:47:24 executing program 1: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000140), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000440)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000780), &(0x7f0000000800)) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f0000000180)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) [ 523.382966] ? ip6_input_finish+0x13e1/0x2450 [ 523.382988] ip6_input+0x29d/0x340 [ 523.383010] ? ip6_input+0x340/0x340 [ 523.383027] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 523.383042] ip6_rcv_finish+0x4d2/0x710 [ 523.383065] ipv6_rcv+0x34b/0x3f0 [ 523.383088] ? dst_hold+0x5e0/0x5e0 [ 523.383108] process_backlog+0x82b/0x11e0 [ 523.383123] ? __msan_poison_alloca+0x1e0/0x270 [ 523.383143] ? ip6_rcv_finish+0x710/0x710 [ 523.383181] ? rps_trigger_softirq+0x2e0/0x2e0 [ 523.383200] net_rx_action+0x98f/0x1d50 [ 523.383237] ? net_tx_action+0xf20/0xf20 [ 523.383253] __do_softirq+0x721/0xc7f [ 523.383284] do_softirq_own_stack+0x49/0x80 [ 523.383292] [ 523.383307] __local_bh_enable_ip+0x228/0x260 [ 523.383327] local_bh_enable+0x36/0x40 [ 523.383343] ip6_finish_output2+0x1b1a/0x22d0 [ 523.383383] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 523.383400] ? ip6_mtu+0x289/0x330 [ 523.383422] ip6_finish_output+0xc13/0xca0 [ 523.383454] ip6_output+0x5e4/0x720 [ 523.383480] ? ip6_output+0x720/0x720 [ 523.383498] ? ac6_seq_show+0x200/0x200 [ 523.383515] ip6_xmit+0x216d/0x26a0 [ 523.383556] ? ip6_xmit+0x26a0/0x26a0 [ 523.383577] inet6_csk_xmit+0x3e0/0x4f0 [ 523.383608] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 523.383623] __tcp_transmit_skb+0x425c/0x5e00 [ 523.383671] tcp_write_xmit+0x389a/0xacc0 [ 523.383750] __tcp_push_pending_frames+0x124/0x4e0 [ 523.383773] tcp_data_snd_check+0x1ec/0x1080 [ 523.383801] tcp_rcv_established+0x1bb2/0x2940 [ 523.383850] tcp_v6_do_rcv+0x9f8/0x21b0 [ 523.383880] ? tcp_v6_destroy_sock+0x60/0x60 [ 523.383897] __release_sock+0x32d/0x750 [ 523.383930] __sk_flush_backlog+0x52/0x70 [ 523.383948] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 523.383965] tcp_sendmsg_locked+0xd72/0x6c30 [ 523.383998] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 523.384048] tcp_sendmsg+0xb2/0x100 [ 523.384088] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 523.384106] inet_sendmsg+0x4e9/0x800 [ 523.384127] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 523.384144] ? security_socket_sendmsg+0x1bd/0x200 [ 523.384184] ? inet_getname+0x490/0x490 [ 523.384199] __sys_sendto+0x940/0xb80 [ 523.384239] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 523.384256] ? prepare_exit_to_usermode+0x182/0x4c0 [ 523.384277] __se_sys_sendto+0x107/0x130 [ 523.384302] __x64_sys_sendto+0x6e/0x90 [ 523.384318] do_syscall_64+0xcf/0x110 [ 523.384340] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 523.384354] RIP: 0033:0x457569 [ 523.384370] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 523.384380] RSP: 002b:00007f66e0f8bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 523.384396] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 523.384408] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 523.384418] RBP: 000000000072bfa0 R08: 0000000020000080 R09: 000000000000001c [ 523.384428] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0f8c6d4 [ 523.384438] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 523.384458] Uninit was stored to memory at: [ 523.384476] kmsan_internal_chain_origin+0x136/0x240 [ 523.384491] __msan_chain_origin+0x6d/0xb0 [ 523.384507] __save_stack_trace+0x8be/0xc60 [ 523.384521] save_stack_trace+0xc6/0x110 [ 523.384537] kmsan_internal_chain_origin+0x136/0x240 [ 523.384552] kmsan_memcpy_origins+0x13d/0x190 [ 523.384585] __msan_memcpy+0x6f/0x80 [ 523.384602] pskb_expand_head+0x436/0x1d20 [ 523.384618] ___pskb_trim+0x3c9/0x1bf0 [ 523.384633] sk_filter_trim_cap+0x5ac/0xa60 [ 523.384648] tcp_filter+0x10c/0x260 [ 523.384661] tcp_v6_rcv+0x45ba/0x5df0 [ 523.384675] ip6_input_finish+0xb53/0x2450 [ 523.384689] ip6_input+0x29d/0x340 [ 523.384702] ip6_rcv_finish+0x4d2/0x710 [ 523.384715] ipv6_rcv+0x34b/0x3f0 [ 523.384730] process_backlog+0x82b/0x11e0 [ 523.384746] net_rx_action+0x98f/0x1d50 [ 523.384760] __do_softirq+0x721/0xc7f [ 523.384765] [ 523.384771] Uninit was stored to memory at: [ 523.384788] kmsan_internal_chain_origin+0x136/0x240 [ 523.384804] __msan_chain_origin+0x6d/0xb0 [ 523.384819] __save_stack_trace+0x8be/0xc60 [ 523.384834] save_stack_trace+0xc6/0x110 [ 523.384851] kmsan_internal_chain_origin+0x136/0x240 [ 523.384866] kmsan_memcpy_origins+0x13d/0x190 [ 523.384882] __msan_memcpy+0x6f/0x80 [ 523.384898] pskb_expand_head+0x436/0x1d20 [ 523.384914] ___pskb_trim+0x3c9/0x1bf0 [ 523.384935] sk_filter_trim_cap+0x5ac/0xa60 [ 523.384949] tcp_filter+0x10c/0x260 [ 523.384962] tcp_v6_rcv+0x45ba/0x5df0 [ 523.384976] ip6_input_finish+0xb53/0x2450 [ 523.384989] ip6_input+0x29d/0x340 [ 523.385002] ip6_rcv_finish+0x4d2/0x710 [ 523.385026] ipv6_rcv+0x34b/0x3f0 [ 523.385041] process_backlog+0x82b/0x11e0 [ 523.385056] net_rx_action+0x98f/0x1d50 [ 523.385070] __do_softirq+0x721/0xc7f [ 523.385075] [ 523.385080] Uninit was stored to memory at: [ 523.385096] kmsan_internal_chain_origin+0x136/0x240 [ 523.385111] __msan_chain_origin+0x6d/0xb0 [ 523.385126] __save_stack_trace+0x8be/0xc60 [ 523.385165] save_stack_trace+0xc6/0x110 [ 523.385182] kmsan_internal_chain_origin+0x136/0x240 [ 523.385198] kmsan_memcpy_origins+0x13d/0x190 [ 523.385213] __msan_memcpy+0x6f/0x80 [ 523.385230] pskb_expand_head+0x436/0x1d20 [ 523.385246] ___pskb_trim+0x3c9/0x1bf0 [ 523.385262] sk_filter_trim_cap+0x5ac/0xa60 [ 523.385276] tcp_filter+0x10c/0x260 [ 523.385289] tcp_v6_rcv+0x45ba/0x5df0 [ 523.385302] ip6_input_finish+0xb53/0x2450 [ 523.385315] ip6_input+0x29d/0x340 [ 523.385329] ip6_rcv_finish+0x4d2/0x710 [ 523.385341] ipv6_rcv+0x34b/0x3f0 [ 523.385357] process_backlog+0x82b/0x11e0 [ 523.385372] net_rx_action+0x98f/0x1d50 [ 523.385386] __do_softirq+0x721/0xc7f [ 523.385391] 03:47:24 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x1, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x1) r1 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r1, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x20, @ipv4={[], [], @remote}, 0x9}, 0x1c) fsetxattr$security_evm(r1, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000140)=@sha1={0x1, "58f59904ab8cfbfd134a8b5daecc6a3bd279b5ef"}, 0x15, 0x1) socket$inet6(0xa, 0x6, 0x403) [ 523.385397] Uninit was stored to memory at: [ 523.385414] kmsan_internal_chain_origin+0x136/0x240 [ 523.385430] __msan_chain_origin+0x6d/0xb0 [ 523.385445] __save_stack_trace+0x8be/0xc60 [ 523.385460] save_stack_trace+0xc6/0x110 [ 523.385476] kmsan_internal_chain_origin+0x136/0x240 [ 523.385492] kmsan_memcpy_origins+0x13d/0x190 [ 523.385508] __msan_memcpy+0x6f/0x80 [ 523.385524] pskb_expand_head+0x436/0x1d20 [ 523.385540] ___pskb_trim+0x3c9/0x1bf0 [ 523.385556] sk_filter_trim_cap+0x5ac/0xa60 [ 523.385570] tcp_filter+0x10c/0x260 [ 523.385583] tcp_v6_rcv+0x45ba/0x5df0 [ 523.385597] ip6_input_finish+0xb53/0x2450 [ 523.385610] ip6_input+0x29d/0x340 [ 523.385623] ip6_rcv_finish+0x4d2/0x710 [ 523.385636] ipv6_rcv+0x34b/0x3f0 [ 523.385651] process_backlog+0x82b/0x11e0 [ 523.385666] net_rx_action+0x98f/0x1d50 [ 523.385680] __do_softirq+0x721/0xc7f [ 523.385686] [ 523.385704] Uninit was stored to memory at: [ 523.385719] kmsan_internal_chain_origin+0x136/0x240 [ 523.385735] __msan_chain_origin+0x6d/0xb0 [ 523.385749] __save_stack_trace+0x8be/0xc60 [ 523.385764] save_stack_trace+0xc6/0x110 [ 523.385780] kmsan_internal_chain_origin+0x136/0x240 [ 523.385795] kmsan_memcpy_origins+0x13d/0x190 [ 523.385810] __msan_memcpy+0x6f/0x80 [ 523.385826] pskb_expand_head+0x436/0x1d20 [ 523.385842] ___pskb_trim+0x3c9/0x1bf0 [ 523.385857] sk_filter_trim_cap+0x5ac/0xa60 [ 523.385870] tcp_filter+0x10c/0x260 [ 523.385883] tcp_v6_rcv+0x45ba/0x5df0 [ 523.385896] ip6_input_finish+0xb53/0x2450 [ 523.385908] ip6_input+0x29d/0x340 [ 523.385931] ip6_rcv_finish+0x4d2/0x710 [ 523.385944] ipv6_rcv+0x34b/0x3f0 [ 523.385958] process_backlog+0x82b/0x11e0 [ 523.385973] net_rx_action+0x98f/0x1d50 [ 523.385986] __do_softirq+0x721/0xc7f [ 523.385991] [ 523.385997] Uninit was stored to memory at: [ 523.386013] kmsan_internal_chain_origin+0x136/0x240 [ 523.386028] __msan_chain_origin+0x6d/0xb0 [ 523.386043] __save_stack_trace+0x8be/0xc60 [ 523.386058] save_stack_trace+0xc6/0x110 [ 523.386074] kmsan_internal_chain_origin+0x136/0x240 [ 523.386089] kmsan_memcpy_origins+0x13d/0x190 [ 523.386104] __msan_memcpy+0x6f/0x80 [ 523.386120] pskb_expand_head+0x436/0x1d20 [ 523.386135] ___pskb_trim+0x3c9/0x1bf0 [ 523.386150] sk_filter_trim_cap+0x5ac/0xa60 [ 523.386171] tcp_filter+0x10c/0x260 [ 523.386184] tcp_v6_rcv+0x45ba/0x5df0 [ 523.386197] ip6_input_finish+0xb53/0x2450 [ 523.386209] ip6_input+0x29d/0x340 [ 523.386222] ip6_rcv_finish+0x4d2/0x710 [ 523.386235] ipv6_rcv+0x34b/0x3f0 [ 523.386250] process_backlog+0x82b/0x11e0 [ 523.386264] net_rx_action+0x98f/0x1d50 [ 523.386278] __do_softirq+0x721/0xc7f [ 523.386283] [ 523.386289] Uninit was stored to memory at: [ 523.386304] kmsan_internal_chain_origin+0x136/0x240 [ 523.386320] __msan_chain_origin+0x6d/0xb0 [ 523.386335] __save_stack_trace+0x8be/0xc60 [ 523.386349] save_stack_trace+0xc6/0x110 [ 523.386365] kmsan_internal_chain_origin+0x136/0x240 [ 523.386380] kmsan_memcpy_origins+0x13d/0x190 [ 523.386395] __msan_memcpy+0x6f/0x80 [ 523.386411] pskb_expand_head+0x436/0x1d20 [ 523.386426] ___pskb_trim+0x3c9/0x1bf0 [ 523.386441] sk_filter_trim_cap+0x5ac/0xa60 [ 523.386455] tcp_filter+0x10c/0x260 [ 523.386468] tcp_v6_rcv+0x45ba/0x5df0 [ 523.386481] ip6_input_finish+0xb53/0x2450 [ 523.386493] ip6_input+0x29d/0x340 [ 523.386506] ip6_rcv_finish+0x4d2/0x710 [ 523.386518] ipv6_rcv+0x34b/0x3f0 [ 523.386533] process_backlog+0x82b/0x11e0 [ 523.386548] net_rx_action+0x98f/0x1d50 [ 523.386561] __do_softirq+0x721/0xc7f [ 523.386566] [ 523.386573] Local variable description: ----v.addr.i.i.i@should_fail [ 523.386579] Variable was created at: [ 523.386596] should_fail+0x14d/0x13c0 [ 523.386611] __should_failslab+0x278/0x2a0 [ 524.257862] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 524.270475] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 524.763931] not chained 630000 origins [ 524.763951] CPU: 1 PID: 13828 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 524.763960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.763967] Call Trace: [ 524.763976] [ 524.764000] dump_stack+0x32d/0x480 [ 524.764031] kmsan_internal_chain_origin+0x222/0x240 [ 524.764062] ? __msan_poison_alloca+0x1e0/0x270 [ 525.223990] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 525.224010] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 525.224022] ? __module_address+0x6a/0x5f0 [ 525.224040] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 525.224052] ? in_task_stack+0x12c/0x210 [ 525.224069] ? get_stack_info+0x206/0x220 [ 525.224086] __msan_chain_origin+0x6d/0xb0 [ 525.224101] ? do_syscall_64+0xcf/0x110 [ 525.224115] __save_stack_trace+0x8be/0xc60 [ 525.224140] ? do_syscall_64+0xcf/0x110 [ 525.224167] save_stack_trace+0xc6/0x110 [ 525.224189] kmsan_internal_chain_origin+0x136/0x240 [ 525.224206] ? local_bh_enable+0x36/0x40 [ 525.224229] ? __sk_flush_backlog+0x52/0x70 [ 525.224244] ? kmsan_internal_chain_origin+0x136/0x240 [ 525.224259] ? kmsan_memcpy_origins+0x13d/0x190 [ 525.224274] ? __msan_memcpy+0x6f/0x80 [ 525.224290] ? pskb_expand_head+0x436/0x1d20 [ 525.224305] ? ___pskb_trim+0x3c9/0x1bf0 [ 525.224321] ? sk_filter_trim_cap+0x5ac/0xa60 03:47:25 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x1, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x4) 03:47:25 executing program 2: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='personality\x00') r1 = socket$inet(0x2, 0x4000000000000001, 0x0) writev(r1, &(0x7f0000000a80)=[{&(0x7f0000000280)="a4", 0x1}], 0x1) read(r0, &(0x7f0000000000)=""/19, 0x62) 03:47:25 executing program 1: syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") prctl$intptr(0x1d, 0xfffffffffffff8cf) prctl$void(0x1e) [ 525.224335] ? tcp_filter+0x10c/0x260 [ 525.224348] ? tcp_v6_rcv+0x45ba/0x5df0 [ 525.224362] ? ip6_input_finish+0xb53/0x2450 [ 525.224375] ? ip6_input+0x29d/0x340 [ 525.224389] ? ip6_rcv_finish+0x4d2/0x710 [ 525.224401] ? ipv6_rcv+0x34b/0x3f0 [ 525.224417] ? process_backlog+0x82b/0x11e0 [ 525.224431] ? net_rx_action+0x98f/0x1d50 [ 525.224445] ? __do_softirq+0x721/0xc7f [ 525.224459] ? do_softirq_own_stack+0x49/0x80 [ 525.224474] ? __local_bh_enable_ip+0x228/0x260 [ 525.224486] ? local_bh_enable+0x36/0x40 [ 525.224499] ? ip6_finish_output2+0x1b1a/0x22d0 [ 525.224515] ? ip6_finish_output+0xc13/0xca0 [ 525.224530] ? ip6_output+0x5e4/0x720 [ 525.224544] ? ip6_xmit+0x216d/0x26a0 [ 525.224556] ? inet6_csk_xmit+0x3e0/0x4f0 [ 525.224568] ? __tcp_transmit_skb+0x425c/0x5e00 [ 525.224579] ? tcp_write_xmit+0x389a/0xacc0 [ 525.224591] ? __tcp_push_pending_frames+0x124/0x4e0 [ 525.224603] ? tcp_data_snd_check+0x1ec/0x1080 [ 525.224616] ? tcp_rcv_established+0x1bb2/0x2940 [ 525.224632] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 525.224647] ? __release_sock+0x32d/0x750 [ 525.224663] ? __sk_flush_backlog+0x52/0x70 [ 525.224680] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 525.224695] ? tcp_sendmsg+0xb2/0x100 [ 525.224711] ? inet_sendmsg+0x4e9/0x800 [ 525.224726] ? __sys_sendto+0x940/0xb80 [ 525.224740] ? __se_sys_sendto+0x107/0x130 [ 525.224753] ? __x64_sys_sendto+0x6e/0x90 [ 525.224768] ? do_syscall_64+0xcf/0x110 [ 525.224786] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 525.224809] ? __msan_get_context_state+0x9/0x20 [ 525.224823] ? INIT_INT+0xc/0x30 [ 525.224840] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 525.224865] kmsan_memcpy_origins+0x13d/0x190 [ 525.224884] __msan_memcpy+0x6f/0x80 [ 525.224900] pskb_expand_head+0x436/0x1d20 [ 525.224944] ___pskb_trim+0x3c9/0x1bf0 [ 525.224982] sk_filter_trim_cap+0x5ac/0xa60 [ 525.225012] tcp_filter+0x10c/0x260 [ 525.225035] tcp_v6_rcv+0x45ba/0x5df0 [ 525.225053] ? __msan_poison_alloca+0x1e0/0x270 [ 525.225105] ? tcp_v6_early_demux+0xc80/0xc80 [ 525.225120] ? tcp_v6_early_demux+0xc80/0xc80 [ 525.225135] ip6_input_finish+0xb53/0x2450 [ 525.225175] ? ip6_input_finish+0x13e1/0x2450 [ 525.225193] ip6_input+0x29d/0x340 [ 525.225214] ? ip6_input+0x340/0x340 [ 525.225232] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 525.225247] ip6_rcv_finish+0x4d2/0x710 [ 525.225268] ipv6_rcv+0x34b/0x3f0 [ 525.225290] ? dst_hold+0x5e0/0x5e0 [ 525.225311] process_backlog+0x82b/0x11e0 [ 525.225328] ? __msan_poison_alloca+0x1e0/0x270 [ 525.225349] ? ip6_rcv_finish+0x710/0x710 [ 525.225377] ? rps_trigger_softirq+0x2e0/0x2e0 [ 525.225395] net_rx_action+0x98f/0x1d50 [ 525.225431] ? net_tx_action+0xf20/0xf20 [ 525.225446] __do_softirq+0x721/0xc7f [ 525.225476] do_softirq_own_stack+0x49/0x80 [ 525.225484] [ 525.225500] __local_bh_enable_ip+0x228/0x260 [ 525.225520] local_bh_enable+0x36/0x40 [ 525.225553] ip6_finish_output2+0x1b1a/0x22d0 [ 525.225594] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 525.225612] ? ip6_mtu+0x289/0x330 [ 525.225636] ip6_finish_output+0xc13/0xca0 [ 525.225669] ip6_output+0x5e4/0x720 [ 525.225698] ? ip6_output+0x720/0x720 [ 525.225719] ? ac6_seq_show+0x200/0x200 [ 525.225737] ip6_xmit+0x216d/0x26a0 [ 525.225784] ? ip6_xmit+0x26a0/0x26a0 [ 525.625391] inet6_csk_xmit+0x3e0/0x4f0 [ 525.625425] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 525.625445] __tcp_transmit_skb+0x425c/0x5e00 [ 525.625495] tcp_write_xmit+0x389a/0xacc0 [ 525.625576] __tcp_push_pending_frames+0x124/0x4e0 [ 525.625601] tcp_data_snd_check+0x1ec/0x1080 [ 525.625630] tcp_rcv_established+0x1bb2/0x2940 [ 525.625676] tcp_v6_do_rcv+0x9f8/0x21b0 [ 525.661867] ? tcp_v6_destroy_sock+0x60/0x60 [ 525.661889] __release_sock+0x32d/0x750 [ 525.661936] __sk_flush_backlog+0x52/0x70 [ 525.661957] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 525.661977] tcp_sendmsg_locked+0xd72/0x6c30 [ 525.662016] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 525.662072] tcp_sendmsg+0xb2/0x100 [ 525.662095] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 525.662113] inet_sendmsg+0x4e9/0x800 [ 525.662137] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 