t6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 955.091066] not chained 1740000 origins [ 955.091981] CPU: 1 PID: 25331 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 955.101095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 955.101095] Call Trace: [ 955.101095] dump_stack+0x32d/0x480 [ 955.101095] kmsan_internal_chain_origin+0x222/0x240 [ 955.121019] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 955.121019] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.121019] ? save_stack_trace+0xc6/0x110 [ 955.121019] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 955.137034] ? kmsan_internal_chain_origin+0x90/0x240 [ 955.137034] ? get_stack_info+0x863/0x9d0 [ 955.137034] __msan_chain_origin+0x6d/0xd0 [ 955.137034] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 955.137034] __save_stack_trace+0x8be/0xc60 [ 955.162042] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 955.162042] save_stack_trace+0xc6/0x110 [ 955.162042] kmsan_internal_chain_origin+0x136/0x240 [ 955.162042] ? kmsan_internal_chain_origin+0x136/0x240 [ 955.162042] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 955.162042] ? __msan_memcpy+0x6f/0x80 [ 955.162042] ? pskb_expand_head+0x43b/0x1d20 [ 955.162042] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 955.162042] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 955.162042] ? ___sys_sendmsg+0xe68/0x1250 [ 955.162042] ? __sys_sendmmsg+0x56b/0xa90 [ 955.162042] ? __se_sys_sendmmsg+0xbd/0xe0 [ 955.162042] ? __x64_sys_sendmmsg+0x56/0x70 [ 955.162042] ? do_syscall_64+0xcf/0x110 [ 955.162042] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.232025] ? __msan_poison_alloca+0x1e0/0x2b0 [ 955.232025] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 955.232025] ? memcg_kmem_put_cache+0x8e/0x460 [ 955.232025] ? __msan_get_context_state+0x9/0x30 [ 955.232025] ? INIT_INT+0xc/0x30 [ 955.232025] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 955.232025] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.232025] __msan_memcpy+0x6f/0x80 [ 955.232025] pskb_expand_head+0x43b/0x1d20 [ 955.232025] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.232025] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.232025] ___sys_sendmsg+0xe68/0x1250 [ 955.232025] ? pppol2tp_getsockopt+0x1060/0x1060 [ 955.232025] ? __msan_poison_alloca+0x1e0/0x2b0 [ 955.232025] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 955.232025] ? rcu_all_qs+0x3b/0x310 [ 955.232025] ? _cond_resched+0x59/0x120 [ 955.232025] ? rcu_all_qs+0x53/0x310 [ 955.232025] ? _cond_resched+0x37/0x120 [ 955.232025] ? __sys_sendmmsg+0x7c9/0xa90 [ 955.232025] ? _cond_resched+0x59/0x120 [ 955.232025] __sys_sendmmsg+0x56b/0xa90 [ 955.232025] ? syscall_return_slowpath+0x123/0x8c0 [ 955.232025] ? put_timespec64+0x162/0x220 [ 955.232025] __se_sys_sendmmsg+0xbd/0xe0 [ 955.232025] __x64_sys_sendmmsg+0x56/0x70 [ 955.232025] do_syscall_64+0xcf/0x110 [ 955.232025] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.232025] RIP: 0033:0x457569 [ 955.232025] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 955.232025] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 955.232025] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 955.232025] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 955.232025] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 955.232025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 955.232025] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 955.232025] Uninit was stored to memory at: [ 955.232025] kmsan_internal_chain_origin+0x136/0x240 [ 955.232025] __msan_chain_origin+0x6d/0xd0 [ 955.432058] __save_stack_trace+0x8be/0xc60 [ 955.432058] save_stack_trace+0xc6/0x110 [ 955.432058] kmsan_internal_chain_origin+0x136/0x240 [ 955.432058] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.432058] __msan_memcpy+0x6f/0x80 [ 955.432058] pskb_expand_head+0x43b/0x1d20 [ 955.432058] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.432058] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.432058] ___sys_sendmsg+0xe68/0x1250 [ 955.432058] __sys_sendmmsg+0x56b/0xa90 [ 955.432058] __se_sys_sendmmsg+0xbd/0xe0 [ 955.432058] __x64_sys_sendmmsg+0x56/0x70 [ 955.432058] do_syscall_64+0xcf/0x110 [ 955.432058] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.432058] [ 955.432058] Uninit was stored to memory at: [ 955.432058] kmsan_internal_chain_origin+0x136/0x240 [ 955.502013] __msan_chain_origin+0x6d/0xd0 [ 955.502013] __save_stack_trace+0x8be/0xc60 [ 955.502013] save_stack_trace+0xc6/0x110 [ 955.502013] kmsan_internal_chain_origin+0x136/0x240 [ 955.502013] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.502013] __msan_memcpy+0x6f/0x80 [ 955.502013] pskb_expand_head+0x43b/0x1d20 [ 955.502013] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.502013] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.502013] ___sys_sendmsg+0xe68/0x1250 [ 955.502013] __sys_sendmmsg+0x56b/0xa90 [ 955.502013] __se_sys_sendmmsg+0xbd/0xe0 [ 955.502013] __x64_sys_sendmmsg+0x56/0x70 [ 955.502013] do_syscall_64+0xcf/0x110 [ 955.502013] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.569207] [ 955.570545] Uninit was stored to memory at: [ 955.570545] kmsan_internal_chain_origin+0x136/0x240 [ 955.570545] __msan_chain_origin+0x6d/0xd0 [ 955.570545] __save_stack_trace+0x8be/0xc60 [ 955.570545] save_stack_trace+0xc6/0x110 [ 955.570545] kmsan_internal_chain_origin+0x136/0x240 [ 955.570545] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.570545] __msan_memcpy+0x6f/0x80 [ 955.570545] pskb_expand_head+0x43b/0x1d20 [ 955.570545] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.570545] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.570545] ___sys_sendmsg+0xe68/0x1250 [ 955.570545] __sys_sendmmsg+0x56b/0xa90 [ 955.626563] __se_sys_sendmmsg+0xbd/0xe0 [ 955.626563] __x64_sys_sendmmsg+0x56/0x70 [ 955.626563] do_syscall_64+0xcf/0x110 [ 955.626563] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.626563] [ 955.626563] Uninit was stored to memory at: [ 955.626563] kmsan_internal_chain_origin+0x136/0x240 [ 955.626563] __msan_chain_origin+0x6d/0xd0 [ 955.626563] __save_stack_trace+0x8be/0xc60 [ 955.626563] save_stack_trace+0xc6/0x110 [ 955.626563] kmsan_internal_chain_origin+0x136/0x240 [ 955.668561] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.668561] __msan_memcpy+0x6f/0x80 [ 955.668561] pskb_expand_head+0x43b/0x1d20 [ 955.668561] l2tp_xmit_skb+0x5a7/0x24b0 06:05:30 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000004c0)={{{@in, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f00000005c0)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'tunl0\x00', r2}) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000002c0)={{0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0xe}, 0x800}, {0xa, 0x4e24, 0x5, @ipv4={[], [], @loopback}, 0x4}, 0xfffffffffffff800, [0xb7, 0x400, 0x3, 0x4d99, 0x3a0, 0x3, 0x2, 0x5]}, 0x5c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$inet_tcp_int(r1, 0x6, 0x1f, &(0x7f0000000000), &(0x7f00000000c0)=0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140)={0xffffffffffffffff}, 0x13f, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000100), 0x4, r4, 0x1c, 0x1, @in6={0xa, 0x4e20, 0x2, @mcast2, 0x4}}}, 0xa0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x329) 06:05:30 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x102, 0x0) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000000100)=""/97) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x1, 'ip6gretap0\x00', 0x3}, 0x18) r1 = socket$netlink(0x10, 0x3, 0x0) write(r1, &(0x7f00000001c0)="24000000240099a9471164ba40827f763aeab8ff0100000000000000f1ffffff0100ff10", 0xfffffffffffffe65) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9, 0xa81) ioctl$BLKGETSIZE64(r2, 0x80081272, &(0x7f0000000040)) r3 = msgget$private(0x0, 0x2) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000180)={0x1, 0x0, 0x1}) msgrcv(r3, &(0x7f0000000100)=ANY=[], 0x0, 0x3, 0x2000) 06:05:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x80000001, 0x4000c0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000040)=0xe8) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000001c0)={@dev={0xfe, 0x80, [], 0x1b}, 0x6a, r2}) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18, 0x16, 0x301}, 0xfd77}}, 0x0) 06:05:30 executing program 2: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000480)=ANY=[@ANYBLOB="ad0000000000000005000000000000000700000000000000ffff000000000000070000000000000007ff041f00000000000000000000000000000000000000000000000000000000000000000000000017000000000000000300000000000000020000000000000009010987000000000000000000000000000000000000000000000000000000000000000000000000040000000000000002000000000000000000000000b200000100f501000000000000000000000000000000000000000000000000000000000000000000000000060000000000000e3f000000000000007f000000000000000008033b0000000000000000000000000000000000000000000000000000000000000000000000006600000000000000060000000000000001000000010000000180fffc000000000000000000000000000000000000000000000000000000000000000000000000"]) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$sock_void(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x800) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x18, &(0x7f0000000000), 0x4) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x29, 0x0, 0x3, 0x1f, 0x0, 0x0, 0x0, 0xa3, 0x1}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getpeername$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', r6}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0x1, 0x0, &(0x7f0000000180), 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0x1, 0x0, &(0x7f0000000080)=[@vmwrite={0x8, 0x0, 0x554, 0x0, 0x20, 0x0, 0x3, 0x0, 0x2}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) [ 955.668561] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.668561] ___sys_sendmsg+0xe68/0x1250 [ 955.668561] __sys_sendmmsg+0x56b/0xa90 [ 955.702285] __se_sys_sendmmsg+0xbd/0xe0 [ 955.702285] __x64_sys_sendmmsg+0x56/0x70 [ 955.702285] do_syscall_64+0xcf/0x110 [ 955.702285] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.716293] [ 955.716293] Uninit was stored to memory at: [ 955.716293] kmsan_internal_chain_origin+0x136/0x240 [ 955.729452] __msan_chain_origin+0x6d/0xd0 [ 955.732079] __save_stack_trace+0x8be/0xc60 [ 955.732079] save_stack_trace+0xc6/0x110 [ 955.732079] kmsan_internal_chain_origin+0x136/0x240 [ 955.732079] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.732079] __msan_memcpy+0x6f/0x80 [ 955.732079] pskb_expand_head+0x43b/0x1d20 [ 955.732079] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.732079] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.732079] ___sys_sendmsg+0xe68/0x1250 [ 955.732079] __sys_sendmmsg+0x56b/0xa90 [ 955.775882] __se_sys_sendmmsg+0xbd/0xe0 [ 955.780676] __x64_sys_sendmmsg+0x56/0x70 [ 955.782346] do_syscall_64+0xcf/0x110 [ 955.782346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.782346] [ 955.782346] Uninit was stored to memory at: [ 955.782346] kmsan_internal_chain_origin+0x136/0x240 [ 955.782346] __msan_chain_origin+0x6d/0xd0 [ 955.782346] __save_stack_trace+0x8be/0xc60 [ 955.782346] save_stack_trace+0xc6/0x110 [ 955.782346] kmsan_internal_chain_origin+0x136/0x240 [ 955.782346] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.782346] __msan_memcpy+0x6f/0x80 [ 955.782346] pskb_expand_head+0x43b/0x1d20 [ 955.782346] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.782346] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.782346] ___sys_sendmsg+0xe68/0x1250 [ 955.782346] __sys_sendmmsg+0x56b/0xa90 [ 955.782346] __se_sys_sendmmsg+0xbd/0xe0 [ 955.782346] __x64_sys_sendmmsg+0x56/0x70 [ 955.782346] do_syscall_64+0xcf/0x110 [ 955.782346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.782346] [ 955.782346] Uninit was stored to memory at: [ 955.782346] kmsan_internal_chain_origin+0x136/0x240 [ 955.782346] __msan_chain_origin+0x6d/0xd0 [ 955.782346] __save_stack_trace+0x8be/0xc60 [ 955.782346] save_stack_trace+0xc6/0x110 [ 955.782346] kmsan_internal_chain_origin+0x136/0x240 [ 955.782346] kmsan_memcpy_origins+0x13d/0x1b0 [ 955.901959] __msan_memcpy+0x6f/0x80 [ 955.901959] pskb_expand_head+0x43b/0x1d20 [ 955.901959] l2tp_xmit_skb+0x5a7/0x24b0 [ 955.901959] pppol2tp_sendmsg+0x7a6/0xba0 [ 955.901959] ___sys_sendmsg+0xe68/0x1250 [ 955.901959] __sys_sendmmsg+0x56b/0xa90 [ 955.901959] __se_sys_sendmmsg+0xbd/0xe0 [ 955.901959] __x64_sys_sendmmsg+0x56/0x70 [ 955.901959] do_syscall_64+0xcf/0x110 [ 955.901959] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 955.901959] [ 955.901959] Local variable description: ----iph@ip_vs_out [ 955.901959] Variable was created at: [ 955.901959] ip_vs_out+0x1bf/0x4570 [ 955.901959] ip_vs_local_reply6+0xec/0x130 [ 955.964951] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:31 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x5, &(0x7f00000001c0)=[{}, {}, {}, {}, {}]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) write$binfmt_script(r2, &(0x7f00000000c0)={'#! ', './file0', [{0x20, 'syz_tun\x00'}, {0x20, 'syz_tun\x00'}, {0x20, 'syz_tun\x00'}, {0x20, 'md5sum'}, {0x20, '-(/)wlan1+'}], 0xa, "c55f8fba9cab32a91d70097595412af1a7f6daee2d1de822c90ad751f37e79a8d6efe2176c9279f6f4c673de71948d1e155fec12"}, 0x6c) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 956.236613] not chained 1750000 origins [ 956.240642] CPU: 1 PID: 25331 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 956.241813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 956.241813] Call Trace: [ 956.241813] dump_stack+0x32d/0x480 [ 956.260765] kmsan_internal_chain_origin+0x222/0x240 [ 956.260765] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 956.269863] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.269863] ? save_stack_trace+0xc6/0x110 [ 956.269863] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 956.269863] ? kmsan_internal_chain_origin+0x90/0x240 [ 956.269863] ? get_stack_info+0x863/0x9d0 [ 956.269863] __msan_chain_origin+0x6d/0xd0 [ 956.269863] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.269863] __save_stack_trace+0x8be/0xc60 [ 956.269863] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.269863] save_stack_trace+0xc6/0x110 [ 956.269863] kmsan_internal_chain_origin+0x136/0x240 [ 956.269863] ? kmsan_internal_chain_origin+0x136/0x240 [ 956.269863] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 956.269863] ? __msan_memcpy+0x6f/0x80 [ 956.269863] ? pskb_expand_head+0x43b/0x1d20 [ 956.269863] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 956.269863] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 956.269863] ? ___sys_sendmsg+0xe68/0x1250 [ 956.269863] ? __sys_sendmmsg+0x56b/0xa90 [ 956.269863] ? __se_sys_sendmmsg+0xbd/0xe0 [ 956.361971] ? __x64_sys_sendmmsg+0x56/0x70 [ 956.361971] ? do_syscall_64+0xcf/0x110 [ 956.371295] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.371295] ? __msan_poison_alloca+0x1e0/0x2b0 [ 956.371295] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 956.371295] ? memcg_kmem_put_cache+0x8e/0x460 [ 956.371295] ? __msan_get_context_state+0x9/0x30 [ 956.371295] ? INIT_INT+0xc/0x30 [ 956.371295] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 956.371295] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.371295] __msan_memcpy+0x6f/0x80 [ 956.371295] pskb_expand_head+0x43b/0x1d20 [ 956.371295] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.371295] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.371295] ___sys_sendmsg+0xe68/0x1250 [ 956.431971] ? kmsan_set_origin+0x83/0x130 [ 956.431971] ? pppol2tp_getsockopt+0x1060/0x1060 [ 956.431971] ? __msan_poison_alloca+0x1e0/0x2b0 [ 956.431971] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 956.446731] ? rcu_all_qs+0x3b/0x310 [ 956.446731] ? _cond_resched+0x59/0x120 [ 956.457472] ? rcu_all_qs+0x53/0x310 [ 956.457472] ? _cond_resched+0x37/0x120 [ 956.457472] ? __sys_sendmmsg+0x7c9/0xa90 [ 956.469506] ? _cond_resched+0x59/0x120 [ 956.469506] __sys_sendmmsg+0x56b/0xa90 [ 956.469506] ? syscall_return_slowpath+0x123/0x8c0 [ 956.469506] ? put_timespec64+0x162/0x220 [ 956.469506] __se_sys_sendmmsg+0xbd/0xe0 [ 956.469506] __x64_sys_sendmmsg+0x56/0x70 [ 956.469506] do_syscall_64+0xcf/0x110 [ 956.469506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.469506] RIP: 0033:0x457569 [ 956.469506] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 956.519727] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 956.529848] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 956.542299] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 956.542299] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 956.542299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 956.542299] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 956.542299] Uninit was stored to memory at: [ 956.542299] kmsan_internal_chain_origin+0x136/0x240 [ 956.542299] __msan_chain_origin+0x6d/0xd0 [ 956.542299] __save_stack_trace+0x8be/0xc60 [ 956.542299] save_stack_trace+0xc6/0x110 [ 956.542299] kmsan_internal_chain_origin+0x136/0x240 [ 956.542299] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.542299] __msan_memcpy+0x6f/0x80 [ 956.542299] pskb_expand_head+0x43b/0x1d20 [ 956.542299] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.542299] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.617720] ___sys_sendmsg+0xe68/0x1250 [ 956.617720] __sys_sendmmsg+0x56b/0xa90 [ 956.617720] __se_sys_sendmmsg+0xbd/0xe0 [ 956.617720] __x64_sys_sendmmsg+0x56/0x70 [ 956.617720] do_syscall_64+0xcf/0x110 [ 956.617720] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.617720] [ 956.617720] Uninit was stored to memory at: [ 956.617720] kmsan_internal_chain_origin+0x136/0x240 [ 956.617720] __msan_chain_origin+0x6d/0xd0 [ 956.617720] __save_stack_trace+0x8be/0xc60 [ 956.617720] save_stack_trace+0xc6/0x110 [ 956.617720] kmsan_internal_chain_origin+0x136/0x240 [ 956.617720] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.617720] __msan_memcpy+0x6f/0x80 [ 956.617720] pskb_expand_head+0x43b/0x1d20 [ 956.617720] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.617720] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.617720] ___sys_sendmsg+0xe68/0x1250 [ 956.617720] __sys_sendmmsg+0x56b/0xa90 [ 956.617720] __se_sys_sendmmsg+0xbd/0xe0 [ 956.617720] __x64_sys_sendmmsg+0x56/0x70 [ 956.617720] do_syscall_64+0xcf/0x110 [ 956.617720] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.617720] [ 956.617720] Uninit was stored to memory at: [ 956.617720] kmsan_internal_chain_origin+0x136/0x240 [ 956.617720] __msan_chain_origin+0x6d/0xd0 [ 956.617720] __save_stack_trace+0x8be/0xc60 [ 956.617720] save_stack_trace+0xc6/0x110 [ 956.617720] kmsan_internal_chain_origin+0x136/0x240 [ 956.617720] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.617720] __msan_memcpy+0x6f/0x80 [ 956.617720] pskb_expand_head+0x43b/0x1d20 [ 956.617720] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.617720] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.617720] ___sys_sendmsg+0xe68/0x1250 [ 956.617720] __sys_sendmmsg+0x56b/0xa90 [ 956.617720] __se_sys_sendmmsg+0xbd/0xe0 [ 956.781469] __x64_sys_sendmmsg+0x56/0x70 [ 956.781469] do_syscall_64+0xcf/0x110 [ 956.781469] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.781469] [ 956.781469] Uninit was stored to memory at: [ 956.781469] kmsan_internal_chain_origin+0x136/0x240 [ 956.781469] __msan_chain_origin+0x6d/0xd0 [ 956.781469] __save_stack_trace+0x8be/0xc60 [ 956.781469] save_stack_trace+0xc6/0x110 [ 956.781469] kmsan_internal_chain_origin+0x136/0x240 [ 956.781469] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.781469] __msan_memcpy+0x6f/0x80 [ 956.781469] pskb_expand_head+0x43b/0x1d20 [ 956.834235] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.838690] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.844812] ___sys_sendmsg+0xe68/0x1250 [ 956.844812] __sys_sendmmsg+0x56b/0xa90 [ 956.844812] __se_sys_sendmmsg+0xbd/0xe0 [ 956.844812] __x64_sys_sendmmsg+0x56/0x70 [ 956.844812] do_syscall_64+0xcf/0x110 [ 956.844812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.844812] [ 956.844812] Uninit was stored to memory at: [ 956.875416] kmsan_internal_chain_origin+0x136/0x240 [ 956.875416] __msan_chain_origin+0x6d/0xd0 [ 956.875416] __save_stack_trace+0x8be/0xc60 [ 956.875416] save_stack_trace+0xc6/0x110 [ 956.875416] kmsan_internal_chain_origin+0x136/0x240 [ 956.875416] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.875416] __msan_memcpy+0x6f/0x80 [ 956.875416] pskb_expand_head+0x43b/0x1d20 [ 956.875416] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.875416] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.875416] ___sys_sendmsg+0xe68/0x1250 [ 956.875416] __sys_sendmmsg+0x56b/0xa90 [ 956.875416] __se_sys_sendmmsg+0xbd/0xe0 [ 956.875416] __x64_sys_sendmmsg+0x56/0x70 [ 956.875416] do_syscall_64+0xcf/0x110 [ 956.875416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.875416] [ 956.875416] Uninit was stored to memory at: [ 956.875416] kmsan_internal_chain_origin+0x136/0x240 [ 956.875416] __msan_chain_origin+0x6d/0xd0 [ 956.875416] __save_stack_trace+0x8be/0xc60 [ 956.875416] save_stack_trace+0xc6/0x110 [ 956.875416] kmsan_internal_chain_origin+0x136/0x240 [ 956.875416] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.875416] __msan_memcpy+0x6f/0x80 [ 956.875416] pskb_expand_head+0x43b/0x1d20 [ 956.875416] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.875416] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.875416] ___sys_sendmsg+0xe68/0x1250 [ 956.875416] __sys_sendmmsg+0x56b/0xa90 [ 956.875416] __se_sys_sendmmsg+0xbd/0xe0 [ 956.875416] __x64_sys_sendmmsg+0x56/0x70 [ 956.875416] do_syscall_64+0xcf/0x110 [ 956.875416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.875416] [ 956.875416] Uninit was stored to memory at: [ 956.875416] kmsan_internal_chain_origin+0x136/0x240 [ 956.875416] __msan_chain_origin+0x6d/0xd0 [ 956.875416] __save_stack_trace+0x8be/0xc60 [ 956.875416] save_stack_trace+0xc6/0x110 [ 956.875416] kmsan_internal_chain_origin+0x136/0x240 [ 956.875416] kmsan_memcpy_origins+0x13d/0x1b0 [ 956.875416] __msan_memcpy+0x6f/0x80 [ 956.875416] pskb_expand_head+0x43b/0x1d20 [ 956.875416] l2tp_xmit_skb+0x5a7/0x24b0 [ 956.875416] pppol2tp_sendmsg+0x7a6/0xba0 [ 956.875416] ___sys_sendmsg+0xe68/0x1250 [ 956.875416] __sys_sendmmsg+0x56b/0xa90 [ 956.875416] __se_sys_sendmmsg+0xbd/0xe0 [ 956.875416] __x64_sys_sendmmsg+0x56/0x70 [ 956.875416] do_syscall_64+0xcf/0x110 [ 956.875416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 956.875416] [ 956.875416] Local variable description: ----iph@ip_vs_out [ 956.875416] Variable was created at: [ 956.875416] ip_vs_out+0x1bf/0x4570 [ 956.875416] ip_vs_local_reply6+0xec/0x130 [ 957.115053] Dead loop on virtual device ip6_vti0, fix it urgently! [ 957.142725] not chained 1760000 origins [ 957.146711] CPU: 1 PID: 25331 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 957.151802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 957.151802] Call Trace: [ 957.151802] dump_stack+0x32d/0x480 [ 957.151802] kmsan_internal_chain_origin+0x222/0x240 [ 957.151802] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] ? save_stack_trace+0xc6/0x110 [ 957.151802] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 957.151802] ? kmsan_internal_chain_origin+0x90/0x240 [ 957.151802] ? get_stack_info+0x863/0x9d0 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] ? ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] ? ___sys_sendmsg+0xe68/0x1250 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] ? kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] ? __msan_memcpy+0x6f/0x80 [ 957.151802] ? pskb_expand_head+0x43b/0x1d20 [ 957.151802] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ? ___sys_sendmsg+0xe68/0x1250 [ 957.151802] ? __sys_sendmmsg+0x56b/0xa90 [ 957.151802] ? __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] ? __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] ? do_syscall_64+0xcf/0x110 [ 957.151802] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] ? __msan_poison_alloca+0x1e0/0x2b0 [ 957.151802] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 957.151802] ? memcg_kmem_put_cache+0x8e/0x460 [ 957.151802] ? __msan_get_context_state+0x9/0x30 [ 957.151802] ? INIT_INT+0xc/0x30 [ 957.151802] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] ? pppol2tp_getsockopt+0x1060/0x1060 [ 957.151802] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 957.151802] ? kmsan_set_origin+0x83/0x130 [ 957.151802] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 957.151802] ? _cond_resched+0xc7/0x120 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] ? syscall_return_slowpath+0x123/0x8c0 [ 957.151802] ? put_timespec64+0x162/0x220 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] RIP: 0033:0x457569 [ 957.151802] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 957.151802] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 957.151802] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 957.151802] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 957.151802] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 957.151802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 957.151802] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Uninit was stored to memory at: [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] __msan_chain_origin+0x6d/0xd0 [ 957.151802] __save_stack_trace+0x8be/0xc60 [ 957.151802] save_stack_trace+0xc6/0x110 [ 957.151802] kmsan_internal_chain_origin+0x136/0x240 [ 957.151802] kmsan_memcpy_origins+0x13d/0x1b0 [ 957.151802] __msan_memcpy+0x6f/0x80 [ 957.151802] pskb_expand_head+0x43b/0x1d20 [ 957.151802] l2tp_xmit_skb+0x5a7/0x24b0 [ 957.151802] pppol2tp_sendmsg+0x7a6/0xba0 [ 957.151802] ___sys_sendmsg+0xe68/0x1250 [ 957.151802] __sys_sendmmsg+0x56b/0xa90 [ 957.151802] __se_sys_sendmmsg+0xbd/0xe0 [ 957.151802] __x64_sys_sendmmsg+0x56/0x70 [ 957.151802] do_syscall_64+0xcf/0x110 [ 957.151802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 957.151802] [ 957.151802] Local variable description: ----iph@ip_vs_out [ 957.151802] Variable was created at: [ 957.151802] ip_vs_out+0x1bf/0x4570 [ 957.151802] ip_vs_local_reply6+0xec/0x130 [ 957.996653] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:33 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xcc) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x2, "eba000168ec958ac"}) accept4$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @remote}, &(0x7f0000000240)=0x10, 0x80000) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x8001, 0x800) r3 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000)) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r4, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x80000001, 0x4000c0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@broadcast, @in6=@mcast1}}, {{@in=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000040)=0xe8) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18, 0x16, 0x301}, 0xfd77}}, 0x0) 06:05:33 executing program 2: r0 = shmget(0x1, 0x4000, 0x1000, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000040)=""/94) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vga_arbiter\x00', 0x101001, 0x0) ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f00000000c0)) write$P9_RGETATTR(r2, &(0x7f0000000180)={0xa0}, 0xa0) 06:05:33 executing program 0: chroot(&(0x7f0000000040)='./file0\x00') r0 = socket$inet6_udp(0xa, 0x2, 0x0) io_setup(0x1, &(0x7f0000000180)=0x0) r2 = dup2(r0, r0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/audio\x00', 0x20000, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001940)='/dev/snapshot\x00', 0x80a01, 0x0) r5 = syz_open_dev$media(&(0x7f0000001880)='/dev/media#\x00', 0x6, 0x8400) io_submit(r1, 0x7, &(0x7f0000001900)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f00000001c0)="caebdea8130172ce3bdb6729ff4aefc193cb8771c470d2c0d15ff6aacf7a0a5e3be1991dbd17f107c872a7b3c985572f1e20dd82678306d8bad9d30077b6f3ab59d905b399f85cfff60c220406aa524b9de7a8d6124fac2cd4842552cf3936abea5e16a1a706485e106b6e6aba76f2f3cf9b0d7bf7a8dc969e8a33215e", 0x7d, 0x7fffffff, 0x0, 0x2, r2}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0xf, 0x1ff, r0, &(0x7f0000000280)="2658b45800d798da3fc2eb25dd16667dbdc69280b1158b455ca990cde60df7e633167c0a6bc0b8e07595f38e71f0f2739d45145663242ccaf306aa017208cede41da1bc8d70e5b84216b0bb2d3d4c036e6f94c83445bf2aa78d2b6080511d0556aaadb8bab2e947556311b6e5f84dd89ef95e80bc69d1c6559d42d841b6749dee0e7c375912dcf9523ab9efb05fb1208f58b4238540147ffe67ab511479ea4538f8114beaa16f249375bb92a2a30dc3fac3123610e1b381781790a763049827556e73a15c31120dbc26ffe09dccf4be2f879f23b9eff01933ade804643a745af353f41bd8d3de11b18972d7056220c", 0xef, 0xcb36, 0x0, 0x2, r3}, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x8, 0xfffffffffffffffd, r0, &(0x7f0000000440)="4080867ecce65190efafa8a3eb1500f88ad3d29458b28f931ece30a4bf188f514808d67515858833b4ac675229cd87682c2d09c8a8c76dfbeaf377f5604f5989e1ddd4a37cea4c5c8bc27a242f0d97b9f63eb391b12443b34d8037329f33601be019b11d5093d37de032457f9370d8333d3f3475ad5afc5b5c595935eecbbb15c75ab65e1fce8806c9e754efdc0cf4d7e15a595be8efec2633db337d4c6790f3e2f9857d1b49814b7abef5b84d041d03e4336e11e3e6fc8468b211e29f326dd841de36b9d3a447c72e28fdadcd497c80caf677d2010bf0d22c9f1cacf9482e9c40b49a60e521c2ea780e3ecae37a073a0eb4c57ace1c7d995e9bd9b40c511ab430898fb94690c729d186415d4f294a10f9de0bba9f2bec528cd60766772934af48128f95f74dffa674ae2af3c8c714b0c4cbb9af46262e6bb1d6e186f378058fe1e0831d01eecb72631ed6671bb804b289b875afe33fd6713aa228f8e1f6a0186a0cc9f9ee5ab411995b771d65b5b06b86a0d19293e68661efd024b91dd8852e97626bff69b405fdce65273877c8e783edd5b63b7f8ad93bda9da78bd5d559781c3d4c04d4baa6f42b45ac88e8f7431b9f118dfbd44d64efaafe9b7fa7e2ec28ca8250d36bb714809fd0fcefc387f6e36a6eadcbdc7e4243cd2a3a05a2588cb5d5cb3d77b97bc1011acb436f3b7b5dec4656a6e49741dbed15a9ea7e76149e694929ecddfb4827f4c9a71e4e0af38b307741a96a7bb68fd006a1d12456c91b85aff8df9ef47dac3395341cb79cb76af13d86f3aaad8f7a70fd96ba92ab56a8f4f1194706f4a9d9e0e64f408b9a5f497db32bbc596d38cd8218b4f20808501a45321036429535cfc521e246130de2ef2beb3da022ab7deed3e0c9ff3735f406f8735d15e7171b193b0e56224e86a541b15ba02a14c7d6b0f0f1455a8887d152c860c2793225cbe765fd54c2d7996d8f4fb6d0cffd28186df37562774bbc49132335502fde8ea7cb4522f07e2eef7f162a68fef7fe2e671371d9f805eabb7e9dbd3d20cccd9a65850b2a2119161297306e0f2e272566a5a1f4dd4d4890d7cc6e40e5ccd4c22d198c55ab0a6138829418829cb73bd0c4f7cc90a6da8abd8178cccd0eaefa7c0fc37dbef8034e9e6dd349e57b27cbe1a9e54fd8d2b2e116ffca53aba5d7e6d9cc7079f37e3b609e0cb291b7a8b79315237243387cbf034ddcb513790643e403e934629e085a124132526013233dcbd56d82885c9b2849bd3c4291383d7bd29770ab2462810abdc7fe49a5cbc42d0d5c0e4686ca12efdd16c68b352292dfbd2c039249140ec7ac76408c83dc81d5715d71fb3c2107264da4ce3a86f95c80c9be58dc29074eec7fdd006db499c306e3c2c41509bb1547a99c0774adae8cd3fe60b33465e1d601307cb3a2018a93f45b4c5874a05fa9d2adefec6b104dab5b32fce00d9acd3989d631871ae80e5173c7a80f920837544789081a6fbce204ed8ba687d9786b60a2ca4d45775b363bbb7ad6fb51064ae83309f1f7f9881eb1b99e845c6ae66aa316221d915db699024cbc7e1aa75e8e9c69b9d7b2aa1cdae095958e5d4a670ce09a0e0e4168e58bbbb0ae60b979056840da7e680a4dd80f0c03dcc05319b61d91b8dfe675a733cebe31258026eb1b21f93c9c681ea73d97e40c340106e7266c1a537a78761009e94e4e382b65d01462c800d0b5c65ad1b6ecb817079241c15d044d395a86bd657136fca3743c46af0ad14e23b4d2076628f7d9eefbddde51171238952f424826094eb7e8c537632457263089b84d056b624c0d2681173fd99eb46ba9475d7bbbc61d7b595a144e010f30b0d4937a9a3d1d5e81515650dad72b27d2767988319924e1fcebba0e9a4a5164658d85cbe23499570889143c805d316c02491c882867974dd8de0529fe5fc4b8eca7f9e9009d9c66d60ee997a6fd0999fea13c6bca2cb9921b65598629db0de76a588f860d35f339b62cbd233737fe6b8e78ec3b54335436d8e486a5a3f288cf72cedfb0c852d9a6a50af2f0a0de995c59daa81bb05ee54f772158744920a22c1ea0572d898a102d33512260c76f1dbdda420208276ef5f4b88d858a1a9e5c864d0b769d17f6a3ec0994131f60a931148e1622fe77d32b560436fc4163a96307ef4f5cbb776bb8e80ce4ec578178331fd3a7c945d1e1ec38be6a987d5461e0c4010f7881e3751747e63ab1373e5550fcb08ed5012e3401244243166b5a95ec72d06e7dee36e026f8df5d9eee737c205295e24027cd6cc88db354e188dce006031af13688987513f37fd5bf12c3cc984d8e1d2f13d10eef0f2d7f1e7ba0dd51512307bcab28ad31a61dc1ed32fe953bb0b2b79d07e24471afb38d280f2a811f31757f70e6c473e40dd55c41f18c0d959ff28f5f3c676254256223259a4e2f7b0316318c52378a3e7ae5067fa2db56003c3b2ce1bf121445c0db930b9b652faff73b434c50e1377af9d179e19f40382f156533801dd0e6b4d41289bafe3b81a26db0f734c93b0fb7378a063ce467d0c3b68167c56dc461b907213849bc6ce34033ef896d241688cea54fc5fdd93eb2662dfe5c9536e754ac14ea5b76f8e748269e206560dc67572bdb123d20f4bc72a8240800b0c614402edee1a5950212caa350dc4e30469330b9d5b4346c20617a9471ad614eb1435f928f4ddae90d13d3fc49222297c951ee6d706083cff852cb0524c79d90ee454c8f2e92d7d0887c50faa13e3783803b7c9b7938c8c9a96c5bee217a9108994d5cc0bdecda86405050c58246eb7960da03c82b344cbacc9758c97aa4539d577ff11d59df3e8da97de93e6b95cab2eff5064efbed99b742d3639b3d70287fa183356e52dd571e8491c908a1e345e44970aa8d59df05795bddd4defc485912e427205f2f59e27a850509fce157d8954ef7d58eec594398102c89a01b76f29194920c7c8732d54f18779b39b33874f9ad2c8a41b5a8fe7bd6a2185cb5b44263d8b092ad30120f7e849e2079977464bb2831cd283bc2cdfd167a46e976f7a5940228806877404cb2c082423f968126e232275ba778c9fe11276263cfacd7f723c6fe5312afb477ef2a8e3f3dd593448bc6ce6c446e8b31c643049da390837e5f51ec04094ecd1a50a589725f0813b119a10e614f3f92abec4a0de89e549f76ff4b6eca12f6aa52c75aa9e9a9ec8161fec505b1973b1bcd718c3eb99af02332d1953366b6028815a8e1c4f39511bde00e4314684243af1f48ab912769fa3143824cabc5d0ef7c049fc88a59d8f52ed5ac4a6f659b4436d88556db0546370e3898a7633d956a8064dffd40db80dc5ec24272cb0d054d0013759051a7b09ee7b992ca93e05e543e63fdb65845860dace90b9ee867c937364ef4e55562d6faff39d1808aebd44a730b8969fabb7ad9ff65caab8af625b83c3e26f173e8703df2165cca86d36f92d33ff7f86f8802ef1137d48b1d2a2f25edd56bab9c366445d5440b9f06fd4a25142134d80ea7ee7fdeb4c5f281a6dabe83393ab2201ee40d6962635d01a0f09c197cb8001d0a31c17636405139dc3a73797a4b1a25ae0d7189114f441294df2912eb55eedc395ad828a6b20d11cedfefca51be153cb21510a3c6795c9fd4262e1d366098fc57aaafe6aba45c4f74f0053c37d0362053d37d48cc2c2b3b8cbf7b83c48103401a70db02c0288eaeb239820437a6b261dc19f004dd64c5a73960e3a51e9807595a4894e4cc020374203a3e59b8beda8b3742ce66becd33bf47972319b1d4f9ef52442ed39487c95519d82d8e0c1cb5f39ad6f0cb91fa5cb7077d588d8c579e8dac9ca9b1ecc48854c88917904e169a11cc3db732750f841dca5a41356b5a0acb15ced8aa916c3d6d2f380cf21137ae1ff81de62572b6ed73e91e1b0a36fabdf55fb565334c948ab8a819ba9b2ba31a64edb708b89afd3ea54c8cefea68a4da596384a0b614d81eb056036b5bd82f598b80c9de5787f89f121a1dad091af748879cba28c1bd6788bdef14b8da09806d819aab4926e5f61327626a9b5703927a20ca4055de479232ddd3c7db48f550c0bcdb0a940ed4555bf464b4c198ad196ba6f6eed6d11320782dea7d1003edca292ec2557ad86618aec84510b743f8814934632c70a313093d995b8ccdfb9f08b0ff368a52676c3ceb06ea8459916d0a5d91737734b30d03c66abc557e6b021ca8453e4b836244b65869b31cc87a8d046edf97daeaa03d14f7ece701918f2951af6ca210ce117c11f7284179ac187c7a316a99d11d4bef1d40e498a25b5931276ea5659ca77c8f161b5e283aedf9932413a366dcc9408d251a69d47279c456144010bda959e4c1b4de1bfa7c178c8fb13e0079ffa7921c7a7946ecd9a1e644cd18676ca9248a241a6829ae8c2e35920a9e77b25c2280663730ef61d5e415a21eb8292d3bca672e8ba4c6bcfddac79de32df917b3323ac1e2662ad4547e1357c2551dbb06919d4b6fc04c54199a466386c681d8723b257cc36823b84a4cee142fa29c08e0753cd03e44c958d60f927da248ca70128c138ffaeb9d3f6d889038206c3aaa647c1217d3ab00caa0fa9d040a76028ed22f5065472b79a4f1758139688fa5216640a86d71d33f840a1b4264234101b0d0e46399456610016e07b935326ecc40899dae454cd54762f030e7b0cfb41b410e4e9440186ae3e83fcb3c0f2d35e0e11d0e3e501243e4c316a7e41e60e056df9653eb51fe210e54076f28c43ed0361e5f241a480aed636407e3d7e101c2771cd1dd701fafd31142682759d8ad6e8b2fbb15bc7da4dc7c7b51c04db97c781baecdf1df404c3bfbc92858b3f6f76fadc3f50bba3261f58147815e990b9f4af2d7e4c84e04d32caf600cf3a4c7d107612c2298211b8feaca8d54a250818f4f6cdd5ebfbcce021b1791341f04e23e5f24d404216168eaef5051010536a9a3c6622881368f328f01967ddaa3e8672e38385808ab9668130f718a5b356e02829df3d2920953b1aa0a2fcb5206ba4a1422778b023850a0844c51945a0075c392c4e144753cabb20cb6919ce05c33045915f266c570924a99811e00b0ba58407e0ccdbacbbd4c5248ff2ae654a6d136cdcd8266ada7cffc482763870020eca3f6a86a083cab143889ee8605bf6115ff50a72814c44d6c873a0dfb4b3062bb7dec51d468f8fca2e1970db0eff4151661fa8d36c408b2b3941e673677e1b5e76434f8e9ac6a872834aca7e15ae868a2672307b69bfc6eec696dfcdb3b8e4286ae6549babd4ea3fe584b7f4ca07269446f39b87ca8a7c5ee4773c9d8146cfbbde8103776d7073fe244cf15c3a4d0155cf8ffc18269ba1e81fef2db55b01721066e2daf11aa932e2759d137c8bbd64a499da41fa5d347cfda92f6746306dbe4835d93de938a1815c74b8b228cbe1deb39952fcd6e46c087537e5e0c8131977d603d7a5ca3c59615d6d9761225107631f3c1d0242e33fb742bbe2687833501970af477ce7d534a114114635828d28fba551f11c2e9f3a6ebf1600dd1507735a711e5b36be93662588e85f21df53b166c72e8b2cc33f277364cb5247cd1c796d9337741506dcc18f303b1b52dbb3ee7097925356b1649d185d032220f0be93ec04aa4299b2388796c8e9b3c7f3f4363e81b341df17875d20a20a335c8fa9d60bf23c1e754674a9a87053a826e92016d1ff2b458bdfa6be3c2724339515c44026921fb43f19866320923542ba23c62a4bce8d8768fdb3443b449b7439bc51c5d27cbd8ec10fc0393039edcae0e069725", 0x1000, 0x7, 0x0, 0x1, r0}, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x7, 0x40, r0, &(0x7f0000001480)="7fe48f76b3b4ac702c7eeae9e79c8145e433755ec4f6c03d4f26d6c85553d53cbce21e16ef5a808b9bb1c561b4ed83d2047de8e3f3075f2f519dfd179f6d30d368ab6bfaa6d1aea7f5a32706101ea6f66fadf0f58086ffb0c48894b44f62266d670f0144c4b61b73e7ef4cd919b5bc5ed4ad70ce9f7453f4e6be5920a915cb4b54bf9a4b51afe7d6e5f4c8a938cb6fa51f660785f159707275ecb8b1e6b7efb377201d4f1d196ffd4d1b24a2b9e673b6548427ac416a65f30bf71eeb1bac45aca5d04503f98d95d51e72915106decba42a6b4d21", 0xd4, 0x3a, 0x0, 0x0, r4}, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7, 0x8, r0, &(0x7f0000001600)="be4ec7fe8144a4204c949edffcb00efe4fadbed5a4a17ddbed123e885e47da98855021b1a373cc8e81d79404983d8f17e11c4a2b5b2fb9bf1975fda979729653e73de8ed730a6e0c9aadb5523ac8e783d0fc0a99d104ad34a626c79e6c68c47dce193a2c2094d7e9317e1424b38173db82af1c388564bd775b86d0c218012cb4fc52a402eb4477b3f3be33b8931a", 0x8e, 0x5c4, 0x0, 0x1, 0xffffffffffffff9c}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, 0x8001, r0, &(0x7f0000001700)="19d4b8e4d1a6be", 0x7, 0xfffffffffffffa3d, 0x0, 0x2, 0xffffffffffffff9c}, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x9, 0x1, r0, &(0x7f0000001780)="04eb06f64afae02682070263baaf10914a42b4bf5f883e99a61e35f8e5425e302d9df6a9647d59f8b4532bcfbccd803889909185972194f49e737d48d2f7a0244284aec51c8f8637452eb932537a4ffb38495e65b364a119bca1fc234fc9ece6ce019a97676ee891072b412df3902b50c381108081d62db04125ec140521195c7b375d04e9f73fab43b618a16650f093f5a68492c41cd97b4add944367b701d6ae66780b5f90420be4f0d09ab14a04700dc120a09572752a42a49dde7a5d079285be49f49cd7b23a17c26cdbe35e6a98a0f4b41dc83419d7e32f07e38c72f804456a518908fd995bb794952f53df6197a91ab5d9e83427", 0xf7, 0xfff, 0x0, 0x1, r5}]) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0) r7 = getpid() sched_rr_get_interval(r7, &(0x7f0000000100)) ioctl$KDSETKEYCODE(r6, 0x4b4d, &(0x7f0000000080)={0x80000001, 0x3}) r8 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r8, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r8, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:05:33 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x2000, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000009c0)=[@text16={0x10, &(0x7f0000000280)="6766c7442400710000006766c7442402ca0000006766c744240600000000670f0114240f0ff3b0b870008ee8f26d0f06440f20c066350a000000440f22c0baf80c66b8840fa68b66efbafc0cb078ee0f01c9660fea21dda4c100", 0x5a}], 0x1, 0x0, &(0x7f0000000f00), 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x440000, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000200)=r1) mremap(&(0x7f0000010000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000000000/0x1000)=nil) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000300)={"55c990aa4964e82a3ec457f4c7d69681319b32c4fe546fdaa52a7f1ee7a27d5f71fb895c4bf21bf0301d2a160f646d230ecc224077896302fd1e64ad393ef24145492c44f164e53100dc89f52d25895dcd4320f649fc784145767a5224088c492511d0a5d7bb0c0176706c238dfeee9caae8811ba9d2ec92a4a340c091647ae36123d290d72c375af37957c01aa945bdb6a7a6870069350c7c2ac6b9c032e80d8150743be19fbaf9447badcc1908d174e06fd466e64e24e3c892ee52a4b31338ad67030baeffa5bfa701c1e7bfbd8fd016d87018d05ab11f9e813877bd9cdf0884cbaabe09190f95550884f8a1e6510f6bbe96f86859597bf89741aea068e55b938ebee9d9bff58478513c4b72edbf79f75431b54743ab05d3980b30b2127cf13bf94beba0828a4bb1848bc1f862fac00698e4bd2f4bde3bb35107056c4147c0ed8d7d588ba03c37b82ea384d1db706a8b46ee351812ad747d1045540a48b542996812548270c5af5d27ff72920bebd8371348c7f55a953e236ac13fe737a81bd9b61e30a5e9c526cf61862f5a0a90963c73febe3b66ab29f17b6da74b7647bcc4e527356d57fa1fe3f3dffab39df7b353eda6b839decb4484939f4fc0c84bda1c964941ccf4db1ca0d2c152fd356ac66441c8b68755d533b416d9f7999678227c7a69db08e997252dd6a38fc458d93fac9f1f14f49b7ca4a0b0c8b538d2f30c34503a0975506ae9004b3e5c3d2469cf4e03d9b79dc1499647b5b680a02bdc56c18782c48120dee663918288f068c49d85355d114cfe0c5d1405cf5e37b181f296fa7dc9af116fbe220121fe139739226eefce468f27f5d21ab51ef0e26134c5341cf13799003ceb38d4050c2ba1c9e6decc2d11a8f14a6adadd45e615106b5dd4c07093ba114ac55b4e80d1a3545ab6e8fbf796b908ecc244340fc06e4d4bd6e069b7f0232198ab067a709bcdd4d41500e5dc7032e5993f965d4603033fe61cc523937d7345df42b4f1b62c4daf64f6c29eb2f214b88680bfe19252b67719ccea37d19fe3bfb0c8ad0bd6f4a1df532ec9220269453df5144ff48f63c2ad655b8f20db01b3af95c11f4e7de2bd0a47d47b08b620589a33327bef9ee310505c1736510e88b74281f098099c753d30fcf32f31a0521e32407d689b093f24d07049682ff4662b5b94616699fd704589c0edb02cf3e622088c685564b0c166f9f3cdb12dd8a70684ac6e24570191dda2db2b1965d2397a45060f834405b81fa79204e029b7cd93333dfbef669f3e480fd071f5b87e9fdf984dfe176353ed12ea15484366548336f540a5f1e8b9e19bdeb8d71dce9ecf03d09515bc4bcf7be382176e7e12395ee0f795f76695d0d90eee181d300deb89d7098403ac76309e63f6ca3eade1ce57dcd9de56e24610ed5c470d5540e9f50d068ee8a1431bb3216ae99b18"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) write(r2, &(0x7f0000000080)="ca1e7fdedb78f9c5893535dcf008ab8a47e449c8a460d6bbe38d1209a1e258ba86baf0f9e1493b7d767067b34a512aa48a6686b5bfe338262fad23ea221ed226e213574399614876a87aed5361d377b3e52464d117c4a63a9a344f48e78ce7292cdb220fbb94e5", 0x67) 06:05:33 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/102, &(0x7f0000000000)=0x66) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x6, @mcast1, 0x1f9}, 0x1c) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="ef6954b76db95c7218a229c69528cd391bafb9e4c9171c5cc8167de2e2935c0c8a82b182a9bd415beab2aaf2338d3e9fd11fac21effe22dd58bfcfe0dd3344f16909208800a7b601e44b50e59959342fa90f7dd96e6f6f79d4d2515b69b711b5c2067d95aa2b952bcd6a4447d06e55f4ae06b98a885f73d883bb7405c99455c4b5890a11a063bce33d76531e888559c02315e2a8f6e54b8a78c5c4ed35000000000000000000"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x80000001, 0x4000c0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18, 0x16, 0x301}, 0xfd77}}, 0x0) [ 958.243476] IPVS: length: 102 != 24 06:05:33 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000003280)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_tables_names\x00') getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000000000)=[@in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e21}]}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={r1, 0x3ff}, &(0x7f0000000140)=0x8) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) write$P9_RMKNOD(r0, &(0x7f0000000180)={0x14, 0x13, 0x1, {0x0, 0x4, 0x8}}, 0x14) 06:05:33 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x121) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:33 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xcc) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x2, "eba000168ec958ac"}) accept4$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @remote}, &(0x7f0000000240)=0x10, 0x80000) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x8001, 0x800) syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r3, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18, 0x16, 0x301}, 0xfd77}}, 0x0) 06:05:33 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2, 0x28001) write$evdev(r0, &(0x7f00000001c0)=[{{}, 0x17, 0x7, 0x400}], 0x18) r1 = open(&(0x7f0000000080)='./file0\x00', 0x30102, 0x60) dup(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000200)={{{@in6, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)=@newneigh={0x64, 0x1c, 0x20, 0x70bd25, 0x25dfdbfb, {0x2, 0x0, 0x0, r2, 0x11, 0x10, 0x6}, [@NDA_DST_IPV6={0x14, 0x1, @ipv4}, @NDA_LINK_NETNSID={0x8, 0xa, 0x8280000000000000}, @NDA_CACHEINFO={0x14, 0x3, {0x8, 0x5, 0x1, 0x1f}}, @NDA_MASTER={0x8, 0x9, 0xffffffffffffffe0}, @NDA_LINK_NETNSID={0x8, 0xa, 0x2}, @NDA_IFINDEX={0x8, 0x8, r3}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x80) r4 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x7fffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r4, 0x84, 0x74, &(0x7f0000000580)=""/4096, &(0x7f0000001580)=0x1000) write$evdev(r0, &(0x7f00000015c0)=[{{0x77359400}, 0x0, 0xfffffffffffffffe}], 0x18) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000500)={0x2, 0x7, {0x55, 0x2, 0xffff, {0xe2, 0x100000001}, {0xe0, 0x9}, @ramp={0x4, 0x9, {0x3, 0x9, 0x9}}}, {0x55, 0x7fff, 0xaa, {0x774d, 0x2}, {0x1, 0xc2f}, @cond=[{0xe791, 0x7f, 0x6, 0x0, 0x5, 0x8}, {0x7, 0x10000, 0x9, 0x6, 0x1, 0xfffffffffffffffb}]}}) [ 958.665251] Dead loop on virtual device ip6_vti0, fix it urgently! [ 958.847499] not chained 1770000 origins [ 958.851531] CPU: 1 PID: 25391 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 958.851809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 958.861957] Call Trace: [ 958.861957] dump_stack+0x32d/0x480 [ 958.861957] kmsan_internal_chain_origin+0x222/0x240 [ 958.861957] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 958.861957] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 958.861957] ? save_stack_trace+0xc6/0x110 [ 958.861957] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 958.861957] ? kmsan_internal_chain_origin+0x90/0x240 [ 958.902221] ? get_stack_info+0x863/0x9d0 [ 958.902221] __msan_chain_origin+0x6d/0xd0 [ 958.902221] ? __sys_sendmmsg+0x56b/0xa90 [ 958.902221] __save_stack_trace+0x8be/0xc60 [ 958.902221] ? __sys_sendmmsg+0x56b/0xa90 [ 958.902221] save_stack_trace+0xc6/0x110 [ 958.926871] kmsan_internal_chain_origin+0x136/0x240 [ 958.926871] ? kmsan_internal_chain_origin+0x136/0x240 [ 958.926871] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 958.926871] ? __msan_memcpy+0x6f/0x80 [ 958.926871] ? pskb_expand_head+0x43b/0x1d20 [ 958.926871] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 958.926871] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 958.926871] ? ___sys_sendmsg+0xe68/0x1250 [ 958.926871] ? __sys_sendmmsg+0x56b/0xa90 [ 958.926871] ? __se_sys_sendmmsg+0xbd/0xe0 [ 958.971996] ? __x64_sys_sendmmsg+0x56/0x70 [ 958.971996] ? do_syscall_64+0xcf/0x110 [ 958.971996] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 958.971996] ? __msan_poison_alloca+0x1e0/0x2b0 [ 958.971996] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 958.971996] ? memcg_kmem_put_cache+0x8e/0x460 [ 958.971996] ? __msan_get_context_state+0x9/0x30 [ 958.971996] ? INIT_INT+0xc/0x30 [ 958.971996] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 958.971996] kmsan_memcpy_origins+0x13d/0x1b0 [ 958.971996] __msan_memcpy+0x6f/0x80 [ 958.971996] pskb_expand_head+0x43b/0x1d20 [ 958.971996] l2tp_xmit_skb+0x5a7/0x24b0 [ 958.971996] pppol2tp_sendmsg+0x7a6/0xba0 [ 958.971996] ___sys_sendmsg+0xe68/0x1250 [ 958.971996] ? pppol2tp_getsockopt+0x1060/0x1060 [ 959.042017] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 959.042017] ? kmsan_set_origin+0x83/0x130 [ 959.053994] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 959.053994] ? _cond_resched+0xc7/0x120 [ 959.053994] __sys_sendmmsg+0x56b/0xa90 [ 959.053994] ? syscall_return_slowpath+0x123/0x8c0 [ 959.053994] ? put_timespec64+0x162/0x220 [ 959.053994] __se_sys_sendmmsg+0xbd/0xe0 [ 959.053994] __x64_sys_sendmmsg+0x56/0x70 [ 959.053994] do_syscall_64+0xcf/0x110 [ 959.053994] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.053994] RIP: 0033:0x457569 06:05:34 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fsetxattr$security_evm(r1, &(0x7f0000000000)='security.evm\x00', &(0x7f00000000c0)=@ng={0x4, 0x1, "15d95d2f"}, 0x6, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='team_slave_0\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400201) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0xf22, 0x10000, 0x40, 0x4, 0xdd3, 0x1000, 0xfffffffffffffff7, {0x0, @in6={{0xa, 0x4e20, 0xff, @dev={0xfe, 0x80, [], 0xc}, 0xff}}, 0x1, 0x80000000, 0x4, 0xf065, 0x4}}, &(0x7f0000000100)=0xb0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={r2, 0xbc, &(0x7f0000000280)=[@in={0x2, 0x4e24}, @in6={0xa, 0x4e22, 0x1c, @loopback, 0x6825d57d}, @in6={0xa, 0x4e20, 0x100000001, @empty, 0x1ff}, @in6={0xa, 0x4e22, 0x7, @local, 0x5}, @in={0x2, 0x4e20, @multicast2}, @in={0x2, 0x4e21, @remote}, @in6={0xa, 0x4e22, 0x4, @mcast1, 0x5}, @in6={0xa, 0x4e24, 0x9, @mcast2, 0x3}]}, &(0x7f0000000340)=0x10) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000380)=0x6) [ 959.053994] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 959.112655] RSP: 002b:00007f8c33cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 959.112655] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 959.112655] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000007 [ 959.112655] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 959.112655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf36d4 [ 959.112655] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 959.112655] Uninit was stored to memory at: [ 959.112655] kmsan_internal_chain_origin+0x136/0x240 [ 959.112655] __msan_chain_origin+0x6d/0xd0 [ 959.112655] __save_stack_trace+0x8be/0xc60 [ 959.175680] save_stack_trace+0xc6/0x110 [ 959.182003] kmsan_internal_chain_origin+0x136/0x240 [ 959.184114] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.190354] __msan_memcpy+0x6f/0x80 [ 959.194124] pskb_expand_head+0x43b/0x1d20 [ 959.194124] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.194124] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.194124] ___sys_sendmsg+0xe68/0x1250 [ 959.194124] __sys_sendmmsg+0x56b/0xa90 [ 959.194124] __se_sys_sendmmsg+0xbd/0xe0 [ 959.194124] __x64_sys_sendmmsg+0x56/0x70 [ 959.194124] do_syscall_64+0xcf/0x110 [ 959.194124] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.194124] [ 959.194124] Uninit was stored to memory at: [ 959.194124] kmsan_internal_chain_origin+0x136/0x240 06:05:34 executing program 5: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18, 0x16, 0x301}, 0xfd77}}, 0x0) [ 959.194124] __msan_chain_origin+0x6d/0xd0 [ 959.194124] __save_stack_trace+0x8be/0xc60 [ 959.252033] save_stack_trace+0xc6/0x110 [ 959.252033] kmsan_internal_chain_origin+0x136/0x240 [ 959.252033] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.252033] __msan_memcpy+0x6f/0x80 [ 959.252033] pskb_expand_head+0x43b/0x1d20 [ 959.252033] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.252033] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.252033] ___sys_sendmsg+0xe68/0x1250 [ 959.252033] __sys_sendmmsg+0x56b/0xa90 [ 959.252033] __se_sys_sendmmsg+0xbd/0xe0 [ 959.252033] __x64_sys_sendmmsg+0x56/0x70 [ 959.252033] do_syscall_64+0xcf/0x110 [ 959.252033] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.252033] kmsan_internal_chain_origin+0x136/0x240 [ 959.252033] __msan_chain_origin+0x6d/0xd0 [ 959.252033] __save_stack_trace+0x8be/0xc60 [ 959.252033] save_stack_trace+0xc6/0x110 [ 959.252033] kmsan_internal_chain_origin+0x136/0x240 [ 959.252033] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.252033] __msan_memcpy+0x6f/0x80 [ 959.252033] pskb_expand_head+0x43b/0x1d20 [ 959.252033] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.252033] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.252033] ___sys_sendmsg+0xe68/0x1250 [ 959.252033] __sys_sendmmsg+0x56b/0xa90 [ 959.252033] __se_sys_sendmmsg+0xbd/0xe0 [ 959.252033] __x64_sys_sendmmsg+0x56/0x70 [ 959.252033] do_syscall_64+0xcf/0x110 [ 959.252033] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.377039] [ 959.377039] Uninit was stored to memory at: [ 959.377039] kmsan_internal_chain_origin+0x136/0x240 [ 959.377039] __msan_chain_origin+0x6d/0xd0 [ 959.377039] __save_stack_trace+0x8be/0xc60 [ 959.377039] save_stack_trace+0xc6/0x110 [ 959.377039] kmsan_internal_chain_origin+0x136/0x240 [ 959.377039] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.377039] __msan_memcpy+0x6f/0x80 [ 959.377039] pskb_expand_head+0x43b/0x1d20 [ 959.377039] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.377039] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.377039] ___sys_sendmsg+0xe68/0x1250 [ 959.377039] __sys_sendmmsg+0x56b/0xa90 [ 959.377039] __se_sys_sendmmsg+0xbd/0xe0 [ 959.377039] __x64_sys_sendmmsg+0x56/0x70 [ 959.377039] do_syscall_64+0xcf/0x110 [ 959.377039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.452014] [ 959.452014] Uninit was stored to memory at: [ 959.452014] kmsan_internal_chain_origin+0x136/0x240 [ 959.452014] __msan_chain_origin+0x6d/0xd0 [ 959.452014] __save_stack_trace+0x8be/0xc60 [ 959.452014] save_stack_trace+0xc6/0x110 [ 959.452014] kmsan_internal_chain_origin+0x136/0x240 [ 959.452014] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.452014] __msan_memcpy+0x6f/0x80 [ 959.452014] pskb_expand_head+0x43b/0x1d20 [ 959.452014] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.452014] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.452014] ___sys_sendmsg+0xe68/0x1250 [ 959.452014] __sys_sendmmsg+0x56b/0xa90 [ 959.452014] __se_sys_sendmmsg+0xbd/0xe0 [ 959.452014] __x64_sys_sendmmsg+0x56/0x70 [ 959.452014] do_syscall_64+0xcf/0x110 [ 959.521994] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.521994] [ 959.521994] Uninit was stored to memory at: [ 959.521994] kmsan_internal_chain_origin+0x136/0x240 [ 959.521994] __msan_chain_origin+0x6d/0xd0 [ 959.521994] __save_stack_trace+0x8be/0xc60 06:05:34 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @remote, 0xffffffffffffffff}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 959.521994] save_stack_trace+0xc6/0x110 [ 959.521994] kmsan_internal_chain_origin+0x136/0x240 [ 959.521994] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.521994] __msan_memcpy+0x6f/0x80 [ 959.521994] pskb_expand_head+0x43b/0x1d20 [ 959.521994] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.521994] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.521994] ___sys_sendmsg+0xe68/0x1250 [ 959.521994] __sys_sendmmsg+0x56b/0xa90 [ 959.521994] __se_sys_sendmmsg+0xbd/0xe0 [ 959.521994] __x64_sys_sendmmsg+0x56/0x70 [ 959.591969] do_syscall_64+0xcf/0x110 [ 959.591969] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.591969] [ 959.591969] Uninit was stored to memory at: [ 959.591969] kmsan_internal_chain_origin+0x136/0x240 [ 959.591969] __msan_chain_origin+0x6d/0xd0 [ 959.618517] __save_stack_trace+0x8be/0xc60 [ 959.618517] save_stack_trace+0xc6/0x110 [ 959.618517] kmsan_internal_chain_origin+0x136/0x240 [ 959.633505] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.633505] __msan_memcpy+0x6f/0x80 [ 959.633505] pskb_expand_head+0x43b/0x1d20 [ 959.633505] l2tp_xmit_skb+0x5a7/0x24b0 [ 959.633505] pppol2tp_sendmsg+0x7a6/0xba0 [ 959.633505] ___sys_sendmsg+0xe68/0x1250 [ 959.633505] __sys_sendmmsg+0x56b/0xa90 [ 959.661974] __se_sys_sendmmsg+0xbd/0xe0 [ 959.661974] __x64_sys_sendmmsg+0x56/0x70 [ 959.661974] do_syscall_64+0xcf/0x110 [ 959.661974] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.675468] [ 959.675468] Local variable description: ----iph@ip_vs_out [ 959.675468] Variable was created at: [ 959.675468] ip_vs_out+0x1bf/0x4570 [ 959.675468] ip_vs_local_reply6+0xec/0x130 [ 959.699931] Dead loop on virtual device ip6_vti0, fix it urgently! [ 959.823066] not chained 1780000 origins [ 959.827095] CPU: 1 PID: 25391 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 959.831950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 959.831950] Call Trace: [ 959.831950] dump_stack+0x32d/0x480 [ 959.831950] kmsan_internal_chain_origin+0x222/0x240 [ 959.831950] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 959.831950] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.831950] ? save_stack_trace+0xc6/0x110 [ 959.831950] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 959.831950] ? kmsan_internal_chain_origin+0x90/0x240 [ 959.831950] ? get_stack_info+0x863/0x9d0 [ 959.831950] __msan_chain_origin+0x6d/0xd0 [ 959.831950] ? __msan_memcpy+0x6f/0x80 [ 959.831950] __save_stack_trace+0x8be/0xc60 [ 959.831950] ? __msan_memcpy+0x6f/0x80 [ 959.831950] save_stack_trace+0xc6/0x110 [ 959.831950] kmsan_internal_chain_origin+0x136/0x240 [ 959.831950] ? kmsan_internal_chain_origin+0x136/0x240 [ 959.831950] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 959.831950] ? __msan_memcpy+0x6f/0x80 [ 959.831950] ? pskb_expand_head+0x43b/0x1d20 [ 959.831950] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 959.928864] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 959.928864] ? ___sys_sendmsg+0xe68/0x1250 [ 959.928864] ? __sys_sendmmsg+0x56b/0xa90 [ 959.928864] ? __se_sys_sendmmsg+0xbd/0xe0 [ 959.928864] ? __x64_sys_sendmmsg+0x56/0x70 [ 959.928864] ? do_syscall_64+0xcf/0x110 [ 959.928864] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 959.928864] ? __msan_poison_alloca+0x1e0/0x2b0 [ 959.928864] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 959.928864] ? memcg_kmem_put_cache+0x8e/0x460 [ 959.928864] ? __msan_get_context_state+0x9/0x30 [ 959.928864] ? INIT_INT+0xc/0x30 [ 959.983504] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 959.986669] kmsan_memcpy_origins+0x13d/0x1b0 [ 959.986669] __msan_memcpy+0x6f/0x80 [ 959.986669] pskb_expand_head+0x43b/0x1d20 [ 960.000379] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.000379] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.000379] ___sys_sendmsg+0xe68/0x1250 [ 960.000379] ? pppol2tp_getsockopt+0x1060/0x1060 [ 960.000379] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 960.020525] ? kmsan_set_origin+0x83/0x130 [ 960.020525] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 960.020525] ? _cond_resched+0xc7/0x120 [ 960.020525] __sys_sendmmsg+0x56b/0xa90 [ 960.020525] ? syscall_return_slowpath+0x123/0x8c0 [ 960.020525] ? put_timespec64+0x162/0x220 [ 960.020525] __se_sys_sendmmsg+0xbd/0xe0 [ 960.020525] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] RIP: 0033:0x457569 [ 960.060039] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 960.060039] RSP: 002b:00007f8c33cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 960.060039] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 960.060039] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000007 [ 960.060039] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 960.060039] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf36d4 [ 960.060039] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Uninit was stored to memory at: [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] __msan_chain_origin+0x6d/0xd0 [ 960.060039] __save_stack_trace+0x8be/0xc60 [ 960.060039] save_stack_trace+0xc6/0x110 [ 960.060039] kmsan_internal_chain_origin+0x136/0x240 [ 960.060039] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.060039] __msan_memcpy+0x6f/0x80 [ 960.060039] pskb_expand_head+0x43b/0x1d20 [ 960.060039] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.060039] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.060039] ___sys_sendmsg+0xe68/0x1250 [ 960.060039] __sys_sendmmsg+0x56b/0xa90 [ 960.060039] __se_sys_sendmmsg+0xbd/0xe0 [ 960.060039] __x64_sys_sendmmsg+0x56/0x70 [ 960.060039] do_syscall_64+0xcf/0x110 [ 960.060039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.060039] [ 960.060039] Local variable description: ----iph@ip_vs_out [ 960.060039] Variable was created at: [ 960.060039] ip_vs_out+0x1bf/0x4570 [ 960.060039] ip_vs_local_reply6+0xec/0x130 [ 960.676515] Dead loop on virtual device ip6_vti0, fix it urgently! [ 960.717512] not chained 1790000 origins [ 960.721548] CPU: 1 PID: 25391 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 960.721825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 960.731568] Call Trace: [ 960.731568] dump_stack+0x32d/0x480 [ 960.731568] kmsan_internal_chain_origin+0x222/0x240 [ 960.731568] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] ? save_stack_trace+0xc6/0x110 [ 960.731568] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 960.731568] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 960.731568] ? get_stack_info+0x863/0x9d0 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] ? kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] ? __msan_memcpy+0x6f/0x80 [ 960.731568] ? pskb_expand_head+0x43b/0x1d20 [ 960.731568] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ? ___sys_sendmsg+0xe68/0x1250 [ 960.731568] ? __sys_sendmmsg+0x56b/0xa90 [ 960.731568] ? __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] ? __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] ? do_syscall_64+0xcf/0x110 [ 960.731568] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] ? __msan_poison_alloca+0x1e0/0x2b0 [ 960.731568] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 960.731568] ? memcg_kmem_put_cache+0x8e/0x460 [ 960.731568] ? __msan_get_context_state+0x9/0x30 [ 960.731568] ? INIT_INT+0xc/0x30 [ 960.731568] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] ? pppol2tp_getsockopt+0x1060/0x1060 [ 960.731568] ? __msan_poison_alloca+0x1e0/0x2b0 [ 960.731568] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 960.731568] ? rcu_all_qs+0x3b/0x310 [ 960.731568] ? _cond_resched+0x59/0x120 [ 960.731568] ? rcu_all_qs+0x53/0x310 [ 960.731568] ? _cond_resched+0x37/0x120 [ 960.731568] ? __sys_sendmmsg+0x7c9/0xa90 [ 960.731568] ? _cond_resched+0x59/0x120 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] ? syscall_return_slowpath+0x123/0x8c0 [ 960.731568] ? put_timespec64+0x162/0x220 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] RIP: 0033:0x457569 [ 960.731568] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 960.731568] RSP: 002b:00007f8c33cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 960.731568] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 960.731568] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000007 [ 960.731568] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 960.731568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf36d4 [ 960.731568] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Uninit was stored to memory at: [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] __msan_chain_origin+0x6d/0xd0 [ 960.731568] __save_stack_trace+0x8be/0xc60 [ 960.731568] save_stack_trace+0xc6/0x110 [ 960.731568] kmsan_internal_chain_origin+0x136/0x240 [ 960.731568] kmsan_memcpy_origins+0x13d/0x1b0 [ 960.731568] __msan_memcpy+0x6f/0x80 [ 960.731568] pskb_expand_head+0x43b/0x1d20 [ 960.731568] l2tp_xmit_skb+0x5a7/0x24b0 [ 960.731568] pppol2tp_sendmsg+0x7a6/0xba0 [ 960.731568] ___sys_sendmsg+0xe68/0x1250 [ 960.731568] __sys_sendmmsg+0x56b/0xa90 [ 960.731568] __se_sys_sendmmsg+0xbd/0xe0 [ 960.731568] __x64_sys_sendmmsg+0x56/0x70 [ 960.731568] do_syscall_64+0xcf/0x110 [ 960.731568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 960.731568] [ 960.731568] Local variable description: ----iph@ip_vs_out [ 960.731568] Variable was created at: [ 960.731568] ip_vs_out+0x1bf/0x4570 [ 960.731568] ip_vs_local_reply6+0xec/0x130 [ 961.588841] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:36 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='ip6_vti0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24}, 0x0, 0x2, 0x4, 0x2}}, 0x26) r2 = accept(r0, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000000200)=0x80) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000240)={0x5, [0x2, 0xbb11, 0x6, 0x7, 0x13]}, &(0x7f0000000280)=0xe) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r3 = semget(0x2, 0x1, 0x13) semctl$SEM_INFO(r3, 0x4, 0x13, &(0x7f0000000080)=""/160) 06:05:36 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xcc) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x2, "eba000168ec958ac"}) accept4$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @remote}, &(0x7f0000000240)=0x10, 0x80000) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x8001, 0x800) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r3, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:36 executing program 5: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18, 0x16, 0x301}, 0xfd77}}, 0x0) 06:05:36 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000003280)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_tables_names\x00') getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000000000)=[@in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e21}]}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={r1, 0x3ff}, &(0x7f0000000140)=0x8) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) write$P9_RMKNOD(r0, &(0x7f0000000180)={0x14, 0x13, 0x1, {0x0, 0x4, 0x8}}, 0x14) 06:05:36 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="847ee14c4f0c2807c0d2a459495a6b1c0555db6547c8e2ff2f5472ccad1de8737626be4bd34b60309c23d6aa85249e8234750f08cd3f3ec3f2b1f4da805a71f791f94046b5a0e8e111e15cd02ae379619233606e11afdab7daebde850571d0557f364271eb7c7b7fb14004bcaaaad3c68b21f196"], 0x1}}, 0x0) listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=""/61, 0x3d) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000080), 0x4) r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x8) 06:05:36 executing program 2: r0 = memfd_create(&(0x7f0000000040)='posix_acl_access&cgroupvmnet0{nodevsecuritynodev!\x00', 0x5) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x401) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/pid_for_children\x00') fchown(r2, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x3d04}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000100)={r3, 0x4845, 0x1}, 0x8) 06:05:37 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x2, 0x0) write$FUSE_POLL(r1, &(0x7f00000001c0)={0x18, 0x0, 0x2, {0x8}}, 0x18) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000000180)) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xffffffffffffffea) r2 = dup2(r0, r0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000080)) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f00000000c0)=0x7002) sendmmsg(r3, &(0x7f0000005fc0), 0x800000000000059, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x300, 0x0) 06:05:37 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000140)={0x0, 0x1, 0x0, [], &(0x7f0000000000)={0x98f905, 0x0, [], @ptr}}) 06:05:37 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xcc) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x2, "eba000168ec958ac"}) accept4$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @remote}, &(0x7f0000000240)=0x10, 0x80000) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r3, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000002c0), &(0x7f0000000340)=0x4) 06:05:37 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000008c0)={'team0\x00', 0x0}) recvfrom$packet(r1, &(0x7f0000000000)=""/54, 0x36, 0x0, &(0x7f0000000900)={0x11, 0xf7, r3, 0x1, 0x7, 0x6, @local}, 0x14) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d2b29ba62791c7498922bca0fc960cd8bf69540259b54a7eb2e5ea70bcb8425834b3c37780cf0e31bd55ae79cd16293db9293063e18e6a4f99161cccd1653f3d43022a52df408d032f635c3accba18368b8640d3b3239b3b63e36f107b30142de2d2326ffa22acd76b70110360c7fc"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18}, 0xfd77}}, 0x0) 06:05:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000140)={@loopback, 0x0}, &(0x7f0000001640)=0x14) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000012c0)={r0, @multicast2, @rand_addr}, 0xc) r1 = eventfd2(0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x20141042, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0)='trusted.overlay.redirect\x00', &(0x7f0000001600)='./file0\x00', 0x8, 0x0) ftruncate(r2, 0xb3d4) sendfile(r1, r2, &(0x7f0000000040), 0x2008004fffffffe) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f00000038c0)=[{{&(0x7f0000002240)=@can, 0x80, &(0x7f0000002580), 0x0, &(0x7f0000001180)=""/246, 0xf6}}], 0x1, 0x0, 0x0) getpid() getpid() fcntl$getown(0xffffffffffffffff, 0x9) getpgid(0xffffffffffffffff) getuid() getpgid(0xffffffffffffffff) getresgid(&(0x7f0000000880), &(0x7f00000008c0), &(0x7f0000000900)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000940), &(0x7f0000000980)=0xc) lstat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000a80), &(0x7f0000000ac0)=0xc) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000100)=@proc={0x10, 0x0, 0x25dfdbfb}, 0xc, &(0x7f0000000800)=[{&(0x7f0000000340)={0x10}, 0x10}], 0x1, &(0x7f0000000b00)=[@rights={0x10}], 0x10}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000001440)='fou\x00') geteuid() 06:05:38 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xcc) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x2, "eba000168ec958ac"}) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r2, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18}, 0xfd77}}, 0x0) 06:05:38 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x5, 0xcf1d, &(0x7f0000000000)=0x2}) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1d57799ec9c4c9dd1e5d6fe459f33d93344ee0aa0511ddc8621ba45febecdeefe3543a15d2cbba8abc4e18cd9f7cb1b124b74d57a90862aff0ea51a263ce388cc3c000a67ff3ca97a59ec1b59b6a2f22f9718e54dda40c2f8e11e45a8e0417df0a67986e925e2c451e4b83db379bc44383ad1cf0ba88f99de2e5d15b5ff726cfe80bec38a8c6feb0d103a431c930a932af55a16932685881b929f6"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080), 0xc, &(0x7f0000000340)={&(0x7f0000000240)=@ipv4_getaddr={0x18}, 0xfd77}}, 0x0) 06:05:38 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0xfffffd15) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x200000, 0x0) ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f0000000140)="03f0621e4ee5733920bf1c6a168408e29e205ede93d735d6471c60d8c048c5e47f6f37a5e4125c69cc859c058aa2fb43e24d39e1b048021143435d1489edfca634bfc6b2faf8b4dbe1fd6da31aa0ac8dc981ede221e1ed761d0b1c63d4eb158efe9d4d7f1228b4134928063caec52262e3e024a71c072784d5e339e3c4e38d72ac845f939487a56d9b0e18b08e3048c8dfe16ed7425275ad526eae04aa3149cad616") setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x8, 0x2000) write$P9_RLERROR(r3, &(0x7f00000000c0)={0x12, 0x7, 0x1, {0x9, 'ip6_vti0\x00'}}, 0x12) ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000200)={0x4, 0x2, @stop_pts=0x4}) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:05:38 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xcc) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r2, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:38 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:38 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x1000000105082) io_setup(0x10000000ff7, &(0x7f0000000380)=0x0) io_submit(r1, 0x1, &(0x7f00000017c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0xffffff47}]) 06:05:39 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000140)={@loopback, 0x0}, &(0x7f0000001640)=0x14) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000012c0)={r0, @multicast2, @rand_addr}, 0xc) r1 = eventfd2(0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x20141042, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0)='trusted.overlay.redirect\x00', &(0x7f0000001600)='./file0\x00', 0x8, 0x0) ftruncate(r2, 0xb3d4) sendfile(r1, r2, &(0x7f0000000040), 0x2008004fffffffe) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f00000038c0)=[{{&(0x7f0000002240)=@can, 0x80, &(0x7f0000002580), 0x0, &(0x7f0000001180)=""/246, 0xf6}}], 0x1, 0x0, 0x0) getpid() getpid() fcntl$getown(0xffffffffffffffff, 0x9) getpgid(0xffffffffffffffff) getuid() getpgid(0xffffffffffffffff) getresgid(&(0x7f0000000880), &(0x7f00000008c0), &(0x7f0000000900)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000940), &(0x7f0000000980)=0xc) lstat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000a80), &(0x7f0000000ac0)=0xc) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000100)=@proc={0x10, 0x0, 0x25dfdbfb}, 0xc, &(0x7f0000000800)=[{&(0x7f0000000340)={0x10}, 0x10}], 0x1, &(0x7f0000000b00)=[@rights={0x10}], 0x10}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000001440)='fou\x00') geteuid() 06:05:39 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-pclmul\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendto(r1, &(0x7f00005c8f58), 0xfffffffffffffeee, 0x0, &(0x7f0000351ff0)=@ipx={0x4, 0x0, 0x0, "a074edebb7e1"}, 0x10) 06:05:39 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) syz_open_pts(r1, 0xc0c0) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:39 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xcc) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r2, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:39 executing program 2: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 06:05:39 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}]}) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:05:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000002c0)=0x61) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000240)={0xffffffffffffffff}) 06:05:40 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="cfcc39172cd7b7680d52a9c91269a903956165a3272805c490998c30e44cbd2010a3382b4402c0fd06eb77f1801e25314a488ed07ebe38ce1315a85f28a919ee8577882d1ee07712b9620bd92703f00622033ac5a140e2ebb390a8428d69b06b63538cf5eb"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 964.929230] Dead loop on virtual device ip6_vti0, fix it urgently! [ 964.951276] Dead loop on virtual device ip6_vti0, fix it urgently! [ 964.974666] Dead loop on virtual device ip6_vti0, fix it urgently! [ 965.057216] not chained 1800000 origins [ 965.061241] CPU: 0 PID: 25532 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 965.061896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 965.075758] Call Trace: [ 965.075758] dump_stack+0x32d/0x480 [ 965.075758] kmsan_internal_chain_origin+0x222/0x240 [ 965.075758] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 965.075758] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.075758] ? save_stack_trace+0xc6/0x110 06:05:40 executing program 1: prctl$setmm(0x23, 0x5, &(0x7f0000ffa000/0x3000)=nil) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) [ 965.075758] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 965.075758] ? kmsan_internal_chain_origin+0x90/0x240 [ 965.075758] ? get_stack_info+0x863/0x9d0 [ 965.075758] __msan_chain_origin+0x6d/0xd0 [ 965.075758] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.075758] __save_stack_trace+0x8be/0xc60 [ 965.075758] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.075758] save_stack_trace+0xc6/0x110 [ 965.075758] kmsan_internal_chain_origin+0x136/0x240 [ 965.075758] ? kmsan_internal_chain_origin+0x136/0x240 [ 965.075758] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 965.075758] ? __msan_memcpy+0x6f/0x80 [ 965.156862] ? pskb_expand_head+0x43b/0x1d20 [ 965.156862] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 965.156862] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 965.156862] ? ___sys_sendmsg+0xe68/0x1250 [ 965.175982] ? __sys_sendmmsg+0x56b/0xa90 [ 965.175982] ? __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] ? __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] ? do_syscall_64+0xcf/0x110 [ 965.175982] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] ? __msan_poison_alloca+0x1e0/0x2b0 [ 965.175982] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 965.175982] ? memcg_kmem_put_cache+0x8e/0x460 [ 965.175982] ? __msan_get_context_state+0x9/0x30 [ 965.175982] ? INIT_INT+0xc/0x30 [ 965.175982] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 [ 965.175982] __msan_memcpy+0x6f/0x80 [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] ? pppol2tp_getsockopt+0x1060/0x1060 06:05:40 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score\x00') preadv(r0, &(0x7f00000017c0), 0x10000000000001c0, 0x0) [ 965.175982] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 965.175982] ? kmsan_set_origin+0x83/0x130 [ 965.175982] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 965.175982] ? _cond_resched+0xc7/0x120 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] ? syscall_return_slowpath+0x123/0x8c0 [ 965.175982] ? put_timespec64+0x162/0x220 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] RIP: 0033:0x457569 [ 965.175982] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 965.175982] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 965.175982] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 965.175982] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 