[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.720611] audit: type=1800 audit(1541500086.777:25): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 52.739880] audit: type=1800 audit(1541500086.797:26): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 52.759318] audit: type=1800 audit(1541500086.807:27): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. 2018/11/06 10:28:20 fuzzer started 2018/11/06 10:28:25 dialing manager at 10.128.0.26:38635 2018/11/06 10:28:25 syscalls: 1 2018/11/06 10:28:25 code coverage: enabled 2018/11/06 10:28:25 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/06 10:28:25 setuid sandbox: enabled 2018/11/06 10:28:25 namespace sandbox: enabled 2018/11/06 10:28:25 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/06 10:28:25 fault injection: enabled 2018/11/06 10:28:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/06 10:28:25 net packed injection: enabled 2018/11/06 10:28:25 net device setup: enabled 10:31:08 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000040)) syzkaller login: [ 235.053670] IPVS: ftp: loaded support on port[0] = 21 [ 236.831238] ip (6281) used greatest stack depth: 53664 bytes left [ 237.229828] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.236456] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.245052] device bridge_slave_0 entered promiscuous mode [ 237.376902] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.383491] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.391993] device bridge_slave_1 entered promiscuous mode [ 237.519357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 237.647341] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 238.041216] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 238.173991] bond0: Enslaving bond_slave_1 as an active interface with an up link 10:31:12 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f00000000c0)) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af21, &(0x7f0000000100)) [ 238.819637] IPVS: ftp: loaded support on port[0] = 21 [ 239.198826] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 239.207105] team0: Port device team_slave_0 added [ 239.445834] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 239.453968] team0: Port device team_slave_1 added [ 239.657731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.799496] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 239.806739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.815543] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.043627] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.051358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.060569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.254743] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.262470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.272800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.560442] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.567358] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.575936] device bridge_slave_0 entered promiscuous mode [ 242.714560] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.721030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.728131] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.734677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.743471] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.749910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.810453] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.817038] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.825524] device bridge_slave_1 entered promiscuous mode [ 243.006210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 243.160502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 10:31:17 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x8000}) ioctl$KVM_NMI(r3, 0xae9a) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f0000000340)="643e67660f3a61ca9bbaf80c66b8bc5d158866efbafc0c66ed66b9800000c00f326635001000000f30f40f38c94bf80f380b5775260f01ca0f21360f180ad810", 0x40}], 0x1, 0xfffffffbfffffffc, &(0x7f0000000280), 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="07e1"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 244.038471] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 244.324782] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 244.627227] IPVS: ftp: loaded support on port[0] = 21 [ 244.634390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 244.641417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.865381] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 244.872956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.566528] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 245.575583] team0: Port device team_slave_0 added [ 245.880032] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 245.888062] team0: Port device team_slave_1 added [ 246.181469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 246.190437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.199248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.522938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.530158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.538812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.806406] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 246.814080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.823144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.113081] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 247.120652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.129641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 248.952473] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.958940] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.967400] device bridge_slave_0 entered promiscuous mode [ 249.067190] ip (6525) used greatest stack depth: 53504 bytes left [ 249.282738] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.289197] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.297681] device bridge_slave_1 entered promiscuous mode [ 249.570796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 249.834620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 250.189340] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.195924] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.203208] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.209664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.218279] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 250.533954] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 250.748605] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 250.894602] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.969123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 250.976847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 251.227842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 251.235050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 10:31:25 executing program 3: memfd_create(&(0x7f0000000040)='\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3}, 0x2c8) [ 252.205206] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 252.213578] team0: Port device team_slave_0 added [ 252.580973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 252.588990] team0: Port device team_slave_1 added [ 252.727079] IPVS: ftp: loaded support on port[0] = 21 [ 252.913238] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 252.920354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 252.929201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 253.253359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 253.260435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 253.269319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 253.396566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.526060] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 253.534368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 253.543359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 253.826263] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 253.834214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 253.843371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 254.655295] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 255.855014] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 255.861395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.869393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 