525.662156] ? security_socket_sendmsg+0x1bd/0x200 [ 525.662191] ? inet_getname+0x490/0x490 [ 525.662208] __sys_sendto+0x940/0xb80 [ 525.662250] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 525.662269] ? prepare_exit_to_usermode+0x182/0x4c0 [ 525.662291] __se_sys_sendto+0x107/0x130 [ 525.662317] __x64_sys_sendto+0x6e/0x90 [ 525.662335] do_syscall_64+0xcf/0x110 [ 525.662359] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 525.662374] RIP: 0033:0x457569 [ 525.662392] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 525.662402] RSP: 002b:00007f66e0f28c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 525.662418] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 525.662428] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000007 [ 525.662439] RBP: 000000000072c180 R08: 0000000020000080 R09: 000000000000001c [ 525.662451] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0f296d4 [ 525.662462] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 525.662484] Uninit was stored to memory at: [ 525.662503] kmsan_internal_chain_origin+0x136/0x240 [ 525.662519] __msan_chain_origin+0x6d/0xb0 [ 525.662537] __save_stack_trace+0x8be/0xc60 [ 525.662552] save_stack_trace+0xc6/0x110 [ 525.662568] kmsan_internal_chain_origin+0x136/0x240 [ 525.662584] kmsan_memcpy_origins+0x13d/0x190 [ 525.662600] __msan_memcpy+0x6f/0x80 [ 525.662617] pskb_expand_head+0x436/0x1d20 [ 525.662633] ___pskb_trim+0x3c9/0x1bf0 [ 525.662649] sk_filter_trim_cap+0x5ac/0xa60 [ 525.662664] tcp_filter+0x10c/0x260 [ 525.662677] tcp_v6_rcv+0x45ba/0x5df0 [ 525.662691] ip6_input_finish+0xb53/0x2450 [ 525.662703] ip6_input+0x29d/0x340 [ 525.662716] ip6_rcv_finish+0x4d2/0x710 [ 525.662727] ipv6_rcv+0x34b/0x3f0 [ 525.662742] process_backlog+0x82b/0x11e0 [ 525.662755] net_rx_action+0x98f/0x1d50 [ 525.662768] __do_softirq+0x721/0xc7f [ 525.662773] [ 525.662779] Uninit was stored to memory at: 03:47:25 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040)) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:26 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:26 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) fcntl$setpipe(r0, 0x407, 0x3ff) [ 525.662794] kmsan_internal_chain_origin+0x136/0x240 [ 525.662810] __msan_chain_origin+0x6d/0xb0 [ 525.662824] __save_stack_trace+0x8be/0xc60 [ 525.662838] save_stack_trace+0xc6/0x110 [ 525.662853] kmsan_internal_chain_origin+0x136/0x240 [ 525.662869] kmsan_memcpy_origins+0x13d/0x190 [ 525.662884] __msan_memcpy+0x6f/0x80 [ 525.662900] pskb_expand_head+0x436/0x1d20 [ 525.662915] ___pskb_trim+0x3c9/0x1bf0 [ 525.662936] sk_filter_trim_cap+0x5ac/0xa60 [ 525.662950] tcp_filter+0x10c/0x260 [ 525.662963] tcp_v6_rcv+0x45ba/0x5df0 [ 525.662977] ip6_input_finish+0xb53/0x2450 [ 525.662989] ip6_input+0x29d/0x340 [ 525.663001] ip6_rcv_finish+0x4d2/0x710 [ 525.663014] ipv6_rcv+0x34b/0x3f0 [ 525.663029] process_backlog+0x82b/0x11e0 [ 525.663045] net_rx_action+0x98f/0x1d50 [ 525.663059] __do_softirq+0x721/0xc7f [ 525.663064] [ 525.663070] Uninit was stored to memory at: [ 525.663084] kmsan_internal_chain_origin+0x136/0x240 [ 525.663099] __msan_chain_origin+0x6d/0xb0 [ 525.663114] __save_stack_trace+0x8be/0xc60 [ 525.663129] save_stack_trace+0xc6/0x110 [ 525.663145] kmsan_internal_chain_origin+0x136/0x240 [ 525.663170] kmsan_memcpy_origins+0x13d/0x190 [ 525.663184] __msan_memcpy+0x6f/0x80 [ 525.663201] pskb_expand_head+0x436/0x1d20 [ 525.663216] ___pskb_trim+0x3c9/0x1bf0 [ 525.663231] sk_filter_trim_cap+0x5ac/0xa60 [ 525.663245] tcp_filter+0x10c/0x260 [ 525.663257] tcp_v6_rcv+0x45ba/0x5df0 [ 525.663270] ip6_input_finish+0xb53/0x2450 [ 525.663283] ip6_input+0x29d/0x340 [ 525.663295] ip6_rcv_finish+0x4d2/0x710 [ 525.663308] ipv6_rcv+0x34b/0x3f0 [ 525.663323] process_backlog+0x82b/0x11e0 [ 525.663338] net_rx_action+0x98f/0x1d50 [ 525.663352] __do_softirq+0x721/0xc7f [ 525.663357] [ 525.663363] Uninit was stored to memory at: [ 525.663379] kmsan_internal_chain_origin+0x136/0x240 [ 525.663395] __msan_chain_origin+0x6d/0xb0 [ 525.663411] __save_stack_trace+0x8be/0xc60 [ 525.663425] save_stack_trace+0xc6/0x110 [ 525.663441] kmsan_internal_chain_origin+0x136/0x240 [ 525.663457] kmsan_memcpy_origins+0x13d/0x190 [ 525.663471] __msan_memcpy+0x6f/0x80 [ 525.663486] pskb_expand_head+0x436/0x1d20 [ 525.663501] ___pskb_trim+0x3c9/0x1bf0 [ 525.663516] sk_filter_trim_cap+0x5ac/0xa60 [ 525.663530] tcp_filter+0x10c/0x260 [ 525.663543] tcp_v6_rcv+0x45ba/0x5df0 [ 525.663557] ip6_input_finish+0xb53/0x2450 [ 525.663570] ip6_input+0x29d/0x340 [ 525.663582] ip6_rcv_finish+0x4d2/0x710 [ 525.663594] ipv6_rcv+0x34b/0x3f0 [ 525.663608] process_backlog+0x82b/0x11e0 [ 525.663624] net_rx_action+0x98f/0x1d50 [ 525.663638] __do_softirq+0x721/0xc7f [ 525.663643] [ 525.663649] Uninit was stored to memory at: [ 525.663666] kmsan_internal_chain_origin+0x136/0x240 [ 525.663681] __msan_chain_origin+0x6d/0xb0 [ 525.663694] __save_stack_trace+0x8be/0xc60 [ 525.663709] save_stack_trace+0xc6/0x110 [ 525.663724] kmsan_internal_chain_origin+0x136/0x240 [ 525.663740] kmsan_memcpy_origins+0x13d/0x190 [ 525.663756] __msan_memcpy+0x6f/0x80 [ 525.663772] pskb_expand_head+0x436/0x1d20 [ 525.663788] ___pskb_trim+0x3c9/0x1bf0 [ 525.663803] sk_filter_trim_cap+0x5ac/0xa60 [ 525.663816] tcp_filter+0x10c/0x260 [ 525.663829] tcp_v6_rcv+0x45ba/0x5df0 [ 525.663841] ip6_input_finish+0xb53/0x2450 [ 525.663853] ip6_input+0x29d/0x340 [ 525.663865] ip6_rcv_finish+0x4d2/0x710 [ 525.663877] ipv6_rcv+0x34b/0x3f0 [ 525.663892] process_backlog+0x82b/0x11e0 [ 525.663906] net_rx_action+0x98f/0x1d50 [ 525.663927] __do_softirq+0x721/0xc7f [ 525.663932] [ 525.663938] Uninit was stored to memory at: [ 525.663954] kmsan_internal_chain_origin+0x136/0x240 [ 525.663970] __msan_chain_origin+0x6d/0xb0 [ 525.663985] __save_stack_trace+0x8be/0xc60 [ 525.664000] save_stack_trace+0xc6/0x110 [ 525.664016] kmsan_internal_chain_origin+0x136/0x240 [ 525.664032] kmsan_memcpy_origins+0x13d/0x190 [ 525.664048] __msan_memcpy+0x6f/0x80 [ 525.664064] pskb_expand_head+0x436/0x1d20 [ 525.664080] ___pskb_trim+0x3c9/0x1bf0 [ 525.664095] sk_filter_trim_cap+0x5ac/0xa60 [ 525.664109] tcp_filter+0x10c/0x260 [ 525.664122] tcp_v6_rcv+0x45ba/0x5df0 [ 525.664136] ip6_input_finish+0xb53/0x2450 [ 525.664149] ip6_input+0x29d/0x340 [ 525.664171] ip6_rcv_finish+0x4d2/0x710 [ 525.664184] ipv6_rcv+0x34b/0x3f0 [ 525.664199] process_backlog+0x82b/0x11e0 [ 525.664214] net_rx_action+0x98f/0x1d50 [ 525.664228] __do_softirq+0x721/0xc7f [ 525.664233] [ 525.664239] Uninit was stored to memory at: [ 525.664256] kmsan_internal_chain_origin+0x136/0x240 [ 525.664272] __msan_chain_origin+0x6d/0xb0 [ 525.664288] __save_stack_trace+0x8be/0xc60 [ 525.664303] save_stack_trace+0xc6/0x110 [ 525.664319] kmsan_internal_chain_origin+0x136/0x240 [ 525.664334] kmsan_memcpy_origins+0x13d/0x190 [ 525.664350] __msan_memcpy+0x6f/0x80 [ 525.664367] pskb_expand_head+0x436/0x1d20 [ 525.664383] ___pskb_trim+0x3c9/0x1bf0 [ 525.664398] sk_filter_trim_cap+0x5ac/0xa60 [ 525.664411] tcp_filter+0x10c/0x260 [ 525.664422] tcp_v6_rcv+0x45ba/0x5df0 [ 525.664434] ip6_input_finish+0xb53/0x2450 [ 525.664446] ip6_input+0x29d/0x340 [ 525.664458] ip6_rcv_finish+0x4d2/0x710 [ 525.664470] ipv6_rcv+0x34b/0x3f0 [ 525.664484] process_backlog+0x82b/0x11e0 [ 525.664498] net_rx_action+0x98f/0x1d50 [ 525.664511] __do_softirq+0x721/0xc7f [ 525.664516] [ 525.664524] Local variable description: ----v.addr.i.i.i@update_load_avg [ 525.664530] Variable was created at: [ 525.664544] update_load_avg+0xbd/0x1db0 [ 525.664557] enqueue_task_fair+0x565/0x880 [ 525.710134] ptrace attach of "/root/syz-executor2"[13842] was attempted by "/root/syz-executor2"[13844] 03:47:26 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:26 executing program 1: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000140), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000780), &(0x7f0000000800)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f00000000c0)) creat(&(0x7f00000001c0)='./file1\x00', 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:47:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000140)={@empty, 0x0, 0x0, 0x0, 0xd, 0x0, 0x8, 0x5}, 0x20) connect$netlink(r1, &(0x7f0000000200), 0xc) 03:47:26 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic, 0x80, &(0x7f0000000540)=[{&(0x7f0000000100)=""/107, 0x6b}, {&(0x7f0000000240)=""/119, 0x77}, {&(0x7f00000002c0)=""/114, 0x72}, {&(0x7f0000000340)=""/238, 0xee}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5, &(0x7f00000005c0)=""/135, 0x87, 0xce47}, 0x2000) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) write$P9_RLOPEN(r0, &(0x7f0000000680)={0x18, 0xd, 0x2, {{0x1, 0x0, 0x2}, 0x1ee5}}, 0x18) 03:47:26 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x9) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 526.817251] not chained 640000 origins [ 526.821213] CPU: 1 PID: 13888 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 526.828494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.837940] Call Trace: [ 526.841261] [ 526.843423] dump_stack+0x32d/0x480 [ 526.847072] kmsan_internal_chain_origin+0x222/0x240 [ 526.852214] ? __local_bh_enable_ip+0x11f/0x260 [ 526.856987] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 526.862360] ? __module_address+0x6a/0x5f0 [ 526.866602] ? is_bpf_text_address+0x3e5/0x4d0 [ 526.871208] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 526.876591] ? is_bpf_text_address+0x49e/0x4d0 [ 526.881214] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 526.886598] ? __module_address+0x6a/0x5f0 [ 526.890867] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 526.896325] ? in_task_stack+0x12c/0x210 [ 526.900401] ? get_stack_info+0x206/0x220 [ 526.904648] __msan_chain_origin+0x6d/0xb0 [ 526.908912] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 526.913513] __save_stack_trace+0x8be/0xc60 [ 526.917881] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 526.922486] save_stack_trace+0xc6/0x110 [ 526.926568] kmsan_internal_chain_origin+0x136/0x240 [ 526.931678] ? local_bh_enable+0x36/0x40 [ 526.935848] ? __sk_flush_backlog+0x52/0x70 [ 526.940680] ? kmsan_internal_chain_origin+0x136/0x240 [ 526.945969] ? kmsan_memcpy_origins+0x13d/0x190 [ 526.950662] ? __msan_memcpy+0x6f/0x80 [ 526.954561] ? pskb_expand_head+0x436/0x1d20 [ 526.958977] ? ___pskb_trim+0x3c9/0x1bf0 [ 526.963047] ? sk_filter_trim_cap+0x5ac/0xa60 03:47:27 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0x80, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000080)={r1, 0x10000}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20040000008912, &(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') preadv(r0, &(0x7f0000000040), 0x0, 0x3) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000440)={0x1bcb, 0x3}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@ipv4={[], [], @loopback}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f0000000140)=0x2bb) r4 = getegid() mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='fuse\x00', 0x2000000, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f6465e130303030303030303030303030303030303135303030302c757365725f69643d", @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r4, @ANYBLOB=',max_read=0x0000000000000002,smackfsroot=/dev/radio#\x00,smackfshat=,mask=MAY_EXEC,subj_role=/dev/radio#\x00,\x00']) syz_open_dev$video(&(0x7f0000000240)='/dev/video#\x00', 0x2, 0x1) write$binfmt_aout(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="cf0100031d0100005a03000001000000ed0200000600000000000000000000007e6afd280c49db0736549d10272d842bc5b343767ea52efc9d4b2bda4b8cbab10ec85199acd464dcaf290c771080c6398f6f8cd0f12d4109605241b840e5c2aef8ff705efab344c75c0c71e6ce1d265beef6eb5cf3141bc257bc7e96a5f370459c48542a38d8fdceaa1e4fdf2d5682707021ae9df6c2075cc159eff2feac8ccc0fe271bf561f86278b9681d59cd0e469cb04c5fd09ff917530af5e6060ccd666bef2347380223f0d6d5dafee877d718473d3b0bdf97fd109cc98830fb92c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009f0000000000000000000000000000000000000000000000000000000000000000000000"], 0x5de) [ 526.967556] ? tcp_filter+0x10c/0x260 [ 526.971378] ? tcp_v6_rcv+0x45ba/0x5df0 [ 526.975359] ? ip6_input_finish+0xb53/0x2450 [ 526.979773] ? ip6_input+0x29d/0x340 [ 526.983518] ? ip6_rcv_finish+0x4d2/0x710 [ 526.987673] ? ipv6_rcv+0x34b/0x3f0 [ 526.991314] ? process_backlog+0x82b/0x11e0 [ 526.995648] ? net_rx_action+0x98f/0x1d50 [ 526.999806] ? __do_softirq+0x721/0xc7f [ 527.003791] ? do_softirq_own_stack+0x49/0x80 [ 527.008326] ? __local_bh_enable_ip+0x228/0x260 [ 527.013003] ? local_bh_enable+0x36/0x40 03:47:27 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x8, 0x40, 0xfffffffffffffff8, 0x2c7b, 0x9}, &(0x7f0000000040)=0x14) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r2, 0x2, 0x4}, &(0x7f0000000180)=0xc) getsockopt$inet6_opts(r0, 0x29, 0xc85bc0781a4f208a, &(0x7f00000001c0)=""/71, &(0x7f0000000240)=0x47) socket(0x5, 0x0, 0x2) [ 527.017075] ? ip6_finish_output2+0x1b1a/0x22d0 [ 527.021757] ? ip6_finish_output+0xc13/0xca0 [ 527.026184] ? ip6_output+0x5e4/0x720 [ 527.030000] ? ip6_xmit+0x216d/0x26a0 [ 527.033812] ? inet6_csk_xmit+0x3e0/0x4f0 [ 527.037974] ? __tcp_transmit_skb+0x425c/0x5e00 [ 527.043360] ? tcp_write_xmit+0x389a/0xacc0 [ 527.047690] ? __tcp_push_pending_frames+0x124/0x4e0 [ 527.053006] ? tcp_data_snd_check+0x1ec/0x1080 [ 527.057601] ? tcp_rcv_established+0x1bb2/0x2940 [ 527.062385] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 527.066548] ? __release_sock+0x32d/0x750 [ 527.070708] ? __sk_flush_backlog+0x52/0x70 [ 527.075045] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 527.079644] ? tcp_sendmsg+0xb2/0x100 [ 527.083457] ? inet_sendmsg+0x4e9/0x800 [ 527.087446] ? __sys_sendto+0x940/0xb80 [ 527.091452] ? __se_sys_sendto+0x107/0x130 [ 527.095701] ? __x64_sys_sendto+0x6e/0x90 [ 527.099879] ? do_syscall_64+0xcf/0x110 [ 527.103866] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 527.109247] ? __msan_get_context_state+0x9/0x20 [ 527.114013] ? INIT_INT+0xc/0x30 [ 527.117503] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 527.122896] kmsan_memcpy_origins+0x13d/0x190 [ 527.127438] __msan_memcpy+0x6f/0x80 [ 527.131182] pskb_expand_head+0x436/0x1d20 [ 527.135449] ___pskb_trim+0x3c9/0x1bf0 [ 527.139373] sk_filter_trim_cap+0x5ac/0xa60 [ 527.144229] tcp_filter+0x10c/0x260 [ 527.147876] tcp_v6_rcv+0x45ba/0x5df0 [ 527.151693] ? __msan_poison_alloca+0x1e0/0x270 [ 527.156414] ? tcp_v6_early_demux+0xc80/0xc80 [ 527.160927] ? tcp_v6_early_demux+0xc80/0xc80 [ 527.165444] ip6_input_finish+0xb53/0x2450 [ 527.169715] ? ip6_input_finish+0x13e1/0x2450 [ 527.174247] ip6_input+0x29d/0x340 [ 527.177808] ? ip6_input+0x340/0x340 [ 527.181637] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 527.186062] ip6_rcv_finish+0x4d2/0x710 [ 527.190075] ipv6_rcv+0x34b/0x3f0 [ 527.193549] ? dst_hold+0x5e0/0x5e0 [ 527.197287] process_backlog+0x82b/0x11e0 [ 527.201462] ? __msan_poison_alloca+0x1e0/0x270 [ 527.206179] ? ip6_rcv_finish+0x710/0x710 [ 527.210369] ? rps_trigger_softirq+0x2e0/0x2e0 [ 527.214964] net_rx_action+0x98f/0x1d50 [ 527.219505] ? net_tx_action+0xf20/0xf20 [ 527.223582] __do_softirq+0x721/0xc7f [ 527.227410] do_softirq_own_stack+0x49/0x80 [ 527.231736] [ 527.233989] __local_bh_enable_ip+0x228/0x260 [ 527.238504] local_bh_enable+0x36/0x40 [ 527.243098] ip6_finish_output2+0x1b1a/0x22d0 [ 527.247633] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 527.253013] ? ip6_mtu+0x289/0x330 [ 527.256576] ip6_finish_output+0xc13/0xca0 [ 527.260838] ip6_output+0x5e4/0x720 [ 527.264492] ? ip6_output+0x720/0x720 [ 527.268309] ? ac6_seq_show+0x200/0x200 [ 527.272300] ip6_xmit+0x216d/0x26a0 [ 527.275974] ? ip6_xmit+0x26a0/0x26a0 [ 527.279791] inet6_csk_xmit+0x3e0/0x4f0 [ 527.283791] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 527.288752] __tcp_transmit_skb+0x425c/0x5e00 [ 527.293295] tcp_write_xmit+0x389a/0xacc0 [ 527.297573] __tcp_push_pending_frames+0x124/0x4e0 [ 527.302529] tcp_data_snd_check+0x1ec/0x1080 [ 527.306963] tcp_rcv_established+0x1bb2/0x2940 [ 527.311580] tcp_v6_do_rcv+0x9f8/0x21b0 [ 527.315589] ? tcp_v6_destroy_sock+0x60/0x60 [ 527.320030] __release_sock+0x32d/0x750 [ 527.324053] __sk_flush_backlog+0x52/0x70 [ 527.328324] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 527.332581] tcp_sendmsg_locked+0xd72/0x6c30 [ 527.337107] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 527.343241] tcp_sendmsg+0xb2/0x100 [ 527.346890] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 527.351582] inet_sendmsg+0x4e9/0x800 [ 527.355420] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 527.360797] ? security_socket_sendmsg+0x1bd/0x200 [ 527.365751] ? inet_getname+0x490/0x490 [ 527.369742] __sys_sendto+0x940/0xb80 [ 527.373577] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 527.379039] ? prepare_exit_to_usermode+0x182/0x4c0 [ 527.384082] __se_sys_sendto+0x107/0x130 [ 527.388176] __x64_sys_sendto+0x6e/0x90 [ 527.392189] do_syscall_64+0xcf/0x110 [ 527.396094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 527.401297] RIP: 0033:0x457569 [ 527.404505] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 527.423413] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 527.431214] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 527.438490] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000006 [ 527.446468] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 527.453746] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 527.461025] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 527.468316] Uninit was stored to memory at: [ 527.472656] kmsan_internal_chain_origin+0x136/0x240 [ 527.477767] __msan_chain_origin+0x6d/0xb0 [ 527.482014] __save_stack_trace+0x8be/0xc60 [ 527.486344] save_stack_trace+0xc6/0x110 [ 527.490419] kmsan_internal_chain_origin+0x136/0x240 [ 527.495527] kmsan_memcpy_origins+0x13d/0x190 [ 527.500034] __msan_memcpy+0x6f/0x80 [ 527.503760] pskb_expand_head+0x436/0x1d20 [ 527.508001] ___pskb_trim+0x3c9/0x1bf0 [ 527.511894] sk_filter_trim_cap+0x5ac/0xa60 [ 527.516231] tcp_filter+0x10c/0x260 03:47:27 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001}, 0x1c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 527.519864] tcp_v6_rcv+0x45ba/0x5df0 [ 527.523675] ip6_input_finish+0xb53/0x2450 [ 527.527932] ip6_input+0x29d/0x340 [ 527.531480] ip6_rcv_finish+0x4d2/0x710 [ 527.535460] ipv6_rcv+0x34b/0x3f0 [ 527.538927] process_backlog+0x82b/0x11e0 [ 527.543784] net_rx_action+0x98f/0x1d50 [ 527.547767] __do_softirq+0x721/0xc7f [ 527.551567] [ 527.553193] Uninit was stored to memory at: [ 527.557528] kmsan_internal_chain_origin+0x136/0x240 [ 527.562646] __msan_chain_origin+0x6d/0xb0 [ 527.566898] __save_stack_trace+0x8be/0xc60 [ 527.571254] save_stack_trace+0xc6/0x110 [ 527.575329] kmsan_internal_chain_origin+0x136/0x240 [ 527.580443] kmsan_memcpy_origins+0x13d/0x190 [ 527.584954] __msan_memcpy+0x6f/0x80 [ 527.588692] pskb_expand_head+0x436/0x1d20 [ 527.593068] ___pskb_trim+0x3c9/0x1bf0 [ 527.596966] sk_filter_trim_cap+0x5ac/0xa60 [ 527.601300] tcp_filter+0x10c/0x260 [ 527.604942] tcp_v6_rcv+0x45ba/0x5df0 [ 527.608749] ip6_input_finish+0xb53/0x2450 [ 527.612992] ip6_input+0x29d/0x340 [ 527.616538] ip6_rcv_finish+0x4d2/0x710 [ 527.620519] ipv6_rcv+0x34b/0x3f0 [ 527.623984] process_backlog+0x82b/0x11e0 [ 527.628141] net_rx_action+0x98f/0x1d50 [ 527.632135] __do_softirq+0x721/0xc7f [ 527.635939] [ 527.637565] Uninit was stored to memory at: [ 527.642407] kmsan_internal_chain_origin+0x136/0x240 [ 527.647522] __msan_chain_origin+0x6d/0xb0 [ 527.651771] __save_stack_trace+0x8be/0xc60 [ 527.656102] save_stack_trace+0xc6/0x110 [ 527.660203] kmsan_internal_chain_origin+0x136/0x240 [ 527.665321] kmsan_memcpy_origins+0x13d/0x190 03:47:27 executing program 1: [ 527.669833] __msan_memcpy+0x6f/0x80 [ 527.673561] pskb_expand_head+0x436/0x1d20 [ 527.677811] ___pskb_trim+0x3c9/0x1bf0 [ 527.681712] sk_filter_trim_cap+0x5ac/0xa60 [ 527.686043] tcp_filter+0x10c/0x260 [ 527.689679] tcp_v6_rcv+0x45ba/0x5df0 [ 527.693489] ip6_input_finish+0xb53/0x2450 [ 527.697730] ip6_input+0x29d/0x340 [ 527.701284] ip6_rcv_finish+0x4d2/0x710 [ 527.705265] ipv6_rcv+0x34b/0x3f0 [ 527.708731] process_backlog+0x82b/0x11e0 [ 527.712895] net_rx_action+0x98f/0x1d50 [ 527.716887] __do_softirq+0x721/0xc7f [ 527.720692] [ 527.722322] Uninit was stored to memory at: [ 527.726660] kmsan_internal_chain_origin+0x136/0x240 [ 527.731868] __msan_chain_origin+0x6d/0xb0 [ 527.736117] __save_stack_trace+0x8be/0xc60 [ 527.741031] save_stack_trace+0xc6/0x110 [ 527.745113] kmsan_internal_chain_origin+0x136/0x240 [ 527.750234] kmsan_memcpy_origins+0x13d/0x190 [ 527.754746] __msan_memcpy+0x6f/0x80 [ 527.758476] pskb_expand_head+0x436/0x1d20 [ 527.762728] ___pskb_trim+0x3c9/0x1bf0 [ 527.766629] sk_filter_trim_cap+0x5ac/0xa60 [ 527.770962] tcp_filter+0x10c/0x260 [ 527.774600] tcp_v6_rcv+0x45ba/0x5df0 [ 527.778415] ip6_input_finish+0xb53/0x2450 [ 527.782664] ip6_input+0x29d/0x340 [ 527.786216] ip6_rcv_finish+0x4d2/0x710 [ 527.790216] ipv6_rcv+0x34b/0x3f0 [ 527.793685] process_backlog+0x82b/0x11e0 [ 527.797848] net_rx_action+0x98f/0x1d50 [ 527.801839] __do_softirq+0x721/0xc7f [ 527.805648] [ 527.807287] Uninit was stored to memory at: [ 527.811623] kmsan_internal_chain_origin+0x136/0x240 [ 527.816745] __msan_chain_origin+0x6d/0xb0 03:47:27 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xf, &(0x7f0000000040)=0x5, 0x4) [ 527.820998] __save_stack_trace+0x8be/0xc60 [ 527.825336] save_stack_trace+0xc6/0x110 [ 527.829416] kmsan_internal_chain_origin+0x136/0x240 [ 527.834532] kmsan_memcpy_origins+0x13d/0x190 [ 527.839045] __msan_memcpy+0x6f/0x80 [ 527.843290] pskb_expand_head+0x436/0x1d20 [ 527.847636] ___pskb_trim+0x3c9/0x1bf0 [ 527.851542] sk_filter_trim_cap+0x5ac/0xa60 [ 527.855884] tcp_filter+0x10c/0x260 [ 527.859531] tcp_v6_rcv+0x45ba/0x5df0 [ 527.863346] ip6_input_finish+0xb53/0x2450 [ 527.867594] ip6_input+0x29d/0x340 [ 527.871152] ip6_rcv_finish+0x4d2/0x710 [ 527.875175] ipv6_rcv+0x34b/0x3f0 [ 527.878647] process_backlog+0x82b/0x11e0 [ 527.882809] net_rx_action+0x98f/0x1d50 [ 527.886799] __do_softirq+0x721/0xc7f [ 527.890603] [ 527.892237] Uninit was stored to memory at: [ 527.896583] kmsan_internal_chain_origin+0x136/0x240 [ 527.901706] __msan_chain_origin+0x6d/0xb0 [ 527.905960] __save_stack_trace+0x8be/0xc60 [ 527.910301] save_stack_trace+0xc6/0x110 [ 527.914380] kmsan_internal_chain_origin+0x136/0x240 [ 527.919499] kmsan_memcpy_origins+0x13d/0x190 [ 527.924011] __msan_memcpy+0x6f/0x80 [ 527.927744] pskb_expand_head+0x436/0x1d20 [ 527.931994] ___pskb_trim+0x3c9/0x1bf0 [ 527.935897] sk_filter_trim_cap+0x5ac/0xa60 [ 527.940782] tcp_filter+0x10c/0x260 [ 527.944426] tcp_v6_rcv+0x45ba/0x5df0 [ 527.948241] ip6_input_finish+0xb53/0x2450 [ 527.952491] ip6_input+0x29d/0x340 [ 527.956047] ip6_rcv_finish+0x4d2/0x710 [ 527.960035] ipv6_rcv+0x34b/0x3f0 [ 527.963509] process_backlog+0x82b/0x11e0 [ 527.967679] net_rx_action+0x98f/0x1d50 [ 527.971684] __do_softirq+0x721/0xc7f [ 527.975492] [ 527.977128] Uninit was stored to memory at: [ 527.981478] kmsan_internal_chain_origin+0x136/0x240 [ 527.986597] __msan_chain_origin+0x6d/0xb0 [ 527.990851] __save_stack_trace+0x8be/0xc60 [ 527.995205] save_stack_trace+0xc6/0x110 [ 527.999288] kmsan_internal_chain_origin+0x136/0x240 [ 528.004411] kmsan_memcpy_origins+0x13d/0x190 [ 528.008931] __msan_memcpy+0x6f/0x80 [ 528.012668] pskb_expand_head+0x436/0x1d20 [ 528.016929] ___pskb_trim+0x3c9/0x1bf0 [ 528.020831] sk_filter_trim_cap+0x5ac/0xa60 [ 528.025182] tcp_filter+0x10c/0x260 [ 528.028823] tcp_v6_rcv+0x45ba/0x5df0 [ 528.032645] ip6_input_finish+0xb53/0x2450 [ 528.036897] ip6_input+0x29d/0x340 [ 528.041027] ip6_rcv_finish+0x4d2/0x710 [ 528.045015] ipv6_rcv+0x34b/0x3f0 [ 528.048480] process_backlog+0x82b/0x11e0 [ 528.052647] net_rx_action+0x98f/0x1d50 [ 528.056640] __do_softirq+0x721/0xc7f [ 528.060444] [ 528.062081] Local variable description: ----v.addr.i.i.i@should_fail [ 528.068579] Variable was created at: [ 528.072312] should_fail+0x14d/0x13c0 [ 528.076127] __should_failslab+0x278/0x2a0 [ 528.176881] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 528.196446] print_req_error: 120 callbacks suppressed [ 528.196473] print_req_error: I/O error, dev loop3, sector 0 [ 528.207782] buffer_io_error: 120 callbacks suppressed [ 528.207808] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 528.220976] print_req_error: I/O error, dev loop3, sector 8 [ 528.226898] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 528.235047] print_req_error: I/O error, dev loop3, sector 16 [ 528.241279] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 528.249173] print_req_error: I/O error, dev loop3, sector 24 [ 528.255241] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 528.263201] print_req_error: I/O error, dev loop3, sector 32 [ 528.269061] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 528.276915] print_req_error: I/O error, dev loop3, sector 40 [ 528.282855] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 528.290626] print_req_error: I/O error, dev loop3, sector 48 [ 528.296579] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 528.304856] print_req_error: I/O error, dev loop3, sector 56 [ 528.310713] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 528.318589] print_req_error: I/O error, dev loop3, sector 64 [ 528.324526] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 528.329257] print_req_error: I/O error, dev loop3, sector 72 [ 528.332395] Buffer I/O error on dev loop3, logical block 10, lost async page write 03:47:28 executing program 0: ioctl$VIDIOC_QUERYBUF(0xffffffffffffff9c, 0xc0585609, &(0x7f0000000040)={0x20, 0xf, 0x4, 0x40, {0x0, 0x2710}, {0x5, 0x3, 0x1ff, 0x5, 0xf9e9, 0x3, "a068ae9d"}, 0x7, 0x3, @fd=0xffffffffffffff9c, 0x4}) preadv(r0, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x3c4}], 0x3b6, 0x0) r1 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x0, 0x20040) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000240)={&(0x7f00000002c0)=[0x9], 0x1, 0x3, 0x3, 0x1f, 0x20, 0x2, {0x4, 0x6, 0xffffffff, 0x9, 0x1000, 0xfffffffe, 0xffffffff00000001, 0x0, 0x100000000, 0x80000000, 0xffffffff, 0x3, 0x3, 0xffffffff, "1f52d05328fefad0af2ec1519ea068d55e6b08dc5f6829715a959c5b47f4826a"}}) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000340)={r3, 0x10001}, 0x8) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000140)=[{0x2, 0x8}, {0x4, 0x101}], 0x2) ioctl(r4, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r2, &(0x7f0000000480), 0x258, 0x0) 03:47:28 executing program 1: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000140), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000440)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000780), &(0x7f0000000800)) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f0000000180)) creat(&(0x7f00000001c0)='./file1\x00', 0x5) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 03:47:28 executing program 2: getgroups(0x0, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)) getdents(r0, &(0x7f0000000200)=""/68, 0x20000244) clone(0x0, &(0x7f0000000280)="a4952a4588c4c33c6e8cddd63f25f7c4c5f6b310616cd4fef8345ddedf8dc99f3550deb414a699f9fc5d03ba150a9a1d5607e855199f82b3695fac45d2c5748b0938e65df0cb5a24fc2df3c028e087bdfe116ccdf3fbb9e015e417fd033e86bdf0d3bca2f60cdb8e073f", &(0x7f0000000100), &(0x7f0000000180), &(0x7f0000000340)="ae") 03:47:28 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="04005f0000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB="319479510221339c519d2cb45cfb7ceafb05dac993480f20ba8a2e536f9274663a55e53981eb8ec12a7b8cf408510b4e6fd5d54a5b2f59de46c8661d40b70b7421a19d75d288a65e21e528a26160cb0a3d9da4ac3c9a865930c674808c6a01da09a5e4c1c0c2add5347af41cf92d55843804f3ac2b399b2f6fb2dd5389ccedcba1dd8fc8a29b6f791408bad7fad80aec1f1a99a27249615a898dd475ddc28b0f29ef338562de83fa7e03bcaac93e4c2ad3c253dd6741a8c703abb7536721485516b8039853756d2178a4abc05f8aca3a4981a32315d79f1c3dce5f44294b0317c66c6d01f579808724b35d8244d64aa6"], @ANYBLOB="07db000807008b4912000000090000003a051a28e648e39498ce80d7c1fc09e0d69e283d3cce84f90a5133794330416f1ca88197c82e318566fbbe37106ebad8027ceae45f60da8c77c490d0c721d1fa3dcf6360ed73b03b5eb89d6d23441bd6d33ccd8065b12478836148737e4523e29a3769425f723e847e941a4ca1c43e46bc6aaff09e14299c980c186241578b60067687747484843c6a703525153767d50cefd7056d22f2ef26d09a7603c91747f1f049d0cf1996d9ddb6cf1b9fb055b24222a693e702d6a970837a52c04d0a176172280001a9bdf1d1ac5acf6b964b49c4c606bde74f203a42c24e1ad0572f37701688f8e728db98704e39dbcf9b3cfaac583f6f0b95138b023c7bc67120934d78defd1e79fe1125459a3fdb669536abdde42834b418f0b4e1fab780cc46eb9f2844fbeaecfbceda69dd07b8ebb05086a373f4df96fe2fad6e069d8bc7406fb0bcc9ea6da024c2b53a500b20f11593f2fbbe22986a84c05c695eab41398131b63365d561e98e3d12da175fcd689aca5f0c074e5d262c71946bc0ad5a53df757cfaa3850e2288efa8a9894b3e3681ebeae8b5ac452f18e9d4408fc2da0e1d71c09c91979b8170646f6ffdfb950b915b39b09e4bc2e60c42fd259dcfded162fb553ae0c46520752f5fd5ce7886004c1cee2fc71e1f1b4a22d90b95dc0b6a4fcc18ccf0d5d6983ce37f725f492a7647b1f95352ae3a2dc1f11ae49a21fb2eac037da2745beb275ffc35d3575334ca097409ba9957a2ca3a5d9cf080e3c17f8aaa0e4bfa22f694f9413bb7f8c124eece3c641faf69ae476f3fa5240f6d06fea79935cb7c999a1061d75136367f36b549255dd53f7416b06f9e8931c1d76cbcd5692e0726f828b3926a0940fdf779c210432ec0143c738940cc0b97d422b001e1defaa07c23f6debdf5a0c6f026a9188befe436d3a601f807e85082350010cf06490dbbe3f27ba990065d847cee7b787c41b6db7265d46901d61593e7805ddd7e10a05c9339832b296cb53ca91b63f91d04bf94819d2f14111344897266849f628e737990ce95a78fbfa75e48ff4d4090640480a1fcc4ae9da9067262861ac4ed4b7a109b439e83fd900ab1be78d7cb4a4cb4d355b77d92bb47fe0c7cc8d7ae1ccac213d1facacaca3b0759e1518f1b4ef5405a95bee8fd51e0915bf13b8372089e9494571f7fd72307b0f45dea3ca23aa1468e0beca42f24ecd98db2fdf15749979d3cd35dee15c195e423719d3e01f38047132f5aad40a3474c04f77ec4c0adaf6b72bbfe286e581a35e99e8c0d615167816e955cbaf50e6b63a6637ceeea873bacae20404626bbbc23a18e56f22662f844cbde7b5c0069ec70bc30be27fca933741bb1d46764a614b02df3b4e8f7a8dd1ca7aaf05fb09dbdd775e9036f426e99fe631990c0b704b9bdcdd5b09d068a4d762925d5fdad9064003720230e6ab1510095173c7d34120d19046ef891ac1f26fc185c5d2aabc6fbb5a8809c493ac6a0869598bad8f3c11b1ccc8403c923ca0bf98931f11614eca3469c36ecbcdee867c1302f6c5624e1d153f1a51cb1cb2401f2e642914d40c93dec4b155919e9a6b844bbeaf714042c59c031e0e6c7facb52523793752728725d856407321dc8ac01cc413626efa682defe45c51b6c92fc12cf1bdb6a4697aefe3e4557a58ab5fb8633fe072f6c1bcc5fa29a269a32370fe511eb2237f0b5c444eee478fb13c79091ff6bc4062fef6b722c6eb3aa803840d7f38957245da830b2ab854fa4b5cad6a27e99cba1cf1da53e84c89c931cfa3252cfd2091a89c79f543cf3cee580a3509808591ba17e8db4eee97c259c9b8bab682d73faeba57e0a27a00085cbd510bcc0828f51df8953177c375fc4e495673e86340833c7cee90705a58e3309a22cb13e848a57c698a6d494018f9c832d4d43ece8622df31af4cee743b677c0e19e169e128d2ae1154ad1d4eeaac3ed2464355b8b9a736889d04b2a653dfab894e4c48e6524315d40f26479b766b6974d6cbeec5b62001e234086133af080488e753191a6263b5b42699f5ef29c309448c55742153eebac5f9008a6ed559717f17bcfac21e449114cb24ba9675f82b6fc0748d7a52fc57147d236b77624ec776a2de7ac49af888093b6c3659c49115d050731571013f58596dd8809e5e7448a7da336df01f01250404484c2f5ca4ac00be29c9563e6d578a2e87a24aa193b4d9944be2083de47624f4c92bb5494b56ec37deed9682d80b18f2710eef12163332704003de94e98f37fd3a2c5d37a3fd0102d792767aa5f5574280bd4cb22b2abeddf9e4382ff9faa282d01e7ecb1ae096d00c413b76eeb548ddc46877c6f470d28ea05bcf124544b5b4beb68f7ea41c3db5fefbe17971548722d96ab16ed52727536d4801d8ace57430412d905e00d3113b2762378e9b7889c0ba78baa07f5497def7d9bfdff3600b08beac9d8ce3b5f12bdce21e3b45a713abf10d00d6f919f7fa9081519db55b417c9b135fc3c3f590a673fb6c7251ace1841b402abf3ef9c12018e6556174362a1633d2ba30c8176c28c8847ca23280306058872a76dc55d889b749b0028ec04680d5aa7935dc4bb85d91cb1aadb03a50b80fe3d40a4386b3899206c7233ce4fce356594b78db47f2e5957d00ff36921ba1e27dfb9a15fbf7460c58181824cdee22917f451f0be4d369947ccb77deb45293255a2e8717d841929c147a2084e74a7a4587ee64053dc7467713ac424eb2334635090f72bf3e4ef8c9d73486f5eadee46c1983ab27080bfb922bce24a7ee94b11ec568f7ca0eed02a5089b0a2cbcdd36ddf96356df51aaeb34a09357167bfd0fcb65007d286d043d74b344615129b639e39c736c306df0b3d95647719fa78f59eddeb267c84cece3bf8e6dc03805c38b7a0a69edb8738626943a3a341c4a3f3a90a2b803a2473f29239aa2c143575b651aef0d12924c264d1731acbc69934d69ec4d1cb7fd52ee96c866660325b965ccee69b8752023e726af1318068b9652d573e4b7cfb183123653958c12243aa653ee11caa03616aa210f6296856fbeec65d4dc10e8c3d5792f4bacbaaffdf3b91bbeeaa369ddf40020703297422bade9cb8934a9f4a747ae174a45a885d176af6d729230a36fc031168b4041ea8c4d2d6fa1b8dbaec5e5e5f5efda5bb82f4a6164df9d9083e860def953d07f79bf758aa19f45c057c7a1d05b36f3b2e8abcc30