965.175982] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 965.175982] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 965.175982] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 06:05:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="4c0000001400197f09004b0101048c590188ffffcf3d34740600d4ff5bffff00e7e5ed7d00000000c8550000000000002758d60034650c0326356cdb47f6aaaa956086cbfe0db35200af4486", 0x4c}], 0x1) [ 965.175982] __msan_memcpy+0x6f/0x80 [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 [ 965.175982] __msan_memcpy+0x6f/0x80 [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 06:05:40 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) msgrcv(0x0, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0) msgrcv(0x0, &(0x7f00000003c0)={0x0, ""/179}, 0xffffff88, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000100)={0x3}, 0x8, 0x0) [ 965.175982] __msan_memcpy+0x6f/0x80 [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 [ 965.175982] __msan_memcpy+0x6f/0x80 [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 [ 965.175982] __msan_memcpy+0x6f/0x80 06:05:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000002c0), &(0x7f0000000340)=0x4) [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 [ 965.175982] __msan_memcpy+0x6f/0x80 [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Uninit was stored to memory at: [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] __msan_chain_origin+0x6d/0xd0 [ 965.175982] __save_stack_trace+0x8be/0xc60 [ 965.175982] save_stack_trace+0xc6/0x110 [ 965.175982] kmsan_internal_chain_origin+0x136/0x240 [ 965.175982] kmsan_memcpy_origins+0x13d/0x1b0 [ 965.175982] __msan_memcpy+0x6f/0x80 06:05:40 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(morus1280-sse2)\x00'}, 0x58) [ 965.175982] pskb_expand_head+0x43b/0x1d20 [ 965.175982] l2tp_xmit_skb+0x5a7/0x24b0 [ 965.175982] pppol2tp_sendmsg+0x7a6/0xba0 [ 965.175982] ___sys_sendmsg+0xe68/0x1250 [ 965.175982] __sys_sendmmsg+0x56b/0xa90 [ 965.175982] __se_sys_sendmmsg+0xbd/0xe0 [ 965.175982] __x64_sys_sendmmsg+0x56/0x70 [ 965.175982] do_syscall_64+0xcf/0x110 [ 965.175982] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 965.175982] [ 965.175982] Local variable description: ----iph@ip_vs_out [ 965.175982] Variable was created at: 06:05:40 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) getpid() execveat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f0000000180), 0x0) 06:05:40 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) socketpair(0x4, 0xa, 0x400, &(0x7f0000000040)) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) [ 965.175982] ip_vs_out+0x1bf/0x4570 [ 965.175982] ip_vs_local_reply6+0xec/0x130 [ 965.918117] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:41 executing program 3: r0 = socket$inet6(0xa, 0x4000ffffffff, 0x1000000004) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 966.550235] Dead loop on virtual device ip6_vti0, fix it urgently! [ 966.663850] not chained 1810000 origins [ 966.667876] CPU: 0 PID: 25532 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 966.671820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 966.671820] Call Trace: [ 966.671820] dump_stack+0x32d/0x480 [ 966.671820] kmsan_internal_chain_origin+0x222/0x240 [ 966.671820] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 966.671820] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.671820] ? save_stack_trace+0xc6/0x110 [ 966.671820] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 966.671820] ? kmsan_internal_chain_origin+0x90/0x240 [ 966.671820] ? get_stack_info+0x863/0x9d0 [ 966.671820] __msan_chain_origin+0x6d/0xd0 [ 966.671820] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.671820] __save_stack_trace+0x8be/0xc60 [ 966.671820] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.671820] save_stack_trace+0xc6/0x110 [ 966.671820] kmsan_internal_chain_origin+0x136/0x240 [ 966.671820] ? kmsan_internal_chain_origin+0x136/0x240 [ 966.754162] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] ? __msan_memcpy+0x6f/0x80 [ 966.761874] ? pskb_expand_head+0x43b/0x1d20 [ 966.761874] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ? ___sys_sendmsg+0xe68/0x1250 [ 966.761874] ? __sys_sendmmsg+0x56b/0xa90 [ 966.761874] ? __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] ? __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] ? do_syscall_64+0xcf/0x110 [ 966.761874] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] ? __msan_poison_alloca+0x1e0/0x2b0 [ 966.761874] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 966.761874] ? memcg_kmem_put_cache+0x8e/0x460 [ 966.761874] ? __msan_get_context_state+0x9/0x30 [ 966.761874] ? INIT_INT+0xc/0x30 [ 966.761874] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] ? kmsan_set_origin+0x83/0x130 [ 966.761874] ? pppol2tp_getsockopt+0x1060/0x1060 [ 966.761874] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 966.761874] ? kmsan_set_origin+0x83/0x130 [ 966.761874] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 966.761874] ? _cond_resched+0xc7/0x120 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] ? syscall_return_slowpath+0x123/0x8c0 [ 966.761874] ? put_timespec64+0x162/0x220 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] RIP: 0033:0x457569 [ 966.761874] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 966.761874] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 966.761874] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 966.761874] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 966.761874] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 966.761874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 966.761874] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Uninit was stored to memory at: [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] __msan_chain_origin+0x6d/0xd0 [ 966.761874] __save_stack_trace+0x8be/0xc60 [ 966.761874] save_stack_trace+0xc6/0x110 [ 966.761874] kmsan_internal_chain_origin+0x136/0x240 [ 966.761874] kmsan_memcpy_origins+0x13d/0x1b0 [ 966.761874] __msan_memcpy+0x6f/0x80 [ 966.761874] pskb_expand_head+0x43b/0x1d20 [ 966.761874] l2tp_xmit_skb+0x5a7/0x24b0 [ 966.761874] pppol2tp_sendmsg+0x7a6/0xba0 [ 966.761874] ___sys_sendmsg+0xe68/0x1250 [ 966.761874] __sys_sendmmsg+0x56b/0xa90 [ 966.761874] __se_sys_sendmmsg+0xbd/0xe0 [ 966.761874] __x64_sys_sendmmsg+0x56/0x70 [ 966.761874] do_syscall_64+0xcf/0x110 [ 966.761874] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 966.761874] [ 966.761874] Local variable description: ----iph@ip_vs_out [ 966.761874] Variable was created at: [ 966.761874] ip_vs_out+0x1bf/0x4570 [ 966.761874] ip_vs_local_reply6+0xec/0x130 [ 967.528310] Dead loop on virtual device ip6_vti0, fix it urgently! [ 967.657139] not chained 1820000 origins [ 967.661184] CPU: 1 PID: 25532 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 967.661812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 967.661812] Call Trace: [ 967.661812] dump_stack+0x32d/0x480 [ 967.661812] kmsan_internal_chain_origin+0x222/0x240 [ 967.661812] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] ? save_stack_trace+0xc6/0x110 [ 967.661812] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 967.661812] ? kmsan_internal_chain_origin+0x90/0x240 [ 967.661812] ? get_stack_info+0x863/0x9d0 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] ? __msan_memcpy+0x6f/0x80 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] ? __msan_memcpy+0x6f/0x80 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] ? kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] ? __msan_memcpy+0x6f/0x80 [ 967.661812] ? pskb_expand_head+0x43b/0x1d20 [ 967.661812] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ? ___sys_sendmsg+0xe68/0x1250 [ 967.661812] ? __sys_sendmmsg+0x56b/0xa90 [ 967.661812] ? __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] ? __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] ? do_syscall_64+0xcf/0x110 [ 967.661812] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] ? __msan_poison_alloca+0x1e0/0x2b0 [ 967.661812] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 967.661812] ? memcg_kmem_put_cache+0x8e/0x460 [ 967.661812] ? __msan_get_context_state+0x9/0x30 [ 967.661812] ? INIT_INT+0xc/0x30 [ 967.661812] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] ? kmsan_set_origin+0x83/0x130 [ 967.661812] ? pppol2tp_getsockopt+0x1060/0x1060 [ 967.661812] ? __msan_poison_alloca+0x1e0/0x2b0 [ 967.661812] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 967.661812] ? rcu_all_qs+0x3b/0x310 [ 967.661812] ? _cond_resched+0x59/0x120 [ 967.661812] ? rcu_all_qs+0x53/0x310 [ 967.661812] ? _cond_resched+0x37/0x120 [ 967.661812] ? __sys_sendmmsg+0x7c9/0xa90 [ 967.661812] ? _cond_resched+0x59/0x120 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] ? syscall_return_slowpath+0x123/0x8c0 [ 967.661812] ? put_timespec64+0x162/0x220 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] RIP: 0033:0x457569 [ 967.661812] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 967.661812] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 967.661812] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 967.661812] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 967.661812] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 967.661812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 967.661812] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Uninit was stored to memory at: [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] __msan_chain_origin+0x6d/0xd0 [ 967.661812] __save_stack_trace+0x8be/0xc60 [ 967.661812] save_stack_trace+0xc6/0x110 [ 967.661812] kmsan_internal_chain_origin+0x136/0x240 [ 967.661812] kmsan_memcpy_origins+0x13d/0x1b0 [ 967.661812] __msan_memcpy+0x6f/0x80 [ 967.661812] pskb_expand_head+0x43b/0x1d20 [ 967.661812] l2tp_xmit_skb+0x5a7/0x24b0 [ 967.661812] pppol2tp_sendmsg+0x7a6/0xba0 [ 967.661812] ___sys_sendmsg+0xe68/0x1250 [ 967.661812] __sys_sendmmsg+0x56b/0xa90 [ 967.661812] __se_sys_sendmmsg+0xbd/0xe0 [ 967.661812] __x64_sys_sendmmsg+0x56/0x70 [ 967.661812] do_syscall_64+0xcf/0x110 [ 967.661812] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 967.661812] [ 967.661812] Local variable description: ----iph@ip_vs_out [ 967.661812] Variable was created at: [ 967.661812] ip_vs_out+0x1bf/0x4570 [ 967.661812] ip_vs_local_reply6+0xec/0x130 [ 968.532569] Dead loop on virtual device ip6_vti0, fix it urgently! [ 968.591039] not chained 1830000 origins [ 968.591807] CPU: 1 PID: 25532 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 968.591807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.591807] Call Trace: [ 968.591807] dump_stack+0x32d/0x480 [ 968.591807] kmsan_internal_chain_origin+0x222/0x240 [ 968.591807] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] ? save_stack_trace+0xc6/0x110 [ 968.591807] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 968.591807] ? kmsan_internal_chain_origin+0x90/0x240 [ 968.591807] ? get_stack_info+0x863/0x9d0 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.591807] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.591807] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] ? kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] ? __msan_memcpy+0x6f/0x80 [ 968.591807] ? pskb_expand_head+0x43b/0x1d20 [ 968.591807] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] ? ___sys_sendmsg+0xe68/0x1250 [ 968.591807] ? __sys_sendmmsg+0x56b/0xa90 [ 968.591807] ? __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] ? __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] ? do_syscall_64+0xcf/0x110 [ 968.591807] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] ? __msan_poison_alloca+0x1e0/0x2b0 [ 968.591807] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 968.591807] ? memcg_kmem_put_cache+0x8e/0x460 [ 968.591807] ? __msan_get_context_state+0x9/0x30 [ 968.591807] ? INIT_INT+0xc/0x30 [ 968.591807] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.591807] ? kmsan_set_origin+0x83/0x130 [ 968.591807] ? pppol2tp_getsockopt+0x1060/0x1060 [ 968.591807] ? __msan_poison_alloca+0x1e0/0x2b0 [ 968.591807] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 968.591807] ? rcu_all_qs+0x3b/0x310 [ 968.591807] ? _cond_resched+0x59/0x120 [ 968.591807] ? rcu_all_qs+0x53/0x310 [ 968.591807] ? _cond_resched+0x37/0x120 [ 968.591807] ? __sys_sendmmsg+0x7c9/0xa90 [ 968.591807] ? _cond_resched+0x59/0x120 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.591807] ? syscall_return_slowpath+0x123/0x8c0 [ 968.591807] ? put_timespec64+0x162/0x220 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] RIP: 0033:0x457569 [ 968.591807] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 968.591807] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 968.591807] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 968.591807] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 968.591807] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 968.591807] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 968.591807] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 968.591807] Uninit was stored to memory at: [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.939280] not chained 1840000 origins [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] CPU: 0 PID: 25591 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] Call Trace: [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] dump_stack+0x32d/0x480 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] kmsan_internal_chain_origin+0x222/0x240 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] ? save_stack_trace+0xc6/0x110 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] ? kmsan_internal_chain_origin+0x90/0x240 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] ? get_stack_info+0x863/0x9d0 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] __msan_chain_origin+0x6d/0xd0 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] ? ___sys_sendmsg+0xe68/0x1250 [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] __save_stack_trace+0x8be/0xc60 [ 968.591807] [ 968.941879] ? ___sys_sendmsg+0xe68/0x1250 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] save_stack_trace+0xc6/0x110 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] ? kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] ? __msan_memcpy+0x6f/0x80 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] ? pskb_expand_head+0x43b/0x1d20 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] ? ___sys_sendmsg+0xe68/0x1250 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] ? __sys_sendmmsg+0x56b/0xa90 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] ? __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] ? __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] ? do_syscall_64+0xcf/0x110 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] ? __msan_poison_alloca+0x1e0/0x2b0 [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 968.591807] [ 968.941879] ? memcg_kmem_put_cache+0x8e/0x460 [ 968.591807] Uninit was stored to memory at: [ 968.941879] ? __msan_get_context_state+0x9/0x30 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] ? INIT_INT+0xc/0x30 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.941879] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] __msan_memcpy+0x6f/0x80 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] pskb_expand_head+0x43b/0x1d20 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] ___sys_sendmsg+0xe68/0x1250 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] ? pppol2tp_getsockopt+0x1060/0x1060 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] ? __msan_poison_alloca+0x1e0/0x2b0 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] ? rcu_all_qs+0x3b/0x310 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] ? _cond_resched+0x59/0x120 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] ? rcu_all_qs+0x53/0x310 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] ? _cond_resched+0x37/0x120 [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] ? __sys_sendmmsg+0x7c9/0xa90 [ 968.591807] [ 968.941879] ? _cond_resched+0x59/0x120 [ 968.591807] Uninit was stored to memory at: [ 968.941879] __sys_sendmmsg+0x56b/0xa90 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] ? syscall_return_slowpath+0x123/0x8c0 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.941879] ? put_timespec64+0x162/0x220 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] do_syscall_64+0xcf/0x110 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] RIP: 0033:0x457569 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] RSP: 002b:00007f8c33c90c78 EFLAGS: 00000246 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] ORIG_RAX: 0000000000000133 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] RBP: 000000000072c180 R08: 0000000000000000 R09: 0000000000000000 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33c916d4 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] Uninit was stored to memory at: [ 968.591807] [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] Uninit was stored to memory at: [ 968.941879] __msan_chain_origin+0x6d/0xd0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] __save_stack_trace+0x8be/0xc60 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.941879] save_stack_trace+0xc6/0x110 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] __msan_memcpy+0x6f/0x80 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] pskb_expand_head+0x43b/0x1d20 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] ___sys_sendmsg+0xe68/0x1250 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] __sys_sendmmsg+0x56b/0xa90 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] do_syscall_64+0xcf/0x110 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] [ 968.941879] __msan_chain_origin+0x6d/0xd0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] __save_stack_trace+0x8be/0xc60 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.941879] save_stack_trace+0xc6/0x110 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] __msan_memcpy+0x6f/0x80 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] pskb_expand_head+0x43b/0x1d20 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] ___sys_sendmsg+0xe68/0x1250 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] __sys_sendmmsg+0x56b/0xa90 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] do_syscall_64+0xcf/0x110 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] Uninit was stored to memory at: [ 968.591807] [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] Uninit was stored to memory at: [ 968.941879] __msan_chain_origin+0x6d/0xd0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] __save_stack_trace+0x8be/0xc60 [ 968.591807] __msan_chain_origin+0x6d/0xd0 [ 968.941879] save_stack_trace+0xc6/0x110 [ 968.591807] __save_stack_trace+0x8be/0xc60 [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] save_stack_trace+0xc6/0x110 [ 968.941879] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.591807] kmsan_internal_chain_origin+0x136/0x240 [ 968.941879] __msan_memcpy+0x6f/0x80 [ 968.591807] kmsan_memcpy_origins+0x13d/0x1b0 [ 968.941879] pskb_expand_head+0x43b/0x1d20 [ 968.591807] __msan_memcpy+0x6f/0x80 [ 968.941879] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.591807] pskb_expand_head+0x43b/0x1d20 [ 968.941879] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.591807] l2tp_xmit_skb+0x5a7/0x24b0 [ 968.941879] ___sys_sendmsg+0xe68/0x1250 [ 968.591807] pppol2tp_sendmsg+0x7a6/0xba0 [ 968.941879] __sys_sendmmsg+0x56b/0xa90 [ 968.591807] ___sys_sendmsg+0xe68/0x1250 [ 968.941879] __se_sys_sendmmsg+0xbd/0xe0 [ 968.591807] __sys_sendmmsg+0x56b/0xa90 [ 968.941879] __x64_sys_sendmmsg+0x56/0x70 [ 968.591807] __se_sys_sendmmsg+0xbd/0xe0 [ 968.941879] do_syscall_64+0xcf/0x110 [ 968.591807] __x64_sys_sendmmsg+0x56/0x70 [ 968.941879] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.591807] do_syscall_64+0xcf/0x110 [ 968.941879] [ 968.591807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 968.941879] kmsan_internal_chain_origin+0x136/0x240 [ 968.591807] [ 968.941879] __msan_chain_origin+0x6d/0xd0 [ 969.993416] __save_stack_trace+0x8be/0xc60 [ 969.993416] save_stack_trace+0xc6/0x110 [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] kmsan_memcpy_origins+0x13d/0x1b0 [ 969.993416] __msan_memcpy+0x6f/0x80 [ 969.993416] pskb_expand_head+0x43b/0x1d20 [ 969.993416] l2tp_xmit_skb+0x5a7/0x24b0 [ 969.993416] pppol2tp_sendmsg+0x7a6/0xba0 [ 969.993416] ___sys_sendmsg+0xe68/0x1250 [ 969.993416] __sys_sendmmsg+0x56b/0xa90 [ 969.993416] __se_sys_sendmmsg+0xbd/0xe0 [ 969.993416] __x64_sys_sendmmsg+0x56/0x70 [ 969.993416] do_syscall_64+0xcf/0x110 [ 969.993416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 969.993416] [ 969.993416] Uninit was stored to memory at: [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] __msan_chain_origin+0x6d/0xd0 [ 969.993416] __save_stack_trace+0x8be/0xc60 [ 969.993416] save_stack_trace+0xc6/0x110 [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] kmsan_memcpy_origins+0x13d/0x1b0 [ 969.993416] __msan_memcpy+0x6f/0x80 [ 969.993416] pskb_expand_head+0x43b/0x1d20 [ 969.993416] l2tp_xmit_skb+0x5a7/0x24b0 [ 969.993416] pppol2tp_sendmsg+0x7a6/0xba0 [ 969.993416] ___sys_sendmsg+0xe68/0x1250 [ 969.993416] __sys_sendmmsg+0x56b/0xa90 [ 969.993416] __se_sys_sendmmsg+0xbd/0xe0 [ 969.993416] __x64_sys_sendmmsg+0x56/0x70 [ 969.993416] do_syscall_64+0xcf/0x110 [ 969.993416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 969.993416] [ 969.993416] Uninit was stored to memory at: [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] __msan_chain_origin+0x6d/0xd0 [ 969.993416] __save_stack_trace+0x8be/0xc60 [ 969.993416] save_stack_trace+0xc6/0x110 [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] kmsan_memcpy_origins+0x13d/0x1b0 [ 969.993416] __msan_memcpy+0x6f/0x80 [ 969.993416] pskb_expand_head+0x43b/0x1d20 [ 969.993416] l2tp_xmit_skb+0x5a7/0x24b0 [ 969.993416] pppol2tp_sendmsg+0x7a6/0xba0 [ 969.993416] ___sys_sendmsg+0xe68/0x1250 [ 969.993416] __sys_sendmmsg+0x56b/0xa90 [ 969.993416] __se_sys_sendmmsg+0xbd/0xe0 [ 969.993416] __x64_sys_sendmmsg+0x56/0x70 [ 969.993416] do_syscall_64+0xcf/0x110 [ 969.993416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 969.993416] [ 969.993416] Uninit was stored to memory at: [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] __msan_chain_origin+0x6d/0xd0 [ 969.993416] __save_stack_trace+0x8be/0xc60 [ 969.993416] save_stack_trace+0xc6/0x110 [ 969.993416] kmsan_internal_chain_origin+0x136/0x240 [ 969.993416] kmsan_memcpy_origins+0x13d/0x1b0 [ 969.993416] __msan_memcpy+0x6f/0x80 [ 969.993416] pskb_expand_head+0x43b/0x1d20 [ 969.993416] l2tp_xmit_skb+0x5a7/0x24b0 [ 969.993416] pppol2tp_sendmsg+0x7a6/0xba0 [ 969.993416] ___sys_sendmsg+0xe68/0x1250 [ 969.993416] __sys_sendmmsg+0x56b/0xa90 [ 969.993416] __se_sys_sendmmsg+0xbd/0xe0 [ 969.993416] __x64_sys_sendmmsg+0x56/0x70 [ 969.993416] do_syscall_64+0xcf/0x110 [ 969.993416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 969.993416] [ 969.993416] Local variable description: ----iph@ip_vs_out [ 969.993416] Variable was created at: [ 969.993416] ip_vs_out+0x1bf/0x4570 [ 969.993416] ip_vs_local_reply6+0xec/0x130 [ 970.300534] Dead loop on virtual device ip6_vti0, fix it urgently! [ 970.365642] not chained 1850000 origins [ 970.369657] CPU: 0 PID: 25591 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 970.371825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 970.371825] Call Trace: [ 970.371825] dump_stack+0x32d/0x480 [ 970.371825] kmsan_internal_chain_origin+0x222/0x240 [ 970.371825] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] ? save_stack_trace+0xc6/0x110 [ 970.371825] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 970.371825] ? kmsan_internal_chain_origin+0x90/0x240 [ 970.371825] ? get_stack_info+0x863/0x9d0 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] __save_stack_trace+0x833/0xc60 [ 970.371825] ? save_stack_trace+0xc6/0x110 [ 970.371825] save_stack_trace+0xc6/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] ? kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] ? __msan_memcpy+0x6f/0x80 [ 970.371825] ? pskb_expand_head+0x43b/0x1d20 [ 970.371825] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ? ___sys_sendmsg+0xe68/0x1250 [ 970.371825] ? __sys_sendmmsg+0x56b/0xa90 [ 970.371825] ? __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] ? __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] ? do_syscall_64+0xcf/0x110 [ 970.371825] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] ? __msan_poison_alloca+0x1e0/0x2b0 [ 970.371825] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 970.371825] ? memcg_kmem_put_cache+0x8e/0x460 [ 970.371825] ? __msan_get_context_state+0x9/0x30 [ 970.371825] ? INIT_INT+0xc/0x30 [ 970.371825] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] ? pppol2tp_getsockopt+0x1060/0x1060 [ 970.371825] ? __msan_poison_alloca+0x1e0/0x2b0 [ 970.371825] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 970.371825] ? rcu_all_qs+0x3b/0x310 [ 970.371825] ? _cond_resched+0x59/0x120 [ 970.371825] ? rcu_all_qs+0x53/0x310 [ 970.371825] ? _cond_resched+0x37/0x120 [ 970.371825] ? __sys_sendmmsg+0x7c9/0xa90 [ 970.371825] ? _cond_resched+0x59/0x120 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] ? syscall_return_slowpath+0x123/0x8c0 [ 970.371825] ? put_timespec64+0x162/0x220 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] RIP: 0033:0x457569 [ 970.371825] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 