257.133295] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.586196] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.592748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.599684] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.606283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.614816] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 257.875239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 258.332335] not chained 10000 origins [ 258.336193] CPU: 0 PID: 6252 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 258.343036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 258.352392] Call Trace: [ 258.354982] [ 258.357146] dump_stack+0x32d/0x480 [ 258.360806] ? kmsan_internal_chain_origin+0x136/0x240 [ 258.366104] kmsan_internal_chain_origin+0x222/0x240 [ 258.371219] ? br_port_fill_attrs+0x42b/0x1ea0 [ 258.376174] ? __do_softirq+0x721/0xc5d [ 258.380167] ? irq_exit+0x305/0x340 [ 258.383811] ? exiting_irq+0xe/0x10 [ 258.387451] ? smp_apic_timer_interrupt+0x64/0x90 [ 258.392300] ? apic_timer_interrupt+0xf/0x20 [ 258.396722] ? kmsan_get_shadow_origin_ptr+0x23e/0x410 [ 258.402023] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 258.407482] ? copy_page_range+0x2016/0x3e40 [ 258.411897] ? copy_process+0x7319/0xc3e0 [ 258.416054] ? _do_fork+0x3e3/0x1370 [ 258.419788] ? __se_sys_clone+0xf6/0x110 [ 258.423860] ? __x64_sys_clone+0x62/0x80 [ 258.427938] ? do_syscall_64+0xcf/0x110 [ 258.431921] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 258.437299] ? br_port_fill_attrs+0x366/0x1ea0 [ 258.441895] ? br_fill_ifinfo+0x10ed/0x27c0 [ 258.446229] ? br_ifinfo_notify+0x285/0x460 [ 258.450560] ? br_forward_delay_timer_expired+0x478/0x4d0 [ 258.456107] ? call_timer_fn+0x356/0x7c0 [ 258.460182] ? __run_timers+0xe95/0x1300 [ 258.464259] ? run_timer_softirq+0x55/0xa0 [ 258.468503] ? __do_softirq+0x721/0xc5d [ 258.472486] ? irq_exit+0x305/0x340 [ 258.476418] ? exiting_irq+0xe/0x10 [ 258.480055] ? smp_apic_timer_interrupt+0x64/0x90 [ 258.484905] ? apic_timer_interrupt+0xf/0x20 [ 258.489327] ? kmsan_get_shadow_origin_ptr+0x23e/0x410 [ 258.494613] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 258.500074] ? copy_page_range+0x2016/0x3e40 [ 258.504489] ? copy_process+0x7319/0xc3e0 [ 258.508641] ? _do_fork+0x3e3/0x1370 [ 258.512370] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 258.517739] ? __module_address+0x6a/0x610 [ 258.522005] ? get_stack_info+0x863/0x9d0 [ 258.526170] __msan_chain_origin+0x6d/0xd0 [ 258.530417] ? br_fill_ifinfo+0x10ed/0x27c0 [ 258.534752] __save_stack_trace+0x8be/0xc60 [ 258.539110] ? br_fill_ifinfo+0x10ed/0x27c0 [ 258.543443] save_stack_trace+0xc6/0x110 [ 258.547527] kmsan_internal_chain_origin+0x136/0x240 [ 258.552648] ? kmsan_internal_chain_origin+0x136/0x240 [ 258.557936] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 258.562616] ? __msan_memcpy+0x6f/0x80 [ 258.566516] ? nla_put+0x20a/0x2d0 [ 258.570065] ? br_port_fill_attrs+0x42b/0x1ea0 [ 258.574949] ? br_fill_ifinfo+0x10ed/0x27c0 [ 258.579281] ? br_ifinfo_notify+0x285/0x460 [ 258.583615] ? br_forward_delay_timer_expired+0x478/0x4d0 [ 258.589161] ? call_timer_fn+0x356/0x7c0 [ 258.593241] ? __run_timers+0xe95/0x1300 [ 258.597322] ? run_timer_softirq+0x55/0xa0 [ 258.601568] ? __do_softirq+0x721/0xc5d [ 258.605553] ? irq_exit+0x305/0x340 [ 258.609189] ? exiting_irq+0xe/0x10 [ 258.612831] ? smp_apic_timer_interrupt+0x64/0x90 [ 258.617684] ? apic_timer_interrupt+0xf/0x20 [ 258.622105] ? kmsan_get_shadow_origin_ptr+0x23e/0x410 [ 258.627395] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 258.632858] ? copy_page_range+0x2016/0x3e40 [ 258.637276] ? copy_process+0x7319/0xc3e0 [ 258.641428] ? _do_fork+0x3e3/0x1370 [ 258.645151] ? __se_sys_clone+0xf6/0x110 [ 258.649231] ? __x64_sys_clone+0x62/0x80 [ 258.653300] ? do_syscall_64+0xcf/0x110 [ 258.657286] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 258.662661] ? __do_softirq+0x721/0xc5d [ 258.666649] ? irq_exit+0x305/0x340 [ 258.670283] ? exiting_irq+0xe/0x10 [ 258.673922] ? smp_apic_timer_interrupt+0x64/0x90 [ 258.679119] ? apic_timer_interrupt+0xf/0x20 [ 258.683544] ? kmsan_get_shadow_origin_ptr+0x23e/0x410 [ 258.688837] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 258.694297] ? copy_page_range+0x2016/0x3e40 [ 258.698713] ? copy_process+0x7319/0xc3e0 [ 258.702876] ? _do_fork+0x3e3/0x1370 [ 258.706595] ? __se_sys_clone+0xf6/0x110 [ 258.710664] ? __x64_sys_clone+0x62/0x80 [ 258.714730] ? do_syscall_64+0xcf/0x110 [ 258.718721] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 258.724109] ? kmsan_set_origin+0x83/0x130 [ 258.728354] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 258.733735] kmsan_memcpy_origins+0x13d/0x1b0 [ 258.738258] __msan_memcpy+0x6f/0x80 [ 258.741981] nla_put+0x20a/0x2d0 [ 258.745365] br_port_fill_attrs+0x42b/0x1ea0 [ 258.749813] br_fill_ifinfo+0x10ed/0x27c0 [ 258.753997] br_ifinfo_notify+0x285/0x460 [ 258.758164] br_forward_delay_timer_expired+0x478/0x4d0 [ 258.763544] call_timer_fn+0x356/0x7c0 [ 258.767440] ? br_message_age_timer_expired+0x570/0x570 [ 258.772824] __run_timers+0xe95/0x1300 [ 258.777019] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 258.782393] ? br_message_age_timer_expired+0x570/0x570 [ 258.787795] run_timer_softirq+0x55/0xa0 [ 258.791865] ? timers_dead_cpu+0xb90/0xb90 [ 258.796113] __do_softirq+0x721/0xc5d [ 258.799940] irq_exit+0x305/0x340 [ 258.803407] exiting_irq+0xe/0x10 [ 258.806880] smp_apic_timer_interrupt+0x64/0x90 [ 258.811557] apic_timer_interrupt+0xf/0x20 [ 258.815826] [ 258.818083] RIP: 0010:kmsan_get_shadow_origin_ptr+0x23e/0x410 [ 258.823977] Code: 48 09 c1 4c 01 c1 0f 84 99 01 00 00 41 81 e7 fc 0f 00 00 48 01 f2 48 c1 ea 05 48 0f af d7 4c 01 c2 49 89 ce 4c 01 fa 48 89 d3 <0f> 85 75 01 00 00 0f 0b eb fe 49 bd 00 00 00 00 00 02 00 00 65 44 [ 258.842913] RSP: 0018:ffff880158adf7c0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 258.850635] RAX: 0000000000000a98 RBX: ffff880158affa98 RCX: ffff880158aefa98 [ 258.857914] RDX: ffff880158affa98 RSI: 0000160000000000 RDI: aaaaaaaaaaaab000 [ 258.865192] RBP: ffff880158adf7f0 R08: ffff880000000000 R09: ffffffff8c4e8000 [ 258.872470] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d8adfa98 [ 258.880060] R13: 0000000000000000 R14: ffff880158aefa98 R15: 0000000000000a98 [ 258.887375] __msan_metadata_ptr_for_store_8+0x13/0x20 [ 258.892666] copy_page_range+0x2016/0x3e40 [ 258.896921] ? should_fail+0x162/0x13c0 [ 258.900971] copy_process+0x7319/0xc3e0 [ 258.905004] _do_fork+0x3e3/0x1370 [ 258.908572] __se_sys_clone+0xf6/0x110 [ 258.912476] __x64_sys_clone+0x62/0x80 [ 258.916373] do_syscall_64+0xcf/0x110 [ 258.920183] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 258.925375] RIP: 0033:0x421269 [ 258.928576] Code: 01 00 00 48 8d 54 24 0c 48 8d 7c 24 10 be 30 10 42 00 e8 aa ed bd ff 48 8d 54 24 0c 31 f6 bf 11 00 10 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 6b 01 00 00 85 c0 89 c7 89 44 24 0c 0f 84 [ 258.947486] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 258.955206] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000421269 [ 258.962482] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011 [ 258.969766] RBP: 0000000000a3fc80 R08: 0000000000a44a80 R09: 0000000000000032 [ 258.977364] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fef8 [ 258.984640] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 258.991932] Uninit was stored to memory at: [ 258.996276] kmsan_internal_chain_origin+0x136/0x240 [ 259.001397] __msan_chain_origin+0x6d/0xd0 [ 259.005642] __save_stack_trace+0x8be/0xc60 [ 259.009968] save_stack_trace+0xc6/0x110 [ 259.014041] kmsan_internal_chain_origin+0x136/0x240 [ 259.019149] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.023652] __msan_memcpy+0x6f/0x80 [ 259.027381] nla_put+0x20a/0x2d0 [ 259.030788] br_port_fill_attrs+0x366/0x1ea0 [ 259.035208] br_fill_ifinfo+0x10ed/0x27c0 [ 259.039361] br_ifinfo_notify+0x285/0x460 [ 259.043517] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.048890] call_timer_fn+0x356/0x7c0 [ 259.052802] __run_timers+0xe95/0x1300 [ 259.056701] run_timer_softirq+0x55/0xa0 [ 259.060784] __do_softirq+0x721/0xc5d [ 259.064580] [ 259.066202] Uninit was stored to memory at: [ 259.070537] kmsan_internal_chain_origin+0x136/0x240 [ 259.076000] __msan_chain_origin+0x6d/0xd0 [ 259.080250] __save_stack_trace+0x8be/0xc60 [ 259.084584] save_stack_trace+0xc6/0x110 [ 259.088654] kmsan_internal_chain_origin+0x136/0x240 [ 