abc64aecb5b5e84c9fa494fb489367c15dfbdb2ef45703d7d0878e2cc33ae9880455e70cf948b1d68e0424aae94240527df0541a2da42742edd72e2f9bc993630c0b31d5e86856f34c621bc5f63c9a36b6de68cf5207bb1fd88d4c10d0ad8df9628234e8b7b0173d811d0918e77ef153f00cf4749c4ca5ac86a83e157fe72dbbeacac047ce9264ab0eeb1898a6f60ea0617acf751555a63fb2104e01fd248c331afa664a6aea5eabb90f92f4e6e0917d92274765d43728813024d4ad854caa2d43845b44ef27fd1891db6e2c56af67064d7ea35876a86a7fbedee6d7d793a94f8a72ab422a7c71dd96bf0e14a85c29f37b0dce01045109ffc0397db9c5859ef8476ed345f19aef1265b4c5cd92d2d86eecda6ded229094dcb8a9284022409f635389ca0fd6d2ebc4f6a5e085f6c217ec2d1ce0e139a625e8a477677b8a3afd3b871e93bb20a991271e52d7ab57f8cdd0e7bf4fa337022e90d6e8d58806643d5e001d15da6f099714fda73fa3e92d8a71b8f0f00510cd7392b79b76f6c16af517f83a373890d67bd04d395031c7b71646df756d918b15fdc9c5fdf83b2ae32c5bb793177beeb893102c0f2cf60f501312fb8150797024501b9a22b818250ad7b81cb53f4de16a89fe0514dca46f086ee070d9106d7919ce4106b3a60e527d599815a01538c82594d0549affdfabbd1cd88b272d5b302e259d9c715277f29c5c4a73bd95103ca23ac588f4d372510d33a6329d176927684a5c8507f5792d5313feea2d2c58797fce047e6184c716082695532dd5722f214440a49436746e57a101300d9c6aa0af20c787fa37bf433c1b48628ad17c66fcda4ced69368c24be1bc10a4dfc05591f5ebe357be41e1b7e259b59db4c1a3162d1679c8bd3f2eec2a59ed7900de95dc2940196dc36603911cd63184c5464dcb82969b76b58fbfb6b2a2242014b5609e2094a3bd1c3fe67c519e32a2052797399d87b9d68100da39d4975a5306a08298761d128933baf97166ec7b50129db9a971710a6332a4c9b8cb459ab4110df0fddc4cd3c2f4c4d04611dbb12e5153a9e6e6546e092aced0427e037c2e17198358ec9ee9d3f7649688419fe71bb1369475d336afa5da258cefb3a773a9dd1f6811480ec37f3244c289469516d9d85a2f0e3ff7cd365496c6abf57a107fe6ffffea0feeb0fa2b8dec0885b1c1f0e1ea0bbaaaef0f105b40d44d22452b745d0c317560f4001b326c96efd1d08ab783b1ea5fdec07675dcc066ebad1792513eb12fd2d37d81d8d01cac506aed2abb881379f73bb48790e57c0ab264d4481bc07850e7def37bc9f06b0f4c93c01e191b472682872e0230159ca52a5131a00400ac1730abed612dd1bf92b2e1f027695357ad5ad2a197caf8a0d0a8c3e5701fc39caa206775449f674f203b1c383cf18d29bf4fda78acb345a772030ccd54e3a50f3e3217e81560d88ac3d174aebb9135ae1bc95aa641145479b54304c26a3b10904d3c153487fc70201513debbb504b0b5b105f65979fddf186b9723c8ef182d64dd885b44417d334e5197797d2d82559a01e243e9b6c621aab7b1cd2cec9a41e4b42f67027f5c478151a888866ffceaef83b61a28447f73c542c72ec0725d7c0a49e63f25a78ec24d21e95402496fa960a34317ddc6c43f16021a607eed0482321e6b04b3342b0cd9afcc67ebfdf63287e71e8bacc90e31b3b7f009a465fdd970d91b6d6b86c072f754878407cf54c6a3c2454725b51f6d00acbd0cce692748e834d79aec0e5b31fc32ec7ff469356610672cb703ecfa2e2705d2dd405951a7eec7e0e37d36c8f22c23c4a13f6f5a0a3d49dcbad1be9661b2c49869ce02c132b84792e76d2f75ce4dea1b3080137dd8c93abeae1f98baa139d9e1587870c612a0b38d52c91b6dc2b05e7d72d4f6416bd64bc3ddc94e6b4b0390d09af5ac459bd9f3ee812cbcad2ab733f851b4489ed1d65a086616a75982d4710550fb2f4d1b5300ccc5dda777c4354e895c459a4bb7ac1889de0d5bfb2488f916646482306fa84ab331c7d7f1522c1f87d9216eceee8eedc85b13c38f6ce127d11192605a0264fc48128cc8fb7bc7a389c0945be8afc4cfb7dce4e06281d9e2019e16580e06f57595c2c8fe863b195017aa368af13bc1e06f8c217cf4d73baf97c1c80f2aaeb6f8461f32ccdd653d739993fb5a7499cd704f0fe6ae4c64985775f542436f06216ef5c91bfe9056f365a58891385519e01219337e3728159ff6ad00a0a0d71982e9a133f2bf0009c174f51a946afef0d1f08e06fe7d611434b36a4ac7b79b51aa0963abf32a26f60fd5047f5587e2f4b7a24d95c2411126e0fb38bbbbef582e1e13703dee13187a98e74fc00500df02cc58f6253edb878f30cc72514c5dc8b0943573cd208a8f49761f729491e6d7ca718a8e9de78ef99c0addedb4c5bcb0b3a3bd55cada700b10bd89b058818e4a49861b1671570b3bc0bd8fd24a33f1d7f2f8ab0fdd8472a2b0a3c23604e886016eaa398c72888d3d9c3e40b095973b0c24592de423c04d88cd87071682bebe42b196d40000000000000000"]) write$binfmt_misc(r0, &(0x7f0000001280)={'syz1', "deba95a62143b81fdb7cc5960a13c967b61a7f3a6b9002b07174f2b8803e4db7ac0542d96925478c76a26ad606e881aea0a41feced270f94513673e612ecb8b1d40b3cc66f8d37f855aaba22c2d99b86c3346a8a8bd9bba83fd38117ba9a3b4a89bbc437105f11fc2bb8ce38c82169dcc18fd5a9b45153793fc830cc1280b55aaac041ab9d37edae3f47478ec89efb57133d1c8bd693da46ba6841d782b1bd600cba5995b9b1cf022fa1fc648d860eac246c7234f3e081c2daab87ceaa9e4952e0f318ced0700f46eb18e57fa9840b828a1c3980972ba9b9269a8618f5aab95e6a544a79e06abcc619"}, 0xed) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:28 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/snapshot\x00', 0x141400, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000c40)={0x0, 0x1}, &(0x7f0000000c80)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000cc0)=r4, 0x4) 03:47:28 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:29 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) lsetxattr$trusted_overlay_redirect(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='trusted.overlay.redirect\x00', &(0x7f0000000280)='./file0\x00', 0x8, 0x1) r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x800, 0x0) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f00000001c0)={0x100000000, 0x80}) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4, 0x9}, 0x1ce) ioctl(r0, 0x4, &(0x7f0000000100)="43ce8136b1a5d4df4d3eb19484bce0c7ced371fc522b9aa9284d90e880df5d08c1baba892b07e4adee97ed2929e4479050df32fae07e3f6031d00cd6309aad547d07f2ed4daf55bffccc58a5524a0b0a0fb34ed5b276c64993d4322ebde4704360a83da2c0d1eb58f807ffe3e073a85e0306674282e669dfc610f023cb3a530bf6cefb6abb99ac08bdea915593ac9a7ee9127f8aae8bc7d083e0ac67d076f640771ecfa05d013d82983875ad2f3eb97f50aaa7c8c90d4b1c4eb8815ee3") 03:47:29 executing program 1: socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe(&(0x7f0000000080)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) close(0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x0, 0x11d000}) pipe(&(0x7f0000000040)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) pipe(&(0x7f0000000000)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000027000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f0000000380)="66450fd1354e58000066baa100ed0f20d835200000000f22d848b800a00000000000000f23c80f21f8350800d0000f23f866ba4000b89a1c0000ef66baf80cb8fe6e2b8def66bafc0c66ed0f320f20c035040000000f22c06741d9f4470f01b502000000", 0x64}], 0x1, 0x0, &(0x7f0000000280), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_emit_ethernet(0x0, &(0x7f00000001c0)=ANY=[], &(0x7f0000000040)) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 03:47:29 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0x9, 0x4, 0x1}) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) 03:47:29 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 03:47:29 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000180)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000040)=0xfff) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = getpgid(0x0) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f00000002c0)={0x2, 0x6, r2, 0x1, r3, 0x10001, 0x495, 0x6}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r4, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000140)='mime_typecpuset$cpuset#,cpuset(vmnet0$nodev\x00'}, 0x30) fcntl$setown(r1, 0x8, r5) 03:47:29 executing program 2: clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000500)='./file0\x00', &(0x7f0000000140), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000440)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000780), &(0x7f0000000800)) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f0000000180)) creat(&(0x7f00000001c0)='./file1\x00', 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) [ 529.437466] not chained 650000 origins [ 529.442000] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 4.20.0-rc2+ #85 [ 529.448851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.458216] Call Trace: [ 529.460832] dump_stack+0x32d/0x480 [ 529.464499] kmsan_internal_chain_origin+0x222/0x240 [ 529.469637] ? ret_from_fork+0x35/0x40 [ 529.473551] ? save_stack_trace+0xc6/0x110 [ 529.477810] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 529.482944] ? kmsan_internal_chain_origin+0x90/0x240 [ 529.488176] ? task_kmsan_context_state+0x51/0x90 [ 529.493042] ? __msan_get_context_state+0x9/0x20 [ 529.497819] ? __kernel_text_address+0x19/0x350 [ 529.502502] ? ret_from_fork+0x35/0x40 [ 529.506418] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 529.511886] ? in_task_stack+0x12c/0x210 [ 529.515978] __msan_chain_origin+0x6d/0xb0 [ 529.520239] ? smpboot_thread_fn+0x69c/0xb30 [ 529.524665] __save_stack_trace+0x8be/0xc60 [ 529.529028] ? smpboot_thread_fn+0x69c/0xb30 [ 529.533467] save_stack_trace+0xc6/0x110 [ 529.537555] kmsan_internal_chain_origin+0x136/0x240 [ 529.543235] ? __do_softirq+0x721/0xc7f [ 529.547239] ? kmsan_internal_chain_origin+0x136/0x240 [ 529.552621] ? kmsan_memcpy_origins+0x13d/0x190 [ 529.557310] ? __msan_memcpy+0x6f/0x80 [ 529.561223] ? pskb_expand_head+0x436/0x1d20 [ 529.565647] ? skb_shift+0xfc3/0x2d10 [ 529.569460] ? tcp_sacktag_walk+0x2156/0x29d0 [ 529.573961] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 529.579061] ? tcp_ack+0x2888/0xa010 [ 529.582776] ? tcp_rcv_established+0xf7e/0x2940 [ 529.587445] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 529.591590] ? tcp_v6_rcv+0x5a52/0x5df0 [ 529.595562] ? ip6_input_finish+0xb53/0x2450 [ 529.599967] ? ip6_input+0x29d/0x340 [ 529.603678] ? ip6_rcv_finish+0x4d2/0x710 [ 529.607821] ? ipv6_rcv+0x34b/0x3f0 [ 529.611448] ? process_backlog+0x82b/0x11e0 [ 529.615766] ? net_rx_action+0x98f/0x1d50 [ 529.619912] ? __do_softirq+0x721/0xc7f [ 529.623891] ? run_ksoftirqd+0x37/0x60 [ 529.627799] ? __msan_get_context_state+0x9/0x20 [ 529.632551] ? INIT_INT+0xc/0x30 [ 529.635924] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 529.641798] kmsan_memcpy_origins+0x13d/0x190 [ 529.646301] __msan_memcpy+0x6f/0x80 [ 529.650016] pskb_expand_head+0x436/0x1d20 [ 529.654268] skb_shift+0xfc3/0x2d10 [ 529.657920] tcp_sacktag_walk+0x2156/0x29d0 [ 529.662259] tcp_sacktag_write_queue+0x2805/0x4630 [ 529.667224] tcp_ack+0x2888/0xa010 [ 529.670759] ? tcp_parse_options+0xbe/0x1cf0 [ 529.675189] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 529.680647] ? tcp_parse_options+0x1c55/0x1cf0 [ 529.685268] tcp_rcv_established+0xf7e/0x2940 [ 529.689783] tcp_v6_do_rcv+0x9f8/0x21b0 [ 529.693767] tcp_v6_rcv+0x5a52/0x5df0 [ 529.697567] ? __msan_poison_alloca+0x1e0/0x270 [ 529.702265] ? tcp_v6_early_demux+0xc80/0xc80 [ 529.706758] ? tcp_v6_early_demux+0xc80/0xc80 [ 529.711251] ip6_input_finish+0xb53/0x2450 [ 529.715500] ? ip6_input_finish+0x13e1/0x2450 [ 529.719997] ip6_input+0x29d/0x340 [ 529.723542] ? ip6_input+0x340/0x340 [ 529.727259] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 529.731673] ip6_rcv_finish+0x4d2/0x710 [ 529.735659] ipv6_rcv+0x34b/0x3f0 [ 529.739116] ? dst_hold+0x5e0/0x5e0 [ 529.743274] process_backlog+0x82b/0x11e0 [ 529.747423] ? __msan_poison_alloca+0x1e0/0x270 [ 529.752097] ? ip6_rcv_finish+0x710/0x710 [ 529.756252] ? rps_trigger_softirq+0x2e0/0x2e0 [ 529.760832] net_rx_action+0x98f/0x1d50 [ 529.764824] ? net_tx_action+0xf20/0xf20 [ 529.768883] __do_softirq+0x721/0xc7f [ 529.772690] ? ksoftirqd_should_run+0x50/0x50 [ 529.777198] run_ksoftirqd+0x37/0x60 [ 529.780913] smpboot_thread_fn+0x69c/0xb30 [ 529.785177] kthread+0x5e7/0x620 [ 529.788541] ? cpu_report_death+0x4a0/0x4a0 [ 529.792868] ? INIT_BOOL+0x30/0x30 [ 529.796411] ret_from_fork+0x35/0x40 [ 529.800127] Uninit was stored to memory at: [ 529.804467] kmsan_internal_chain_origin+0x136/0x240 [ 529.809568] __msan_chain_origin+0x6d/0xb0 [ 529.813805] __save_stack_trace+0x8be/0xc60 [ 529.818122] save_stack_trace+0xc6/0x110 [ 529.822196] kmsan_internal_chain_origin+0x136/0x240 [ 529.827294] kmsan_memcpy_origins+0x13d/0x190 [ 529.831787] __msan_memcpy+0x6f/0x80 [ 529.835497] pskb_expand_head+0x436/0x1d20 [ 529.840204] skb_shift+0xce2/0x2d10 [ 529.843830] tcp_sacktag_walk+0x2156/0x29d0 [ 529.848151] tcp_sacktag_write_queue+0x2805/0x4630 [ 529.853087] tcp_ack+0x2888/0xa010 [ 529.856627] tcp_rcv_established+0xf7e/0x2940 [ 529.861120] tcp_v6_do_rcv+0x9f8/0x21b0 [ 529.865101] tcp_v6_rcv+0x5a52/0x5df0 [ 529.868900] ip6_input_finish+0xb53/0x2450 [ 529.873136] ip6_input+0x29d/0x340 [ 529.876679] ip6_rcv_finish+0x4d2/0x710 [ 529.880647] ipv6_rcv+0x34b/0x3f0 [ 529.884097] process_backlog+0x82b/0x11e0 [ 529.888240] net_rx_action+0x98f/0x1d50 [ 529.892210] __do_softirq+0x721/0xc7f [ 529.895998] [ 529.897617] Uninit was stored to memory at: [ 529.901943] kmsan_internal_chain_origin+0x136/0x240 [ 529.907043] __msan_chain_origin+0x6d/0xb0 [ 529.911280] __save_stack_trace+0x8be/0xc60 [ 529.915600] save_stack_trace+0xc6/0x110 [ 529.919657] kmsan_internal_chain_origin+0x136/0x240 [ 529.924756] kmsan_memcpy_origins+0x13d/0x190 [ 529.929248] __msan_memcpy+0x6f/0x80 [ 529.932986] pskb_expand_head+0x436/0x1d20 [ 529.937218] skb_shift+0xce2/0x2d10 [ 529.941355] tcp_sacktag_walk+0x2156/0x29d0 [ 529.945673] tcp_sacktag_write_queue+0x2805/0x4630 [ 529.950597] tcp_ack+0x2888/0xa010 [ 529.954138] tcp_rcv_established+0xf7e/0x2940 [ 529.958645] tcp_v6_do_rcv+0x9f8/0x21b0 [ 529.962619] tcp_v6_rcv+0x5a52/0x5df0 [ 529.966416] ip6_input_finish+0xb53/0x2450 [ 529.970647] ip6_input+0x29d/0x340 [ 529.974193] ip6_rcv_finish+0x4d2/0x710 [ 529.978175] ipv6_rcv+0x34b/0x3f0 [ 529.981629] process_backlog+0x82b/0x11e0 [ 529.985783] net_rx_action+0x98f/0x1d50 [ 529.989754] __do_softirq+0x721/0xc7f [ 529.993544] [ 529.995178] Uninit was stored to memory at: [ 529.999500] kmsan_internal_chain_origin+0x136/0x240 [ 530.004599] __msan_chain_origin+0x6d/0xb0 [ 530.008830] __save_stack_trace+0x8be/0xc60 [ 530.013151] save_stack_trace+0xc6/0x110 [ 530.017222] kmsan_internal_chain_origin+0x136/0x240 [ 530.022320] kmsan_memcpy_origins+0x13d/0x190 [ 530.026812] __msan_memcpy+0x6f/0x80 [ 530.030526] pskb_expand_head+0x436/0x1d20 [ 530.034754] skb_shift+0xce2/0x2d10 [ 530.038381] tcp_sacktag_walk+0x2156/0x29d0 [ 530.043268] tcp_sacktag_write_queue+0x2805/0x4630 [ 530.048194] tcp_ack+0x2888/0xa010 [ 530.051736] tcp_rcv_established+0xf7e/0x2940 [ 530.056229] tcp_v6_do_rcv+0x9f8/0x21b0 [ 530.060201] tcp_v6_rcv+0x5a52/0x5df0 [ 530.064000] ip6_input_finish+0xb53/0x2450 [ 530.068228] ip6_input+0x29d/0x340 [ 530.071767] ip6_rcv_finish+0x4d2/0x710 [ 530.075735] ipv6_rcv+0x34b/0x3f0 [ 530.079194] process_backlog+0x82b/0x11e0 [ 530.083343] net_rx_action+0x98f/0x1d50 [ 530.087314] __do_softirq+0x721/0xc7f [ 530.091101] [ 530.092725] Uninit was stored to memory at: [ 530.097044] kmsan_internal_chain_origin+0x136/0x240 [ 530.102143] __msan_chain_origin+0x6d/0xb0 [ 530.106394] __save_stack_trace+0x8be/0xc60 [ 530.110715] save_stack_trace+0xc6/0x110 [ 530.114777] kmsan_internal_chain_origin+0x136/0x240 [ 530.119881] kmsan_memcpy_origins+0x13d/0x190 [ 530.124375] __msan_memcpy+0x6f/0x80 [ 530.128085] pskb_expand_head+0x436/0x1d20 [ 530.132316] skb_shift+0xce2/0x2d10 [ 530.135939] tcp_sacktag_walk+0x2156/0x29d0 [ 530.140828] tcp_sacktag_write_queue+0x2805/0x4630 [ 530.145756] tcp_ack+0x2888/0xa010 [ 530.149291] tcp_rcv_established+0xf7e/0x2940 [ 530.153787] tcp_v6_do_rcv+0x9f8/0x21b0 [ 530.157757] tcp_v6_rcv+0x5a52/0x5df0 [ 530.161554] ip6_input_finish+0xb53/0x2450 [ 530.165783] ip6_input+0x29d/0x340 [ 530.169322] ip6_rcv_finish+0x4d2/0x710 [ 530.173295] ipv6_rcv+0x34b/0x3f0 [ 530.176747] process_backlog+0x82b/0x11e0 [ 530.180889] net_rx_action+0x98f/0x1d50 [ 530.184863] __do_softirq+0x721/0xc7f [ 530.188676] [ 530.190298] Uninit was stored to memory at: [ 530.194617] kmsan_internal_chain_origin+0x136/0x240 [ 530.199721] __msan_chain_origin+0x6d/0xb0 [ 530.203953] __save_stack_trace+0x8be/0xc60 [ 530.208269] save_stack_trace+0xc6/0x110 [ 530.212331] kmsan_internal_chain_origin+0x136/0x240 [ 530.217466] kmsan_memcpy_origins+0x13d/0x190 [ 530.221965] __msan_memcpy+0x6f/0x80 [ 530.225679] pskb_expand_head+0x436/0x1d20 [ 530.229937] skb_shift+0xce2/0x2d10 [ 530.233564] tcp_sacktag_walk+0x2156/0x29d0 [ 530.237880] tcp_sacktag_write_queue+0x2805/0x4630 [ 530.243346] tcp_ack+0x2888/0xa010 [ 530.246884] tcp_rcv_established+0xf7e/0x2940 [ 530.251374] tcp_v6_do_rcv+0x9f8/0x21b0 [ 530.255345] tcp_v6_rcv+0x5a52/0x5df0 [ 530.259139] ip6_input_finish+0xb53/0x2450 [ 530.263383] ip6_input+0x29d/0x340 [ 530.266922] ip6_rcv_finish+0x4d2/0x710 [ 530.270893] ipv6_rcv+0x34b/0x3f0 [ 530.274346] process_backlog+0x82b/0x11e0 [ 530.278489] net_rx_action+0x98f/0x1d50 [ 530.282462] __do_softirq+0x721/0xc7f [ 530.286254] [ 530.287871] Uninit