970.371825] RSP: 002b:00007f8c33c90c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 970.371825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 970.371825] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 970.371825] RBP: 000000000072c180 R08: 0000000000000000 R09: 0000000000000000 [ 970.371825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33c916d4 [ 970.371825] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] save_stack_trace+0xfa/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] __save_stack_trace+0x833/0xc60 [ 970.371825] save_stack_trace+0xc6/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] save_stack_trace+0xfa/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] __save_stack_trace+0x833/0xc60 [ 970.371825] save_stack_trace+0xc6/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] save_stack_trace+0xfa/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] __save_stack_trace+0x833/0xc60 [ 970.371825] save_stack_trace+0xc6/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Uninit was stored to memory at: [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] __msan_chain_origin+0x6d/0xd0 [ 970.371825] save_stack_trace+0xfa/0x110 [ 970.371825] kmsan_internal_chain_origin+0x136/0x240 [ 970.371825] kmsan_memcpy_origins+0x13d/0x1b0 [ 970.371825] __msan_memcpy+0x6f/0x80 [ 970.371825] pskb_expand_head+0x43b/0x1d20 [ 970.371825] l2tp_xmit_skb+0x5a7/0x24b0 [ 970.371825] pppol2tp_sendmsg+0x7a6/0xba0 [ 970.371825] ___sys_sendmsg+0xe68/0x1250 [ 970.371825] __sys_sendmmsg+0x56b/0xa90 [ 970.371825] __se_sys_sendmmsg+0xbd/0xe0 [ 970.371825] __x64_sys_sendmmsg+0x56/0x70 [ 970.371825] do_syscall_64+0xcf/0x110 [ 970.371825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 970.371825] [ 970.371825] Local variable description: ----iph@ip_vs_out [ 970.371825] Variable was created at: [ 970.371825] ip_vs_out+0x1bf/0x4570 [ 970.371825] ip_vs_local_reply6+0xec/0x130 [ 971.216923] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:46 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x100, 0x0) getdents(r2, &(0x7f0000000400)=""/129, 0x81) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@rand_addr, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000001c0)={@dev={0xfe, 0x80, [], 0x1e}, 0xd, r3}) r4 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x7, 0x4840) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x40}) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f00000000c0)=@generic={0x0, 0x2, 0x7}) ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f00000004c0)) 06:05:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000002c0), &(0x7f0000000340)=0x4) 06:05:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f0000000000)={0xa, 0x4e20, 0x800, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:46 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001fe8)) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:46 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)={0xa, 0x2, 0x914, 0x4000000005, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f0000000440)}, 0x20) 06:05:46 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x8c) 06:05:46 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) userfaultfd(0x80001) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="4eec44a7c13780cbd48b7d89c2a3bc94b87d40e0955351cadeb84a56da564a9057375c5aceada00ebafb55fab6b3c8819d0115aff2dfe7885ccbfe1cf2578bd4afe9112301fed5c28bb4232fa9c66e1290d200564723766ec1ff486d5e9979e7fd69b473e761941753f493354e00"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000002c0), &(0x7f0000000340)=0x4) 06:05:48 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) 06:05:48 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000dc9ff0)={0x2, 0x4e20, @broadcast}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) sendto$inet(r0, &(0x7f0000000100), 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000280)="f0", 0x1, 0x400b51d, 0x0, 0x0) 06:05:48 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000002c0), &(0x7f0000000340)=0x4) 06:05:48 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000180)="61dd9b7e", 0x4) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) sendto$inet6(r1, &(0x7f00000000c0), 0x246, 0x0, &(0x7f0000005fe4)={0xa, 0x0, 0x100000002, @mcast2}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:05:48 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) accept(r1, &(0x7f00000000c0)=@hci, &(0x7f0000000000)=0x80) 06:05:48 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:05:48 executing program 4: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) 06:05:49 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x800, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000080)=0x7) 06:05:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) 06:05:49 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:05:49 executing program 4: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:49 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0x72c, 0x4) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b0f46b0438ec979abf7e644da70939a24d592e3d7ae21a6bdc7d3db9df95525c93d14694bce724a7bd5387378fe7d602ea02ca26847b0655ad33f452113621afa838160cd8e912a41b85b9262153564fb0f5336958fbf164bb8ebd46c5e9a2d6e6549e469a98afddb6efc687d7e3025cf1d3e5b2a15146795ed8349b26e09f52aee2e6"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000001c0)={0x0, 0x2}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000240)={r3, 0x4}, &(0x7f0000000280)=0x8) [ 974.245533] Dead loop on virtual device ip6_vti0, fix it urgently! [ 974.284840] Dead loop on virtual device ip6_vti0, fix it urgently! [ 974.336677] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:49 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 974.398238] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) [ 974.549107] not chained 1860000 origins [ 974.551816] CPU: 1 PID: 25667 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 974.551816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 974.562215] Call Trace: [ 974.562215] dump_stack+0x32d/0x480 [ 974.562215] kmsan_internal_chain_origin+0x222/0x240 [ 974.577475] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 974.577475] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 974.577475] ? save_stack_trace+0xc6/0x110 [ 974.577475] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 974.577475] ? kmsan_internal_chain_origin+0x90/0x240 [ 974.577475] ? get_stack_info+0x863/0x9d0 [ 974.577475] __msan_chain_origin+0x6d/0xd0 [ 974.612032] ? __x64_sys_sendmmsg+0x56/0x70 [ 974.612032] __save_stack_trace+0x8be/0xc60 [ 974.612032] ? __x64_sys_sendmmsg+0x56/0x70 [ 974.612032] save_stack_trace+0xc6/0x110 [ 974.612032] kmsan_internal_chain_origin+0x136/0x240 [ 974.612032] ? kmsan_internal_chain_origin+0x136/0x240 [ 974.612032] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 974.645171] ? __msan_memcpy+0x6f/0x80 [ 974.645171] ? pskb_expand_head+0x43b/0x1d20 [ 974.645171] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 974.645171] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 974.645171] ? ___sys_sendmsg+0xe68/0x1250 [ 974.645171] ? __sys_sendmmsg+0x56b/0xa90 [ 974.645171] ? __se_sys_sendmmsg+0xbd/0xe0 [ 974.645171] ? __x64_sys_sendmmsg+0x56/0x70 [ 974.645171] ? do_syscall_64+0xcf/0x110 [ 974.682026] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 974.682026] ? __msan_poison_alloca+0x1e0/0x2b0 [ 974.682026] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 974.695949] ? memcg_kmem_put_cache+0x8e/0x460 [ 974.695949] ? __msan_get_context_state+0x9/0x30 [ 974.695949] ? INIT_INT+0xc/0x30 [ 974.695949] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 974.695949] kmsan_memcpy_origins+0x13d/0x1b0 [ 974.721171] __msan_memcpy+0x6f/0x80 [ 974.721171] pskb_expand_head+0x43b/0x1d20 [ 974.721171] l2tp_xmit_skb+0x5a7/0x24b0 [ 974.721171] pppol2tp_sendmsg+0x7a6/0xba0 [ 974.721171] ___sys_sendmsg+0xe68/0x1250 [ 974.743077] ? pppol2tp_getsockopt+0x1060/0x1060 [ 974.743077] ? __msan_poison_alloca+0x1e0/0x2b0 [ 974.743077] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 974.743077] ? rcu_all_qs+0x3b/0x310 [ 974.743077] ? _cond_resched+0x59/0x120 [ 974.763568] ? rcu_all_qs+0x53/0x310 [ 974.763568] ? _cond_resched+0x37/0x120 [ 974.763568] ? __sys_sendmmsg+0x7c9/0xa90 [ 974.763568] ? _cond_resched+0x59/0x120 [ 974.763568] __sys_sendmmsg+0x56b/0xa90 [ 974.763568] ? syscall_return_slowpath+0x123/0x8c0 [ 974.763568] ? put_timespec64+0x162/0x220 [ 974.763568] __se_sys_sendmmsg+0xbd/0xe0 [ 974.763568] __x64_sys_sendmmsg+0x56/0x70 [ 974.763568] do_syscall_64+0xcf/0x110 [ 974.763568] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 974.763568] RIP: 0033:0x457569 [ 974.763568] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 974.763568] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 974.763568] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 974.845876] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 974.845876] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 974.845876] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 974.845876] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 974.845876] Uninit was stored to memory at: [ 974.882031] kmsan_internal_chain_origin+0x136/0x240 [ 974.882031] __msan_chain_origin+0x6d/0xd0 [ 974.882031] __save_stack_trace+0x8be/0xc60 [ 974.882031] save_stack_trace+0xc6/0x110 [ 974.882031] kmsan_internal_chain_origin+0x136/0x240 [ 974.882031] kmsan_memcpy_origins+0x13d/0x1b0 [ 974.882031] __msan_memcpy+0x6f/0x80 [ 974.882031] pskb_expand_head+0x43b/0x1d20 [ 974.882031] l2tp_xmit_skb+0x5a7/0x24b0 [ 974.882031] pppol2tp_sendmsg+0x7a6/0xba0 [ 974.882031] ___sys_sendmsg+0xe68/0x1250 [ 974.882031] __sys_sendmmsg+0x56b/0xa90 [ 974.882031] __se_sys_sendmmsg+0xbd/0xe0 [ 974.882031] __x64_sys_sendmmsg+0x56/0x70 [ 974.882031] do_syscall_64+0xcf/0x110 06:05:49 executing program 2: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x4003ff) write$cgroup_type(r0, &(0x7f0000000240)='threaded\x00', 0xf96d) fallocate(r0, 0x3, 0x7fff, 0x8001) fallocate(r0, 0x3, 0x5e89, 0xfff9) 06:05:49 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='yam0\x00', 0xfffffffffffffe66) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e21, @rand_addr=0x8}], 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000100)=ANY=[@ANYBLOB="e26d53ff9d66ee6c1a992b6d0ba54d31b9241e8bdc79a683c3749f9b418d22d443612d2dfdc1c39230084ccd28b653ed9e0bda8d1688ceec0a24f3291051a5ccc4daefd0"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 974.882031] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 974.952060] [ 974.952060] Uninit was stored to memory at: [ 974.952060] kmsan_internal_chain_origin+0x136/0x240 [ 974.952060] __msan_chain_origin+0x6d/0xd0 [ 974.952060] __save_stack_trace+0x8be/0xc60 [ 974.952060] save_stack_trace+0xc6/0x110 [ 974.975898] kmsan_internal_chain_origin+0x136/0x240 [ 974.980930] kmsan_memcpy_origins+0x13d/0x1b0 [ 974.980930] __msan_memcpy+0x6f/0x80 [ 974.980930] pskb_expand_head+0x43b/0x1d20 [ 974.980930] l2tp_xmit_skb+0x5a7/0x24b0 [ 974.980930] pppol2tp_sendmsg+0x7a6/0xba0 [ 974.980930] ___sys_sendmsg+0xe68/0x1250 [ 974.980930] __sys_sendmmsg+0x56b/0xa90 [ 974.980930] __se_sys_sendmmsg+0xbd/0xe0 [ 974.980930] __x64_sys_sendmmsg+0x56/0x70 [ 974.980930] do_syscall_64+0xcf/0x110 [ 975.022028] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 975.022028] [ 975.022028] Uninit was stored to memory at: [ 975.022028] kmsan_internal_chain_origin+0x136/0x240 [ 975.022028] __msan_chain_origin+0x6d/0xd0 [ 975.022028] __save_stack_trace+0x8be/0xc60 [ 975.022028] save_stack_trace+0xc6/0x110 [ 975.022028] kmsan_internal_chain_origin+0x136/0x240 [ 975.022028] kmsan_memcpy_origins+0x13d/0x1b0 [ 975.022028] __msan_memcpy+0x6f/0x80 [ 975.022028] pskb_expand_head+0x43b/0x1d20 [ 975.022028] l2tp_xmit_skb+0x5a7/0x24b0 [ 975.022028] pppol2tp_sendmsg+0x7a6/0xba0 [ 975.022028] ___sys_sendmsg+0xe68/0x1250 [ 975.022028] __sys_sendmmsg+0x56b/0xa90 [ 975.022028] __se_sys_sendmmsg+0xbd/0xe0 [ 975.022028] __x64_sys_sendmmsg+0x56/0x70 [ 975.091961] do_syscall_64+0xcf/0x110 [ 975.091961] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 975.091961] [ 975.091961] Uninit was stored to memory at: [ 975.091961] kmsan_internal_chain_origin+0x136/0x240 [ 975.112258] __msan_chain_origin+0x6d/0xd0 [ 975.112258] __save_stack_trace+0x8be/0xc60 [ 975.112258] save_stack_trace+0xc6/0x110 [ 975.112258] kmsan_internal_chain_origin+0x136/0x240 [ 975.112258] kmsan_memcpy_origins+0x13d/0x1b0 [ 975.112258] __msan_memcpy+0x6f/0x80 [ 975.112258] pskb_expand_head+0x43b/0x1d20 [ 975.112258] l2tp_xmit_skb+0x5a7/0x24b0 [ 975.112258] pppol2tp_sendmsg+0x7a6/0xba0 [ 975.112258] ___sys_sendmsg+0xe68/0x1250 [ 975.112258] __sys_sendmmsg+0x56b/0xa90 [ 975.112258] __se_sys_sendmmsg+0xbd/0xe0 [ 975.112258] __x64_sys_sendmmsg+0x56/0x70 [ 975.112258] do_syscall_64+0xcf/0x110 [ 975.171296] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 975.171296] [ 975.171296] Uninit was stored to memory at: [ 975.171296] kmsan_internal_chain_origin+0x136/0x240 [ 975.171296] __msan_chain_origin+0x6d/0xd0 [ 975.171296] __save_stack_trace+0x8be/0xc60 [ 975.171296] save_stack_trace+0xc6/0x110 [ 975.171296] kmsan_internal_chain_origin+0x136/0x240 [ 975.171296] kmsan_memcpy_origins+0x13d/0x1b0 [ 975.171296] __msan_memcpy+0x6f/0x80 [ 975.171296] pskb_expand_head+0x43b/0x1d20 [ 975.171296] l2tp_xmit_skb+0x5a7/0x24b0 [ 975.171296] pppol2tp_sendmsg+0x7a6/0xba0 [ 975.171296] ___sys_sendmsg+0xe68/0x1250 [ 975.171296] __sys_sendmmsg+0x56b/0xa90 [ 975.171296] __se_sys_sendmmsg+0xbd/0xe0 [ 975.171296] __x64_sys_sendmmsg+0x56/0x70 [ 975.171296] do_syscall_64+0xcf/0x110 [ 975.171296] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 975.171296] [ 975.171296] Uninit was stored to memory at: [ 975.171296] kmsan_internal_chain_origin+0x136/0x240 [ 975.171296] __msan_chain_origin+0x6d/0xd0 [ 975.171296] __save_stack_trace+0x8be/0xc60 [ 975.171296] save_stack_trace+0xc6/0x110 [ 975.171296] kmsan_internal_chain_origin+0x136/0x240 [ 975.171296] kmsan_memcpy_origins+0x13d/0x1b0 [ 975.171296] __msan_memcpy+0x6f/0x80 [ 975.171296] pskb_expand_head+0x43b/0x1d20 [ 975.292004] l2tp_xmit_skb+0x5a7/0x24b0 [ 975.292004] pppol2tp_sendmsg+0x7a6/0xba0 06:05:50 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) accept$alg(r0, 0x0, 0x0) [ 975.292004] ___sys_sendmsg+0xe68/0x1250 [ 975.292004] __sys_sendmmsg+0x56b/0xa90 [ 975.292004] __se_sys_sendmmsg+0xbd/0xe0 [ 975.292004] __x64_sys_sendmmsg+0x56/0x70 [ 975.292004] do_syscall_64+0xcf/0x110 [ 975.292004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 975.292004] [ 975.292004] Uninit was stored to memory at: [ 975.292004] kmsan_internal_chain_origin+0x136/0x240 [ 975.292004] __msan_chain_origin+0x6d/0xd0 [ 975.292004] __save_stack_trace+0x8be/0xc60 [ 975.292004] save_stack_trace+0xc6/0x110 06:05:50 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 975.292004] kmsan_internal_chain_origin+0x136/0x240 [ 975.292004] kmsan_memcpy_origins+0x13d/0x1b0 [ 975.292004] __msan_memcpy+0x6f/0x80 [ 975.292004] pskb_expand_head+0x43b/0x1d20 [ 975.368930] l2tp_xmit_skb+0x5a7/0x24b0 [ 975.368930] pppol2tp_sendmsg+0x7a6/0xba0 [ 975.368930] ___sys_sendmsg+0xe68/0x1250 [ 975.368930] __sys_sendmmsg+0x56b/0xa90 [ 975.368930] __se_sys_sendmmsg+0xbd/0xe0 [ 975.368930] __x64_sys_sendmmsg+0x56/0x70 [ 975.368930] do_syscall_64+0xcf/0x110 [ 975.397333] entry_SYSCALL_64_after_hwframe+0x63/0xe7 06:05:50 executing program 4: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 975.397333] [ 975.397333] Local variable description: ----iph@ip_vs_out [ 975.397333] Variable was created at: [ 975.397333] ip_vs_out+0x1bf/0x4570 [ 975.397333] ip_vs_local_reply6+0xec/0x130 [ 975.422788] Dead loop on virtual device ip6_vti0, fix it urgently! [ 975.929394] not chained 1870000 origins [ 975.931827] CPU: 0 PID: 25667 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 975.931827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 975.946045] Call Trace: [ 975.946045] dump_stack+0x32d/0x480 [ 975.946045] kmsan_internal_chain_origin+0x222/0x240 [ 975.956792] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 975.956792] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 975.956792] ? save_stack_trace+0xc6/0x110 [ 975.956792] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 975.956792] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 975.982372] ? get_stack_info+0x863/0x9d0 [ 975.982372] __msan_chain_origin+0x6d/0xd0 [ 975.982372] ? kmsan_internal_chain_origin+0x136/0x240 [ 975.982372] __save_stack_trace+0x8be/0xc60 [ 975.982372] ? kmsan_internal_chain_origin+0x136/0x240 [ 975.982372] save_stack_trace+0xc6/0x110 [ 975.982372] kmsan_internal_chain_origin+0x136/0x240 [ 976.017804] ? kmsan_internal_chain_origin+0x136/0x240 [ 976.021053] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 976.021053] ? __msan_memcpy+0x6f/0x80 [ 976.021053] ? pskb_expand_head+0x43b/0x1d20 [ 976.021053] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 976.021053] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 976.021053] ? ___sys_sendmsg+0xe68/0x1250 [ 976.021053] ? __sys_sendmmsg+0x56b/0xa90 [ 976.021053] ? __se_sys_sendmmsg+0xbd/0xe0 [ 976.021053] ? __x64_sys_sendmmsg+0x56/0x70 [ 976.021053] ? do_syscall_64+0xcf/0x110 [ 976.021053] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.021053] ? __msan_poison_alloca+0x1e0/0x2b0 [ 976.021053] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 976.021053] ? memcg_kmem_put_cache+0x8e/0x460 [ 976.021053] ? __msan_get_context_state+0x9/0x30 [ 976.090257] ? INIT_INT+0xc/0x30 [ 976.094144] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 976.099326] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.103325] __msan_memcpy+0x6f/0x80 [ 976.107206] pskb_expand_head+0x43b/0x1d20 [ 976.112375] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.116256] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.120177] ___sys_sendmsg+0xe68/0x1250 [ 976.124055] ? pppol2tp_getsockopt+0x1060/0x1060 [ 976.129232] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 976.134389] ? kmsan_set_origin+0x83/0x130 [ 976.138264] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 976.143446] ? _cond_resched+0xc7/0x120 [ 976.147325] __sys_sendmmsg+0x56b/0xa90 [ 976.152494] ? syscall_return_slowpath+0x123/0x8c0 [ 976.156375] ? put_timespec64+0x162/0x220 [ 976.161522] __se_sys_sendmmsg+0xbd/0xe0 [ 976.165409] __x64_sys_sendmmsg+0x56/0x70 [ 976.169294] do_syscall_64+0xcf/0x110 [ 976.173345] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.178549] RIP: 0033:0x457569 [ 976.181131] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 976.200614] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 976.208498] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 976.214944] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 976.222751] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 976.230505] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 976.237069] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 976.244887] Uninit was stored to memory at: [ 976.248785] kmsan_internal_chain_origin+0x136/0x240 [ 976.253996] __msan_chain_origin+0x6d/0xd0 [ 976.257908] __save_stack_trace+0x8be/0xc60 [ 976.263117] save_stack_trace+0xc6/0x110 [ 976.266974] kmsan_internal_chain_origin+0x136/0x240 [ 976.272115] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.276008] __msan_memcpy+0x6f/0x80 [ 976.279884] pskb_expand_head+0x43b/0x1d20 [ 976.283759] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.287642] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.292810] ___sys_sendmsg+0xe68/0x1250 [ 976.296678] __sys_sendmmsg+0x56b/0xa90 [ 976.300542] __se_sys_sendmmsg+0xbd/0xe0 [ 976.304524] __x64_sys_sendmmsg+0x56/0x70 [ 976.308420] do_syscall_64+0xcf/0x110 [ 976.312292] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.317451] [ 976.318748] Uninit was stored to memory at: [ 976.323906] kmsan_internal_chain_origin+0x136/0x240 [ 976.329062] __msan_chain_origin+0x6d/0xd0 [ 976.332938] __save_stack_trace+0x8be/0xc60 [ 976.336814] save_stack_trace+0xc6/0x110 [ 976.340681] kmsan_internal_chain_origin+0x136/0x240 [ 976.345925] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.351070] __msan_memcpy+0x6f/0x80 [ 976.354956] pskb_expand_head+0x43b/0x1d20 [ 976.358828] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.362707] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.366577] ___sys_sendmsg+0xe68/0x1250 [ 976.370456] __sys_sendmmsg+0x56b/0xa90 [ 976.375620] __se_sys_sendmmsg+0xbd/0xe0 [ 976.379491] __x64_sys_sendmmsg+0x56/0x70 [ 976.383406] do_syscall_64+0xcf/0x110 [ 976.387280] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.392438] [ 976.393732] Uninit was stored to memory at: [ 976.397604] kmsan_internal_chain_origin+0x136/0x240 [ 976.402793] __msan_chain_origin+0x6d/0xd0 [ 976.407948] __save_stack_trace+0x8be/0xc60 [ 976.411920] save_stack_trace+0xc6/0x110 [ 976.415692] kmsan_internal_chain_origin+0x136/0x240 [ 976.420852] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.425990] __msan_memcpy+0x6f/0x80 [ 976.429863] pskb_expand_head+0x43b/0x1d20 [ 976.433740] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.437605] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.441474] ___sys_sendmsg+0xe68/0x1250 [ 976.445349] __sys_sendmmsg+0x56b/0xa90 [ 976.449228] __se_sys_sendmmsg+0xbd/0xe0 [ 976.454379] __x64_sys_sendmmsg+0x56/0x70 [ 976.458256] do_syscall_64+0xcf/0x110 [ 976.462107] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.467274] [ 976.468560] Uninit was stored to memory at: [ 976.473730] kmsan_internal_chain_origin+0x136/0x240 [ 976.478888] __msan_chain_origin+0x6d/0xd0 [ 976.482765] __save_stack_trace+0x8be/0xc60 [ 976.486636] save_stack_trace+0xc6/0x110 [ 976.490518] kmsan_internal_chain_origin+0x136/0x240 [ 976.495683] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.500838] __msan_memcpy+0x6f/0x80 [ 976.504694] pskb_expand_head+0x43b/0x1d20 [ 976.508568] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.512438] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.516309] ___sys_sendmsg+0xe68/0x1250 [ 976.520190] __sys_sendmmsg+0x56b/0xa90 [ 976.525339] __se_sys_sendmmsg+0xbd/0xe0 [ 976.529217] __x64_sys_sendmmsg+0x56/0x70 [ 976.533078] do_syscall_64+0xcf/0x110 [ 976.536966] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.542107] [ 976.543404] Uninit was stored to memory at: [ 976.547276] kmsan_internal_chain_origin+0x136/0x240 [ 976.552443] __msan_chain_origin+0x6d/0xd0 [ 976.557593] __save_stack_trace+0x8be/0xc60 [ 976.561460] save_stack_trace+0xc6/0x110 [ 976.565348] kmsan_internal_chain_origin+0x136/0x240 [ 976.570497] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.575686] __msan_memcpy+0x6f/0x80 [ 976.579573] pskb_expand_head+0x43b/0x1d20 [ 976.583399] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.587282] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.591134] ___sys_sendmsg+0xe68/0x1250 [ 976.595040] __sys_sendmmsg+0x56b/0xa90 [ 976.598930] __se_sys_sendmmsg+0xbd/0xe0 [ 976.602859] __x64_sys_sendmmsg+0x56/0x70 [ 976.608015] do_syscall_64+0xcf/0x110 [ 976.612013] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.617188] [ 976.618475] Uninit was stored to memory at: [ 976.622343] kmsan_internal_chain_origin+0x136/0x240 [ 976.627522] __msan_chain_origin+0x6d/0xd0 [ 976.631406] __save_stack_trace+0x8be/0xc60 [ 976.636588] save_stack_trace+0xc6/0x110 [ 976.640454] kmsan_internal_chain_origin+0x136/0x240 [ 976.645613] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.649485] __msan_memcpy+0x6f/0x80 [ 976.653404] pskb_expand_head+0x43b/0x1d20 [ 976.658577] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.662451] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.666328] ___sys_sendmsg+0xe68/0x1250 [ 976.670215] __sys_sendmmsg+0x56b/0xa90 [ 976.674067] __se_sys_sendmmsg+0xbd/0xe0 [ 976.679236] __x64_sys_sendmmsg+0x56/0x70 [ 976.683095] do_syscall_64+0xcf/0x110 [ 976.686974] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.692107] [ 976.693401] Uninit was stored to memory at: [ 976.697277] kmsan_internal_chain_origin+0x136/0x240 [ 976.702438] __msan_chain_origin+0x6d/0xd0 [ 976.707601] __save_stack_trace+0x8be/0xc60 [ 976.711472] save_stack_trace+0xc6/0x110 [ 976.715362] kmsan_internal_chain_origin+0x136/0x240 [ 976.720519] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.725719] __msan_memcpy+0x6f/0x80 [ 976.728297] pskb_expand_head+0x43b/0x1d20 [ 976.733421] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.737299] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.741154] ___sys_sendmsg+0xe68/0x1250 [ 976.745044] __sys_sendmmsg+0x56b/0xa90 [ 976.748919] __se_sys_sendmmsg+0xbd/0xe0 [ 976.752788] __x64_sys_sendmmsg+0x56/0x70 [ 976.757946] do_syscall_64+0xcf/0x110 [ 976.761923] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.766980] [ 976.768284] Local variable description: ----iph@ip_vs_out [ 976.773401] Variable was created at: [ 976.777279] ip_vs_out+0x1bf/0x4570 [ 976.781146] ip_vs_local_reply6+0xec/0x130 [ 976.787286] Dead loop on virtual device ip6_vti0, fix it urgently! [ 976.839069] not chained 1880000 origins [ 976.841834] CPU: 0 PID: 25667 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 976.841834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 976.851890] Call Trace: [ 976.851890] dump_stack+0x32d/0x480 [ 976.851890] kmsan_internal_chain_origin+0x222/0x240 [ 976.851890] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 976.851890] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] ? save_stack_trace+0xc6/0x110 [ 