259.093781] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.098287] __msan_memcpy+0x6f/0x80 [ 259.102179] nla_put+0x20a/0x2d0 [ 259.105554] br_port_fill_attrs+0x366/0x1ea0 [ 259.109973] br_fill_ifinfo+0x10ed/0x27c0 [ 259.114127] br_ifinfo_notify+0x285/0x460 [ 259.118280] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.123648] call_timer_fn+0x356/0x7c0 [ 259.127537] __run_timers+0xe95/0x1300 [ 259.131426] run_timer_softirq+0x55/0xa0 [ 259.135503] __do_softirq+0x721/0xc5d [ 259.139298] [ 259.140922] Uninit was stored to memory at: [ 259.145254] kmsan_internal_chain_origin+0x136/0x240 [ 259.150366] __msan_chain_origin+0x6d/0xd0 [ 259.154611] __save_stack_trace+0x8be/0xc60 [ 259.158940] save_stack_trace+0xc6/0x110 [ 259.163009] kmsan_internal_chain_origin+0x136/0x240 [ 259.168121] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.172623] __msan_memcpy+0x6f/0x80 [ 259.176685] nla_put+0x20a/0x2d0 [ 259.180060] br_port_fill_attrs+0x366/0x1ea0 [ 259.184473] br_fill_ifinfo+0x10ed/0x27c0 [ 259.188629] br_ifinfo_notify+0x285/0x460 [ 259.192786] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.198159] call_timer_fn+0x356/0x7c0 [ 259.202061] __run_timers+0xe95/0x1300 [ 259.205956] run_timer_softirq+0x55/0xa0 [ 259.210027] __do_softirq+0x721/0xc5d [ 259.213828] [ 259.215461] Uninit was stored to memory at: [ 259.219805] kmsan_internal_chain_origin+0x136/0x240 [ 259.224926] __msan_chain_origin+0x6d/0xd0 [ 259.229170] __save_stack_trace+0x8be/0xc60 [ 259.233496] save_stack_trace+0xc6/0x110 [ 259.237570] kmsan_internal_chain_origin+0x136/0x240 [ 259.242684] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.247186] __msan_memcpy+0x6f/0x80 [ 259.250906] nla_put+0x20a/0x2d0 [ 259.254280] br_port_fill_attrs+0x366/0x1ea0 [ 259.258700] br_fill_ifinfo+0x10ed/0x27c0 [ 259.262872] br_ifinfo_notify+0x285/0x460 [ 259.267028] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.272404] call_timer_fn+0x356/0x7c0 [ 259.276598] __run_timers+0xe95/0x1300 [ 259.280506] run_timer_softirq+0x55/0xa0 [ 259.284578] __do_softirq+0x721/0xc5d [ 259.288373] [ 259.289998] Uninit was stored to memory at: [ 259.294331] kmsan_internal_chain_origin+0x136/0x240 [ 259.299707] __msan_chain_origin+0x6d/0xd0 [ 259.303960] __save_stack_trace+0x8be/0xc60 [ 259.308291] save_stack_trace+0xc6/0x110 [ 259.312362] kmsan_internal_chain_origin+0x136/0x240 [ 259.317474] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.322849] __msan_memcpy+0x6f/0x80 [ 259.326571] nla_put+0x20a/0x2d0 [ 259.329943] br_port_fill_attrs+0x366/0x1ea0 [ 259.334358] br_fill_ifinfo+0x10ed/0x27c0 [ 259.338511] br_ifinfo_notify+0x285/0x460 [ 259.342665] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.348038] call_timer_fn+0x356/0x7c0 [ 259.352378] __run_timers+0xe95/0x1300 [ 259.356270] run_timer_softirq+0x55/0xa0 [ 259.360338] __do_softirq+0x721/0xc5d [ 259.364132] [ 259.365769] Uninit was stored to memory at: [ 259.370097] kmsan_internal_chain_origin+0x136/0x240 [ 259.375558] __msan_chain_origin+0x6d/0xd0 [ 259.379803] __save_stack_trace+0x8be/0xc60 [ 259.384130] save_stack_trace+0xc6/0x110 [ 259.388202] kmsan_internal_chain_origin+0x136/0x240 [ 259.393308] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.397810] __msan_memcpy+0x6f/0x80 [ 259.401526] nla_put+0x20a/0x2d0 [ 259.404901] br_port_fill_attrs+0x366/0x1ea0 [ 259.409312] br_fill_ifinfo+0x10ed/0x27c0 [ 259.413468] br_ifinfo_notify+0x285/0x460 [ 259.417634] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.423004] call_timer_fn+0x356/0x7c0 [ 259.426900] __run_timers+0xe95/0x1300 [ 259.430796] run_timer_softirq+0x55/0xa0 [ 259.434866] __do_softirq+0x721/0xc5d [ 259.438659] [ 259.440283] Uninit was stored to memory at: [ 259.444610] kmsan_internal_chain_origin+0x136/0x240 [ 259.449722] __msan_chain_origin+0x6d/0xd0 [ 259.453973] __save_stack_trace+0x8be/0xc60 [ 259.458296] save_stack_trace+0xc6/0x110 [ 259.462370] kmsan_internal_chain_origin+0x136/0x240 [ 259.467480] kmsan_memcpy_origins+0x13d/0x1b0 [ 259.471985] __msan_memcpy+0x6f/0x80 [ 259.475981] nla_put+0x20a/0x2d0 [ 259.479351] br_port_fill_attrs+0x366/0x1ea0 [ 259.483777] br_fill_ifinfo+0x10ed/0x27c0 [ 259.487932] br_ifinfo_notify+0x285/0x460 [ 259.492095] br_forward_delay_timer_expired+0x478/0x4d0 [ 259.497465] call_timer_fn+0x356/0x7c0 [ 259.501358] __run_timers+0xe95/0x1300 [ 259.505250] run_timer_softirq+0x55/0xa0 [ 259.509316] __do_softirq+0x721/0xc5d [ 259.513109] [ 259.514736] Local variable description: ----flags.i.i.i.i@__local_bh_enable_ip [ 259.522103] Variable was created at: [ 259.525914] __local_bh_enable_ip+0x46/0x260 [ 259.530335] local_bh_enable+0x36/0x40 [ 259.560486] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.567032] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.575449] device bridge_slave_0 entered promiscuous mode [ 259.949384] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.956064] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.964462] device bridge_slave_1 entered promiscuous mode 10:31:34 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0xc008551b, &(0x7f00000000c0)) [ 260.306572] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 260.618093] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 261.504381] IPVS: ftp: loaded support on port[0] = 21 [ 261.718730] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 262.186862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 262.607471] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 262.614704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.042688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 263.049815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 264.226169] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.234260] team0: Port device team_slave_0 added [ 264.694616] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.702862] team0: Port device team_slave_1 added [ 265.096014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 265.103221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 265.112082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 265.405558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.476136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 265.484259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 265.492929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 265.866045] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 265.873716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 265.883762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.275002] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.283779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.292840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.033203] usb usb5: usbfs: interface 0 claimed by hub while 'syz-executor0' sets config #0 [ 267.177559] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 10:31:41 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f00000000c0)) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af10, &(0x7f0000000100)={0x0, 0x2}) 10:31:41 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x8000}) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={0x0, 0xfffffffffffffff7}, &(0x7f00000000c0)=0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 267.773962] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.780788] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.789581] device bridge_slave_0 entered promiscuous mode [ 267.872303] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 268.198414] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.205084] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.213668] device bridge_slave_1 entered promiscuous mode 10:31:42 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x5) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000400)=""/250) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x58, 0x0, &(0x7f00000001c0)=[@exit_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x20, &(0x7f0000000080)=[@ptr={0x70742a85, 0x0, &(0x7f0000000040), 0x1, 0x4, 0x20}], &(0x7f00000000c0)=[0x38, 0x78, 0x38, 0x9f31936b9158e023]}}, @release={0x40046306, 0x3}, @increfs={0x40046304, 0x3}], 0x34, 0x0, &(0x7f0000000100)="3b48fc3c2e568f6177806ba6fa94fd9c7ce5de1ded8c03666f51e7bb2fca5d3b8fe2ad9250287db9172883158bbf9e8d63f779e4"}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xfffffffffffffffc, 0x32, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000300)={'broute\x00', 0x0, 