was stored to memory at: [ 530.292197] kmsan_internal_chain_origin+0x136/0x240 [ 530.297322] __msan_chain_origin+0x6d/0xb0 [ 530.301554] __save_stack_trace+0x8be/0xc60 [ 530.305959] save_stack_trace+0xc6/0x110 [ 530.310017] kmsan_internal_chain_origin+0x136/0x240 [ 530.315116] kmsan_memcpy_origins+0x13d/0x190 [ 530.319607] __msan_memcpy+0x6f/0x80 [ 530.323320] pskb_expand_head+0x436/0x1d20 [ 530.327552] skb_shift+0xce2/0x2d10 [ 530.331185] tcp_sacktag_walk+0x2156/0x29d0 [ 530.335504] tcp_sacktag_write_queue+0x2805/0x4630 [ 530.340997] tcp_ack+0x2888/0xa010 [ 530.344533] tcp_rcv_established+0xf7e/0x2940 [ 530.349056] tcp_v6_do_rcv+0x9f8/0x21b0 [ 530.353025] tcp_v6_rcv+0x5a52/0x5df0 [ 530.356824] ip6_input_finish+0xb53/0x2450 [ 530.361053] ip6_input+0x29d/0x340 [ 530.364587] ip6_rcv_finish+0x4d2/0x710 [ 530.368558] ipv6_rcv+0x34b/0x3f0 [ 530.372007] process_backlog+0x82b/0x11e0 [ 530.376150] net_rx_action+0x98f/0x1d50 [ 530.380143] __do_softirq+0x721/0xc7f [ 530.383941] [ 530.385563] Uninit was stored to memory at: [ 530.389880] kmsan_internal_chain_origin+0x136/0x240 [ 530.394980] __msan_chain_origin+0x6d/0xb0 [ 530.399211] __save_stack_trace+0x8be/0xc60 [ 530.403532] save_stack_trace+0xc6/0x110 [ 530.407591] kmsan_internal_chain_origin+0x136/0x240 [ 530.412691] kmsan_memcpy_origins+0x13d/0x190 [ 530.417192] __msan_memcpy+0x6f/0x80 [ 530.420905] pskb_expand_head+0x436/0x1d20 [ 530.425137] skb_shift+0xce2/0x2d10 [ 530.428768] tcp_sacktag_walk+0x2156/0x29d0 [ 530.433086] tcp_sacktag_write_queue+0x2805/0x4630 [ 530.438011] tcp_ack+0x2888/0xa010 [ 530.442046] tcp_rcv_established+0xf7e/0x2940 [ 530.446541] tcp_v6_do_rcv+0x9f8/0x21b0 [ 530.450512] tcp_v6_rcv+0x5a52/0x5df0 [ 530.454313] ip6_input_finish+0xb53/0x2450 [ 530.458546] ip6_input+0x29d/0x340 [ 530.462131] ip6_rcv_finish+0x4d2/0x710 [ 530.466112] ipv6_rcv+0x34b/0x3f0 [ 530.469563] process_backlog+0x82b/0x11e0 [ 530.473709] net_rx_action+0x98f/0x1d50 [ 530.477680] __do_softirq+0x721/0xc7f [ 530.481470] [ 530.483091] Local variable description: ----again@__dev_queue_xmit 03:47:30 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) rmdir(&(0x7f0000000000)='./file0\x00') sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) [ 530.489398] Variable was created at: [ 530.493108] __dev_queue_xmit+0x124/0x3e00 [ 530.497338] dev_queue_xmit+0x4b/0x60 03:47:30 executing program 0: r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00'}, 0x10) preadv(r0, &(0x7f0000001380), 0x10000000000001e4, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x18) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20040000008916, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r1, &(0x7f0000000480), 0x258, 0x0) 03:47:30 executing program 3: read(0xffffffffffffffff, &(0x7f00000000c0)=""/1, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r1, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x0, 0x0) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f0000000280)={[{0x1, 0x3, 0x9, 0x9e, 0x5, 0x6, 0x0, 0x200, 0x101, 0x3, 0x6, 0x8, 0x2}, {0xff, 0x101, 0x71a, 0xd0, 0xfff, 0x80000001, 0x9, 0x10000, 0xfffffffffffffc00, 0x3, 0x100000000, 0x30e, 0x7}, {0x5, 0x7, 0x8, 0x2, 0x5ca, 0x8, 0x7, 0x400, 0x1f, 0x43, 0x1, 0x3ff, 0x80000001}], 0x2}) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x9, 0x2000) accept$unix(r4, &(0x7f0000000140)=@abs, &(0x7f0000000200)=0x6e) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) 03:47:31 executing program 1: socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe(&(0x7f0000000080)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) close(0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x0, 0x11d000}) pipe(&(0x7f0000000040)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) pipe(&(0x7f0000000000)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000027000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f0000000380)="66450fd1354e58000066baa100ed0f20d835200000000f22d848b800a00000000000000f23c80f21f8350800d0000f23f866ba4000b89a1c0000ef66baf80cb8fe6e2b8def66bafc0c66ed0f320f20c035040000000f22c06741d9f4470f01b502000000", 0x64}], 0x1, 0x0, &(0x7f0000000280), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_emit_ethernet(0x0, &(0x7f00000001c0)=ANY=[], &(0x7f0000000040)) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 03:47:31 executing program 5: r0 = socket$inet6(0xa, 0x40, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x6ac0, 0x4000) ioctl$TIOCNOTTY(r1, 0x5422) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) 03:47:31 executing program 4: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_destroy(0x0) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 531.229788] not chained 660000 origins [ 531.233741] CPU: 1 PID: 14009 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 531.241541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.250905] Call Trace: [ 531.253509] [ 531.255687] dump_stack+0x32d/0x480 [ 531.259350] kmsan_internal_chain_origin+0x222/0x240 [ 531.264482] ? __local_bh_enable_ip+0x11f/0x260 [ 531.269195] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 531.274579] ? __module_address+0x6a/0x5f0 [ 531.278835] ? is_bpf_text_address+0x3e5/0x4d0 [ 531.283447] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 531.288828] ? is_bpf_text_address+0x49e/0x4d0 [ 531.293431] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 531.298811] ? __module_address+0x6a/0x5f0 [ 531.303073] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 531.308543] ? in_task_stack+0x12c/0x210 [ 531.312636] ? get_stack_info+0x206/0x220 [ 531.316818] __msan_chain_origin+0x6d/0xb0 [ 531.321077] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 531.325945] __save_stack_trace+0x8be/0xc60 [ 531.330305] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 531.335188] save_stack_trace+0xc6/0x110 [ 531.339273] kmsan_internal_chain_origin+0x136/0x240 [ 531.344947] ? local_bh_enable+0x36/0x40 [ 531.349035] ? __sk_flush_backlog+0x52/0x70 [ 531.353379] ? kmsan_internal_chain_origin+0x136/0x240 [ 531.358676] ? kmsan_memcpy_origins+0x13d/0x190 [ 531.363360] ? __msan_memcpy+0x6f/0x80 [ 531.367269] ? pskb_expand_head+0x436/0x1d20 [ 531.371706] ? ___pskb_trim+0x3c9/0x1bf0 [ 531.375787] ? sk_filter_trim_cap+0x5ac/0xa60 [ 531.380301] ? tcp_filter+0x10c/0x260 [ 531.384121] ? tcp_v6_rcv+0x45ba/0x5df0 [ 531.388131] ? ip6_input_finish+0xb53/0x2450 [ 531.392567] ? ip6_input+0x29d/0x340 [ 531.396297] ? ip6_rcv_finish+0x4d2/0x710 [ 531.400467] ? ipv6_rcv+0x34b/0x3f0 [ 531.404112] ? process_backlog+0x82b/0x11e0 [ 531.408459] ? net_rx_action+0x98f/0x1d50 [ 531.412627] ? __do_softirq+0x721/0xc7f [ 531.416615] ? do_softirq_own_stack+0x49/0x80 [ 531.421130] ? __local_bh_enable_ip+0x228/0x260 [ 531.425838] ? local_bh_enable+0x36/0x40 [ 531.429925] ? ip6_finish_output2+0x1b1a/0x22d0 [ 531.434615] ? ip6_finish_output+0xc13/0xca0 [ 531.439046] ? ip6_output+0x5e4/0x720 [ 531.443369] ? ip6_xmit+0x216d/0x26a0 [ 531.447208] ? inet6_csk_xmit+0x3e0/0x4f0 [ 531.451380] ? __tcp_transmit_skb+0x425c/0x5e00 [ 531.456076] ? __tcp_retransmit_skb+0x2fe9/0x46c0 [ 531.460942] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 531.466149] ? tcp_ack+0x91b2/0xa010 [ 531.469901] ? tcp_rcv_established+0xf7e/0x2940 [ 531.474594] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 531.478758] ? __release_sock+0x32d/0x750 [ 531.482928] ? __sk_flush_backlog+0x52/0x70 [ 531.487271] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 531.491877] ? tcp_sendmsg+0xb2/0x100 [ 531.495699] ? inet_sendmsg+0x4e9/0x800 [ 531.499688] ? __sys_sendto+0x940/0xb80 [ 531.503676] ? __se_sys_sendto+0x107/0x130 [ 531.507934] ? __x64_sys_sendto+0x6e/0x90 [ 531.512098] ? do_syscall_64+0xcf/0x110 [ 531.516092] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 531.521481] ? __msan_get_context_state+0x9/0x20 [ 531.526259] ? INIT_INT+0xc/0x30 03:47:31 executing program 5: r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) inotify_init() [ 531.529646] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 531.535042] kmsan_memcpy_origins+0x13d/0x190 [ 531.539566] __msan_memcpy+0x6f/0x80 [ 531.543814] pskb_expand_head+0x436/0x1d20 [ 531.548098] ___pskb_trim+0x3c9/0x1bf0 [ 531.552181] sk_filter_trim_cap+0x5ac/0xa60 [ 531.556541] tcp_filter+0x10c/0x260 [ 531.560212] tcp_v6_rcv+0x45ba/0x5df0 [ 531.564038] ? __msan_poison_alloca+0x1e0/0x270 [ 531.568752] ? tcp_v6_early_demux+0xc80/0xc80 [ 531.573247] ? tcp_v6_early_demux+0xc80/0xc80 [ 531.577741] ip6_input_finish+0xb53/0x2450 [ 531.581997] ? ip6_input_finish+0x13e1/0x2450 [ 531.586493] ip6_input+0x29d/0x340 [ 531.590034] ? ip6_input+0x340/0x340 [ 531.593747] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 531.598151] ip6_rcv_finish+0x4d2/0x710 [ 531.602142] ipv6_rcv+0x34b/0x3f0 [ 531.605614] ? dst_hold+0x5e0/0x5e0 [ 531.609244] process_backlog+0x82b/0x11e0 [ 531.613395] ? __msan_poison_alloca+0x1e0/0x270 [ 531.618064] ? ip6_rcv_finish+0x710/0x710 [ 531.622221] ? rps_trigger_softirq+0x2e0/0x2e0 [ 531.626839] net_rx_action+0x98f/0x1d50 [ 531.630827] ? net_tx_action+0xf20/0xf20 [ 531.634892] __do_softirq+0x721/0xc7f [ 531.638705] do_softirq_own_stack+0x49/0x80 [ 531.643523] [ 531.645765] __local_bh_enable_ip+0x228/0x260 [ 531.650259] local_bh_enable+0x36/0x40 [ 531.654244] ip6_finish_output2+0x1b1a/0x22d0 [ 531.658760] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 531.664128] ? ip6_mtu+0x289/0x330 [ 531.667719] ip6_finish_output+0xc13/0xca0 [ 531.671969] ip6_output+0x5e4/0x720 [ 531.675601] ? ip6_output+0x720/0x720 [ 531.679399] ? ac6_seq_show+0x200/0x200 [ 531.683374] ip6_xmit+0x216d/0x26a0 [ 531.687022] ? ip6_xmit+0x26a0/0x26a0 [ 531.690825] inet6_csk_xmit+0x3e0/0x4f0 [ 531.694811] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 531.699742] __tcp_transmit_skb+0x425c/0x5e00 [ 531.704261] __tcp_retransmit_skb+0x2fe9/0x46c0 [ 531.708931] ? kmsan_set_origin+0x7f/0x100 [ 531.713205] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 531.718274] tcp_ack+0x91b2/0xa010 [ 531.721857] tcp_rcv_established+0xf7e/0x2940 [ 531.726370] tcp_v6_do_rcv+0x9f8/0x21b0 [ 531.730360] ? tcp_v6_destroy_sock+0x60/0x60 [ 531.734768] __release_sock+0x32d/0x750 [ 531.738753] __sk_flush_backlog+0x52/0x70 [ 531.743447] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 531.747682] tcp_sendmsg_locked+0xd72/0x6c30 [ 531.752106] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 531.757495] tcp_sendmsg+0xb2/0x100 [ 531.761125] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 531.765804] inet_sendmsg+0x4e9/0x800 [ 531.769607] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 531.774973] ? security_socket_sendmsg+0x1bd/0x200 [ 531.779908] ? inet_getname+0x490/0x490 [ 531.783885] __sys_sendto+0x940/0xb80 [ 531.787707] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 531.793168] ? prepare_exit_to_usermode+0x182/0x4c0 [ 531.798197] __se_sys_sendto+0x107/0x130 [ 531.802283] __x64_sys_sendto+0x6e/0x90 [ 531.806300] do_syscall_64+0xcf/0x110 [ 531.810103] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 531.815288] RIP: 0033:0x457569 [ 531.818481] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 531.837378] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 531.845611] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 531.852882] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000005 [ 531.860149] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 531.867429] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 531.874696] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 531.881971] Uninit was stored to memory at: [ 531.886296] kmsan_internal_chain_origin+0x136/0x240 [ 531.891395] __msan_chain_origin+0x6d/0xb0 [ 531.895628] __save_stack_trace+0x8be/0xc60 [ 531.899948] save_stack_trace+0xc6/0x110 [ 531.904006] kmsan_internal_chain_origin+0x136/0x240 [ 531.909105] kmsan_memcpy_origins+0x13d/0x190 [ 531.913600] __msan_memcpy+0x6f/0x80 [ 531.917316] pskb_expand_head+0x436/0x1d20 [ 531.921549] ___pskb_trim+0x3c9/0x1bf0 [ 531.925437] sk_filter_trim_cap+0x5ac/0xa60 [ 531.929758] tcp_filter+0x10c/0x260 [ 531.933381] tcp_v6_rcv+0x45ba/0x5df0 [ 531.937185] ip6_input_finish+0xb53/0x2450 [ 531.941964] ip6_input+0x29d/0x340 [ 531.945501] ip6_rcv_finish+0x4d2/0x710 [ 531.949470] ipv6_rcv+0x34b/0x3f0 [ 531.952926] process_backlog+0x82b/0x11e0 [ 531.957071] net_rx_action+0x98f/0x1d50 [ 531.961042] __do_softirq+0x721/0xc7f [ 531.964832] [ 531.966456] Uninit was stored to memory at: [ 531.970776] kmsan_internal_chain_origin+0x136/0x240 [ 531.975882] __msan_chain_origin+0x6d/0xb0 [ 531.980116] __save_stack_trace+0x8be/0xc60 [ 531.984439] save_stack_trace+0xc6/0x110 [ 531.988497] kmsan_internal_chain_origin+0x136/0x240 [ 531.993597] kmsan_memcpy_origins+0x13d/0x190 [ 531.998112] __msan_memcpy+0x6f/0x80 [ 532.001830] pskb_expand_head+0x436/0x1d20 [ 532.006089] ___pskb_trim+0x3c9/0x1bf0 [ 532.009979] sk_filter_trim_cap+0x5ac/0xa60 [ 532.014324] tcp_filter+0x10c/0x260 [ 532.017944] tcp_v6_rcv+0x45ba/0x5df0 [ 532.021745] ip6_input_finish+0xb53/0x2450 [ 532.025982] ip6_input+0x29d/0x340 [ 532.029522] ip6_rcv_finish+0x4d2/0x710 [ 532.033489] ipv6_rcv+0x34b/0x3f0 [ 532.036942] process_backlog+0x82b/0x11e0 [ 532.041616] net_rx_action+0x98f/0x1d50 [ 532.045591] __do_softirq+0x721/0xc7f [ 532.049380] [ 532.050998] Uninit was stored to memory at: [ 532.055323] kmsan_internal_chain_origin+0x136/0x240 [ 532.060424] __msan_chain_origin+0x6d/0xb0 [ 532.064657] __save_stack_trace+0x8be/0xc60 [ 532.068974] save_stack_trace+0xc6/0x110 [ 532.073034] kmsan_internal_chain_origin+0x136/0x240 [ 532.078133] kmsan_memcpy_origins+0x13d/0x190 [ 532.082639] __msan_memcpy+0x6f/0x80 [ 532.086355] pskb_expand_head+0x436/0x1d20 [ 532.090588] ___pskb_trim+0x3c9/0x1bf0 [ 532.094475] sk_filter_trim_cap+0x5ac/0xa60 [ 532.098797] tcp_filter+0x10c/0x260 [ 532.102422] tcp_v6_rcv+0x45ba/0x5df0 [ 532.106218] ip6_input_finish+0xb53/0x2450 [ 532.110446] ip6_input+0x29d/0x340 [ 532.113983] ip6_rcv_finish+0x4d2/0x710 [ 532.117952] ipv6_rcv+0x34b/0x3f0 [ 532.121437] process_backlog+0x82b/0x11e0 [ 532.125587] net_rx_action+0x98f/0x1d50 [ 532.129558] __do_softirq+0x721/0xc7f [ 532.133346] [ 532.134966] Uninit was stored to memory at: [ 532.139285] kmsan_internal_chain_origin+0x136/0x240 [ 532.144920] __msan_chain_origin+0x6d/0xb0 [ 532.149170] __save_stack_trace+0x8be/0xc60 [ 532.153493] save_stack_trace+0xc6/0x110 [ 532.157550] kmsan_internal_chain_origin+0x136/0x240 [ 532.162652] kmsan_memcpy_origins+0x13d/0x190 [ 532.167144] __msan_memcpy+0x6f/0x80 [ 532.170870] pskb_expand_head+0x436/0x1d20 [ 532.175129] ___pskb_trim+0x3c9/0x1bf0 [ 532.179025] sk_filter_trim_cap+0x5ac/0xa60 [ 532.183344] tcp_filter+0x10c/0x260 [ 532.186968] tcp_v6_rcv+0x45ba/0x5df0 [ 532.190763] ip6_input_finish+0xb53/0x2450 [ 532.194998] ip6_input+0x29d/0x340 [ 532.198532] ip6_rcv_finish+0x4d2/0x710 [ 532.202500] ipv6_rcv+0x34b/0x3f0 [ 532.205948] process_backlog+0x82b/0x11e0 [ 532.210096] net_rx_action+0x98f/0x1d50 [ 532.214065] __do_softirq+0x721/0xc7f [ 532.217853] [ 532.219474] Uninit was stored to memory at: [ 532.223796] kmsan_internal_chain_origin+0x136/0x240 [ 532.228894] __msan_chain_origin+0x6d/0xb0 [ 532.233132] __save_stack_trace+0x8be/0xc60 [ 532.237466] save_stack_trace+0xc6/0x110 [ 532.242054] kmsan_internal_chain_origin+0x136/0x240 [ 532.247153] kmsan_memcpy_origins+0x13d/0x190 [ 532.251668] __msan_memcpy+0x6f/0x80 [ 532.255388] pskb_expand_head+0x436/0x1d20 [ 532.259619] ___pskb_trim+0x3c9/0x1bf0 [ 532.263507] sk_filter_trim_cap+0x5ac/0xa60 [ 532.267823] tcp_filter+0x10c/0x260 [ 532.271451] tcp_v6_rcv+0x45ba/0x5df0 [ 532.275248] ip6_input_finish+0xb53/0x2450 [ 532.279482] ip6_input+0x29d/0x340 [ 532.283017] ip6_rcv_finish+0x4d2/0x710 [ 532.286989] ipv6_rcv+0x34b/0x3f0 [ 532.290441] process_backlog+0x82b/0x11e0 [ 532.294588] net_rx_action+0x98f/0x1d50 [ 532.298558] __do_softirq+0x721/0xc7f [ 532.302349] [ 532.303967] Uninit was stored to memory at: [ 532.308288] kmsan_internal_chain_origin+0x136/0x240 [ 532.313391] __msan_chain_origin+0x6d/0xb0 [ 532.317623] __save_stack_trace+0x8be/0xc60 [ 532.321948] save_stack_trace+0xc6/0x110 [ 532.326005] kmsan_internal_chain_origin+0x136/0x240 [ 532.331105] kmsan_memcpy_origins+0x13d/0x190 [ 532.335686] __msan_memcpy+0x6f/0x80 [ 532.339398] pskb_expand_head+0x436/0x1d20 [ 532.344134] ___pskb_trim+0x3c9/0x1bf0 [ 532.348033] sk_filter_trim_cap+0x5ac/0xa60 [ 532.352350] tcp_filter+0x10c/0x260 [ 532.355974] tcp_v6_rcv+0x45ba/0x5df0 [ 532.359799] ip6_input_finish+0xb53/0x2450 [ 532.364033] ip6_input+0x29d/0x340 [ 532.367567] ip6_rcv_finish+0x4d2/0x710 [ 532.371538] ipv6_rcv+0x34b/0x3f0 [ 532.374991] process_backlog+0x82b/0x11e0 [ 532.379134] net_rx_action+0x98f/0x1d50 [ 532.383119] __do_softirq+0x721/0xc7f [ 532.386909] [ 532.388533] Uninit was stored to memory at: [ 532.392850] kmsan_internal_chain_origin+0x136/0x240 [ 532.397952] __msan_chain_origin+0x6d/0xb0 [ 532.402200] __save_stack_trace+0x8be/0xc60 [ 532.406520] save_stack_trace+0xc6/0x110 [ 532.410608] kmsan_internal_chain_origin+0x136/0x240 [ 532.415713] kmsan_memcpy_origins+0x13d/0x190 [ 532.420207] __msan_memcpy+0x6f/0x80 [ 532.423927] pskb_expand_head+0x436/0x1d20 [ 532.428172] ___pskb_trim+0x3c9/0x1bf0 [ 532.432059] sk_filter_trim_cap+0x5ac/0xa60 [ 532.436381] tcp_filter+0x10c/0x260 [ 532.440665] tcp_v6_rcv+0x45ba/0x5df0 [ 532.444469] ip6_input_finish+0xb53/0x2450 [ 532.448699] ip6_input+0x29d/0x340 [ 532.452234] ip6_rcv_finish+0x4d2/0x710 [ 532.456210] ipv6_rcv+0x34b/0x3f0 [ 532.459664] process_backlog+0x82b/0x11e0 [ 532.463811] net_rx_action+0x98f/0x1d50 [ 532.467783] __do_softirq+0x721/0xc7f [ 532.471570] [ 532.473210] Local variable description: ----v.addr.i.i.i@should_fail [ 532.479694] Variable was created at: 03:47:32 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0xb6f}, 0x1) ioctl(r1, 0x20040000008912, &(0x7f0000000040)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) r2 = fanotify_init(0x8, 0x1) syncfs(r2) [ 532.483406] should_fail+0x14d/0x13c0 [ 532.487207] __should_failslab+0x278/0x2a0 03:47:32 executing program 1: socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe(&(0x7f0000000080)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) close(0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x0, 0x11d000}) pipe(&(0x7f0000000040)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) pipe(&(0x7f0000000000)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000027000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f0000000380)="66450fd1354e58000066baa100ed0f20d835200000000f22d848b800a00000000000000f23c80f21f8350800d0000f23f866ba4000b89a1c0000ef66baf80cb8fe6e2b8def66bafc0c66ed0f320f20c035040000000f22c06741d9f4470f01b502000000", 0x64}], 0x1, 0x0, &(0x7f0000000280), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_emit_ethernet(0x0, &(0x7f00000001c0)=ANY=[], &(0x7f0000000040)) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 03:47:32 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ppp\x00', 0x800, 0x0) ioctl$TCGETA(r0, 0x5405, &(0x7f00000003c0)) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x8ac, &(0x7f00000001c0)="0a452d0240316285717070") open_by_handle_at(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="b5000000010000806e318de14f5fb3b70afbfcf3d268c02da9b660a53111bea84209ef4168eb545ef27e2addf52904aeb509edd444f6224255018d0bc730c2ed65a42897815b6aaccd5bca7d08a48f17a534080200000000bd00000076555b13d1fbcf3653002c45879aab250c05ec8bb2047adb103337b28c6c57d78afa498da8c92832cc92843156ee1e047434e8bc0c158fa8dddd43fa61968490662511d51c0ec81c8c949b4dd074fac9157a00000000000000"], 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rfkill\x00', 0x200000, 0x0) preadv(r1, &(0x7f0000000480), 0x258, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x8}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={r4, 0x74, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0xffff, @remote, 0x8}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}, @in6={0xa, 0x4e21, 0x7fff, @empty, 0x76a3f283}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e23, 0x1ff, @empty, 0x1}]}, &(0x7f0000000240)=0x10) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) 03:47:33 executing program 3: pipe2$9p(&(0x7f0000000140), 0x4800) r0 = timerfd_create(0x6, 0x800) read(r0, &(0x7f0000000040)=""/1, 0x1) r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg(r1, &(0x7f00000018c0)={&(0x7f0000000380)=@in6={0xa, 0x4e21, 0x54, @empty, 0x1}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000440)="d6fc03c39310d44d9fb585a08727c7da1683235178e045eaad86280db2aa2fd135cbdc859b6ac3265de38fa64866f314a56cfdf8acc26dba5bbc9d6df0258c23ecc792729b12fad66ca736d19f6f114fe3f4ae8ae18a5ce334e74f4636714ad7663f0f2d6edc0120f6523f83a61a73b09c366fba604067ac9ed8bb2896835c0908e25ee18eb9b2ec0da832c7134966af1af9260576a0c17f17032f76e565fbca9b", 0xa1}], 0x1, &(0x7f0000000500)=[{0xc0, 0x111, 0x1000, "f17e6535543aa584b80bf1c231a17b9039e2e4067b3015c09645c760e1cfb923b71455a40f25956d31cd647794001441a040090a9356204934c0d64fd73768459ca912d33b1348648e7e4cd79f393986da18ce02ea248a7c80d151bafdacd79c5afebd51240b0f9bc8831993bbe4bbd97596de084bdadf0679dcea87c451eef5a02037b44cf7ea50bbc0a1d4bc9e00edb41a28a9f813888f0d8feba945134265fa58467a9764a39eb54cf4"}, {0x1010, 0x0, 0x0, "098a7c8dc991b2a06eb9a76a215ea486c315050667d1130eac59ad4c2f220d47949c719fda1900cbc028d7e8b422b8ef3b19e0ca14abfbd75b0e36bbfe0d73ab547512442a78ffbe73903990cc80733891ab1b5d3fbf4259f3580ffb78d6bf11f385fed30f98a8acaf9c69f97ee32b1015c745e3aa7e4f998a805fa4746c17495186869d6217a6fe4b1306ab1b8b50345f0722323a5e9ff24a30a6ac2746a05a32f5a9e3fe94534152c3b09e0ba0dfef34846629a0f7b6b2433dbe8e9ec70511d6f21f2439867a4039d9a3f298acee787de3cbe913e4606674b9fdd0dc47196f3add35196a3c80ee71bdb53c7f94af0163cd58dc5861fd2fbfe7ea3e69beeb564fe404582456d41c43fa7b3ce04e056705f33702b6d7445dd040ee7247a7f90f49ea72e8950e1a7901c1fe1a4927cfcfb54ef72e3c480a2558e4159f7a26bdcae911858701e54a6ae8aaf12a6989eefe0838a9f99470ae71084bf678a0f9ee5039b1a16d9dc3655ccca3f5456b323700789f23d68f372f2b08b9a54c576071e5c301d4ed15719299003a9a58ca7ae2b70bd19d8acdd8fd0bfa16afad4ba6865a28d01c339a3be2803a66db972b8d7bf594d77961eeef5685e2cd53ea80efa65b1f4945fc6e68579781fd6176a3f36b14376c6051f29dfd0e414e1a4433a2b782cf9d2cffa9e934379dddff9a7aef1b55828242c398b6142027aa4390544e979a25ee4ad9ada91cfadb9783453d260f10615f80ccdb3de98f00fed4f0d2be575042e4fab0dea05e08aebe368e937f5b4606343a2ea836e3d61802aeb23472d1c7e23dde04bd28f250399a490ff7c0a1542f8db03ad3f5606bcea167eeb7f049f88884c6738b46101d2ab0b618d74480b2653fb7093fb0d112b57af024687879cb9ce93ffef08f03f054e0a2596e104facffa3cbe9991148eda736f598663e25362d1d16c703cd97719c33a77b2dbfde1705432d5bf2dc95d5d94a62536eea9e6e7a92ab88f9979b06214cc6d2cdacffbb22652def7bbe01e117e1a1d6e3bb3dbd9bbe0ac268989c492247fa35d083d7178af2cf665e48dc7e67448927e01b494d4a2c654058ecf867e3d8484e30343ecb1e8c17ebd0635c5f389a26210c4338e6038184b953567e2369a3f16d9dc137d5330dce0d943f07d3c2ac8f13d6acee95243c4ea46b29245493ce3f2e47e37435953b1a3666ba57b23724d9b2cee317f03933e6d491a811a36649de483dbc584febc0877c4bcfa3e05e1822fdbfd153c99cd8274d175a29d3d3b3943a4b37482f1a93187c47fbb55bd4697f1c7f2cda38be842bcccee47b319899615e22543d2e6fd616aa38b13e9fbc92ac47741c0f18c9a7b1cb1e58396279ce90cd86a5eb170e9d693bc028c2a4c0c6981e323e91c2bcf75343600d57021cb23a6c50c573488e3848d79b65a3965fd1f545dc57deffe7a6256aa240c917e543dcb4b45b10de25c48d5430ae71db3437c2c93ed7905e156388865327fbdd5c9a11c91578576f5364d276575165bf7183e8240f544406725f0d77f7c976a5b1c1460902f10271186600e65b7f4a4cfed75e947cde7d9a24df14c7df82b53249bb6916d9ddf4784fb9ffc1127a3812a23a3ab106940d9a34e670661daad8529f94a7b67c1b1759fdd606d083fa3042d68166c9ad1dff2b6df898d5a4394ceef61d7977dd20800ac56ebfffc22f504ad3ff88184e6b4dc5b2354aa2f148cf684f72ab848cf5ce745781b0f17bf06beedc69f2f845007087014e9b59cac3191685621f072e81eb906688e0ec54a9fbff38114ba0aa76fca065a5004ba432d73fca064c2304ba6ee442140118473716a26147974a9f53ca8a70d04c87ebccb59227fb0a8f753e92b3c342530445550913bffe70f4845235f22d5d273b0ef49a88066bb8b8a8e66bcef842c66bc0d448dee93be927244c3f4c9d7ea658d253e72e2447268fc9baaa9c263ccae42b3be1eecd6fdd755911c4f7fad3735218909da1b593a7d7723e6940a702f305a5247d9bff2fa77d636bb13b964b7b71faa84ec41015afaead21529466872efe90fbeb8413cfd0475bf411b93dab4350a7d4d2b694b148c5d5a7bb38853ab1967295292d8172706b55e0be6b4c7ecec74ba5c43ea271a33e308d2f8b1b19cae354801fed80047f9f3309baaa159154afd1d0da939899706df5e7a46b777b5038fde2d293d2774dc13f13d2388bf4e02071809a8f70f1151def8a6ad928d90c0db0ae707559c01a3cce07014faa1686b3129c5725c5f96ac1baf89ac42b7635c2a1b28bf959fcb1940f86e653741ead69ac8aeb2e22c5ef9d82352a64102ad2d606442f1c66e71165665918bf00aec21e0c27193e88de39f2edb181175bcc49cba47e4f0e249eb8b72cb744dca0b479ebce1cca2f5d4539aa6f65dcc9a19632d6f144f44d9c6faa2c8c2bbb77747b4f0e80452e343f7ce5a9244f6d60733d6d55cbdfe674f1ce624f5ae241ef1ff6a0ce404ae8c9c22829ed866d3abc41534e51c27be79ac0083a505b2fb89c83b3ee6f1ca16f150af97c5cc0b4138018d59117de211aae9321b1bed942ad57a1c11d4281cc4b22067efbd9b60e8829b93ce55b11dc6f76f963ea5a1d60126b27c433d7d1c9c5f5d879c849beba9767d78b02da5d0d9c8f3610991537b698ff692cc2d9f578f155ffa61fb54f7e6a29687636f4a1c32c4d75b90f8ff04dbf9b355db1bea2bcd75717707686a3f90cdb0253b30873153ad83cf9d2be4523a4af75820857bf3e06557add56609e98853c1f67203abf17fab46a466c5ef7aeb2794748ee042ad8721895c3ff73e636c7e1b33f5f7a4a6233fba41df23fbbe9466734e68f86e568809c0899a6d58dc323e9f113fc45f3bde6e7f86aa68c5837a8d008bcc448fa113ff8b070b7e772aec41f23b2b17e6b082582e4db40d751d16e512c5c2638ebb1d7ae5fdbe68766947b339152588fd7abfacc9576e950ba7579d5a887043000d51a11e79da11ae84deb2d84f1a78857f0b645fa5718fc537864adf92c3ad4aa38a03529a67e8efddc220f7bba65bfbcc80cc4cc4d685ec921b6f61d4897a8753b539d3f8ad7ff1a5b26e874416b626d1332301832ac458da448b7f28807c5a5cb3a00d1a7ba8cb6dfe8d025aa45a9094b3760522b7266e784ebf95bccd0ccc4ab451c7a5ae3ef932113c3a41a1ef54859f4d800a62866cdfff6c790765d6ba264a1bbdadd10dff13c01a2347db133053477a43ac050d38cd1a0c49d6bfecb61beed432d311415f134014a663a93b58dee5edc675a9c43122d25389a72c132c4993c64feca846526be32e18e9ab1f118d125c97cc22a4069a7839a2a312198dac074bcf4be6370bdf431bb28f7d9c6ace870db1a22eefc4aa1e96fe07360c429c705c13f77b4d8b066f87d838a4319f5c5e63456db6557d1aa33c3d199fce68c07ea1243c8271e6d524b703303a3a884e4b14c0029e5f45f2cc64daca7183c2b32080aaae07b6a00250c2043f56364d2415b71116bbcf2434edf52fce7833b22fba0370771e1c1e452ad537092c1718ff1f9bbd689e9d43d53bc492156d9c0b11fb10c48772dcb5fd9daf81b437ed181dd3ddeb4ad9b550395eb76253cd571720c8af1829021ef6b120ec02bbea5bee25c7257899a900bc4a3ae4992543fbe8eff07f49f67ce837ada0fd977faed0c95f795e182f009404e6d2566c71d21965a986d2e622398b7048c9074ae26761556c1a86d269b4abca766c43978ed3fd3d7ece1214bd10960ab0ec10d2292f2cccc4e49e99c7f4e05aa1fb725d9a9c32ecacd7346103c62cbeb4ddec5152929d49187d480882c19e193e727f3f73734a47e9ff699eaa244ce424b594b3f5430702ce2780362c2dccee365d3064c7dc90e9d737684188ffab9ce655d5b0c61a740032ec06d846fcfaae39b49cb9b073a37ace28f3846ad89032f633b318b8cb846d4e350c93ef5bcbb70a891cd812208239cbbdd0f856f3a5135eb6511206ae6dfbca96ddc1cf4f60874570b698dfb8b6a6a2778ecb16d8a232dd8675263b149871883d8079bc7cd9b8270a1a04fd5658f7036b370be92d0fb7c50105ae4795126cbd23da7efb3f62489a5502ee0adf1d8d34304d69f3bb03cf0a9b12a740ba3cdc236c8497ce8151c8ed1465b80e3c5b66509b348b321e575c3dc0045bf8b9bdbfff096f0083a7dcb736fe708f637c104940643c83eec9cd6d5c5a250ead1fee08def7a11bbd89f8e702bbb3abea018593731a3b77a169b8d35dbe356908f97bed383a8cd607ee7cb6402292ff408483448ed400335ac8d3dfd2f0b7cce3fb0bf1c5e2f90622ca2e92ff6b1e8d9a4c9e379dceefaa9ba60bde07dc8d4c2e487db64f82def7a42617e9f143d62f9a4a608db5ce1744dfeb5db5b22ab7cfb4e6d1b5c63e24f769b41c776ea2288a83d72faa7c98f217ec8932c755d69bde3cda6e76dae14681d59e7d49068c63596baeac43255c4bf3811a3623697657cec856cd334469a8e702f4775e09ff2437eb3c931cdc92b67b04a6b90f69eaabe566ef05aadfbea3539bd6134e2e943c863e021f6736d1ff913a0f2825803e4962f6d4c17c53d736a6489a8443d99ff1a3d2aa5d6cc6e11c6e3c4394a9d3239ddccb06ce4a8811b3f37c91c46aced01bd0053be618b46c9b809c24ad31843c73f581edcdabb1c6dc9304e8d2124252303b303e32e5e13f71932a6fae4358942f03c0914f5c6f1e050bd86894322b38315528bf2244fdb7c467f75fc2fe4fd6f49c3a0e5a9369cca66e31da89977a4ed468336861afdec9c29fc009e712ab21bad14608346def892ce173b8304d4062aeadfecf043a24abd99d758ab1cbff679e7a07d9aa66d9f32e1b32e1a17b94201f27877f0d6fbad324cfbfb52744e47f156f5c83be1b4a5d1c62f7de6ed01983ef993bbfd6190616ca9c80ab9de84f2442842b506ecc9b1140ead09c57c27a932c4432046205ac91312a615c599edeec47326e0f7670c95b78daef9e1c81be38eb9c19166d2ee5bcacf601c3ee022ad33c0489c2fbe522236d2f3878ebd42004cbe761a2271e0fee5acb5cd2562e7c6750ed5b2e3711ed924b3f2d1356b10f0c3009055634c2769a95a675813be1f060a13a5e949c5a7f7a8dcc4664061320d2d64510bd42d9777a00012715ba6c88320bc8633f5a2782d7dfe559ee9ce68dc9af551de44fc23ccf23c8977f864819ddbeccf66c8553bd03a38dc38d64b31fc58728c468576034f1480df690a753964befd41e5924d3adefca9e73dc2c95f70d0999367c3e2ab44c74f8fc3aa5b4b6a5522c63aa26b0fa4c98902afde49464a28dae22c7939428d714c20506bfc148c251e4aaff47a66f5588442ed8aa638e0324226f012c53038fd67d81989d767c5a2e427b1ec14ced891048dc25121ca667696a06992a32b711c4a73e609e6c126967b2cc332e7ae546949355e1163fce6e1b3387a88b0df2f9f08782c1cd29e49ce90b1fd3a0bce42a9e123849fc0ac20c30a67634bd50c71afb29f0e3959a4fa4c86822ee68f490540d14fa0927fcbec86d4bf6a6253b57047b0a550831e58aaccd7ff66d30aee031db0c312ba1b1804b22d77c18a1731b816b9add868ba49a1461c1371efbc12ceb5f79d8803811927ab4233c7ff903ad707f9a985afed7b7a1de5fa17aea1db3d13de8b13c77f617555350eb77e45b6cc3ea1e2aecc9e40c032c8587dd3e7d9746e257b3a68253f157f9d963b85ef279941537f9462d9ee2936270b61d2c76a02ff2ce5be078b70a5be36"}, {0xb0, 0x114, 0x1ff, "d5140e8eb84ca7565b543f80c9533962308ff3ebda9c72e38db1c2670f5efbf7ff51c059079430e1954597bc4d0259f537b62c038f2218cf2867981209fe6264c16ddfe00ba696219df74244a2392dcc7b5af1b8c3a0a4a0c68e2eb1f69e7503794640fa5c86a3db802dda233a82dbbb930f1bab5d2d62b2fa73985e8508d6d1d92122185817c187320eda95db1fee3a9ac776059828e79e8633b3cec868f82e"}, {0x88, 0x0, 0x7, "beb7d65c97935417c916706fc33e14d16ecd7a9c568477491c3c62249bd60db916f0041bd9b8f9fe9b9933be0fddf3d737edf44d8f86afa189fe13c0832988c0ce24422890425ec149bec3ca8fce447d0c32518ef08f1952f5c5c78571439022213fc48509ed90e71f3ce971e5c6e199e9c58ca01abf3576"}, {0x98, 0x119, 0x5, "0947a9fde9a130e0830380f8a6f512cd42fe95678b305cfd58102b410e2d9e01f89c9fcc4f832e28e376817539394d0f138cb78843138da2f16de586d28c4e1bf778e754b0d8ff5f27f433d60e53baafcce39b679eae59ddddac5d5a676d813d1d798209a8977dfae52d7fbb629693a3bd8d34e95948de9414fc87c70e77e88b7484"}, {0xe8, 0x103, 0x480000000, "7c20e805677bac1bb1acc296ee6fd5964902d48c7d3dae119f904dcf6adae626ee3f722ca9b2f34272429fe1b5462fff9a06a5ece592d69207c8c93541468782bac297d51decae4030d93c67a3bde23d701fbb1f11dda2b80e7bc84bfad63def8946ee5fe0a633d58bd0a7510541eeb8adbb0d57ea07da82e4758c3c52a8700f8015e3c35dc63e5fc2905917ab0ee1ca6e6014cc6fe3536e17a002bc8fb051548aa2d88352abe56c24973cb69cc229cc958e8c8fdde0f0eb74a3808ecb09586a603e118207d6e24caf29c0b92f8864b8a398516c1ae5f45c"}], 0x1388, 0x1}, 0x4000000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r3 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000280), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x40006, 0x0, 0x0, 0x400}]}, 0x10) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000001900)) setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000340)=0x1ff, 0x4) bind$inet6(r3, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_emit_ethernet(0x3b, &(0x7f0000000180)={@broadcast, @broadcast, [{[{0x9100, 0xffffffffffff8001, 0x2c, 0x2}], {0x8100, 0x0, 0x101, 0x4}}], {@ipx={0x8137, {0xffff, 0x25, 0xa0, 0x14, {@random=0x4e3, @random="aa492c0e4b15", 0xd192}, {@broadcast, @current, 0x4}, "f4e5d99ad37f06"}}}}, &(0x7f0000000200)={0x1, 0x3, [0x8f6, 0x316, 0x9d4, 0x9b7]}) listen(r3, 0x3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet6(r4, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000]}}, 0x1c) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x4000, 0x0) setsockopt$RDS_GET_MR(r5, 0x114, 0x2, &(0x7f0000002180)={{&(0x7f0000002080)=""/180, 0xb4}, &(0x7f0000002140), 0x4}, 0x20) 03:47:33 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000480)=ANY=[@ANYBLOB="b7020000fe000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe000000008500000026000000b7000000000000009500000000000000"], &(0x7f0000000340)='ser\x00'}, 0x48) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0xe, 0xa5, &(0x7f0000000600)="b1bd3c46442bee3978dbb9c5b98f", &(0x7f0000000280)=""/165, 0x1ee}, 0x28) 03:47:33 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x5, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000200)=r1) r2 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) rt_sigreturn() sendto$inet6(r2, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000040)={@dev={0xfe, 