976.880036] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 976.880036] ? kmsan_internal_chain_origin+0x90/0x240 [ 976.880036] ? get_stack_info+0x863/0x9d0 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] ? do_syscall_64+0xcf/0x110 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] ? do_syscall_64+0xcf/0x110 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] ? kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] ? __msan_memcpy+0x6f/0x80 [ 976.880036] ? pskb_expand_head+0x43b/0x1d20 [ 976.880036] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ? ___sys_sendmsg+0xe68/0x1250 [ 976.880036] ? __sys_sendmmsg+0x56b/0xa90 [ 976.880036] ? __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] ? __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] ? do_syscall_64+0xcf/0x110 [ 976.880036] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] ? __msan_poison_alloca+0x1e0/0x2b0 [ 976.880036] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 976.880036] ? memcg_kmem_put_cache+0x8e/0x460 [ 976.880036] ? __msan_get_context_state+0x9/0x30 [ 976.880036] ? INIT_INT+0xc/0x30 [ 976.880036] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] ? pppol2tp_getsockopt+0x1060/0x1060 [ 976.880036] ? __msan_poison_alloca+0x1e0/0x2b0 [ 976.880036] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 976.880036] ? rcu_all_qs+0x3b/0x310 [ 976.880036] ? _cond_resched+0x59/0x120 [ 976.880036] ? rcu_all_qs+0x53/0x310 [ 976.880036] ? _cond_resched+0x37/0x120 [ 976.880036] ? __sys_sendmmsg+0x7c9/0xa90 [ 976.880036] ? _cond_resched+0x59/0x120 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] ? syscall_return_slowpath+0x123/0x8c0 [ 976.880036] ? put_timespec64+0x162/0x220 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] RIP: 0033:0x457569 [ 976.880036] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 976.880036] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 976.880036] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 976.880036] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 976.880036] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 976.880036] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 976.880036] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Uninit was stored to memory at: [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] __msan_chain_origin+0x6d/0xd0 [ 976.880036] __save_stack_trace+0x8be/0xc60 [ 976.880036] save_stack_trace+0xc6/0x110 [ 976.880036] kmsan_internal_chain_origin+0x136/0x240 [ 976.880036] kmsan_memcpy_origins+0x13d/0x1b0 [ 976.880036] __msan_memcpy+0x6f/0x80 [ 976.880036] pskb_expand_head+0x43b/0x1d20 [ 976.880036] l2tp_xmit_skb+0x5a7/0x24b0 [ 976.880036] pppol2tp_sendmsg+0x7a6/0xba0 [ 976.880036] ___sys_sendmsg+0xe68/0x1250 [ 976.880036] __sys_sendmmsg+0x56b/0xa90 [ 976.880036] __se_sys_sendmmsg+0xbd/0xe0 [ 976.880036] __x64_sys_sendmmsg+0x56/0x70 [ 976.880036] do_syscall_64+0xcf/0x110 [ 976.880036] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 976.880036] [ 976.880036] Local variable description: ----iph@ip_vs_out [ 976.880036] Variable was created at: [ 976.880036] ip_vs_out+0x1bf/0x4570 [ 976.880036] ip_vs_local_reply6+0xec/0x130 [ 977.706355] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:52 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x9f, 0x200) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={r1, 0x8000}, &(0x7f0000000180)=0x8) ioctl$RTC_PIE_ON(r0, 0x7005) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000003c0)='team_slave_0\x00', 0x10) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r3, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:05:52 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0xffffff3f) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_G_INPUT(r2, 0x80045626, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1e2954bc872dcedcc30cdf66cd6b4de962162ad7508d7d6b740298f487c50c71599fafe69b638fb42a946728d07f6b401d3e68ef10bb1798b3f1331d834734335b9d876069fda499b9a04261ec9ff9ef0772a034a39cd4016c056916305410c183fce14faf968efa7b6218f2aff13808cd87de32cfe2029fc535ad37886c9e9aaa0f47b8a718424492dde481000000"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:52 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:52 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:05:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:05:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmmsg(r2, &(0x7f0000006200)=[{{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000100)=""/31, 0x1f}], 0x1, &(0x7f0000001d80)=""/41, 0x29}}], 0x1, 0x0, &(0x7f00000000c0)={0x0, 0x989680}) 06:05:53 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 978.048164] not chained 1890000 origins [ 978.051935] CPU: 1 PID: 25730 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 978.051935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 978.051935] Call Trace: [ 978.051935] dump_stack+0x32d/0x480 [ 978.051935] kmsan_internal_chain_origin+0x222/0x240 [ 978.051935] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 978.051935] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.086316] ? save_stack_trace+0xc6/0x110 06:05:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) [ 978.086316] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 978.086316] ? kmsan_internal_chain_origin+0x90/0x240 [ 978.086316] ? get_stack_info+0x863/0x9d0 [ 978.086316] __msan_chain_origin+0x6d/0xd0 [ 978.086316] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 978.086316] __save_stack_trace+0x8be/0xc60 [ 978.086316] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 978.086316] save_stack_trace+0xc6/0x110 [ 978.086316] kmsan_internal_chain_origin+0x136/0x240 [ 978.086316] ? kmsan_internal_chain_origin+0x136/0x240 [ 978.086316] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 978.086316] ? __msan_memcpy+0x6f/0x80 [ 978.086316] ? pskb_expand_head+0x43b/0x1d20 [ 978.086316] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 978.086316] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 978.086316] ? ___sys_sendmsg+0xe68/0x1250 [ 978.086316] ? __sys_sendmmsg+0x56b/0xa90 [ 978.086316] ? __se_sys_sendmmsg+0xbd/0xe0 [ 978.172031] ? __x64_sys_sendmmsg+0x56/0x70 [ 978.172031] ? do_syscall_64+0xcf/0x110 [ 978.172031] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.172031] ? __msan_poison_alloca+0x1e0/0x2b0 [ 978.172031] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 978.172031] ? memcg_kmem_put_cache+0x8e/0x460 [ 978.172031] ? __msan_get_context_state+0x9/0x30 [ 978.172031] ? INIT_INT+0xc/0x30 [ 978.172031] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 978.172031] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.172031] __msan_memcpy+0x6f/0x80 [ 978.172031] pskb_expand_head+0x43b/0x1d20 [ 978.172031] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.172031] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.172031] ___sys_sendmsg+0xe68/0x1250 [ 978.172031] ? pppol2tp_getsockopt+0x1060/0x1060 [ 978.241984] ? __msan_poison_alloca+0x1e0/0x2b0 [ 978.248837] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 978.248837] ? rcu_all_qs+0x3b/0x310 [ 978.248837] ? _cond_resched+0x59/0x120 [ 978.248837] ? rcu_all_qs+0x53/0x310 [ 978.248837] ? _cond_resched+0x37/0x120 [ 978.248837] ? __sys_sendmmsg+0x7c9/0xa90 [ 978.248837] ? _cond_resched+0x59/0x120 [ 978.248837] __sys_sendmmsg+0x56b/0xa90 [ 978.248837] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 978.248837] __se_sys_sendmmsg+0xbd/0xe0 [ 978.248837] __x64_sys_sendmmsg+0x56/0x70 06:05:53 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 978.248837] do_syscall_64+0xcf/0x110 [ 978.248837] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.248837] RIP: 0033:0x457569 [ 978.248837] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 978.316141] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 978.332462] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 978.332462] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 978.332462] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 978.332462] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 978.332462] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 978.332462] Uninit was stored to memory at: [ 978.332462] kmsan_internal_chain_origin+0x136/0x240 [ 978.332462] __msan_chain_origin+0x6d/0xd0 [ 978.332462] __save_stack_trace+0x8be/0xc60 [ 978.332462] save_stack_trace+0xc6/0x110 [ 978.332462] kmsan_internal_chain_origin+0x136/0x240 [ 978.332462] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.332462] __msan_memcpy+0x6f/0x80 [ 978.332462] pskb_expand_head+0x43b/0x1d20 [ 978.332462] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.332462] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.421646] ___sys_sendmsg+0xe68/0x1250 [ 978.421646] __sys_sendmmsg+0x56b/0xa90 [ 978.421646] __se_sys_sendmmsg+0xbd/0xe0 [ 978.421646] __x64_sys_sendmmsg+0x56/0x70 [ 978.421646] do_syscall_64+0xcf/0x110 [ 978.421646] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.421646] [ 978.421646] Uninit was stored to memory at: [ 978.421646] kmsan_internal_chain_origin+0x136/0x240 [ 978.421646] __msan_chain_origin+0x6d/0xd0 [ 978.421646] __save_stack_trace+0x8be/0xc60 [ 978.421646] save_stack_trace+0xc6/0x110 [ 978.421646] kmsan_internal_chain_origin+0x136/0x240 [ 978.421646] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.421646] __msan_memcpy+0x6f/0x80 [ 978.421646] pskb_expand_head+0x43b/0x1d20 [ 978.421646] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.421646] pppol2tp_sendmsg+0x7a6/0xba0 06:05:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x9a100) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:05:53 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 978.421646] ___sys_sendmsg+0xe68/0x1250 [ 978.421646] __sys_sendmmsg+0x56b/0xa90 [ 978.421646] __se_sys_sendmmsg+0xbd/0xe0 [ 978.421646] __x64_sys_sendmmsg+0x56/0x70 [ 978.511988] do_syscall_64+0xcf/0x110 [ 978.511988] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.519893] [ 978.519893] Uninit was stored to memory at: [ 978.519893] kmsan_internal_chain_origin+0x136/0x240 [ 978.531981] __msan_chain_origin+0x6d/0xd0 [ 978.531981] __save_stack_trace+0x8be/0xc60 [ 978.539420] save_stack_trace+0xc6/0x110 06:05:53 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r1, 0x800455d1, &(0x7f0000000000)) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c7b4fc14ffcba88a680257c3c4c804c714e6387b22d4751f1fe5723990ce07f64f78eab6b322cd490dd680c9e74c2f818289caba0cbfac3884bc52de69b348a1c311d3cd2799556334b9033d9388e827c0331dcedf92e8f0f05c1a5cb555f8d7d9be3fe72e1d3bb24f7cb5ddfc0fed6142e6c2c604c328b11e8066e6b181a1ed42d2e76e89e1af5a4c518cf24987bad42beb6b4cb2391aefde3bccfee79b34de0a63b5a843c27af4e692d25cceb24bc47689a18f5ae92ec77dd503a7aa0b57174093bb0"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 978.539420] kmsan_internal_chain_origin+0x136/0x240 [ 978.548987] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.548987] __msan_memcpy+0x6f/0x80 [ 978.548987] pskb_expand_head+0x43b/0x1d20 [ 978.548987] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.564802] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.564802] ___sys_sendmsg+0xe68/0x1250 [ 978.564802] __sys_sendmmsg+0x56b/0xa90 [ 978.579558] __se_sys_sendmmsg+0xbd/0xe0 [ 978.579558] __x64_sys_sendmmsg+0x56/0x70 [ 978.579558] do_syscall_64+0xcf/0x110 [ 978.579558] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.579558] [ 978.579558] Uninit was stored to memory at: [ 978.579558] kmsan_internal_chain_origin+0x136/0x240 [ 978.579558] __msan_chain_origin+0x6d/0xd0 [ 978.609325] __save_stack_trace+0x8be/0xc60 [ 978.609325] save_stack_trace+0xc6/0x110 [ 978.609325] kmsan_internal_chain_origin+0x136/0x240 [ 978.609325] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.609325] __msan_memcpy+0x6f/0x80 [ 978.609325] pskb_expand_head+0x43b/0x1d20 [ 978.609325] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.609325] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.609325] ___sys_sendmsg+0xe68/0x1250 [ 978.609325] __sys_sendmmsg+0x56b/0xa90 [ 978.609325] __se_sys_sendmmsg+0xbd/0xe0 [ 978.609325] __x64_sys_sendmmsg+0x56/0x70 [ 978.609325] do_syscall_64+0xcf/0x110 [ 978.609325] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.672751] [ 978.672751] Uninit was stored to memory at: [ 978.672751] kmsan_internal_chain_origin+0x136/0x240 [ 978.672751] __msan_chain_origin+0x6d/0xd0 [ 978.672751] __save_stack_trace+0x8be/0xc60 [ 978.672751] save_stack_trace+0xc6/0x110 [ 978.672751] kmsan_internal_chain_origin+0x136/0x240 [ 978.672751] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.672751] __msan_memcpy+0x6f/0x80 [ 978.672751] pskb_expand_head+0x43b/0x1d20 [ 978.712032] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.717393] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.720728] ___sys_sendmsg+0xe68/0x1250 [ 978.720728] __sys_sendmmsg+0x56b/0xa90 [ 978.720728] __se_sys_sendmmsg+0xbd/0xe0 [ 978.720728] __x64_sys_sendmmsg+0x56/0x70 [ 978.720728] do_syscall_64+0xcf/0x110 [ 978.720728] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.720728] [ 978.720728] Uninit was stored to memory at: [ 978.720728] kmsan_internal_chain_origin+0x136/0x240 [ 978.720728] __msan_chain_origin+0x6d/0xd0 [ 978.720728] __save_stack_trace+0x8be/0xc60 [ 978.720728] save_stack_trace+0xc6/0x110 [ 978.720728] kmsan_internal_chain_origin+0x136/0x240 [ 978.720728] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.720728] __msan_memcpy+0x6f/0x80 [ 978.720728] pskb_expand_head+0x43b/0x1d20 [ 978.720728] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.720728] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.720728] ___sys_sendmsg+0xe68/0x1250 [ 978.720728] __sys_sendmmsg+0x56b/0xa90 [ 978.720728] __se_sys_sendmmsg+0xbd/0xe0 [ 978.720728] __x64_sys_sendmmsg+0x56/0x70 [ 978.720728] do_syscall_64+0xcf/0x110 [ 978.720728] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.720728] [ 978.720728] Uninit was stored to memory at: [ 978.720728] kmsan_internal_chain_origin+0x136/0x240 [ 978.720728] __msan_chain_origin+0x6d/0xd0 [ 978.720728] __save_stack_trace+0x8be/0xc60 [ 978.720728] save_stack_trace+0xc6/0x110 [ 978.720728] kmsan_internal_chain_origin+0x136/0x240 [ 978.720728] kmsan_memcpy_origins+0x13d/0x1b0 [ 978.720728] __msan_memcpy+0x6f/0x80 [ 978.720728] pskb_expand_head+0x43b/0x1d20 [ 978.720728] l2tp_xmit_skb+0x5a7/0x24b0 [ 978.720728] pppol2tp_sendmsg+0x7a6/0xba0 [ 978.720728] ___sys_sendmsg+0xe68/0x1250 [ 978.720728] __sys_sendmmsg+0x56b/0xa90 [ 978.720728] __se_sys_sendmmsg+0xbd/0xe0 [ 978.720728] __x64_sys_sendmmsg+0x56/0x70 [ 978.720728] do_syscall_64+0xcf/0x110 [ 978.720728] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 978.720728] [ 978.720728] Local variable description: ----iph@ip_vs_out [ 978.720728] Variable was created at: [ 978.720728] ip_vs_out+0x1bf/0x4570 [ 978.720728] ip_vs_local_reply6+0xec/0x130 [ 979.336498] not chained 1900000 origins [ 979.340526] CPU: 1 PID: 25730 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 979.341815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 979.352426] Call Trace: [ 979.352426] dump_stack+0x32d/0x480 [ 979.352426] kmsan_internal_chain_origin+0x222/0x240 [ 979.363557] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 979.371983] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.371983] ? save_stack_trace+0xc6/0x110 [ 979.371983] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 979.371983] ? kmsan_internal_chain_origin+0x90/0x240 [ 979.371983] ? get_stack_info+0x863/0x9d0 [ 979.371983] __msan_chain_origin+0x6d/0xd0 [ 979.371983] ? kmsan_internal_chain_origin+0x136/0x240 [ 979.371983] __save_stack_trace+0x8be/0xc60 [ 979.371983] ? kmsan_internal_chain_origin+0x136/0x240 [ 979.371983] save_stack_trace+0xc6/0x110 [ 979.371983] kmsan_internal_chain_origin+0x136/0x240 [ 979.423573] ? kmsan_internal_chain_origin+0x136/0x240 [ 979.423573] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 979.423573] ? __msan_memcpy+0x6f/0x80 [ 979.436304] ? pskb_expand_head+0x43b/0x1d20 [ 979.436304] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 979.436304] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 979.436304] ? ___sys_sendmsg+0xe68/0x1250 [ 979.436304] ? __sys_sendmmsg+0x56b/0xa90 [ 979.436304] ? __se_sys_sendmmsg+0xbd/0xe0 [ 979.436304] ? __x64_sys_sendmmsg+0x56/0x70 [ 979.436304] ? do_syscall_64+0xcf/0x110 [ 979.436304] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.475799] ? __msan_poison_alloca+0x1e0/0x2b0 [ 979.475799] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 979.475799] ? memcg_kmem_put_cache+0x8e/0x460 [ 979.475799] ? __msan_get_context_state+0x9/0x30 [ 979.475799] ? INIT_INT+0xc/0x30 [ 979.475799] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 979.475799] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.475799] __msan_memcpy+0x6f/0x80 [ 979.475799] pskb_expand_head+0x43b/0x1d20 [ 979.475799] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.475799] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.475799] ___sys_sendmsg+0xe68/0x1250 [ 979.475799] ? pppol2tp_getsockopt+0x1060/0x1060 [ 979.475799] ? __msan_poison_alloca+0x1e0/0x2b0 [ 979.541393] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 979.541730] ? rcu_all_qs+0x3b/0x310 [ 979.541730] ? _cond_resched+0x59/0x120 [ 979.541730] ? rcu_all_qs+0x53/0x310 [ 979.541730] ? _cond_resched+0x37/0x120 [ 979.541730] ? __sys_sendmmsg+0x7c9/0xa90 [ 979.541730] ? _cond_resched+0x59/0x120 [ 979.541730] __sys_sendmmsg+0x56b/0xa90 [ 979.541730] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 979.541730] __se_sys_sendmmsg+0xbd/0xe0 [ 979.583712] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] RIP: 0033:0x457569 [ 979.586506] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 979.586506] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 979.586506] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 979.586506] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 979.586506] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 979.586506] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 979.586506] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Uninit was stored to memory at: [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] __msan_chain_origin+0x6d/0xd0 [ 979.586506] __save_stack_trace+0x8be/0xc60 [ 979.586506] save_stack_trace+0xc6/0x110 [ 979.586506] kmsan_internal_chain_origin+0x136/0x240 [ 979.586506] kmsan_memcpy_origins+0x13d/0x1b0 [ 979.586506] __msan_memcpy+0x6f/0x80 [ 979.586506] pskb_expand_head+0x43b/0x1d20 [ 979.586506] l2tp_xmit_skb+0x5a7/0x24b0 [ 979.586506] pppol2tp_sendmsg+0x7a6/0xba0 [ 979.586506] ___sys_sendmsg+0xe68/0x1250 [ 979.586506] __sys_sendmmsg+0x56b/0xa90 [ 979.586506] __se_sys_sendmmsg+0xbd/0xe0 [ 979.586506] __x64_sys_sendmmsg+0x56/0x70 [ 979.586506] do_syscall_64+0xcf/0x110 [ 979.586506] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 979.586506] [ 979.586506] Local variable description: ----iph@ip_vs_out [ 979.586506] Variable was created at: [ 979.586506] ip_vs_out+0x1bf/0x4570 [ 979.586506] ip_vs_local_reply6+0xec/0x130 [ 980.229705] not chained 1910000 origins [ 980.231839] CPU: 0 PID: 25730 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 980.231839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 980.231839] Call Trace: [ 980.231839] dump_stack+0x32d/0x480 [ 980.231839] kmsan_internal_chain_origin+0x222/0x240 [ 980.231839] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.231839] ? save_stack_trace+0xc6/0x110 [ 980.231839] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 980.231839] ? kmsan_internal_chain_origin+0x90/0x240 [ 980.231839] ? get_stack_info+0x863/0x9d0 [ 980.231839] __msan_chain_origin+0x6d/0xd0 [ 980.231839] ? do_syscall_64+0xcf/0x110 [ 980.231839] __save_stack_trace+0x8be/0xc60 [ 980.231839] ? do_syscall_64+0xcf/0x110 [ 980.231839] save_stack_trace+0xc6/0x110 [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] ? kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 980.231839] ? __msan_memcpy+0x6f/0x80 [ 980.231839] ? pskb_expand_head+0x43b/0x1d20 [ 980.231839] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 980.231839] ? ___sys_sendmsg+0xe68/0x1250 [ 980.231839] ? __sys_sendmmsg+0x56b/0xa90 [ 980.231839] ? __se_sys_sendmmsg+0xbd/0xe0 [ 980.231839] ? __x64_sys_sendmmsg+0x56/0x70 [ 980.231839] ? do_syscall_64+0xcf/0x110 [ 980.231839] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.231839] ? __msan_poison_alloca+0x1e0/0x2b0 [ 980.231839] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 980.231839] ? memcg_kmem_put_cache+0x8e/0x460 [ 980.231839] ? __msan_get_context_state+0x9/0x30 [ 980.231839] ? INIT_INT+0xc/0x30 [ 980.231839] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 980.231839] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.231839] __msan_memcpy+0x6f/0x80 [ 980.231839] pskb_expand_head+0x43b/0x1d20 [ 980.231839] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.231839] ___sys_sendmsg+0xe68/0x1250 [ 980.231839] ? kmsan_set_origin+0x83/0x130 [ 980.231839] ? pppol2tp_getsockopt+0x1060/0x1060 [ 980.231839] ? __msan_poison_alloca+0x1e0/0x2b0 [ 980.231839] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 980.231839] ? rcu_all_qs+0x3b/0x310 [ 980.231839] ? _cond_resched+0x59/0x120 [ 980.231839] ? rcu_all_qs+0x53/0x310 [ 980.231839] ? _cond_resched+0x37/0x120 [ 980.231839] ? __sys_sendmmsg+0x7c9/0xa90 [ 980.231839] ? _cond_resched+0x59/0x120 [ 980.231839] __sys_sendmmsg+0x56b/0xa90 [ 980.231839] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 980.231839] __se_sys_sendmmsg+0xbd/0xe0 [ 980.231839] __x64_sys_sendmmsg+0x56/0x70 [ 980.231839] do_syscall_64+0xcf/0x110 [ 980.231839] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.231839] RIP: 0033:0x457569 [ 980.231839] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 980.231839] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 980.231839] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 980.231839] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 980.231839] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 980.231839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 980.231839] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 980.231839] Uninit was stored to memory at: [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] __msan_chain_origin+0x6d/0xd0 [ 980.231839] __save_stack_trace+0x8be/0xc60 [ 980.231839] save_stack_trace+0xc6/0x110 [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.231839] __msan_memcpy+0x6f/0x80 [ 980.231839] pskb_expand_head+0x43b/0x1d20 [ 980.231839] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.231839] ___sys_sendmsg+0xe68/0x1250 [ 980.231839] __sys_sendmmsg+0x56b/0xa90 [ 980.231839] __se_sys_sendmmsg+0xbd/0xe0 [ 980.231839] __x64_sys_sendmmsg+0x56/0x70 [ 980.231839] do_syscall_64+0xcf/0x110 [ 980.231839] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.231839] [ 980.231839] Uninit was stored to memory at: [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] __msan_chain_origin+0x6d/0xd0 [ 980.231839] __save_stack_trace+0x8be/0xc60 [ 980.231839] save_stack_trace+0xc6/0x110 [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.231839] __msan_memcpy+0x6f/0x80 [ 980.231839] pskb_expand_head+0x43b/0x1d20 [ 980.231839] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.231839] ___sys_sendmsg+0xe68/0x1250 [ 980.231839] __sys_sendmmsg+0x56b/0xa90 [ 980.231839] __se_sys_sendmmsg+0xbd/0xe0 [ 980.231839] __x64_sys_sendmmsg+0x56/0x70 [ 980.231839] do_syscall_64+0xcf/0x110 [ 980.231839] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.231839] [ 980.231839] Uninit was stored to memory at: [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] __msan_chain_origin+0x6d/0xd0 [ 980.231839] __save_stack_trace+0x8be/0xc60 [ 980.231839] save_stack_trace+0xc6/0x110 [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.231839] __msan_memcpy+0x6f/0x80 [ 980.231839] pskb_expand_head+0x43b/0x1d20 [ 980.231839] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.231839] ___sys_sendmsg+0xe68/0x1250 [ 980.231839] __sys_sendmmsg+0x56b/0xa90 [ 980.231839] __se_sys_sendmmsg+0xbd/0xe0 [ 980.231839] __x64_sys_sendmmsg+0x56/0x70 [ 980.231839] do_syscall_64+0xcf/0x110 [ 980.231839] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.231839] [ 980.231839] Uninit was stored to memory at: [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] __msan_chain_origin+0x6d/0xd0 [ 980.231839] __save_stack_trace+0x8be/0xc60 [ 980.231839] save_stack_trace+0xc6/0x110 [ 980.231839] kmsan_internal_chain_origin+0x136/0x240 [ 980.231839] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.231839] __msan_memcpy+0x6f/0x80 [ 980.231839] pskb_expand_head+0x43b/0x1d20 [ 980.231839] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.231839] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.231839] ___sys_sendmsg+0xe68/0x1250 [ 980.231839] __sys_sendmmsg+0x56b/0xa90 [ 980.231839] __se_sys_sendmmsg+0xbd/0xe0 [ 980.231839] __x64_sys_sendmmsg+0x56/0x70 [ 980.231839] do_syscall_64+0xcf/0x110 [ 980.846015] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.846015] [ 980.846015] Uninit was stored to memory at: [ 980.846015] kmsan_internal_chain_origin+0x136/0x240 [ 980.846015] __msan_chain_origin+0x6d/0xd0 [ 980.846015] __save_stack_trace+0x8be/0xc60 [ 980.846015] save_stack_trace+0xc6/0x110 [ 980.846015] kmsan_internal_chain_origin+0x136/0x240 [ 980.846015] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.846015] __msan_memcpy+0x6f/0x80 [ 980.846015] pskb_expand_head+0x43b/0x1d20 [ 980.846015] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.846015] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.846015] ___sys_sendmsg+0xe68/0x1250 [ 980.846015] __sys_sendmmsg+0x56b/0xa90 [ 980.846015] __se_sys_sendmmsg+0xbd/0xe0 [ 980.846015] __x64_sys_sendmmsg+0x56/0x70 [ 980.846015] do_syscall_64+0xcf/0x110 [ 980.846015] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.846015] [ 980.846015] Uninit was stored to memory at: [ 980.846015] kmsan_internal_chain_origin+0x136/0x240 [ 980.846015] __msan_chain_origin+0x6d/0xd0 [ 980.846015] __save_stack_trace+0x8be/0xc60 [ 980.846015] save_stack_trace+0xc6/0x110 [ 980.846015] kmsan_internal_chain_origin+0x136/0x240 [ 980.846015] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.846015] __msan_memcpy+0x6f/0x80 [ 980.846015] pskb_expand_head+0x43b/0x1d20 [ 980.846015] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.846015] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.846015] ___sys_sendmsg+0xe68/0x1250 [ 980.846015] __sys_sendmmsg+0x56b/0xa90 [ 980.846015] __se_sys_sendmmsg+0xbd/0xe0 [ 980.846015] __x64_sys_sendmmsg+0x56/0x70 [ 980.846015] do_syscall_64+0xcf/0x110 [ 980.846015] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.846015] [ 980.846015] Uninit was stored to memory at: [ 980.846015] kmsan_internal_chain_origin+0x136/0x240 [ 980.846015] __msan_chain_origin+0x6d/0xd0 [ 980.846015] __save_stack_trace+0x8be/0xc60 [ 980.846015] save_stack_trace+0xc6/0x110 [ 980.846015] kmsan_internal_chain_origin+0x136/0x240 [ 980.846015] kmsan_memcpy_origins+0x13d/0x1b0 [ 980.846015] __msan_memcpy+0x6f/0x80 [ 980.846015] pskb_expand_head+0x43b/0x1d20 [ 980.846015] l2tp_xmit_skb+0x5a7/0x24b0 [ 980.846015] pppol2tp_sendmsg+0x7a6/0xba0 [ 980.846015] ___sys_sendmsg+0xe68/0x1250 [ 980.846015] __sys_sendmmsg+0x56b/0xa90 [ 980.846015] __se_sys_sendmmsg+0xbd/0xe0 [ 980.846015] __x64_sys_sendmmsg+0x56/0x70 [ 980.846015] do_syscall_64+0xcf/0x110 [ 980.846015] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 980.846015] [ 980.846015] Local variable description: ----iph@ip_vs_out [ 980.846015] Variable was created at: [ 980.846015] ip_vs_out+0x1bf/0x4570 [ 980.846015] ip_vs_local_reply6+0xec/0x130 06:05:56 executing program 2: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 06:05:56 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:05:56 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x82500, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x2, [0x0, 0x0]}) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r1, 0x8008ae9d, &(0x7f00000000c0)=""/52) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001740)={0x8, 0x0, [{0x0, 0x1c, &(0x7f00000002c0)=""/28}, {0xf000, 0x1000, &(0x7f0000000400)=""/4096}, {0x17002, 0xaf, &(0x7f0000000300)=""/175}, {0x0, 0xfc, &(0x7f0000001400)=""/252}, {0x10000, 0xb8, &(0x7f0000001500)=""/184}, {0x6000, 0x37, &(0x7f00000015c0)=""/55}, {0x0, 0xc5, &(0x7f0000001600)=""/197}, {0xf004, 0x28, &(0x7f0000001700)=""/40}]}) sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r3, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xc3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0x4c}}, 0x4) 06:05:56 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:05:56 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:05:56 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvfrom(r0, &(0x7f00000000c0)=""/168, 0xa8, 0x2000, &(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x1, 0x4, 0x2, 0x0, {0xa, 0x4e23, 0x9, @remote, 0x7}}}, 0x80) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 981.302203] not chained 1920000 origins [ 981.306234] CPU: 1 PID: 25769 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 981.311812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 981.311812] Call Trace: [ 981.311812] dump_stack+0x32d/0x480 [ 981.311812] kmsan_internal_chain_origin+0x222/0x240 [ 981.311812] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 981.311812] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.311812] ? save_stack_trace+0xc6/0x110 [ 981.311812] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 981.352011] ? kmsan_internal_chain_origin+0x90/0x240 [ 981.352011] ? get_stack_info+0x863/0x9d0 [ 981.352011] __msan_chain_origin+0x6d/0xd0 [ 981.352011] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 981.352011] __save_stack_trace+0x8be/0xc60 [ 981.352011] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 981.352011] save_stack_trace+0xc6/0x110 [ 981.352011] kmsan_internal_chain_origin+0x136/0x240 [ 981.352011] ? kmsan_internal_chain_origin+0x136/0x240 [ 981.352011] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 981.352011] ? __msan_memcpy+0x6f/0x80 [ 981.352011] ? pskb_expand_head+0x43b/0x1d20 [ 981.352011] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 981.352011] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 981.352011] ? ___sys_sendmsg+0xe68/0x1250 [ 981.352011] ? __sys_sendmmsg+0x56b/0xa90 [ 981.352011] ? __se_sys_sendmmsg+0xbd/0xe0 [ 981.352011] ? __x64_sys_sendmmsg+0x56/0x70 [ 981.352011] ? do_syscall_64+0xcf/0x110 [ 981.352011] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.352011] ? __msan_poison_alloca+0x1e0/0x2b0 [ 981.352011] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 981.352011] ? memcg_kmem_put_cache+0x8e/0x460 [ 981.352011] ? __msan_get_context_state+0x9/0x30 [ 981.352011] ? INIT_INT+0xc/0x30 [ 981.352011] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 981.352011] kmsan_memcpy_origins+0x13d/0x1b0 [ 981.352011] __msan_memcpy+0x6f/0x80 [ 981.352011] pskb_expand_head+0x43b/0x1d20 [ 981.352011] l2tp_xmit_skb+0x5a7/0x24b0 [ 981.352011] pppol2tp_sendmsg+0x7a6/0xba0 [ 981.352011] ___sys_sendmsg+0xe68/0x1250 [ 981.352011] ? pppol2tp_getsockopt+0x1060/0x1060 [ 981.352011] ? __msan_poison_alloca+0x1e0/0x2b0 [ 981.352011] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 981.352011] ? rcu_all_qs+0x3b/0x310 [ 981.352011] ? _cond_resched+0x59/0x120 [ 981.352011] ? rcu_all_qs+0x53/0x310 [ 981.352011] ? _cond_resched+0x37/0x120 [ 981.525631] ? __sys_sendmmsg+0x7c9/0xa90 [ 981.525631] ? _cond_resched+0x59/0x120 [ 981.532911] __sys_sendmmsg+0x56b/0xa90 [ 981.532911] ? syscall_return_slowpath+0x123/0x8c0 [ 981.532911] ? put_timespec64+0x162/0x220 [ 981.532911] __se_sys_sendmmsg+0xbd/0xe0 [ 981.532911] __x64_sys_sendmmsg+0x56/0x70 [ 981.532911] do_syscall_64+0xcf/0x110 [ 981.532911] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.532911] RIP: 0033:0x457569 [ 981.532911] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 981.573916] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 981.573916] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 981.573916] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 981.573916] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 981.573916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 981.573916] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 981.573916] Uninit was stored to memory at: [ 981.573916] kmsan_internal_chain_origin+0x136/0x240 [ 981.573916] __msan_chain_origin+0x6d/0xd0 [ 981.573916] __save_stack_trace+0x8be/0xc60 [ 981.573916] save_stack_trace+0xc6/0x110 06:05:56 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) 06:05:56 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) sendmsg$alg(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:05:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) [ 981.573916] kmsan_internal_chain_origin+0x136/0x240 [ 981.573916] kmsan_memcpy_origins+0x13d/0x1b0 [ 981.573916] __msan_memcpy+0x6f/0x80 [ 981.573916] pskb_expand_head+0x43b/0x1d20 [ 981.573916] l2tp_xmit_skb+0x5a7/0x24b0 [ 981.573916] pppol2tp_sendmsg+0x7a6/0xba0 [ 981.573916] ___sys_sendmsg+0xe68/0x1250 [ 981.682833] __sys_sendmmsg+0x56b/0xa90 [ 981.682833] __se_sys_sendmmsg+0xbd/0xe0 [ 981.682833] __x64_sys_sendmmsg+0x56/0x70 [ 981.682833] do_syscall_64+0xcf/0x110 [ 981.682833] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.682833] [ 981.682833] Uninit was stored to memory at: [ 981.682833] kmsan_internal_chain_origin+0x136/0x240 [ 981.715490] __msan_chain_origin+0x6d/0xd0 [ 981.715490] __save_stack_trace+0x8be/0xc60 [ 981.715490] save_stack_trace+0xc6/0x110 [ 981.715490] kmsan_internal_chain_origin+0x136/0x240 [ 981.715490] kmsan_memcpy_origins+0x13d/0x1b0 [ 981.715490] __msan_memcpy+0x6f/0x80 [ 981.715490] pskb_expand_head+0x43b/0x1d20 [ 981.743447] l2tp_xmit_skb+0x5a7/0x24b0 [ 981.743447] pppol2tp_sendmsg+0x7a6/0xba0 [ 981.751956] ___sys_sendmsg+0xe68/0x1250 [ 981.751956] __sys_sendmmsg+0x56b/0xa90 [ 981.751956] __se_sys_sendmmsg+0xbd/0xe0 [ 981.751956] __x64_sys_sendmmsg+0x56/0x70 [ 981.751956] do_syscall_64+0xcf/0x110 [ 981.751956] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.751956] [ 981.780600] Uninit was stored to memory at: [ 981.780600] kmsan_internal_chain_origin+0x136/0x240 [ 981.780600] __msan_chain_origin+0x6d/0xd0 [ 981.780600] __save_stack_trace+0x8be/0xc60 [ 981.780600] save_stack_trace+0xc6/0x110 [ 981.780600] kmsan_internal_chain_origin+0x136/0x240 [ 981.780600] kmsan_memcpy_origins+0x13d/0x1b0 [ 981.780600] __msan_memcpy+0x6f/0x80 [ 981.780600] pskb_expand_head+0x43b/0x1d20 [ 981.780600] l2tp_xmit_skb+0x5a7/0x24b0 [ 981.780600] pppol2tp_sendmsg+0x7a6/0xba0 [ 981.780600] ___sys_sendmsg+0xe68/0x1250 [ 981.780600] __sys_sendmmsg+0x56b/0xa90 [ 981.780600] __se_sys_sendmmsg+0xbd/0xe0 [ 981.780600] __x64_sys_sendmmsg+0x56/0x70 [ 981.780600] do_syscall_64+0xcf/0x110 [ 981.780600] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.780600] [ 981.780600] Uninit was stored to memory at: [ 981.780600] kmsan_internal_chain_origin+0x136/0x240 [ 981.780600] __msan_chain_origin+0x6d/0xd0 [ 981.780600] __save_stack_trace+0x8be/0xc60 [ 981.780600] save_stack_trace+0xc6/0x110 [ 981.780600] kmsan_internal_chain_origin+0x136/0x240 [ 981.780600] kmsan_memcpy_origins+0x13d/0x1b0 [ 981.780600] __msan_memcpy+0x6f/0x80 [ 981.780600] pskb_expand_head+0x43b/0x1d20 [ 981.780600] l2tp_xmit_skb+0x5a7/0x24b0 [ 981.780600] pppol2tp_sendmsg+0x7a6/0xba0 06:05:56 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) [ 981.780600] ___sys_sendmsg+0xe68/0x1250 [ 981.780600] __sys_sendmmsg+0x56b/0xa90 [ 981.780600] __se_sys_sendmmsg+0xbd/0xe0 [ 981.780600] __x64_sys_sendmmsg+0x56/0x70 [ 981.780600] do_syscall_64+0xcf/0x110 [ 981.780600] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 981.780600] [ 981.780600] Uninit was stored to memory at: [ 981.780600] kmsan_internal_chain_origin+0x136/0x240 [ 981.780600] __msan_chain_origin+0x6d/0xd0 [ 981.780600] __save_stack_trace+0x8be/0xc60 [ 981.780600] save_stack_trace+0xc6/0x110 [ 981.951960] kmsan_internal_chain_origin+0x136/0x240 [ 981.951960] kmsan_memcpy_origins+0x13d/0x1b0 [ 981.951960] __msan_memcpy+0x6f/0x80 [ 981.951960] pskb_expand_head+0x43b/0x1d20 [ 981.951960] l2tp_xmit_skb+0x5a7/0x24b0 [ 981.951960] pppol2tp_sendmsg+0x7a6/0xba0 [ 981.951960] ___sys_sendmsg+0xe68/0x1250 [ 981.951960] __sys_sendmmsg+0x56b/0xa90 [ 981.987140] __se_sys_sendmmsg+0xbd/0xe0 [ 981.991414] __x64_sys_sendmmsg+0x56/0x70 [ 981.991414] do_syscall_64+0xcf/0x110 [ 981.991414] entry_SYSCALL_64_after_hwframe+0x63/0xe7 06:05:57 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0xffffffffffff8000, &(0x7f0000000000)) [ 982.003233] [ 982.003233] Uninit was stored to memory at: [ 982.003233] kmsan_internal_chain_origin+0x136/0x240 [ 982.003233] __msan_chain_origin+0x6d/0xd0 [ 982.003233] __save_stack_trace+0x8be/0xc60 [ 982.022042] save_stack_trace+0xc6/0x110 [ 982.022042] kmsan_internal_chain_origin+0x136/0x240 [ 982.022042] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.022042] __msan_memcpy+0x6f/0x80 [ 982.022042] pskb_expand_head+0x43b/0x1d20 [ 982.022042] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.022042] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.022042] ___sys_sendmsg+0xe68/0x1250 [ 982.057942] __sys_sendmmsg+0x56b/0xa90 [ 982.057942] __se_sys_sendmmsg+0xbd/0xe0 [ 982.057942] __x64_sys_sendmmsg+0x56/0x70 [ 982.057942] do_syscall_64+0xcf/0x110 [ 982.057942] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.057942] [ 982.057942] Uninit was stored to memory at: [ 982.057942] kmsan_internal_chain_origin+0x136/0x240 [ 982.057942] __msan_chain_origin+0x6d/0xd0 [ 982.095574] __save_stack_trace+0x8be/0xc60 [ 982.095574] save_stack_trace+0xc6/0x110 [ 982.095574] kmsan_internal_chain_origin+0x136/0x240 [ 982.105309] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.105309] __msan_memcpy+0x6f/0x80 [ 982.115852] pskb_expand_head+0x43b/0x1d20 [ 982.115852] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.115852] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.115852] ___sys_sendmsg+0xe68/0x1250 [ 982.115852] __sys_sendmmsg+0x56b/0xa90 [ 982.115852] __se_sys_sendmmsg+0xbd/0xe0 [ 982.115852] __x64_sys_sendmmsg+0x56/0x70 [ 982.115852] do_syscall_64+0xcf/0x110 [ 982.115852] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.115852] [ 982.115852] Local variable description: ----iph@ip_vs_out [ 982.115852] Variable was created at: [ 982.115852] ip_vs_out+0x1bf/0x4570 [ 982.115852] ip_vs_local_reply6+0xec/0x130 06:05:57 executing program 2: r0 = gettid() sched_setscheduler(r0, 0x0, &(0x7f0000000040)) 06:05:57 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000000000)={0x5, 0x0, 0x1, 0x401, 0x4}) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:05:57 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 982.614293] Dead loop on virtual device ip6_vti0, fix it urgently! [ 982.909114] not chained 1930000 origins [ 982.911822] CPU: 0 PID: 25769 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 982.917402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 982.917402] Call Trace: [ 982.917402] dump_stack+0x32d/0x480 [ 982.917402] kmsan_internal_chain_origin+0x222/0x240 [ 982.917402] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 982.944750] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] ? save_stack_trace+0xc6/0x110 [ 982.945330] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 982.945330] ? kmsan_internal_chain_origin+0x90/0x240 [ 982.945330] ? get_stack_info+0x863/0x9d0 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] __save_stack_trace+0x833/0xc60 [ 982.945330] ? save_stack_trace+0xc6/0x110 [ 982.945330] save_stack_trace+0xc6/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] ? kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] ? __msan_memcpy+0x6f/0x80 [ 982.945330] ? pskb_expand_head+0x43b/0x1d20 [ 982.945330] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ? ___sys_sendmsg+0xe68/0x1250 [ 982.945330] ? __sys_sendmmsg+0x56b/0xa90 [ 982.945330] ? __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] ? __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] ? do_syscall_64+0xcf/0x110 [ 982.945330] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] ? __msan_poison_alloca+0x1e0/0x2b0 [ 982.945330] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 982.945330] ? memcg_kmem_put_cache+0x8e/0x460 [ 982.945330] ? __msan_get_context_state+0x9/0x30 [ 982.945330] ? INIT_INT+0xc/0x30 [ 982.945330] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] ? pppol2tp_getsockopt+0x1060/0x1060 [ 982.945330] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 982.945330] ? kmsan_set_origin+0x83/0x130 [ 982.945330] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 982.945330] ? _cond_resched+0xc7/0x120 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] ? syscall_return_slowpath+0x123/0x8c0 [ 982.945330] ? put_timespec64+0x162/0x220 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] RIP: 0033:0x457569 [ 982.945330] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 982.945330] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 982.945330] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 982.945330] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 982.945330] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 982.945330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 982.945330] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 982.945330] Uninit was stored to memory at: [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] save_stack_trace+0xfa/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] [ 982.945330] Uninit was stored to memory at: [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] __save_stack_trace+0x833/0xc60 [ 982.945330] save_stack_trace+0xc6/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] [ 982.945330] Uninit was stored to memory at: [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] save_stack_trace+0xfa/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] [ 982.945330] Uninit was stored to memory at: [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] __save_stack_trace+0x833/0xc60 [ 982.945330] save_stack_trace+0xc6/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] [ 982.945330] Uninit was stored to memory at: [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] save_stack_trace+0xfa/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] [ 982.945330] Uninit was stored to memory at: [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] __msan_chain_origin+0x6d/0xd0 [ 982.945330] __save_stack_trace+0x833/0xc60 [ 982.945330] save_stack_trace+0xc6/0x110 [ 982.945330] kmsan_internal_chain_origin+0x136/0x240 [ 982.945330] kmsan_memcpy_origins+0x13d/0x1b0 [ 982.945330] __msan_memcpy+0x6f/0x80 [ 982.945330] pskb_expand_head+0x43b/0x1d20 [ 982.945330] l2tp_xmit_skb+0x5a7/0x24b0 [ 982.945330] pppol2tp_sendmsg+0x7a6/0xba0 [ 982.945330] ___sys_sendmsg+0xe68/0x1250 [ 982.945330] __sys_sendmmsg+0x56b/0xa90 [ 982.945330] __se_sys_sendmmsg+0xbd/0xe0 [ 982.945330] __x64_sys_sendmmsg+0x56/0x70 [ 982.945330] do_syscall_64+0xcf/0x110 [ 982.945330] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 982.945330] [ 982.945330] Uninit was stored to memory at: [ 983.657108] kmsan_internal_chain_origin+0x136/0x240 [ 983.657561] __msan_chain_origin+0x6d/0xd0 [ 983.657561] save_stack_trace+0xfa/0x110 [ 983.657561] kmsan_internal_chain_origin+0x136/0x240 [ 983.657561] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.657561] __msan_memcpy+0x6f/0x80 [ 983.657561] pskb_expand_head+0x43b/0x1d20 [ 983.657561] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.657561] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.657561] ___sys_sendmsg+0xe68/0x1250 [ 983.657561] __sys_sendmmsg+0x56b/0xa90 [ 983.657561] __se_sys_sendmmsg+0xbd/0xe0 [ 983.657561] __x64_sys_sendmmsg+0x56/0x70 [ 983.657561] do_syscall_64+0xcf/0x110 [ 983.657561] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.657561] [ 983.657561] Local variable description: ----iph@ip_vs_out [ 983.657561] Variable was created at: [ 983.657561] ip_vs_out+0x1bf/0x4570 [ 983.657561] ip_vs_local_reply6+0xec/0x130 [ 983.741770] Dead loop on virtual device ip6_vti0, fix it urgently! [ 983.775633] not chained 1940000 origins [ 983.779659] CPU: 0 PID: 25769 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 983.781834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.789041] Call Trace: [ 983.789041] dump_stack+0x32d/0x480 [ 983.789041] kmsan_internal_chain_origin+0x222/0x240 [ 983.789041] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] ? save_stack_trace+0xc6/0x110 [ 983.789041] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 983.789041] ? kmsan_internal_chain_origin+0x90/0x240 [ 983.789041] ? get_stack_info+0x863/0x9d0 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] ? __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] ? __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] ? kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] ? __msan_memcpy+0x6f/0x80 [ 983.789041] ? pskb_expand_head+0x43b/0x1d20 [ 983.789041] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ? ___sys_sendmsg+0xe68/0x1250 [ 983.789041] ? __sys_sendmmsg+0x56b/0xa90 [ 983.789041] ? __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] ? __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] ? do_syscall_64+0xcf/0x110 [ 983.789041] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] ? __msan_poison_alloca+0x1e0/0x2b0 [ 983.789041] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 983.789041] ? memcg_kmem_put_cache+0x8e/0x460 [ 983.789041] ? __msan_get_context_state+0x9/0x30 [ 983.789041] ? INIT_INT+0xc/0x30 [ 983.789041] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] ? kmsan_set_origin+0x83/0x130 [ 983.789041] ? pppol2tp_getsockopt+0x1060/0x1060 [ 983.789041] ? __msan_poison_alloca+0x1e0/0x2b0 [ 983.789041] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 983.789041] ? rcu_all_qs+0x3b/0x310 [ 983.789041] ? _cond_resched+0x59/0x120 [ 983.789041] ? rcu_all_qs+0x53/0x310 [ 983.789041] ? _cond_resched+0x37/0x120 [ 983.789041] ? __sys_sendmmsg+0x7c9/0xa90 [ 983.789041] ? _cond_resched+0x59/0x120 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] ? syscall_return_slowpath+0x123/0x8c0 [ 983.789041] ? put_timespec64+0x162/0x220 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] RIP: 0033:0x457569 [ 983.789041] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 983.789041] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 983.789041] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 983.789041] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 983.789041] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 983.789041] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 983.789041] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Uninit was stored to memory at: [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] __msan_chain_origin+0x6d/0xd0 [ 983.789041] __save_stack_trace+0x8be/0xc60 [ 983.789041] save_stack_trace+0xc6/0x110 [ 983.789041] kmsan_internal_chain_origin+0x136/0x240 [ 983.789041] kmsan_memcpy_origins+0x13d/0x1b0 [ 983.789041] __msan_memcpy+0x6f/0x80 [ 983.789041] pskb_expand_head+0x43b/0x1d20 [ 983.789041] l2tp_xmit_skb+0x5a7/0x24b0 [ 983.789041] pppol2tp_sendmsg+0x7a6/0xba0 [ 983.789041] ___sys_sendmsg+0xe68/0x1250 [ 983.789041] __sys_sendmmsg+0x56b/0xa90 [ 983.789041] __se_sys_sendmmsg+0xbd/0xe0 [ 983.789041] __x64_sys_sendmmsg+0x56/0x70 [ 983.789041] do_syscall_64+0xcf/0x110 [ 983.789041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 983.789041] [ 983.789041] Local variable description: ----iph@ip_vs_out [ 983.789041] Variable was created at: [ 983.789041] ip_vs_out+0x1bf/0x4570 [ 983.789041] ip_vs_local_reply6+0xec/0x130 [ 984.648155] Dead loop on virtual device ip6_vti0, fix it urgently! 