0x0, 0x0, [], 0x1, &(0x7f0000000280)=[{}, {}, {}, {}, {}], 0x0, [{}]}, 0x88) sendmmsg(r0, &(0x7f0000005ec0)=[{{&(0x7f0000000140)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f00000003c0)}}, {{&(0x7f00000006c0)=@un=@abs, 0x80, &(0x7f0000000980), 0x0, &(0x7f00000009c0)}}], 0x2, 0x0) [ 268.570635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 10:31:42 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970") r1 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = fcntl$dupfd(r1, 0x406, r2) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000040), 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket(0xa, 0x2, 0x0) ioctl(r5, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) getsockopt$inet_int(r5, 0x0, 0xf, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0x0, 0x9, 0x8}, 0xc) r7 = syz_open_dev$sndpcmc(&(0x7f0000000300)='/dev/snd/pcmC#D#c\x00', 0x3, 0x34102) getsockopt$IPT_SO_GET_ENTRIES(r7, 0x0, 0x41, &(0x7f00000005c0)={'mangle\x00', 0xe2, "ebe93af5058f3949bda4a75f6cacdaeb142d1fd73527592cb055b579ff07e26d07aa56708cf41816b2ad472afc2f2bd2360d8efaf086f8d1346b19a92b7bbc4fff7a14d2e1a0d177eb0116d95d0de1c34be7ee638aca2cfb7fadeeb38d1e34fb137497870770d83f2b2f9bedfe82272a8577e76366042d60c27d7eebb966ff732f944ea254d1f10a65a151bf2c40248cd90e4f3ff497ba0dc6b3b1cf78df65906532a24cbd6c33eead1fa0408043a8d44f4287cb19053169ec888b29437120d8fdcff8c5c78eef99b7b09b02e7236a4fcecf8748d099c63aa7273f0cb812a9db07e2"}, &(0x7f0000000200)=0x106) ioctl$EVIOCGID(r7, 0x80084502, &(0x7f0000000340)=""/80) mmap(&(0x7f0000000000/0xe73000)=nil, 0xe73000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x80000000000000, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f00000004c0)={0x0, 0x1}, &(0x7f0000000500)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000540)={r8, 0x4, 0x7}, &(0x7f0000000580)=0x8) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) setfsuid(r9) poll(&(0x7f00000003c0)=[{r3, 0x500}, {r1}, {r7, 0x20}, {r5, 0x80}, {r2, 0x20}, {r6, 0x2000}, {r5, 0x52}, {r5, 0x4e0}, {r3, 0x9042}, {r6, 0x4}], 0xa, 0x33) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r7, 0x111, 0x1, 0xfffffffffffffff7, 0x4) r10 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r10, &(0x7f0000e6f000)={0xa, 0x2, 0x1000000000000, @mcast2, 0x4}, 0x1f) r11 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r11, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r10, {0x2, 0x1, @multicast2}, 0x4, 0x0, 0x2}}, 0x2e) setsockopt$inet6_udp_int(r10, 0x11, 0x65, &(0x7f0000000080)=0x922, 0x4) sendmsg$nl_crypto(r11, &(0x7f0000000240)={&(0x7f0000041000)={0x10, 0x0, 0x0, 0x53524851d3beda5a}, 0xc, &(0x7f0000e6c000)={&(0x7f0000000040)=@delrng={0x10, 0x14, 0x200, 0x0, 0x3}, 0x10}, 0x1, 0x0, 0x0, 0x8801}, 0x40000) [ 268.854409] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 268.860827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 268.868781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 269.009456] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 10:31:43 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r0 = socket(0x1000100000010, 0x2, 0x0) getsockname$unix(r0, &(0x7f0000000080), &(0x7f0000000000)=0x6e) write(r0, &(0x7f0000000040)="1f0000001e0007f105000000000000000000010053d6445f89390836be381b", 0x1f) 10:31:44 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0) readv(r2, &(0x7f0000000040)=[{&(0x7f0000000080)=""/41, 0x5}], 0x1) pread64(r2, &(0x7f00000000c0)=""/119, 0x77, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'vlan0\x00', 0x1}, 0x18) [ 270.161414] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 270.356212] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.524452] bond0: Enslaving bond_slave_1 as an active interface with an up link 10:31:44 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x200000, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000040)={0x5, 0x4, 0x5a90456b, 0x9}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$l2tp(r0, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}, 0x4, 0x1}}, 0x2e) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x36, 0xffffffffffffffff, 0x0) r4 = dup3(r0, r2, 0x0) sendto$inet(r4, &(0x7f0000000100)="f8", 0x1, 0x0, 0x0, 0x0) [ 270.838233] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.844818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.851951] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.858476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.866868] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 270.976317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 270.983823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 10:31:45 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(&(0x7f0000000300)=ANY=[@ANYBLOB="ba01993fb474b3a6590dda979a618426098758bccb4a65ce880510bd049ceac6354a4c95d311d5e76915595b6978f5a4006533975c6e490f9c66e884387e4a835a73bb539b9b4862444151a445bc803de24c166769428624e217ce2f15a7bb93a956c7cf3a2d98e4b12f8c0a16bc3e3b0186d1b1dfb6f662fb9a28f402cabb8dcc393d16c94ab218a4b255706a90a1c2cec184598b0e2d7f9c0ba71be276bd55d5704653f4dbe2cde74c0b195f7df0af2d7547b2168772653d552fd2d42b22c17f8f07a530adb8a5fecfebf13bb3b7e0c33e4b0da903eda2c5ca968b56e16d57622aa9e51a2621548c", @ANYRES32, @ANYRESHEX, @ANYRESDEC=0x0, @ANYBLOB="c32e3cdf945c921ed0520368e7e1247504c9801a0e9d3902a5006dafe06ab1a3de79901a68928be77cf73df27165f6c5221d87802590e63cbc3e204c626e311eb7abb4fc48bef343229f8013224be98c7d0bafda7f0c3fef23c385a35741991d708cc9b93808abc1ae9ea4ca945222a9859811ab1cd16979ac9e0ff8188e666ebc718b3edc4a0a54f949c73983", @ANYRES16, @ANYRESOCT, @ANYRESOCT, @ANYRES16], &(0x7f0000027000)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, &(0x7f000000a000)) capset(&(0x7f0000000140)={0x20071026}, &(0x7f0000000180)) open$dir(&(0x7f00000001c0)='./file0/file1\x00', 0x3ffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000001640)='/dev/snd/pcmC#D#p\x00', 0x3, 0x10200) socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000001680)={0xfff, 0x100000000, 0x2, 0x1}, 0x8) [ 271.367364] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 271.374749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 271.462372] capability: warning: `syz-executor0' uses deprecated v2 capabilities in a way that may be insecure [ 271.762291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 272.440592] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 272.448636] team0: Port device team_slave_0 added [ 272.783278] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 272.791179] team0: Port device team_slave_1 added [ 272.934919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 273.041232] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 273.048538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 273.058409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 273.316399] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 273.323577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 273.332249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 273.574329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 273.582846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 273.591868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 273.884486] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 273.908134] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 273.916027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 273.924974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.858712] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 274.865282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 274.873198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.729030] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.079316] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.086491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 277.093596] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.100047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 277.108544] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 277.115256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 10:31:51 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0xfffffffffffff000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ffff00000a000200aaaaaaaaaaaa0000"], 0x1}}, 0x0) [ 280.913526] not chained 20000 origins [ 280.917391] CPU: 0 PID: 7388 Comm: ip Not tainted 4.19.0+ #77 [ 280.923279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 280.932638] Call Trace: [ 280.935237] dump_stack+0x32d/0x480 [ 280.938887] ? save_stack_trace+0xc6/0x110 [ 280.943160] kmsan_internal_chain_origin+0x222/0x240 [ 280.948280] ? br_port_fill_attrs+0x42b/0x1ea0 [ 280.952997] ? ___sys_recvmsg+0x444/0xae0 [ 280.957167] ? __se_sys_recvmsg+0x2fa/0x450 [ 280.961499] ? __x64_sys_recvmsg+0x4a/0x70 [ 280.965748] ? do_syscall_64+0xcf/0x110 [ 280.969741] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 280.975105] ? kmsan_internal_chain_origin+0x136/0x240 [ 280.980378] ? __msan_chain_origin+0x6d/0xd0 [ 280.985064] ? __save_stack_trace+0x8be/0xc60 [ 280.989551] ? save_stack_trace+0xc6/0x110 [ 280.993786] ? kmsan_internal_chain_origin+0x136/0x240 [ 280.999062] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 281.003726] ? __msan_memcpy+0x6f/0x80 [ 281.007609] ? nla_put+0x20a/0x2d0 [ 281.011143] ? br_port_fill_attrs+0x366/0x1ea0 [ 281.015720] ? br_port_fill_slave_info+0xff/0x120 [ 281.020560] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.025049] ? rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.029464] ? netlink_dump+0xb09/0x1750 [ 281.033521] ? netlink_recvmsg+0xec2/0x19d0 [ 281.037837] ? sock_recvmsg+0x1d1/0x230 [ 281.041818] ? ___sys_recvmsg+0x444/0xae0 [ 281.045961] ? __se_sys_recvmsg+0x2fa/0x450 [ 281.050279] ? __x64_sys_recvmsg+0x4a/0x70 [ 281.054511] ? do_syscall_64+0xcf/0x110 [ 281.058481] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.063847] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 281.069204] ? __module_address+0x6a/0x610 [ 281.073446] ? get_stack_info+0x863/0x9d0 [ 281.077594] __msan_chain_origin+0x6d/0xd0 [ 281.081849] ? __se_sys_recvmsg+0x2fa/0x450 [ 281.086452] __save_stack_trace+0x8be/0xc60 [ 281.090885] ? __se_sys_recvmsg+0x2fa/0x450 [ 281.095207] save_stack_trace+0xc6/0x110 [ 281.099282] kmsan_internal_chain_origin+0x136/0x240 [ 281.104392] ? kmsan_internal_chain_origin+0x136/0x240 [ 281.109677] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 281.114345] ? __msan_memcpy+0x6f/0x80 [ 281.118230] ? nla_put+0x20a/0x2d0 [ 281.121769] ? br_port_fill_attrs+0x42b/0x1ea0 [ 281.126353] ? br_port_fill_slave_info+0xff/0x120 [ 281.131191] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.135680] ? rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.140081] ? netlink_dump+0xb09/0x1750 [ 281.144134] ? netlink_recvmsg+0xec2/0x19d0 [ 281.148448] ? sock_recvmsg+0x1d1/0x230 [ 281.152429] ? ___sys_recvmsg+0x444/0xae0 [ 281.156569] ? __se_sys_recvmsg+0x2fa/0x450 [ 281.160883] ? __x64_sys_recvmsg+0x4a/0x70 [ 281.165110] ? do_syscall_64+0xcf/0x110 [ 281.169076] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.174441] ? __msan_poison_alloca+0x1e0/0x2b0 [ 281.179122] ? kmsan_set_origin+0x83/0x130 [ 281.183892] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 281.189695] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.194190] __msan_memcpy+0x6f/0x80 [ 281.197905] nla_put+0x20a/0x2d0 [ 281.201273] br_port_fill_attrs+0x42b/0x1ea0 [ 281.205682] br_port_fill_slave_info+0xff/0x120 [ 281.210349] ? br_port_get_slave_size+0x30/0x30 [ 281.215019] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.219364] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.223684] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 281.229054] ? rtnl_getlink+0xde0/0xde0 [ 281.233027] netlink_dump+0xb09/0x1750 [ 281.236917] netlink_recvmsg+0xec2/0x19d0 [ 281.241075] sock_recvmsg+0x1d1/0x230 [ 281.244870] ? netlink_sendmsg+0x1440/0x1440 [ 281.249278] ___sys_recvmsg+0x444/0xae0 [ 281.253265] ? __msan_poison_alloca+0x1e0/0x2b0 [ 281.257950] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 281.263312] ? __fdget+0x23c/0x440 [ 281.266850] __se_sys_recvmsg+0x2fa/0x450 [ 281.271008] __x64_sys_recvmsg+0x4a/0x70 [ 281.275068] do_syscall_64+0xcf/0x110 [ 281.278867] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.284366] RIP: 0033:0x7f272f627210 [ 281.288080] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 281.306991] RSP: 002b:00007fffba796cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 281.314695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f272f627210 [ 281.321956] RDX: 0000000000000000 RSI: 00007fffba796d20 RDI: 0000000000000003 [ 281.329216] RBP: 0000000000001c28 R08: 00007f272f8d0ec8 R09: 00007f272f66dc00 [ 281.336478] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006395c0 [ 281.343739] R13: 00007fffba79adb0 R14: 0000000000001c28 R15: 00007fffba798988 [ 281.351009] Uninit was stored to memory at: [ 281.355841] kmsan_internal_chain_origin+0x136/0x240 [ 281.360937] __msan_chain_origin+0x6d/0xd0 [ 281.365165] __save_stack_trace+0x8be/0xc60 [ 281.369476] save_stack_trace+0xc6/0x110 [ 281.373530] kmsan_internal_chain_origin+0x136/0x240 [ 281.378624] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.383348] __msan_memcpy+0x6f/0x80 [ 281.387053] nla_put+0x20a/0x2d0 [ 281.390412] br_port_fill_attrs+0x366/0x1ea0 [ 281.394820] br_port_fill_slave_info+0xff/0x120 [ 281.399484] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.403814] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.408045] netlink_dump+0xb09/0x1750 [ 281.411927] netlink_recvmsg+0xec2/0x19d0 [ 281.416067] sock_recvmsg+0x1d1/0x230 [ 281.419857] ___sys_recvmsg+0x444/0xae0 [ 281.423829] __se_sys_recvmsg+0x2fa/0x450 [ 281.427977] __x64_sys_recvmsg+0x4a/0x70 [ 281.432033] do_syscall_64+0xcf/0x110 [ 281.435829] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.441005] [ 281.442805] Uninit was stored to memory at: [ 281.447125] kmsan_internal_chain_origin+0x136/0x240 [ 281.452224] __msan_chain_origin+0x6d/0xd0 [ 281.456452] __save_stack_trace+0x8be/0xc60 [ 281.460763] save_stack_trace+0xc6/0x110 [ 281.464830] kmsan_internal_chain_origin+0x136/0x240 [ 281.469928] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.474504] __msan_memcpy+0x6f/0x80 [ 281.478211] nla_put+0x20a/0x2d0 [ 281.481574] br_port_fill_attrs+0x366/0x1ea0 [ 281.486549] br_port_fill_slave_info+0xff/0x120 [ 281.491213] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.495529] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.499757] netlink_dump+0xb09/0x1750 [ 281.503646] netlink_recvmsg+0xec2/0x19d0 [ 281.507796] sock_recvmsg+0x1d1/0x230 [ 281.511600] ___sys_recvmsg+0x444/0xae0 [ 281.515574] __se_sys_recvmsg+0x2fa/0x450 [ 281.519715] __x64_sys_recvmsg+0x4a/0x70 [ 281.523775] do_syscall_64+0xcf/0x110 [ 281.527582] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.532756] [ 281.534375] Uninit was stored to memory at: [ 281.538689] kmsan_internal_chain_origin+0x136/0x240 [ 281.543794] __msan_chain_origin+0x6d/0xd0 [ 281.548026] __save_stack_trace+0x8be/0xc60 [ 281.552341] save_stack_trace+0xc6/0x110 [ 281.556395] kmsan_internal_chain_origin+0x136/0x240 [ 281.561490] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.565975] __msan_memcpy+0x6f/0x80 [ 281.569681] nla_put+0x20a/0x2d0 [ 281.573045] br_port_fill_attrs+0x366/0x1ea0 [ 281.577444] br_port_fill_slave_info+0xff/0x120 [ 281.582104] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.586835] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.591077] netlink_dump+0xb09/0x1750 [ 281.594955] netlink_recvmsg+0xec2/0x19d0 [ 281.599098] sock_recvmsg+0x1d1/0x230 [ 281.602893] ___sys_recvmsg+0x444/0xae0 [ 281.606858] __se_sys_recvmsg+0x2fa/0x450 [ 281.610996] __x64_sys_recvmsg+0x4a/0x70 [ 281.615052] do_syscall_64+0xcf/0x110 [ 281.618850] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.624022] [ 281.625640] Uninit was stored to memory at: [ 281.629957] kmsan_internal_chain_origin+0x136/0x240 [ 281.635058] __msan_chain_origin+0x6d/0xd0 [ 281.639284] __save_stack_trace+0x8be/0xc60 [ 281.643598] save_stack_trace+0xc6/0x110 [ 281.647651] kmsan_internal_chain_origin+0x136/0x240 [ 281.652746] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.657236] __msan_memcpy+0x6f/0x80 [ 281.660946] nla_put+0x20a/0x2d0 [ 281.664311] br_port_fill_attrs+0x366/0x1ea0 [ 281.668715] br_port_fill_slave_info+0xff/0x120 [ 281.673380] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.677706] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.681936] netlink_dump+0xb09/0x1750 [ 281.686160] netlink_recvmsg+0xec2/0x19d0 [ 281.690306] sock_recvmsg+0x1d1/0x230 [ 281.694112] ___sys_recvmsg+0x444/0xae0 [ 281.698088] __se_sys_recvmsg+0x2fa/0x450 [ 281.702234] __x64_sys_recvmsg+0x4a/0x70 [ 281.706288] do_syscall_64+0xcf/0x110 [ 281.710096] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.715274] [ 281.716891] Uninit was stored to memory at: [ 