0x80, [], 0x1f}, r3}, 0x14) 03:47:33 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c0}], 0x3b6, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") preadv(r0, &(0x7f0000000480), 0x258, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000040)={0x6a, 0x4, 0x8, 0x7, 0x1, 0xfffffffffffffffc, 0x4, 0x0, 0x0}, &(0x7f0000000080)=0x20) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0)={r2, 0x14, "e111b04f83cc97a27d84d50c8f814d53b6beb14b"}, &(0x7f0000000100)=0x1c) [ 533.275723] not chained 670000 origins [ 533.279663] CPU: 0 PID: 14053 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #85 [ 533.286935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.296365] Call Trace: [ 533.298937] [ 533.301092] dump_stack+0x32d/0x480 [ 533.304721] ? save_stack_trace+0xc6/0x110 [ 533.308954] kmsan_internal_chain_origin+0x222/0x240 [ 533.314060] ? kmsan_internal_chain_origin+0x136/0x240 [ 533.319343] ? __msan_chain_origin+0x6d/0xb0 [ 533.323745] ? __save_stack_trace+0x8be/0xc60 [ 533.328237] ? save_stack_trace+0xc6/0x110 [ 533.332468] ? kmsan_internal_chain_origin+0x136/0x240 [ 533.337740] ? kmsan_memcpy_origins+0x13d/0x190 [ 533.342750] ? __msan_memcpy+0x6f/0x80 [ 533.346630] ? pskb_expand_head+0x436/0x1d20 [ 533.351033] ? ___pskb_trim+0x3c9/0x1bf0 [ 533.355088] ? sk_filter_trim_cap+0x5ac/0xa60 [ 533.359580] ? tcp_filter+0x10c/0x260 [ 533.363376] ? tcp_v6_rcv+0x45ba/0x5df0 [ 533.367340] ? ip6_input_finish+0xb53/0x2450 [ 533.371739] ? ip6_input+0x29d/0x340 [ 533.375442] ? ip6_rcv_finish+0x4d2/0x710 [ 533.379582] ? ipv6_rcv+0x34b/0x3f0 [ 533.383224] ? process_backlog+0x82b/0x11e0 [ 533.387537] ? net_rx_action+0x98f/0x1d50 [ 533.391683] ? __do_softirq+0x721/0xc7f [ 533.395658] ? do_softirq_own_stack+0x49/0x80 [ 533.400145] ? __local_bh_enable_ip+0x228/0x260 [ 533.404824] ? local_bh_enable+0x36/0x40 [ 533.408878] ? ip6_finish_output2+0x1b1a/0x22d0 [ 533.413539] ? ip6_finish_output+0xc13/0xca0 [ 533.417945] ? ip6_output+0x5e4/0x720 [ 533.421746] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 533.427100] ? __module_address+0x6a/0x5f0 [ 533.431336] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 533.436789] ? in_task_stack+0x12c/0x210 [ 533.441195] ? get_stack_info+0x206/0x220 [ 533.445350] __msan_chain_origin+0x6d/0xb0 [ 533.449584] ? ip6_output+0x5e4/0x720 [ 533.453378] __save_stack_trace+0x8be/0xc60 [ 533.457724] ? ip6_output+0x5e4/0x720 [ 533.461519] save_stack_trace+0xc6/0x110 [ 533.465576] kmsan_internal_chain_origin+0x136/0x240 [ 533.470673] ? local_bh_enable+0x36/0x40 [ 533.474760] ? __se_sys_sendto+0x107/0x130 [ 533.478988] ? kmsan_internal_chain_origin+0x136/0x240 [ 533.484255] ? kmsan_memcpy_origins+0x13d/0x190 [ 533.488917] ? __msan_memcpy+0x6f/0x80 [ 533.492796] ? pskb_expand_head+0x436/0x1d20 [ 533.497200] ? ___pskb_trim+0x3c9/0x1bf0 [ 533.501256] ? sk_filter_trim_cap+0x5ac/0xa60 [ 533.505746] ? tcp_filter+0x10c/0x260 [ 533.509538] ? tcp_v6_rcv+0x45ba/0x5df0 [ 533.513519] ? ip6_input_finish+0xb53/0x2450 [ 533.517924] ? ip6_input+0x29d/0x340 [ 533.521634] ? ip6_rcv_finish+0x4d2/0x710 [ 533.525783] ? ipv6_rcv+0x34b/0x3f0 [ 533.529399] ? process_backlog+0x82b/0x11e0 [ 533.533744] ? net_rx_action+0x98f/0x1d50 [ 533.537887] ? __do_softirq+0x721/0xc7f [ 533.542172] ? do_softirq_own_stack+0x49/0x80 [ 533.546671] ? __local_bh_enable_ip+0x228/0x260 [ 533.551332] ? local_bh_enable+0x36/0x40 [ 533.555381] ? ip6_finish_output2+0x1b1a/0x22d0 [ 533.560042] ? ip6_finish_output+0xc13/0xca0 [ 533.564447] ? ip6_output+0x5e4/0x720 [ 533.568239] ? ip6_xmit+0x216d/0x26a0 [ 533.572035] ? inet6_csk_xmit+0x3e0/0x4f0 [ 533.576181] ? __tcp_transmit_skb+0x425c/0x5e00 [ 533.580839] ? tcp_write_xmit+0x389a/0xacc0 [ 533.585163] ? __tcp_push_pending_frames+0x124/0x4e0 [ 533.590258] ? tcp_sendmsg_locked+0x44bf/0x6c30 [ 533.594920] ? tcp_sendmsg+0xb2/0x100 [ 533.598717] ? inet_sendmsg+0x4e9/0x800 [ 533.602683] ? __sys_sendto+0x940/0xb80 [ 533.606746] ? __se_sys_sendto+0x107/0x130 [ 533.610973] ? __x64_sys_sendto+0x6e/0x90 [ 533.615113] ? do_syscall_64+0xcf/0x110 [ 533.619085] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 533.624450] ? __msan_get_context_state+0x9/0x20 [ 533.629195] ? INIT_INT+0xc/0x30 [ 533.632559] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 533.638096] kmsan_memcpy_origins+0x13d/0x190 [ 533.642940] __msan_memcpy+0x6f/0x80 [ 533.646650] pskb_expand_head+0x436/0x1d20 [ 533.650892] ___pskb_trim+0x3c9/0x1bf0 [ 533.654786] sk_filter_trim_cap+0x5ac/0xa60 [ 533.659115] tcp_filter+0x10c/0x260 [ 533.662754] tcp_v6_rcv+0x45ba/0x5df0 [ 533.666552] ? __msan_poison_alloca+0x1e0/0x270 [ 533.671244] ? tcp_v6_early_demux+0xc80/0xc80 [ 533.675732] ? tcp_v6_early_demux+0xc80/0xc80 [ 533.680221] ip6_input_finish+0xb53/0x2450 [ 533.684469] ? ip6_input_finish+0x13e1/0x2450 [ 533.688963] ip6_input+0x29d/0x340 [ 533.692499] ? ip6_input+0x340/0x340 [ 533.696207] ? ip6_sublist_rcv+0x1ab0/0x1ab0 [ 533.700605] ip6_rcv_finish+0x4d2/0x710 [ 533.704577] ipv6_rcv+0x34b/0x3f0 [ 533.708037] ? dst_hold+0x5e0/0x5e0 [ 533.711669] process_backlog+0x82b/0x11e0 [ 533.715825] ? __msan_poison_alloca+0x1e0/0x270 [ 533.720538] ? ip6_rcv_finish+0x710/0x710 [ 533.724689] ? rps_trigger_softirq+0x2e0/0x2e0 [ 533.729278] net_rx_action+0x98f/0x1d50 [ 533.733264] ? net_tx_action+0xf20/0xf20 [ 533.737324] __do_softirq+0x721/0xc7f [ 533.741550] do_softirq_own_stack+0x49/0x80 [ 533.745860] [ 533.748090] __local_bh_enable_ip+0x228/0x260 [ 533.752588] local_bh_enable+0x36/0x40 [ 533.756470] ip6_finish_output2+0x1b1a/0x22d0 [ 533.760974] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 533.766331] ? ip6_mtu+0x289/0x330 [ 533.769882] ip6_finish_output+0xc13/0xca0 [ 533.774117] ip6_output+0x5e4/0x720 [ 533.777750] ? ip6_output+0x720/0x720 [ 533.781545] ? ac6_seq_show+0x200/0x200 [ 533.785530] ip6_xmit+0x216d/0x26a0 [ 533.789179] ? ip6_xmit+0x26a0/0x26a0 [ 533.792975] inet6_csk_xmit+0x3e0/0x4f0 [ 533.796950] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0 [ 533.801872] __tcp_transmit_skb+0x425c/0x5e00 [ 533.806399] tcp_write_xmit+0x389a/0xacc0 [ 533.810587] __tcp_push_pending_frames+0x124/0x4e0 [ 533.815519] tcp_sendmsg_locked+0x44bf/0x6c30 [ 533.820022] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 533.825409] tcp_sendmsg+0xb2/0x100 [ 533.829040] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 533.833700] inet_sendmsg+0x4e9/0x800 [ 533.837510] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 533.843184] ? security_socket_sendmsg+0x1bd/0x200 [ 533.848111] ? inet_getname+0x490/0x490 [ 533.852079] __sys_sendto+0x940/0xb80 [ 533.855894] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 533.861340] ? prepare_exit_to_usermode+0x182/0x4c0 [ 533.866357] __se_sys_sendto+0x107/0x130 [ 533.870420] __x64_sys_sendto+0x6e/0x90 [ 533.874386] do_syscall_64+0xcf/0x110 [ 533.878188] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 533.883371] RIP: 0033:0x457569 [ 533.886556] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 533.905459] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 533.913185] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 533.920447] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000007 [ 533.927704] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 533.934964] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 533.942510] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 533.949805] Uninit was stored to memory at: [ 533.954120] kmsan_internal_chain_origin+0x136/0x240 [ 533.959215] __msan_chain_origin+0x6d/0xb0 [ 533.963447] __save_stack_trace+0x8be/0xc60 [ 533.967758] save_stack_trace+0xc6/0x110 [ 533.971812] kmsan_internal_chain_origin+0x136/0x240 [ 533.976905] kmsan_memcpy_origins+0x13d/0x190 [ 533.981394] __msan_memcpy+0x6f/0x80 [ 533.985104] pskb_expand_head+0x436/0x1d20 [ 533.989330] ___pskb_trim+0x3c9/0x1bf0 [ 533.993223] sk_filter_trim_cap+0x5ac/0xa60 [ 533.997535] tcp_filter+0x10c/0x260 [ 534.001151] tcp_v6_rcv+0x45ba/0x5df0 [ 534.004955] ip6_input_finish+0xb53/0x2450 [ 534.009186] ip6_input+0x29d/0x340 [ 534.012715] ip6_rcv_finish+0x4d2/0x710 [ 534.016674] ipv6_rcv+0x34b/0x3f0 [ 534.020130] process_backlog+0x82b/0x11e0 [ 534.024379] net_rx_action+0x98f/0x1d50 [ 534.028348] __do_softirq+0x721/0xc7f [ 534.032138] [ 534.033767] Uninit was stored to memory at: [ 534.038078] kmsan_internal_chain_origin+0x136/0x240 [ 534.043456] __msan_chain_origin+0x6d/0xb0 [ 534.047682] __save_stack_trace+0x8be/0xc60 [ 534.052204] save_stack_trace+0xc6/0x110 [ 534.056255] kmsan_internal_chain_origin+0x136/0x240 [ 534.061351] kmsan_memcpy_origins+0x13d/0x190 [ 534.065837] __msan_memcpy+0x6f/0x80 [ 534.069546] pskb_expand_head+0x436/0x1d20 [ 534.073783] ___pskb_trim+0x3c9/0x1bf0 [ 534.077666] sk_filter_trim_cap+0x5ac/0xa60 [ 534.082065] tcp_filter+0x10c/0x260 [ 534.085680] tcp_v6_rcv+0x45ba/0x5df0 [ 534.089472] ip6_input_finish+0xb53/0x2450 [ 534.093697] ip6_input+0x29d/0x340 [ 534.097225] ip6_rcv_finish+0x4d2/0x710 [ 534.101188] ipv6_rcv+0x34b/0x3f0 [ 534.104634] process_backlog+0x82b/0x11e0 [ 534.108774] net_rx_action+0x98f/0x1d50 [ 534.112738] __do_softirq+0x721/0xc7f [ 534.116527] [ 534.118139] Uninit was stored to memory at: [ 534.122468] kmsan_internal_chain_origin+0x136/0x240 [ 534.127563] __msan_chain_origin+0x6d/0xb0 [ 534.131791] __save_stack_trace+0x8be/0xc60 [ 534.136107] save_stack_trace+0xc6/0x110 [ 534.140491] kmsan_internal_chain_origin+0x136/0x240 [ 534.145588] kmsan_memcpy_origins+0x13d/0x190 [ 534.150082] __msan_memcpy+0x6f/0x80 [ 534.153787] pskb_expand_head+0x436/0x1d20 [ 534.158012] ___pskb_trim+0x3c9/0x1bf0 [ 534.161893] sk_filter_trim_cap+0x5ac/0xa60 [ 534.166206] tcp_filter+0x10c/0x260 [ 534.169822] tcp_v6_rcv+0x45ba/0x5df0 [ 534.173724] ip6_input_finish+0xb53/0x2450 [ 534.177949] ip6_input+0x29d/0x340 [ 534.181480] ip6_rcv_finish+0x4d2/0x710 [ 534.185447] ipv6_rcv+0x34b/0x3f0 [ 534.188891] process_backlog+0x82b/0x11e0 [ 534.193119] net_rx_action+0x98f/0x1d50 [ 534.197085] __do_softirq+0x721/0xc7f [ 534.200876] [ 534.202491] Uninit was stored to memory at: [ 534.206806] kmsan_internal_chain_origin+0x136/0x240 [ 534.211902] __msan_chain_origin+0x6d/0xb0 [ 534.216131] __save_stack_trace+0x8be/0xc60 [ 534.220457] save_stack_trace+0xc6/0x110 [ 534.224514] kmsan_internal_chain_origin+0x136/0x240 [ 534.229621] kmsan_memcpy_origins+0x13d/0x190 [ 534.234107] __msan_memcpy+0x6f/0x80 [ 534.237816] pskb_expand_head+0x436/0x1d20 [ 534.242333] ___pskb_trim+0x3c9/0x1bf0 [ 534.246212] sk_filter_trim_cap+0x5ac/0xa60 [ 534.250526] tcp_filter+0x10c/0x260 [ 534.254141] tcp_v6_rcv+0x45ba/0x5df0 [ 534.257950] ip6_input_finish+0xb53/0x2450 [ 534.262187] ip6_input+0x29d/0x340 [ 534.265728] ip6_rcv_finish+0x4d2/0x710 [ 534.269693] ipv6_rcv+0x34b/0x3f0 [ 534.273137] process_backlog+0x82b/0x11e0 [ 534.277279] net_rx_action+0x98f/0x1d50 [ 534.281247] __do_softirq+0x721/0xc7f [ 534.285033] [ 534.286645] Uninit was stored to memory at: [ 534.290975] kmsan_internal_chain_origin+0x136/0x240 [ 534.296070] __msan_chain_origin+0x6d/0xb0 [ 534.300295] __save_stack_trace+0x8be/0xc60 [ 534.304697] save_stack_trace+0xc6/0x110 [ 534.308760] kmsan_internal_chain_origin+0x136/0x240 [ 534.313855] kmsan_memcpy_origins+0x13d/0x190 [ 534.318340] __msan_memcpy+0x6f/0x80 [ 534.322051] pskb_expand_head+0x436/0x1d20 [ 534.326278] ___pskb_trim+0x3c9/0x1bf0 [ 534.330165] sk_filter_trim_cap+0x5ac/0xa60 [ 534.334480] tcp_filter+0x10c/0x260 [ 534.338099] tcp_v6_rcv+0x45ba/0x5df0 [ 534.342231] ip6_input_finish+0xb53/0x2450 [ 534.346457] ip6_input+0x29d/0x340 [ 534.349989] ip6_rcv_finish+0x4d2/0x710 [ 534.353951] ipv6_rcv+0x34b/0x3f0 [ 534.357411] process_backlog+0x82b/0x11e0 [ 534.361553] net_rx_action+0x98f/0x1d50 [ 534.365521] __do_softirq+0x721/0xc7f [ 534.369324] [ 534.370936] Uninit was stored to memory at: [ 534.375248] kmsan_internal_chain_origin+0x136/0x240 [ 534.380339] __msan_chain_origin+0x6d/0xb0 [ 534.384564] __save_stack_trace+0x8be/0xc60 [ 534.388875] save_stack_trace+0xc6/0x110 [ 534.392927] kmsan_internal_chain_origin+0x136/0x240 [ 534.398024] kmsan_memcpy_origins+0x13d/0x190 [ 534.402512] __msan_memcpy+0x6f/0x80 [ 534.406217] pskb_expand_head+0x436/0x1d20 [ 534.410444] ___pskb_trim+0x3c9/0x1bf0 [ 534.414326] sk_filter_trim_cap+0x5ac/0xa60 [ 534.418639] tcp_filter+0x10c/0x260 [ 534.422254] tcp_v6_rcv+0x45ba/0x5df0 [ 534.426042] ip6_input_finish+0xb53/0x2450 [ 534.430267] ip6_input+0x29d/0x340 [ 534.433799] ip6_rcv_finish+0x4d2/0x710 [ 534.437850] ipv6_rcv+0x34b/0x3f0 [ 534.441644] process_backlog+0x82b/0x11e0 [ 534.445792] net_rx_action+0x98f/0x1d50 [ 534.449759] __do_softirq+0x721/0xc7f [ 534.453543] [ 534.455166] Uninit was stored to memory at: [ 534.459482] kmsan_internal_chain_origin+0x136/0x240 [ 534.464578] __msan_chain_origin+0x6d/0xb0 [ 534.468808] __save_stack_trace+0x8be/0xc60 [ 534.473119] save_stack_trace+0xc6/0x110 [ 534.477175] kmsan_internal_chain_origin+0x136/0x240 [ 534.482270] kmsan_memcpy_origins+0x13d/0x190 [ 534.486776] __msan_memcpy+0x6f/0x80 [ 534.490486] pskb_expand_head+0x436/0x1d20 [ 534.494712] ___pskb_trim+0x3c9/0x1bf0 [ 534.498615] sk_filter_trim_cap+0x5ac/0xa60 [ 534.502930] tcp_filter+0x10c/0x260 [ 534.506548] tcp_v6_rcv+0x45ba/0x5df0 [ 534.510362] ip6_input_finish+0xb53/0x2450 [ 534.514594] ip6_input+0x29d/0x340 [ 534.518123] ip6_rcv_finish+0x4d2/0x710 [ 534.522089] ipv6_rcv+0x34b/0x3f0 [ 534.525532] process_backlog+0x82b/0x11e0 [ 534.529668] net_rx_action+0x98f/0x1d50 [ 534.533636] __do_softirq+0x721/0xc7f [ 534.537436] [ 534.539062] Local variable description: ----v.addr.i.i.i@should_fail [ 534.545796] Variable was created at: [ 534.549503] should_fail+0x14d/0x13c0 [ 534.553470] __should_failslab+0x278/0x2a0 [ 534.623954] PANIC: double fault, error_code: 0x0 [ 534.628822] CPU: 1 PID: 14063 Comm: syz-executor5 Not tainted 4.20.0-rc2+ #85 [ 534.636150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.648070] not chained 680000 origins [ 534.648503] ================================================================== [ 534.648510] BUG: KMSAN: uninit-value in do_raw_spin_lock+0x130/0x410 [ 534.648518] CPU: 1 PID: 14063 Comm: syz-executor5 Not tainted 4.20.0-rc2+ #85 [ 534.648527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.648532] Call Trace: [ 534.648537] <#DF> [ 534.648542] dump_stack+0x32d/0x480 [ 534.648548] ? do_raw_spin_lock+0x130/0x410 [ 534.648553] kmsan_report+0x19f/0x300 [ 534.648559] kmsan_internal_check_memory+0x35b/0x3b0 [ 534.648565] ? __msan_poison_alloca+0x1e0/0x270 [ 534.648571] kmsan_check_memory+0xd/0x10 [ 534.648589] do_raw_spin_lock+0x130/0x410 [ 534.648595] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 534.648600] _raw_spin_lock+0x27/0x30 [ 534.648606] vprintk_emit+0x1d9/0x8a0 [ 534.648611] vprintk_default+0x90/0xa0 [ 534.648616] vprintk_func+0x26b/0x2a0 [ 534.648621] printk+0x1a3/0x1f0 [ 534.648627] ? kmsan_get_origin_address+0x212/0x360 [ 534.648633] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 534.648655] show_iret_regs+0x13c/0x540 [ 534.648661] ? kmsan_get_origin_address+0x212/0x360 [ 534.648667] ? __show_regs+0xb2/0x1350 [ 534.648673] ? show_regs+0xaf/0x170 [ 534.648678] __show_regs+0xc9/0x1350 [ 534.648683] ? get_cpu_entry_area+0xc/0x30 [ 534.648690] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 534.648695] show_regs+0xaf/0x170 [ 534.648700] df_debug+0x86/0xb0 [ 534.648706] do_double_fault+0x362/0x480 [ 534.648711] double_fault+0x1e/0x30 [ 534.648717] RIP: 0010:kmsan_get_origin_address+0x212/0x360 [ 534.648731] Code: 2d 01 00 00 e9 fe 00 00 00 65 44 8b 34 25 20 a1 02 00 48 b8 00 00 00 00 00 02 00 00 48 01 d8 48 3d ff 0f e8 00 77 38 44 89 f7 19 30 4a ff 48 89 d9 48 29 c1 85 c9 78 26 48 63 c1 48 3d ff 9f [ 534.648737] RSP: 0018:fffffe000003c000 EFLAGS: 00010093 [ 534.648749] RAX: 000000000003c150 RBX: fffffe000003c150 RCX: 000000000000002e [ 534.648756] RDX: 0000000000000001 RSI: 0000000000000088 RDI: 0000000000000001 [ 534.648763] RBP: fffffe000003c038 R08: 0000000000000000 R09: 0000000000000000 [ 534.648771] R10: 0000000000000000 R11: 0000000000000000 R12: 0000778000000000 [ 534.648778] R13: 0000000000000000 R14: 0000000000000001 R15: fffffe008003c150 [ 534.648783] [ 534.648788] [ 534.648794] kmsan_memmove_origins+0xbd/0x1c0 [ 534.648799] ? kmsan_memmove_shadow+0xad/0xd0 [ 