281.721206] kmsan_internal_chain_origin+0x136/0x240 [ 281.726301] __msan_chain_origin+0x6d/0xd0 [ 281.730535] __save_stack_trace+0x8be/0xc60 [ 281.734847] save_stack_trace+0xc6/0x110 [ 281.738910] kmsan_internal_chain_origin+0x136/0x240 [ 281.744010] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.748497] __msan_memcpy+0x6f/0x80 [ 281.752207] nla_put+0x20a/0x2d0 [ 281.755567] br_port_fill_attrs+0x366/0x1ea0 [ 281.759968] br_port_fill_slave_info+0xff/0x120 [ 281.764633] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.768945] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.773175] netlink_dump+0xb09/0x1750 [ 281.777055] netlink_recvmsg+0xec2/0x19d0 [ 281.781197] sock_recvmsg+0x1d1/0x230 [ 281.785283] ___sys_recvmsg+0x444/0xae0 [ 281.789246] __se_sys_recvmsg+0x2fa/0x450 [ 281.793388] __x64_sys_recvmsg+0x4a/0x70 [ 281.797439] do_syscall_64+0xcf/0x110 [ 281.801234] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.806408] [ 281.808025] Uninit was stored to memory at: [ 281.812345] kmsan_internal_chain_origin+0x136/0x240 [ 281.817453] __msan_chain_origin+0x6d/0xd0 [ 281.821685] __save_stack_trace+0x8be/0xc60 [ 281.825997] save_stack_trace+0xc6/0x110 [ 281.830050] kmsan_internal_chain_origin+0x136/0x240 [ 281.835149] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.839647] __msan_memcpy+0x6f/0x80 [ 281.843357] nla_put+0x20a/0x2d0 [ 281.846726] br_port_fill_attrs+0x366/0x1ea0 [ 281.851125] br_port_fill_slave_info+0xff/0x120 [ 281.855797] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.860121] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.864347] netlink_dump+0xb09/0x1750 [ 281.868237] netlink_recvmsg+0xec2/0x19d0 [ 281.872378] sock_recvmsg+0x1d1/0x230 [ 281.876174] ___sys_recvmsg+0x444/0xae0 [ 281.880143] __se_sys_recvmsg+0x2fa/0x450 [ 281.884578] __x64_sys_recvmsg+0x4a/0x70 [ 281.888630] do_syscall_64+0xcf/0x110 [ 281.892424] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.897600] [ 281.899219] Uninit was stored to memory at: [ 281.903534] kmsan_internal_chain_origin+0x136/0x240 [ 281.908644] __msan_chain_origin+0x6d/0xd0 [ 281.912874] __save_stack_trace+0x8be/0xc60 [ 281.917190] save_stack_trace+0xc6/0x110 [ 281.921247] kmsan_internal_chain_origin+0x136/0x240 [ 281.926341] kmsan_memcpy_origins+0x13d/0x1b0 [ 281.930829] __msan_memcpy+0x6f/0x80 [ 281.934534] nla_put+0x20a/0x2d0 [ 281.937894] br_port_fill_attrs+0x366/0x1ea0 [ 281.942300] br_port_fill_slave_info+0xff/0x120 [ 281.947234] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 281.951565] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 281.955805] netlink_dump+0xb09/0x1750 [ 281.959698] netlink_recvmsg+0xec2/0x19d0 [ 281.963840] sock_recvmsg+0x1d1/0x230 [ 281.967635] ___sys_recvmsg+0x444/0xae0 [ 281.971605] __se_sys_recvmsg+0x2fa/0x450 [ 281.975753] __x64_sys_recvmsg+0x4a/0x70 [ 281.979816] do_syscall_64+0xcf/0x110 [ 281.983611] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 281.988792] [ 281.990421] Local variable description: ----c.i.i@should_fail [ 281.996647] Variable was created at: [ 282.000357] should_fail+0x162/0x13c0 [ 282.004153] __alloc_pages_nodemask+0x6fd/0x6640 10:31:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x20000000080003, 0xc) write(r1, &(0x7f0000000000)="1f0000000102fffffd3b54c007110300f30501000b000600000423ca310000", 0x1f) [ 282.216178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.817455] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 283.295863] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 283.302330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 283.309957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 283.809005] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.227402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.717549] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 286.217498] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 286.224057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 286.231973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.735189] 8021q: adding VLAN 0 to HW filter on device team0 10:32:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180)={0x10, 0x40030000000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000080)={0x18, 0x2e, 0x119, 0x0, 0x0, {0x2}, [@nested={0x4}]}, 0x18}}, 0x0) 10:32:02 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000200), 0xffffff21, &(0x7f0000000b80)}, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) preadv(r0, &(0x7f0000000480), 0x1000000000000162, 0x0) 10:32:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000e11ff0)=[{&(0x7f0000000140)="580000001300add427323b470c458c560a067fffffff81004e220000000058000b4824ca945f64009400050028925aa80000000000000080000efffe1b0000000000fff5dd00000010000100090a1000410400000000fcff", 0x58}], 0x1) 10:32:02 executing program 2: sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x1) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0xfffffffffffffc44, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, &(0x7f0000000080)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340), 0x1, 0x0, &(0x7f0000000180)="b1"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x1, 0x0, &(0x7f0000000040)='^'}) 10:32:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001400)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000100), 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='sit0\x00', 0x10) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x40, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x7fff, 0x40000) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0xf000, &(0x7f0000000100), 0x1, r2, 0xa}) r3 = memfd_create(&(0x7f00000000c0)='dec ', 0x0) ftruncate(r3, 0x40007) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) sendfile(r0, r3, &(0x7f0000000180)=0x3f09, 0x2000000000005) 10:32:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xf, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="7a0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000bd120000000000008500000006000000b7000000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00'}, 0x48) 10:32:02 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x88402, 0x20) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000040)={0x1f, 0x3, 0x7fffffff, 0x7fffffff}) r1 = add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$get_keyring_id(0x0, r1, 0x0) sendto$inet6(r0, &(0x7f0000000100)="4553784a93896cd920fa343dd307298c2d49f16f492f6b6babb1e9a1f8d6047c01145030bc44b94e6fea0c14f7185f6f1bb72f080e9f7b52917f51e5019fc94c8397a2b3d6816d87443c0ccfeb8eec2e4ed5189fb4fadbe63355aba0f92e5ab2c2b867cf0d8553b336ef16f2279aaeab871e140a5f503ff0e7f6fe23496cd4305ebe6b90c8420fe0a413de7cfd610d3ddfd792e5a4d970f01394b4acba3abb48b261516d2d5b5ccb1444346499939a355f451e2986a3a6fb5338d0ae72747c34e696a4441a9672b7c73332b0d7df98b2bce958859af9b94ae067f1065dc38de2baec68b8b3c7df6b0aac67e0a819c11fbe412f3fae8df62f5abe40f14993f4", 0xff, 0x4040000, &(0x7f0000000200)={0xa, 0x4e20, 0xffffffffffffffff, @dev={0xfe, 0x80, [], 0x16}, 0x4}, 0x1c) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, [0x7f, 0x1000, 0x2, 0x2]}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/snapshot\x00', 0x10000, 0x0) ioctl$int_out(r2, 0x0, &(0x7f0000000300)) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000340)={'nat\x00', 0x46, "5e59378b29b8bba209ee3a82f8b6fb19d5d4ab3a36f1553eb8fc8ad3a5e7ca792987f008139baf72820ddcabafe586336fd7c11befb364e70f5cf7395e8b694601289dbb228e"}, &(0x7f00000003c0)=0x6a) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0xb0, r3, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x5f}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={[], [], @loopback}}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffffffffffb}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0xb0}, 0x1, 0x0, 0x0, 0x2000c080}, 0x4000) get_thread_area(&(0x7f00000005c0)={0x10000, 0xffffffffffffffff, 0x0, 0xffffffff, 0xffffffffffffffe0, 0x4, 0xb61, 0x7, 0x7ff, 0x40}) mknod$loop(&(0x7f0000000600)='./file0\x00', 0x9, 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000640)) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000680), &(0x7f00000006c0)=0x14) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000700)={0x0, 0xd4, "b504b05cdf8edb1162eab3896cd9c8f279c399144ae544eee11406544b458935b08bb0e7d46f9c0afef3e6ca33d04e2271fe9ddd73fa27f988aea6fd05cc222a2e0afae03acf1b5a2c49c9e3568b70ce2d14e2104a11ff014fc924bb094df80a264a420b89ef180d73b47a0c8b42f889678b9f22e42ad571033ebe8bda15b2fdd998492bb7feb38234369745b16fa16b51c020797bede4105d54230919412180248e3e7dc57f29ab23634360edb65c1ea7d7d736ea2dbe00aaa41aaa9bf1ea803892d375a67fcbe6203b00bafee60425f58f66ad"}, &(0x7f0000000800)=0xdc) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000840)={r5, @in6={{0xa, 0x4e22, 0x0, @empty, 0x1}}, 0xffffffffffffffc7, 0x1, 0x5, 0x100, 0x4}, &(0x7f0000000900)=0x98) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000940)={@in6={{0xa, 0x4e21, 0x100000000, @local, 0xd7}}, 0x81, 0x4, 0x10001, "566684277ad6d3466cfe95f40c798823e0ad2cf8866818f58087113e67f119985b84a02d71679f7919a57b1310f23d9a3e192cbde115999e0455605c5df840c5e086a08ab15b44ba8c5c7899777c35d2"}, 0xd8) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f0000000a40), 0x10) fadvise64(r4, 0x0, 0x6, 0x4) lstat(&(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r6) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000c40)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000c00)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000c80)={0xb, 0x10, 0xfa00, {&(0x7f0000000b40), r7, 0x1}}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)={0xf, 0x800, 0x1, 0x1, 0x10, r0, 0x100000001}, 0x2c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000d00)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}, &(0x7f0000000d40)=0x10) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000d80)=""/10) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000dc0)={r5, 0xf0}, &(0x7f0000000e00)=0x8) socket$inet6_tcp(0xa, 0x1, 0x0) [ 288.983257] binder: 7611:7619 ERROR: BC_REGISTER_LOOPER called without request [ 288.990770] binder: 7619 RLIMIT_NICE not set 10:32:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0xfffffffffffffffa, 0x0, 0x4, 0x5}, {0x7fffffff, 0x0, 0x0, 0x0, 0x4, 0x8, 0x0, 0x840b, 0x0, 0x6, 0x3ca, 0x0, 0x5}, {0x3, 0x0, 0x127, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x7fff}]}) recvmmsg(0xffffffffffffffff, &(0x7f0000003c40), 0x0, 0x40000000, &(0x7f0000003d40)={0x77359400}) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) geteuid() setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000003d80)={{{@in=@dev, @in=@broadcast}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6, 0x0, 0x33}, 0xa, @in6, 0x3503, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0xe8) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000340), 0x1000000}], 0x1, 0x0) dup2(r0, 0xffffffffffffffff) [ 289.033403] syz-executor0 (7614) used greatest stack depth: 49776 bytes left 10:32:03 executing program 4: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x800000000008032, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000000c0)) 10:32:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004900)=[{{&(0x7f0000000340)=@nfc, 0x80, &(0x7f0000001780)=[{&(0x7f00000002c0)=""/91, 0x5b}], 0x100000000000005e, &(0x7f00000017c0)=""/116, 0x74}}], 0x1, 0x0, &(0x7f0000004a40)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') preadv(r0, &(0x7f0000000140), 0x100000000000024e, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000080), 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@loopback, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000040)=0xe8) connect(r0, &(0x7f00000000c0)=@xdp={0x2c, 0x0, r1, 0xf}, 0x80) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000480)='/dev/full\x00', 0x40001, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000012c0)) flock(0xffffffffffffffff, 0x0) ioctl$EVIOCGSW(r2, 0x8040451b, &(0x7f0000000180)=""/219) 10:32:03 executing program 0: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000000880)='./file0\x00', &(0x7f0000005440)='hugetlbfs\x00', 0x0, &(0x7f0000001d80)) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 289.271679] hrtimer: interrupt took 90635 ns 10:32:03 executing program 4: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) 10:32:03 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff5c, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getpeername(r0, &(0x7f0000000440)=@pppoe={0x18, 0x0, {0x0, @link_local}}, &(0x7f00000004c0)=0x80) [ 289.658980] binder: 7611:7619 ERROR: BC_REGISTER_LOOPER called without request [ 289.666586] binder: 7619 RLIMIT_NICE not set 10:32:03 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000007c0)={{0x0, 0x0, 0x0, 0x0, "73797a3000000000000500"}, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 'syz0\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) 10:32:03 executing program 1: userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r0 = socket(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x6, 0x21, &(0x7f0000000040), &(0x7f0000013000)=0x221) mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) 10:32:04 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/icmp\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x0) 10:32:04 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x4000) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r3, 0x2aa, &(0x7f0000000540)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x2b283714574a214d}]) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000200)={0x7d18, 0x6}) 10:32:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180)={0x10, 0x40030000000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x2e, 0x119, 0x0, 0x0, {0x2}, [@nested={0xc, 0x0, [@typed={0x8, 0x1, @binary="04"}]}]}, 0x20}}, 0x0) [ 290.272516] IPVS: ftp: loaded support on port[0] = 21 [ 291.752943] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.759734] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.767865] device bridge_slave_0 entered promiscuous mode [ 291.844830] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.851267] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.859253] device bridge_slave_1 entered promiscuous mode [ 291.935094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 292.010216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 292.240180] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 292.320139] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 292.472703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 292.479698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 292.707559] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 292.715243] team0: Port device team_slave_0 added [ 292.796137] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 292.803775] team0: Port device team_slave_1 added [ 292.879964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 292.960584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 293.036539] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 293.044000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 293.052791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 293.129614] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 293.137038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 293.146064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 293.991990] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.998757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.005786] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.012288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.019941] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 294.412186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 297.118551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.414440] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 297.700010] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 297.706388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 297.714332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 298.005478] 8021q: adding VLAN 0 to HW filter on device team0 10:32:13 executing program 1: 10:32:13 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r1) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffc1, 0x0, 0x7, 0x100000000}}}, 0x60) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000340)={'bridge_slave_0\x00', {0x2, 0x4e23, @broadcast}}) dup2(r3, r2) 10:32:13 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x21}}}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x35, &(0x7f0000000080)=0x1, 0x4) 10:32:13 executing program 2: 10:32:13 executing program 3: 10:32:13 executing program 4: mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r0, &(0x7f0000fc4fbe)=""/80, 0x50) unlinkat(r0, &(0x7f0000000140)='./control\x00', 0x200) rmdir(&(0x7f0000000040)='./control\x00') 10:32:14 