534.648805] __msan_memmove+0x6c/0x80 [ 534.648810] fixup_bad_iret+0x63/0xc0 [ 534.648815] error_entry+0xad/0xc0 [ 534.648821] RIP: 0000: (null) [ 534.648826] Code: Bad RIP value. [ 534.648832] RSP: a3fb7f:00007f4c0cc329c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 534.648846] RAX: 0000000000000000 RBX: ffffffff8b000e58 RCX: 000000000040393c [ 534.648853] RDX: 1b015203f7b5d800 RSI: 0000000000000000 RDI: 0000000000000000 [ 534.648861] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 534.648868] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 534.648875] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 534.648881] ? general_protection+0x8/0x30 [ 534.648887] ? general_protection+0x8/0x30 [ 534.648892] [ 534.648896] [ 534.648903] Local variable description: ----v.addr.i.i@do_raw_spin_lock [ 534.648909] Variable was created at: [ 534.648920] do_raw_spin_lock+0x62/0x410 [ 534.648925] _raw_spin_lock+0x27/0x30 [ 534.648930] [ 534.648936] Bytes 0-7 of 8 are uninitialized [ 534.648942] Memory access of size 8 starts at fffffe00000439f8 [ 534.648950] ================================================================== [ 534.648956] Disabling lock debugging due to kernel taint [ 534.648963] Kernel panic - not syncing: panic_on_warn set ... [ 534.648971] CPU: 1 PID: 14063 Comm: syz-executor5 Tainted: G B 4.20.0-rc2+ #85 [ 534.648980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.648984] Call Trace: [ 534.648989] <#DF> [ 534.648994] dump_stack+0x32d/0x480 [ 534.648999] panic+0x624/0xc08 [ 534.649005] kmsan_report+0x300/0x300 [ 534.649011] kmsan_internal_check_memory+0x35b/0x3b0 [ 534.649017] ? __msan_poison_alloca+0x1e0/0x270 [ 534.649023] kmsan_check_memory+0xd/0x10 [ 534.649029] do_raw_spin_lock+0x130/0x410 [ 534.649035] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 534.649040] _raw_spin_lock+0x27/0x30 [ 534.649046] vprintk_emit+0x1d9/0x8a0 [ 534.649051] vprintk_default+0x90/0xa0 [ 534.649057] vprintk_func+0x26b/0x2a0 [ 534.649062] printk+0x1a3/0x1f0 [ 534.649068] ? kmsan_get_origin_address+0x212/0x360 [ 534.649075] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 534.649081] show_iret_regs+0x13c/0x540 [ 534.649087] ? kmsan_get_origin_address+0x212/0x360 [ 534.649092] ? __show_regs+0xb2/0x1350 [ 534.649098] ? show_regs+0xaf/0x170 [ 534.649103] __show_regs+0xc9/0x1350 [ 534.649109] ? get_cpu_entry_area+0xc/0x30 [ 534.649115] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 534.649121] show_regs+0xaf/0x170 [ 534.649126] df_debug+0x86/0xb0 [ 534.649131] do_double_fault+0x362/0x480 [ 534.649137] double_fault+0x1e/0x30 [ 534.649143] RIP: 0010:kmsan_get_origin_address+0x212/0x360 [ 534.649166] Code: 2d 01 00 00 e9 fe 00 00 00 65 44 8b 34 25 20 a1 02 00 48 b8 00 00 00 00 00 02 00 00 48 01 d8 48 3d ff 0f e8 00 77 38 44 89 f7 19 30 4a ff 48 89 d9 48 29 c1 85 c9 78 26 48 63 c1 48 3d ff 9f [ 534.649172] RSP: 0018:fffffe000003c000 EFLAGS: 00010093 [ 534.649183] RAX: 000000000003c150 RBX: fffffe000003c150 RCX: 000000000000002e [ 534.649191] RDX: 0000000000000001 RSI: 0000000000000088 RDI: 0000000000000001 [ 534.649198] RBP: fffffe000003c038 R08: 0000000000000000 R09: 0000000000000000 [ 534.649205] R10: 0000000000000000 R11: 0000000000000000 R12: 0000778000000000 [ 534.649213] R13: 0000000000000000 R14: 0000000000000001 R15: fffffe008003c150 [ 534.649217] [ 534.649222] [ 534.649228] kmsan_memmove_origins+0xbd/0x1c0 [ 534.649234] ? kmsan_memmove_shadow+0xad/0xd0 [ 534.649239] __msan_memmove+0x6c/0x80 [ 534.649245] fixup_bad_iret+0x63/0xc0 [ 534.649250] error_entry+0xad/0xc0 [ 534.649256] RIP: 0000: (null) [ 534.649261] Code: Bad RIP value. [ 534.649267] RSP: a3fb7f:00007f4c0cc329c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 534.649280] RAX: 0000000000000000 RBX: ffffffff8b000e58 RCX: 000000000040393c [ 534.649287] RDX: 1b015203f7b5d800 RSI: 0000000000000000 RDI: 0000000000000000 [ 534.649295] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 534.649302] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 534.649310] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 534.649315] ? general_protection+0x8/0x30 [ 534.649321] ? general_protection+0x8/0x30 [ 534.649326] [ 535.286897] CPU: 0 PID: 14053 Comm: syz-executor3 Tainted: G B 4.20.0-rc2+ #85 [ 535.295550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.304893] Call Trace: [ 535.307489] dump_stack+0x32d/0x480 [ 535.311130] kmsan_internal_chain_origin+0x222/0x240 [ 535.316259] ? save_stack_trace+0xc6/0x110 [ 535.320491] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 535.325595] ? kmsan_internal_chain_origin+0x90/0x240 [ 535.330790] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 535.336163] ? is_bpf_text_address+0x49e/0x4d0 [ 535.341078] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 535.346527] ? in_task_stack+0x12c/0x210 [ 535.350592] __msan_chain_origin+0x6d/0xb0 [ 535.354835] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.360194] __save_stack_trace+0x8be/0xc60 [ 535.364530] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.369912] save_stack_trace+0xc6/0x110 [ 535.373983] kmsan_internal_chain_origin+0x136/0x240 [ 535.379276] ? do_syscall_64+0xcf/0x110 [ 535.383258] ? kmsan_internal_chain_origin+0x136/0x240 [ 535.388530] ? kmsan_memcpy_origins+0x13d/0x190 [ 535.393189] ? __msan_memcpy+0x6f/0x80 [ 535.397088] ? pskb_expand_head+0x436/0x1d20 [ 535.401492] ? __tcp_retransmit_skb+0xdf6/0x46c0 [ 535.406243] ? tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 535.411532] ? tcp_ack+0x91b2/0xa010 [ 535.415243] ? tcp_rcv_established+0xf7e/0x2940 [ 535.419909] ? tcp_v6_do_rcv+0x9f8/0x21b0 [ 535.424058] ? __release_sock+0x32d/0x750 [ 535.428214] ? __sk_flush_backlog+0x52/0x70 [ 535.432535] ? tcp_sendmsg_locked+0xd72/0x6c30 [ 535.437113] ? tcp_sendmsg+0xb2/0x100 [ 535.441198] ? inet_sendmsg+0x4e9/0x800 [ 535.445175] ? __sys_sendto+0x940/0xb80 [ 535.449146] ? __se_sys_sendto+0x107/0x130 [ 535.453382] ? __x64_sys_sendto+0x6e/0x90 [ 535.457525] ? do_syscall_64+0xcf/0x110 [ 535.461505] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.466892] ? __msan_get_context_state+0x9/0x20 [ 535.471654] ? INIT_INT+0xc/0x30 [ 535.475014] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 535.480382] kmsan_memcpy_origins+0x13d/0x190 [ 535.484879] __msan_memcpy+0x6f/0x80 [ 535.488593] pskb_expand_head+0x436/0x1d20 [ 535.492843] __tcp_retransmit_skb+0xdf6/0x46c0 [ 535.497542] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 535.502906] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 535.508267] ? __list_del_entry_valid+0x123/0x450 [ 535.513127] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 535.518191] tcp_ack+0x91b2/0xa010 [ 535.521732] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 535.527236] tcp_rcv_established+0xf7e/0x2940 [ 535.531765] tcp_v6_do_rcv+0x9f8/0x21b0 [ 535.535750] ? tcp_v6_destroy_sock+0x60/0x60 [ 535.540501] __release_sock+0x32d/0x750 [ 535.544484] __sk_flush_backlog+0x52/0x70 [ 535.548631] ? tcp_v6_do_rcv+0x21b0/0x21b0 [ 535.552867] tcp_sendmsg_locked+0xd72/0x6c30 [ 535.557299] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 535.562700] tcp_sendmsg+0xb2/0x100 [ 535.566331] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 535.570996] inet_sendmsg+0x4e9/0x800 [ 535.574795] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 535.580160] ? security_socket_sendmsg+0x1bd/0x200 [ 535.585091] ? inet_getname+0x490/0x490 [ 535.589060] __sys_sendto+0x940/0xb80 [ 535.592881] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 535.598343] ? prepare_exit_to_usermode+0x182/0x4c0 [ 535.603373] __se_sys_sendto+0x107/0x130 [ 535.607442] __x64_sys_sendto+0x6e/0x90 [ 535.611419] do_syscall_64+0xcf/0x110 [ 535.615227] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.620409] RIP: 0033:0x457569 [ 535.623605] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 535.642809] RSP: 002b:00007f66e0facc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 535.650605] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 535.657872] RDX: fffffffffffffedd RSI: 0000000020000280 RDI: 0000000000000007 [ 535.665132] RBP: 000000000072bf00 R08: 0000000020000080 R09: 000000000000001c [ 535.672405] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f66e0fad6d4 [ 535.679676] R13: 00000000004c3c1d R14: 00000000004d5e98 R15: 00000000ffffffff [ 535.687214] Uninit was stored to memory at: [ 535.691533] kmsan_internal_chain_origin+0x136/0x240 [ 535.696633] __msan_chain_origin+0x6d/0xb0 [ 535.700863] __save_stack_trace+0x8be/0xc60 [ 535.705184] save_stack_trace+0xc6/0x110 [ 535.709242] kmsan_internal_chain_origin+0x136/0x240 [ 535.714339] kmsan_memcpy_origins+0x13d/0x190 [ 535.718833] __msan_memcpy+0x6f/0x80 [ 535.722548] pskb_expand_head+0x436/0x1d20 [ 535.726781] __tcp_retransmit_skb+0xdf6/0x46c0 [ 535.731357] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 535.736369] tcp_ack+0x91b2/0xa010 [ 535.740246] tcp_rcv_established+0xf7e/0x2940 [ 535.744738] tcp_v6_do_rcv+0x9f8/0x21b0 [ 535.748706] __release_sock+0x32d/0x750 [ 535.752688] __sk_flush_backlog+0x52/0x70 [ 535.756831] tcp_sendmsg_locked+0xd72/0x6c30 [ 535.761255] tcp_sendmsg+0xb2/0x100 [ 535.764878] inet_sendmsg+0x4e9/0x800 [ 535.768757] __sys_sendto+0x940/0xb80 [ 535.772551] __se_sys_sendto+0x107/0x130 [ 535.776602] __x64_sys_sendto+0x6e/0x90 [ 535.780585] do_syscall_64+0xcf/0x110 [ 535.784379] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.789553] [ 535.791174] Uninit was stored to memory at: [ 535.795490] kmsan_internal_chain_origin+0x136/0x240 [ 535.800591] __msan_chain_origin+0x6d/0xb0 [ 535.804820] __save_stack_trace+0x8be/0xc60 [ 535.809141] save_stack_trace+0xc6/0x110 [ 535.813204] kmsan_internal_chain_origin+0x136/0x240 [ 535.818305] kmsan_memcpy_origins+0x13d/0x190 [ 535.822889] __msan_memcpy+0x6f/0x80 [ 535.826603] pskb_expand_head+0x436/0x1d20 [ 535.830839] __tcp_retransmit_skb+0xdf6/0x46c0 [ 535.835423] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 535.840749] tcp_ack+0x91b2/0xa010 [ 535.844280] tcp_rcv_established+0xf7e/0x2940 [ 535.848769] tcp_v6_do_rcv+0x9f8/0x21b0 [ 535.852743] __release_sock+0x32d/0x750 [ 535.856711] __sk_flush_backlog+0x52/0x70 [ 535.860852] tcp_sendmsg_locked+0xd72/0x6c30 [ 535.865251] tcp_sendmsg+0xb2/0x100 [ 535.868869] inet_sendmsg+0x4e9/0x800 [ 535.872661] __sys_sendto+0x940/0xb80 [ 535.876454] __se_sys_sendto+0x107/0x130 [ 535.880509] __x64_sys_sendto+0x6e/0x90 [ 535.884480] do_syscall_64+0xcf/0x110 [ 535.888281] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.893456] [ 535.895075] Uninit was stored to memory at: [ 535.899390] kmsan_internal_chain_origin+0x136/0x240 [ 535.904496] __msan_chain_origin+0x6d/0xb0 [ 535.908725] __save_stack_trace+0x8be/0xc60 [ 535.913042] save_stack_trace+0xc6/0x110 [ 535.917095] kmsan_internal_chain_origin+0x136/0x240 [ 535.922189] kmsan_memcpy_origins+0x13d/0x190 [ 535.926676] __msan_memcpy+0x6f/0x80 [ 535.930401] pskb_expand_head+0x436/0x1d20 [ 535.934630] __tcp_retransmit_skb+0xdf6/0x46c0 [ 535.939205] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 535.944574] tcp_ack+0x91b2/0xa010 [ 535.948110] tcp_rcv_established+0xf7e/0x2940 [ 535.952604] tcp_v6_do_rcv+0x9f8/0x21b0 [ 535.956570] __release_sock+0x32d/0x750 [ 535.960538] __sk_flush_backlog+0x52/0x70 [ 535.964681] tcp_sendmsg_locked+0xd72/0x6c30 [ 535.969106] tcp_sendmsg+0xb2/0x100 [ 535.972730] inet_sendmsg+0x4e9/0x800 [ 535.976527] __sys_sendto+0x940/0xb80 [ 535.980323] __se_sys_sendto+0x107/0x130 [ 535.984380] __x64_sys_sendto+0x6e/0x90 [ 535.988349] do_syscall_64+0xcf/0x110 [ 535.992146] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 535.997333] [ 535.998950] Uninit was stored to memory at: [ 536.003266] kmsan_internal_chain_origin+0x136/0x240 [ 536.008362] __msan_chain_origin+0x6d/0xb0 [ 536.012596] __save_stack_trace+0x8be/0xc60 [ 536.016912] save_stack_trace+0xc6/0x110 [ 536.020972] kmsan_internal_chain_origin+0x136/0x240 [ 536.026073] kmsan_memcpy_origins+0x13d/0x190 [ 536.030562] __msan_memcpy+0x6f/0x80 [ 536.034272] pskb_expand_head+0x436/0x1d20 [ 536.038500] __tcp_retransmit_skb+0xdf6/0x46c0 [ 536.043351] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 536.048360] tcp_ack+0x91b2/0xa010 [ 536.051892] tcp_rcv_established+0xf7e/0x2940 [ 536.056386] tcp_v6_do_rcv+0x9f8/0x21b0 [ 536.060388] __release_sock+0x32d/0x750 [ 536.064363] __sk_flush_backlog+0x52/0x70 [ 536.068507] tcp_sendmsg_locked+0xd72/0x6c30 [ 536.072911] tcp_sendmsg+0xb2/0x100 [ 536.076536] inet_sendmsg+0x4e9/0x800 [ 536.080331] __sys_sendto+0pus with NM[ 536.082996] Kernel Offset: disabled NMI [ 536.082996] Kernel Offset: disabled [ 536.091823] __se_sys_sendto+0x107/0x130 [ 536.095880] __x64_sys_sendto+0x6e/0x90 [ 536.099847] do_syscall_64+0xcf/0x110 [ 536.103649] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 536.108825] [ 536.110443] Uninit was stored to memory at: [ 536.114762] kmsan_internal_chain_origin+0x136/0x240 [ 536.119857] __msan_chain_origin+0x6d/0xb0 [ 536.124090] __save_stack_trace+0x8be/0xc60 [ 536.128402] save_stack_trace+0xc6/0x110 [ 536.132467] kmsan_internal_chain_origin+0x136/0x240 [ 536.137562] kmsan_memcpy_origins+0x13d/0x190 [ 536.142334] __msan_memcpy+0x6f/0x80 [ 536.146042] pskb_expand_head+0x436/0x1d20 [ 536.150270] __tcp_retransmit_skb+0xdf6/0x46c0 [ 536.154845] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 536.159848] tcp_ack+0x91b2/0xa010 [ 536.163376] tcp_rcv_established+0xf7e/0x2940 [ 536.167869] tcp_v6_do_rcv+0x9f8/0x21b0 [ 536.171838] __release_sock+0x32d/0x750 [ 536.175889] __sk_flush_backlog+0x52/0x70 [ 536.180028] tcp_sendmsg_locked+0xd72/0x6c30 [ 536.184438] tcp_sendmsg+0xb2/0x100 [ 536.188062] inet_sendmsg+0x4e9/0x800 [ 536.191857] __sys_sendto+0x940/0xb80 [ 536.195649] __se_sys_sendto+0x107/0x130 [ 536.199701] __x64_sys_sendto+0x6e/0x90 [ 536.203669] do_syscall_64+0xcf/0x110 [ 536.207472] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 536.212644] [ 536.214276] Uninit was stored to memory at: [ 536.218594] kmsan_internal_chain_origin+0x136/0x240 [ 536.223691] __msan_chain_origin+0x6d/0xb0 [ 536.227920] __save_stack_trace+0x8be/0xc60 [ 536.232238] save_stack_trace+0xc6/0x110 [ 536.236294] kmsan_internal_chain_origin+0x136/0x240 [ 536.241727] kmsan_memcpy_origins+0x13d/0x190 [ 536.246218] __msan_memcpy+0x6f/0x80 [ 536.249930] pskb_expand_head+0x436/0x1d20 [ 536.254164] __tcp_retransmit_skb+0xdf6/0x46c0 [ 536.258739] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 536.263745] tcp_ack+0x91b2/0xa010 [ 536.267276] tcp_rcv_established+0xf7e/0x2940 [ 536.271897] tcp_v6_do_rcv+0x9f8/0x21b0 [ 536.275884] __release_sock+0x32d/0x750 [ 536.279850] __sk_flush_backlog+0x52/0x70 [ 536.283993] tcp_sendmsg_locked+0xd72/0x6c30 [ 536.288390] tcp_sendmsg+0xb2/0x100 [ 536.292014] inet_sendmsg+0x4e9/0x800 [ 536.295833] __sys_sendto+0x940/0xb80 [ 536.299709] __se_sys_sendto+0x107/0x130 [ 536.303764] __x64_sys_sendto+0x6e/0x90 [ 536.307727] do_syscall_64+0xcf/0x110 [ 536.311524] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 536.316696] [ 536.318310] Uninit was stored to memory at: [ 536.322627] kmsan_internal_chain_origin+0x136/0x240 [ 536.327733] __msan_chain_origin+0x6d/0xb0 [ 536.331959] __save_stack_trace+0x8be/0xc60 [ 536.336275] save_stack_trace+0xc6/0x110 [ 536.340705] kmsan_internal_chain_origin+0x136/0x240 [ 536.345801] kmsan_memcpy_origins+0x13d/0x190 [ 536.350292] __msan_memcpy+0x6f/0x80 [ 536.354000] pskb_expand_head+0x436/0x1d20 [ 536.358225] __tcp_retransmit_skb+0xdf6/0x46c0 [ 536.362801] tcp_xmit_retransmit_queue+0xea0/0x1c10 [ 536.367805] tcp_ack+0x91b2/0xa010 [ 536.371339] tcp_rcv_established+0xf7e/0x2940 [ 536.375838] tcp_v6_do_rcv+0x9f8/0x21b0 [ 536.379809] __release_sock+0x32d/0x750 [ 536.383777] __sk_flush_backlog+0x52/0x70 [ 536.387921] tcp_sendmsg_locked+0xd72/0x6c30 [ 536.392328] tcp_sendmsg+0xb2/0x100 [ 536.395948] inet_sendmsg+0x4e9/0x800 [ 536.399737] __sys_sendto+0x940/0xb80 [ 536.403532] __se_sys_sendto+0x107/0x130 [ 536.407585] __x64_sys_sendto+0x6e/0x90 [ 536.411562] do_syscall_64+0xcf/0x110 [ 536.415357] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 536.420531] [ 536.422148] Local variable description: ----old.addr.i.i.i@should_fail [ 536.428805] Variable was created at: [ 536.432513] should_fail+0x123/0x13c0 [ 536.436309] __should_failslab+0x278/0x2a0