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x0) 10:32:14 executing program 1: 10:32:14 executing program 2: 10:32:14 executing program 4: 10:32:14 executing program 1: 10:32:14 executing program 5: 10:32:15 executing program 3: 10:32:15 executing program 5: 10:32:15 executing program 2: 10:32:15 executing program 4: 10:32:15 executing program 3: 10:32:15 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r1) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffc1, 0x0, 0x7, 0x100000000}}}, 0x60) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000340)={'bridge_slave_0\x00', {0x2, 0x4e23, @broadcast}}) dup2(r3, r2) 10:32:15 executing program 1: 10:32:16 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r1) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffc1, 0x0, 0x7, 0x100000000}}}, 0x60) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000340)={'bridge_slave_0\x00', {0x2, 0x4e23, @broadcast}}) dup2(r3, r2) 10:32:16 executing program 2: 10:32:16 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000700)={@empty, @mcast1, @loopback, 0x0, 0x1, 0x7, 0x100, 0xb, 0x200}) 10:32:16 executing program 4: 10:32:16 executing program 1: 10:32:16 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r1) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffc1, 0x0, 0x7, 0x100000000}}}, 0x60) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000340)={'bridge_slave_0\x00', {0x2, 0x4e23, @broadcast}}) dup2(r3, r2) 10:32:16 executing program 2: 10:32:16 executing program 3: 10:32:17 executing program 0: 10:32:17 executing program 1: 10:32:17 executing program 4: 10:32:17 executing program 5: 10:32:17 executing program 2: 10:32:17 executing program 1: 10:32:17 executing program 0: 10:32:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[]}}, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:32:17 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0x2}) 10:32:17 executing program 5: openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x100, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() wait4(0x0, &(0x7f00000003c0), 0x80000000, &(0x7f0000000340)) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1b) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x2, 0x7, 0x6}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 10:32:17 executing program 2: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) r0 = open$dir(&(0x7f0000000180)='./file1\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0\x00', r1, &(0x7f0000000380)='./file0\x00') r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000240)='./file0\x00', r0, &(0x7f00000001c0)='./file1\x00', 0x0) [ 303.890341] ================================================================== [ 303.897771] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x373/0x500 [ 303.904891] CPU: 0 PID: 8025 Comm: syz-executor3 Not tainted 4.19.0+ #77 [ 303.911743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.921107] Call Trace: [ 303.923717] dump_stack+0x32d/0x480 [ 303.927357] ? kvm_write_guest_page+0x373/0x500 [ 303.932061] kmsan_report+0x1a2/0x2e0 [ 303.935896] kmsan_internal_check_memory+0x34c/0x430 [ 303.941025] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 303.946506] kmsan_copy_to_user+0x85/0xe0 [ 303.950973] kvm_write_guest_page+0x373/0x500 [ 303.955495] kvm_write_guest+0x1e1/0x360 [ 303.959597] kvm_emulate_hypercall+0x1c96/0x21b0 [ 303.964400] handle_vmcall+0x41/0x50 [ 303.968135] ? handle_rdpmc+0x80/0x80 [ 303.971961] vmx_handle_exit+0x1e81/0xbac0 [ 303.976209] ? vmalloc_to_page+0x585/0x6c0 [ 303.980471] ? kmsan_get_shadow_origin_ptr+0x142/0x410 [ 303.985772] ? vmx_flush_tlb_gva+0x4b0/0x4b0 [ 303.990196] kvm_arch_vcpu_ioctl_run+0xac32/0x11d80 [ 303.995403] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 304.000780] ? __list_del_entry_valid+0x123/0x480 [ 304.005914] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 304.011379] ? wait_for_common+0x7a7/0x980 [ 304.015644] ? arch_local_irq_disable+0x10/0x10 [ 304.020331] ? kmsan_set_origin+0x83/0x130 [ 304.024585] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 304.029972] ? __msan_get_context_state+0x9/0x30 [ 304.034746] ? INIT_BOOL+0x17/0x30 10:32:18 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCSBRK(r1, 0x40044591) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000040)) [ 304.038306] ? put_pid+0x319/0x410 [ 304.041877] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 304.045964] ? do_vfs_ioctl+0x187/0x2d30 [ 304.050381] ? kvm_vm_release+0x90/0x90 [ 304.054365] do_vfs_ioctl+0xf77/0x2d30 [ 304.058285] ? security_file_ioctl+0x92/0x200 [ 304.062806] __se_sys_ioctl+0x1da/0x270 [ 304.066828] __x64_sys_ioctl+0x4a/0x70 [ 304.070733] do_syscall_64+0xcf/0x110 [ 304.074555] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 304.079765] RIP: 0033:0x457569 [ 304.082971] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.101887] RSP: 002b:00007fd282a5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 304.109621] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 304.116907] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 304.124202] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 304.131483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd282a5c6d4 [ 304.138763] R13: 00000000004c028e R14: 00000000004d05f8 R15: 00000000ffffffff [ 304.146059] [ 304.147694] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall [ 304.155625] Variable was created at: [ 304.159359] kvm_emulate_hypercall+0x60/0x21b0 [ 304.163957] handle_vmcall+0x41/0x50 [ 304.167668] [ 304.169300] Bytes 28-63 of 64 are uninitialized [ 304.173981] Memory access of size 64 starts at ffff880124b4f3d8 [ 304.176693] ptrace attach of "/root/syz-executor5"[8037] was attempted by "/root/syz-executor5"[8038] [ 304.180036] ================================================================== [ 304.180044] Disabling lock debugging due to kernel taint [ 304.180056] Kernel panic - not syncing: panic_on_warn set ... [ 304.180056] [ 304.180079] CPU: 0 PID: 8025 Comm: syz-executor3 Tainted: G B 4.19.0+ #77 [ 304.180088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.180096] Call Trace: [ 304.180119] dump_stack+0x32d/0x480 [ 304.180150] panic+0x57e/0xb28 [ 304.180198] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 304.180222] kmsan_report+0x2d3/0x2e0 [ 304.180262] kmsan_internal_check_memory+0x34c/0x430 [ 304.252087] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 304.257567] kmsan_copy_to_user+0x85/0xe0 [ 304.261731] kvm_write_guest_page+0x373/0x500 [ 304.266253] kvm_write_guest+0x1e1/0x360 [ 304.270345] kvm_emulate_hypercall+0x1c96/0x21b0 [ 304.275142] handle_vmcall+0x41/0x50 [ 304.278882] ? handle_rdpmc+0x80/0x80 [ 304.282700] vmx_handle_exit+0x1e81/0xbac0 [ 304.286955] ? vmalloc_to_page+0x585/0x6c0 [ 304.291214] ? kmsan_get_shadow_origin_ptr+0x142/0x410 [ 304.296513] ? vmx_flush_tlb_gva+0x4b0/0x4b0 [ 304.300937] kvm_arch_vcpu_ioctl_run+0xac32/0x11d80 [ 304.306061] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 304.311445] ? __list_del_entry_valid+0x123/0x480 [ 304.316311] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 304.322113] ? wait_for_common+0x7a7/0x980 [ 304.326380] ? arch_local_irq_disable+0x10/0x10 [ 304.331064] ? kmsan_set_origin+0x83/0x130 [ 304.335316] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 304.340699] ? __msan_get_context_state+0x9/0x30 [ 304.345464] ? INIT_BOOL+0x17/0x30 [ 304.349011] ? put_pid+0x319/0x410 [ 304.352882] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 304.356972] ? do_vfs_ioctl+0x187/0x2d30 [ 304.361046] ? kvm_vm_release+0x90/0x90 [ 304.365027] do_vfs_ioctl+0xf77/0x2d30 [ 304.368945] ? security_file_ioctl+0x92/0x200 [ 304.373460] __se_sys_ioctl+0x1da/0x270 [ 304.377451] __x64_sys_ioctl+0x4a/0x70 [ 304.381348] do_syscall_64+0xcf/0x110 [ 304.385159] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 304.390355] RIP: 0033:0x457569 [ 304.393560] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.412469] RSP: 002b:00007fd282a5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 304.420190] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 304.427466] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 304.434744] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 304.442026] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd282a5c6d4 [ 304.449307] R13: 00000000004c028e R14: 00000000004d05f8 R15: 00000000ffffffff [ 304.458203] Kernel Offset: disabled [ 304.461843] Rebooting in 86400 seconds..