06:05:59 executing program 0: connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r0, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:05:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:05:59 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000000)) 06:05:59 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000000140)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score\x00') preadv(r0, &(0x7f00000017c0), 0x10000000000001c0, 0x0) 06:05:59 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="847f05520d8a007a2e66e0eeb0f9d9b6000068abc7c413ce19d55751664ae9cb9a79c0aa895e5996d5271dd7dbca78b8f6c9d8efb0294843f0f2323e45c46b2d04fea8aad826549faed0a5bbbef3d9633cf6c89161e79c4cc9543f5b0c86b52fadf2cb2d5493fab1c6b262afec631246149089e262354ac2fcdadc2f29bedb9ee8c546644ce13ddb7dcd2d79d043d74956c97cc54a31ae70846cbfe37f42dd4ae2e8e3261967bc412b7e94fffea58d143f41eeddfca340f06282c9481fb9a57c19d182da0cd3072225d98d27"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) arch_prctl(0x1001, &(0x7f0000000000)="5ed04487cc3f1c79b4355d00bad1c86514d1d2b28f6ece8bc8f8ced7f957b3d89328d117dbd1fd01fa13a401f30ee5d4") 06:05:59 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:06:00 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendfile(r1, r0, &(0x7f0000000000), 0x20) pwrite64(r1, &(0x7f00000001c0)="c9c600eb702776b6de73e8229b24b5865cde91ee4158b48131853fbff7c2d255595f58b23b02d8a6d6783d99faa3398227a0329d9005f3b386834520edbb64c811e6b25cd00377e6f54e60652bb426b04806c8c077021ca111edeca5c69edd00b38ffafb50e6e8994f60c6875f1e78b5cbe32104b268b7ff278043286d4ba2341ae62a69d4e153afaddff60cc2e4ae079a7b19cec05b276c1ff2ccf9569d11bcbb34e0866e8be705dc7c369d7b208d4586721337324e229527b8af26b4c7cbfb2a5176561b35c768a70dce039fc93c71a63daed94960e17b2e2d8a863f9422168c685fb78d6d295f", 0xe8, 0x0) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000100)=ANY=[@ANYBLOB="ba094e446be3780d5cdb5276"], 0x1}}, 0x0) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x2) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:00 executing program 5: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$alg(r0, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:00 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r0, &(0x7f0000001740)=[{{&(0x7f0000000040)=@nfc={0x27, 0x1, 0x0, 0x1}, 0x80, &(0x7f00000001c0)=[{&(0x7f00000000c0)="7cbb11a0e788053eb38b0dc95ad94e90a8c2a3d5036c6fe95b8be811a79bba92e38a27b747e9b1dc14ffd4008f7da16abdd4a98362ac", 0x36}, {&(0x7f0000000100)="50a1b5030e6ae3bfdf4e06274fc383ada6730d306f0d613525dc2d09e0de1470c26506cf967fe3ce99794fdac80a99e2c3a452e5fcc54aee4f6350bece7b", 0x3e}, {&(0x7f0000000180)="7104939707c9a61a7a716205d8bdc3ae5152601f130b48958f1e982ada5249017b94688119020fe70229adc92c8009caef", 0x31}], 0x3, &(0x7f0000000400)=[{0x110, 0x11, 0xab0, "e30298bfc6109e3a4a757b76dc8a4f63c46b70a01b4aef6dbe9aaa75cf52bbc21a95ff382eb248c13a32a3fb1d244343e25bdbdb985f2774473be01ec3fd33827c68b0218c31f70ab8cb31a0c8904ce1fe88582cdfb3f2c496ea6f38e2bafcd0a6f0fa983c26b6563f1c7b4645f16d73a5e9d7153c43e4a92f6e85ab05bff9859f3afe9fe20bac4360984695444bee15a45addf1bd35619d914ad4aec006e3133465206eba45fa9ff3e8a8377067b243c1733518635ab44471a79304c527d9872211640a2efa7556b0604e97d97b777d6520886db254dbfa2470758d308f601c8009005ec0b2f95b4a9fbbd3ac1d19582e2a4bd643a6d2b69e58b8034b7306"}, {0xa8, 0x108, 0xef, "b0ed1df927e56c5ab503edb89378143f36436e82a5e1a764c17b4b1ad48d2d3b1e4b3ea2bce63bec49e5b4a887e95630dec0ee287840a6849718881c4040bc9cb392ea02efe243a3c4e3528996c36fc634e927c796d01d36f78e2bdf63b8d3ed17a092021925b0710be7a6356193d0460f742abab05002edc1075e0a91f2ba3f0e91a7c861dcd6661fdd73b2fd2f28d950457639eb7ea149"}, {0xe8, 0x10d, 0x6, "d9ed7391f1dc8f3f6fff62089e74f6541820cbf39b55690ef0aa46e4dbfbb99045e1da26ad87b28e0575ebce1fda130dc33817cb1832682ff35072332a004bbf3910de36d42ab1780ebff6d7d688537f99e81cdf7f5efdc0caba12404b057921c29d2d37abd552665049a0e7cbd85d662c8dac2a99e9fff2bccc93d20eea76440f013230f7340783d58793b063acc565f89e88a4387ba46e62e7c490891204f90a41f8f268f284a0fdd660c28b87e57379388a02d2e5db638bf3f1c4e138eb3d1174762a5b3b8ed613d81a4d21537e63e6f2"}, {0x40, 0x11b, 0x0, "986dfe92acdec85966867fd82e9b5dd28fda4ade448687ac0f6bbcb6fa597919d5c21ae906fa754e0b1afe87"}, {0xf8, 0x102, 0x8, "d6277b95b5b847baf03c9a098e3f98842d7e4a348ff0144981649505da5fc6e785527011212f2fb821a8510e272d7073105aec29b110c475d5fa803ff4f16a3a4a1f3254ba95cabe318aef019b60a1f2941523256e57b2f3997de7ea76b559bc395d954bbff7982c27f53fa7052990ba726da510a88df67e5f03759f624eb0003465448780eefb0367991115b8e0d262c67bb208ba7a2ee2ca07457e477b5fd27c8352953ee9622338d39073606f6e2d9adf5144876ad8216f2eac931a58d1bffd0a212eaca87b5c71caa189af33002003955ee221d84dcca4342f5411aea51743"}, {0x90, 0xff, 0xffffffff7fffffff, "bd8d81096ada35a62e2b7d2f43a0e16b92381ffe88a02e6ed3d274744e42b7ad0ff4aaedbecdb1f748888dca646755b9df42864534dc55c581aa5358120c5e67b7352d0762c5230f50580809661e8bfaa5ceb9e369822619244f3c48aee7f4d1e6cefa79ba1e945c580ac11349abbbf436b50a0084bf69094a536b83df5f"}, {0xc0, 0x10b, 0x7, "39ea2e57731e5cf8ea65bd1743d38e423e991454d53678617943253a5f56774e8301822ef5373ecf239135c5480580a7048da473b5f250b139cdcdf37d0ac1bf8a65613c9ef9596e1f56ace41695544f657f30dec3118cd943d391b5df0f5441c26968292ee8afa48f657c2373abea51c6af7527467aa029b741cdb238334d21e85b65d1d751a369e5945dccf9876716bb40b8170bc7cec7f61260bb7b902650d75b41907ce0c9a4542659"}, {0x60, 0x11f, 0x106, "9f9a62d59daf45b02ba1e7a845fcbcb5b37231dfc64bb181223be1a6e4acc92f31749d25a181fdedfd42d1380ac8a521f54fd44da413fafeae533afa8dbbe2884bb84f591d93d4cf19e43920d70b"}, {0x68, 0x104, 0x2bd, "84e4926d52d78e6f280848643cbed809454071c381ab97e0d02a15a8d973031d8f9629d3e546b6a31cfaf91a25eb771b280eaf890fcf188deb1536e8b4c90c66662eb4ccdbc46754720d13b453db1e922c7411c13e"}], 0x5f0, 0x40}, 0x20}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000200)="1f426e379ea28db5590b2dbca2a64c1dac0ad60b9b9b5786f479cec541467e3d4836d9e436d2a8d74567d4d26fdd86ccd117410d64f6ec981b79e5f1c47c01cd39b3097a94f460b430fe4a0f83f964cf169f15422910139173f8001fa536c605268fe918600b437af52203a774de03ab51d060e370", 0x75}, {&(0x7f0000000280)="4b30b5efe12db5b564efa6471dd632dd5f65030d1a3d13011765a17dd00471ece6dc774bf15605132523df5f430852a05a7316f3fb539e75d6d5fda8937745901223b3aaf0143aea7da040f438dbeb28f2852ef85445a02a57a5b0bfee6f667cf984ac883f641afac8e150326cbdc16fd3e3218085c3279f3199dcaa28014f514d682ff4c9a5d58a0464c3ba681b2996bd5d02745848d16d065507b73d1e4a9143fe7fe2aff35786eb7afe54165d5ae1eb55b66cbf9bb49e94f51bef7a8a220e56754598e4fcb7caa062cd211db837ae0284a213d973219133b6d67c257f462763a525918923221b10e3514e767632fbecd8cad870", 0xf5}, {&(0x7f0000000a00)="9a845be39fc822febbad390f6e43a5f9beb28bdb739747ed508dc031d0aad10adbbdac4edb2cd201d35d3a5759a65d62a0b2c8761b804a221788c42090ed12bac69755be268fbad4c39654bcd7a81ccda74b7222491574328e55f5ebb5b8b95ce0cd748e994cd5e9d645c029850f28297510f40add81433596ddbecd604a2778b719d5017c04b016facc38a66418317a76c00804b370658c10267275343a6956369c4493e47dc40309c17b91", 0xac}, {&(0x7f0000000380)}, {&(0x7f0000000ac0)="f823b236396f7dbb19a7f15f7c67550407e96a4c460fabf8bc1d9a74679063fb498efd8d3e75e97407720cf5bdf552fb7571fc3075128281a5ac1424e841d3a2ed751eb3359f339062c837d640cf26e7efede9cdfd2675ba9e0c1eef86e8e3736992b6489f67659080a9edf5107611ffbfefd25f2f6366357e84aed2780bbde53741423be002001e6cbd50be767401b6f4f1872e11bd1b18a8695657f3394ab0afb5ca690ab0f6c63dc99adb536e9d072ee2195f0ac0624345d6186a6d", 0xbd}, {&(0x7f0000000b80)="149164cb29354eda52db6698103f8e168ec40f4f6e2a120e29af23665d4c9b96791909cea50b8910c033fa038e074f74689c7cf80178afc3d062896f25e6f777917d6ed0a6b68938b9cfd6abac735b647de79318b232f42a44580c0b594548a63674a62bbc19f2cd7842e0c11398293fa6718f4ddf8cdd1968d018e280c25a15b6dd8d25c632", 0x86}], 0x6, &(0x7f0000001940)=ANY=[@ANYBLOB="88000000000000001f010000010000009db27311bb8f5c2c49243b064a44afe97c2b265da7d38d1addff63e31cd857f5ddab2864a5a4bfb0d9de21dca8090e32e7094957f8d063abc194625dc0886244a825b0f6e073d9875753056b68b92afd96e5f019b2ffff8ebea6934f7dec68c65e30d6ac0c40d5122029e3a17a614c5b4d23751581ea7449a80000000000000000000000030000008931ac81c3fab1f1578caa45597186b3d62eba9d362024e3f0559fa8c4a268a1ddcd97dc16d03653c197b2b1f12a90ce85ae851a43cc05b46b062ac944ba7dfc4a613edefed422844f6f5b68d64e4910b3f7a4a33383115f1da7b37957ddb21af7f95a1a53cc595bb80a85b30541b7e52b73dd5a123b8959314459e2f5d9efb24f8e9d0b8138b75f9ea89b5b5129d0f4eb160180119c46ad8ffe0c60cdd8c233b759000000000000a0000000000000000d01000000000000535be13949c1d10e64f128278d60715b4d406ae51d345a639a11ab4e501d0c1d1c91b38cb55e7ce111364daf098110f62896d40aeee7cc2142006f4741ee3966dfa0b834f10f0838dfe801283849981c54ce56ded9c3a21cb7e711e019b501aac4b291cba824e8f9f5322e123a172b46826af837fc67e54913d957178d9e5b40851190706ad492a61f08b22800bbb18cd3137bc7f08760188cc8fd6af5f20000000000000068000000000000001f0100000400000039631b0b017f1fa7d836b0821e62cbc8a55e6de0e91a8bfdc2cec151e36d89b382b1170c3068302ff01b176b0208b308adbaedac2d0200000076912513ffccec770f656fca7e3f5866c5b4d10fa946285a7b2982e4a78d00838bd45ecd6d95564eca3f158e5c9f45b6a9f3b615276a372b9572eee87ba78b055541efabfa3be7171606087945653fc30d785a3d59f3036217cf72a72fc92fb337c728f15577e54fdd3beaa619f25a650e8edb343cec60c2a7a94350ffd3285b82f7836f1273ca98ac7a4ef81038540000000000"], 0x260, 0x4000800}, 0x9}, {{&(0x7f0000000f40)=@nfc_llcp={0x27, 0x1, 0x2, 0x2, 0x7f, 0x8, "48471ca977294d8c25ab4d8b32e94f5cccde9198e39653bde7650c5422ef1231797e437f6861cc91c633bcc1bf0fdcacbbdb23a0f44ba4b6c69070faa08ee3", 0x1d}, 0x80, &(0x7f0000001040)=[{&(0x7f0000000fc0)="51b1cd0455ad728f74f27c161f2f1068e2230c7178d2c9058bb3a84841a69821221f135d17ffb04929fcb164d03c1161b8bba1c3ef0c9289fba68bd1a02ebac6bc5ad81c5db43785f400512b256210fc77df75258703a9953d3b84b11f6d4c94747fb27b743b2e6208cb5ad9", 0x6c}], 0x1}, 0x6}, {{&(0x7f0000001080)=@pppoe={0x18, 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'vlan0\x00'}}, 0x80, &(0x7f0000001240)=[{&(0x7f0000001100)="e31cb399f3dbdd5cff1a3f0c13c68f719c38d63cbe6e00bf75157c118741997ae870c1b74f938592d0fd882f6ca344772cab0bbcdf547d370fb43a6ac217a27ca1ac8de26ddc7edd3351a01c86443095159f63a7478769e574c67eb06f307c1797b39ee3027378e01650c9dfdba1903871399f810582f266d01180f0c824b8", 0x7f}, {&(0x7f0000001180)="c2483844efd7915b8a17ada40de1649f7d2b5cfe205749b27a40603fceb1a3c92ecf5f305386b1d623c9d710a9ca586d11f5a696ff4e4b79e45bda900b0bd80b669fc3ce071404da96b1efa9fc0f770b0691c296faf5b61c8091eabeb6e24ffdb06a0a205deef146863b6408474fa929f853bbf2c3e5989f10d7d62fd6542231c3882ae4891c5c9930b669d5b349e2fe28b4181283b593b09c5d6fde8f35d00919bf56496cc28d3766607f11f41c2cff7df21f", 0xb3}], 0x2, &(0x7f0000001280)=[{0x48, 0x114, 0x1, "1a573942d700a8aea1da4d698f031a8c071b5860ad34e5a3e823afc5cd6d8b103f22484ed5b8257e9174cf979a8a4fcdcdca"}, {0xd8, 0x19a, 0x117, "1c7cad52ad939a3f6dfbd55f8e6cff098b2beb96c4699b251d8e73660970ec73fd82147e19e586639ed4695292b94df522318f9cf1f68643739633a683cb84eef8615d9a5d5d8fbe461a723ebc83d700ff01aa1f531e7466b5a79a069d1c8b846a871cb0f1a763d7da28f10abc88bc6e03a5f9acb0b87f101059e45263b89178a6db5d23f703259d5441d3c6e3c1604fc9bd9428599f4fd8b6714c141d0d393de35053da7b237f2c7225c1e4728724720b8ecadfc39600370ce9e1d4bb405724f85a56"}, {0x20, 0x115, 0x8, "3d1d15ddcb06d8894b"}, {0xb0, 0x11f, 0x0, "0f343d0934ffe2f43776553f09c4e77be1b64f942e3afba3fc10311572c08f841a0c8e896bd79524003f74e0e3e6ced95c02d0e5a34e7ad8beed020b0eac966d99c714a29decc53915b8979e868cd6a4c99be7fe5a4ce14e4499cea950019305340314d10dd70c5371d436bc3cbd8d7967df8cc32da13f37e396f6a9648bc2483aef0f2bb0cff0cd543e147e812a0195e31ad148f015511a8931d96e2b859cd2"}, {0x110, 0x88, 0x7ff, "2e10fe8a9b82f322464f9e81af1c63d2ee996bb5688163306ea3296f6861f6102d8544437512e9d570da9cac040f809b55d722237698eb3db28747be484dea1c0aea801d4b1648ec21b497a0691bbde0913f46a05430bd12677bb45d4473245ec3f2e55ff4b922b7f39de49b406316068a0f13dda6d12b22122265a05b220e054d41723d82a39acf033753401f5c20eb6613fe3d081b340278934529c7424df01c9815c7eece46fcfa46851075ffe22523afc5ae1ef39f540c7debc1b1e6de231e771ecb0c0e2b9eeede026aa983da8b717f593a3bcc157327039b9d15977203f6b2f0b6aedfff59aa50cd5e64345daf00f27eac1613fd0057ac8eea"}, {0x108, 0x111, 0x7, "20877addeb6780b4bf801c0960e736df51b20596b9f4eed9e7aaef996d6088d481a5d459d0096ffe129cb2efcc602503913848b4c49e0fcc0857c4dbc71d2349a3bcc297a0a29bb1a2ad82905c7a6f0d4c12bf08d97430fe7f40e10804357d8a5c61403225aa5991319700d536b3ce3545371f100a5d25d69e2afc1ba1a88695c123492f4e822fdd4e5c723acc94abdfb5c793ca98ce299a3d0044df04169167531da6214e7772bc5cd854d7b6d6220c5030f9297947ec54212fe796408fd542338247798ebec117f496de07a2e5199db50ac673266be8f7ba6f574e32963d9cfa17767d735b02997d11a2485d4f76f4a1f6971506731c"}, {0xa0, 0x10f, 0x4, "dd2e543bc53b28f753eb3083c82d5e86305d3cb671fc3da983c7c7c3a37e5444ce9c8be4824c35b2e2a74f98003275c4262447837d93c6b485af7af74c814e9acf4dcfe83b33dd60adcd4724800d11f671d19697dfb3ac0d2cde6e92549cb041b8f5d803ed19ac96718598aef8008baf9b86a069beb7dc444a489da3a61fd3cc151addc02b764c20913a93c34749"}], 0x4a8, 0x20000800}, 0x3}], 0x4, 0x4000) socketpair$inet6(0xa, 0x0, 0x7, &(0x7f0000000380)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000001840)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000001880)=0x20) socket(0x1, 0x80805, 0x7) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000018c0)={r3}, &(0x7f0000001900)=0xc) 06:06:00 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000000)) 06:06:00 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000000140)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score\x00') preadv(r0, &(0x7f00000017c0), 0x10000000000001c0, 0x0) 06:06:00 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100), 0x0) 06:06:00 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1ff, 0x200) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000100)=0x0) mq_notify(r2, &(0x7f0000000140)={0x0, 0x13, 0x2, @tid=r3}) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9c84c8a594ab4ab7ac69e7265c448c2694b56cdf676aaf"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:00 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000000)) 06:06:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 06:06:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0", 0x8) 06:06:01 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:01 executing program 0: getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000180)) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x1, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) socket$l2tp(0x18, 0x1, 0x1) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000200)=""/181) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0x6) truncate(&(0x7f00000001c0)='./file0\x00', 0x64) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:01 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1d8f, 0x200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:01 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f0000000140)=0x100, 0xfd50) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000140), 0xfd57, 0x20000004, &(0x7f0000000080)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x73a) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) 06:06:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf", 0xc) [ 986.541302] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 06:06:01 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:01 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000000)={0x9, {0x7, 0x6}}) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="66c132066aefe3247d69f4b2f39bf9d9bc64b0e6ceb8b52abf54a7f51ab51112ada5c1938466e0071abe2ba8003d2fe02243187a42c853575955a03d11e3d53eed3adc5d8619cbe8fa81d52660bd94a8c4868338fcc9f6436fa2c3aa1c1270e9fdb8537f0e6b1c6d4041f3e0"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd", 0xe) 06:06:02 executing program 2: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x8c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1c) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r2 = socket(0x11, 0x80002, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000300), 0x8, 0x0) bind$packet(r2, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r2, 0x107, 0x5, &(0x7f0000001000), 0xc5) r3 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0xc9}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) setxattr$security_smack_entry(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='security.SMACK64MMAP\x00', &(0x7f0000000540)='GPL\x00', 0x4, 0x0) 06:06:02 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet6(r0, &(0x7f00000000c0)="30f890be39be361ed348ed6febf12fa5d07fb9402c32edd311607a134fbeba23d34d28e2cedf1f47492d1e18fad459a0fd77b34fedfb961ae1978105a52c8098ae25cbaf244e0dcb80fef3421db4154eefca77792b27ae2c3d662aebc8ea37bcb776ff3f21cb0632e7fbadd52a94f2bcf66595c85987aeed6a3200cad7da39f829da90488c2cdb2e0d8001bcf27fccaa12bcc6feff526c607084197001160e1291998c8fa6a9a237f2f79337785d0709f5110b558215a7", 0xb7, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0xd6, @mcast1, 0xfffffffffffffffc}, 0x1c) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:02 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0xb) 06:06:02 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b", 0xf) 06:06:02 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ca27504ec6af7ec764618167dd4d7748775c2bac90478476a3e91f08b81200ea4c4e3ed1710c960e39e3779029d31b36603c9cca2365c698ab27be49c0fdca41ead555cea27e9dcf30c18a9cd3c1c2989cd3bb6654b1d502b8f14c828915079427cbaa20db4adea114f12bcdc6d68ba94ab288126a841fc3228453fb34c5479e06290adfa17dbbe39a142f605283f2b864fadf58a852a1"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:02 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket(0xb, 0xa, 0x5) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000080)=0x4) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:02 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='sched\x00') execveat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f0000000180), 0x0) 06:06:02 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01ab", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 988.072354] Dead loop on virtual device ip6_vti0, fix it urgently! [ 988.082051] Dead loop on virtual device ip6_vti0, fix it urgently! [ 988.151429] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:03 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'team_slave_0\x00', 0x327}) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f00000000c0)=0x2) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0xffffff2c) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000100)={0x8, 0x20, [0x6, 0x7, 0xae93, 0x7, 0x100000001, 0x3ff, 0x2, 0xe1]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) r4 = syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') accept$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000240)=0x14) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000280)={@dev, @rand_addr, 0x0}, &(0x7f00000002c0)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in=@multicast1}}, &(0x7f0000000400)=0xe8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'team0\x00', 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000580)=0xe8) getsockname$packet(r1, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000600)=0x14) getpeername$packet(r1, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000680)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000006c0)={'vcan0\x00', 0x0}) getsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000700)={@broadcast, @loopback, 0x0}, &(0x7f0000000740)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000780)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000880)=0xe8) getpeername(r3, &(0x7f00000008c0)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000940)=0x80) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000980)={@dev, @rand_addr, 0x0}, &(0x7f00000009c0)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000013c0)={{{@in, @in6=@ipv4={[], [], @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@remote}}, &(0x7f0000001340)=0xe8) getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f00000015c0)={@remote, @empty, 0x0}, &(0x7f0000001600)=0xc) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000001e80)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001e40)={&(0x7f0000001640)={0x7e0, r4, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [{{0x8, 0x1, r5}, {0x78, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r7}, {0x13c, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x400}}}]}}, {{0x8, 0x1, r8}, {0x214, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x15c}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r11}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r13}, {0xc4, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r14}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x1c, 0x4, [{0x1, 0x7fff, 0x0, 0x1}, {0x9c00, 0x1000, 0x3, 0x30e82cc9}, {0x2, 0x4, 0x5, 0xffff}]}}}]}}, {{0x8, 0x1, r15}, {0x1bc, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x90}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r16}}}, {0x5c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x2c, 0x4, [{0x8001, 0xffff, 0x0, 0x2}, {0x4, 0x800, 0x5, 0x1f}, {0x1, 0x10001, 0x20, 0x101}, {0x5, 0x10001, 0x5, 0x5}, {0x2, 0x0, 0x5, 0x7fff}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x7fff}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r17}, {0x154, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0xfffffffeffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r18}}}, {0x6c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x3c, 0x4, [{0x4, 0x3, 0x5, 0x20}, {0x7, 0x0, 0x3, 0x3}, {0xffffffff, 0x200, 0x0, 0x1}, {0xfffffffffffffff7, 0x5, 0x4, 0x8}, {0xfffffffffffffffb, 0x11c0000, 0x3ff, 0xffffffffffffff81}, {0xd3, 0x8, 0x7ff, 0x5}, {0x363, 0x3, 0x1f, 0x7}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x100}}}]}}]}, 0x7e0}, 0x1, 0x0, 0x0, 0x810}, 0x44000) [ 988.212349] Dead loop on virtual device ip6_vti0, fix it urgently! [ 988.258555] not chained 1950000 origins [ 988.261839] CPU: 1 PID: 25932 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 988.267746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 988.267746] Call Trace: [ 988.267746] dump_stack+0x32d/0x480 [ 988.267746] kmsan_internal_chain_origin+0x222/0x240 [ 988.267746] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 988.267746] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.267746] ? save_stack_trace+0xc6/0x110 [ 988.267746] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 988.267746] ? kmsan_internal_chain_origin+0x90/0x240 [ 988.267746] ? get_stack_info+0x863/0x9d0 [ 988.267746] __msan_chain_origin+0x6d/0xd0 [ 988.267746] ? __x64_sys_sendmmsg+0x56/0x70 [ 988.267746] __save_stack_trace+0x8be/0xc60 [ 988.267746] ? __x64_sys_sendmmsg+0x56/0x70 [ 988.267746] save_stack_trace+0xc6/0x110 [ 988.267746] kmsan_internal_chain_origin+0x136/0x240 [ 988.267746] ? kmsan_internal_chain_origin+0x136/0x240 [ 988.267746] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 988.267746] ? __msan_memcpy+0x6f/0x80 [ 988.267746] ? pskb_expand_head+0x43b/0x1d20 [ 988.267746] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 988.267746] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 988.371976] ? ___sys_sendmsg+0xe68/0x1250 [ 988.371976] ? __sys_sendmmsg+0x56b/0xa90 [ 988.371976] ? __se_sys_sendmmsg+0xbd/0xe0 [ 988.384431] ? __x64_sys_sendmmsg+0x56/0x70 [ 988.384431] ? do_syscall_64+0xcf/0x110 [ 988.384431] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.384431] ? __msan_poison_alloca+0x1e0/0x2b0 [ 988.384431] ? __msan_metadata_ptr_for_load_8+0x10/0x20 06:06:03 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f", 0x1c) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 988.407682] ? memcg_kmem_put_cache+0x8e/0x460 [ 988.407682] ? __msan_get_context_state+0x9/0x30 [ 988.407682] ? INIT_INT+0xc/0x30 [ 988.407682] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 988.426553] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.426553] __msan_memcpy+0x6f/0x80 [ 988.426553] pskb_expand_head+0x43b/0x1d20 [ 988.426553] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.426553] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.426553] ___sys_sendmsg+0xe68/0x1250 [ 988.426553] ? pppol2tp_getsockopt+0x1060/0x1060 [ 988.426553] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 988.426553] ? kmsan_set_origin+0x83/0x130 [ 988.426553] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 988.426553] ? _cond_resched+0xc7/0x120 [ 988.426553] __sys_sendmmsg+0x56b/0xa90 [ 988.426553] ? syscall_return_slowpath+0x123/0x8c0 [ 988.426553] ? put_timespec64+0x162/0x220 [ 988.426553] __se_sys_sendmmsg+0xbd/0xe0 [ 988.426553] __x64_sys_sendmmsg+0x56/0x70 [ 988.426553] do_syscall_64+0xcf/0x110 [ 988.426553] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.426553] RIP: 0033:0x457569 [ 988.426553] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 988.426553] RSP: 002b:00007f8c33cf3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 988.426553] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 988.426553] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 988.426553] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 988.426553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf46d4 [ 988.426553] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 988.571985] Uninit was stored to memory at: [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] __msan_chain_origin+0x6d/0xd0 [ 988.571985] __save_stack_trace+0x8be/0xc60 [ 988.571985] save_stack_trace+0xc6/0x110 [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.571985] __msan_memcpy+0x6f/0x80 [ 988.571985] pskb_expand_head+0x43b/0x1d20 [ 988.571985] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.571985] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.571985] ___sys_sendmsg+0xe68/0x1250 [ 988.571985] __sys_sendmmsg+0x56b/0xa90 [ 988.571985] __se_sys_sendmmsg+0xbd/0xe0 [ 988.571985] __x64_sys_sendmmsg+0x56/0x70 [ 988.571985] do_syscall_64+0xcf/0x110 [ 988.571985] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.571985] [ 988.571985] Uninit was stored to memory at: [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] __msan_chain_origin+0x6d/0xd0 [ 988.571985] __save_stack_trace+0x8be/0xc60 [ 988.571985] save_stack_trace+0xc6/0x110 [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.571985] __msan_memcpy+0x6f/0x80 [ 988.571985] pskb_expand_head+0x43b/0x1d20 [ 988.571985] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.571985] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.571985] ___sys_sendmsg+0xe68/0x1250 [ 988.571985] __sys_sendmmsg+0x56b/0xa90 [ 988.571985] __se_sys_sendmmsg+0xbd/0xe0 [ 988.571985] __x64_sys_sendmmsg+0x56/0x70 [ 988.571985] do_syscall_64+0xcf/0x110 [ 988.571985] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.571985] [ 988.571985] Uninit was stored to memory at: [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] __msan_chain_origin+0x6d/0xd0 [ 988.571985] __save_stack_trace+0x8be/0xc60 [ 988.571985] save_stack_trace+0xc6/0x110 [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.571985] __msan_memcpy+0x6f/0x80 [ 988.571985] pskb_expand_head+0x43b/0x1d20 [ 988.571985] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.571985] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.571985] ___sys_sendmsg+0xe68/0x1250 [ 988.571985] __sys_sendmmsg+0x56b/0xa90 [ 988.571985] __se_sys_sendmmsg+0xbd/0xe0 [ 988.571985] __x64_sys_sendmmsg+0x56/0x70 [ 988.571985] do_syscall_64+0xcf/0x110 [ 988.571985] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.571985] [ 988.571985] Uninit was stored to memory at: [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] __msan_chain_origin+0x6d/0xd0 [ 988.571985] __save_stack_trace+0x8be/0xc60 [ 988.571985] save_stack_trace+0xc6/0x110 [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.571985] __msan_memcpy+0x6f/0x80 [ 988.571985] pskb_expand_head+0x43b/0x1d20 [ 988.571985] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.571985] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.571985] ___sys_sendmsg+0xe68/0x1250 [ 988.571985] __sys_sendmmsg+0x56b/0xa90 [ 988.571985] __se_sys_sendmmsg+0xbd/0xe0 [ 988.571985] __x64_sys_sendmmsg+0x56/0x70 [ 988.571985] do_syscall_64+0xcf/0x110 [ 988.571985] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.571985] [ 988.571985] Uninit was stored to memory at: [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] __msan_chain_origin+0x6d/0xd0 [ 988.571985] __save_stack_trace+0x8be/0xc60 [ 988.571985] save_stack_trace+0xc6/0x110 [ 988.571985] kmsan_internal_chain_origin+0x136/0x240 [ 988.571985] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.901969] __msan_memcpy+0x6f/0x80 [ 988.908858] pskb_expand_head+0x43b/0x1d20 [ 988.908858] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.908858] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.908858] ___sys_sendmsg+0xe68/0x1250 [ 988.908858] __sys_sendmmsg+0x56b/0xa90 [ 988.908858] __se_sys_sendmmsg+0xbd/0xe0 [ 988.908858] __x64_sys_sendmmsg+0x56/0x70 [ 988.908858] do_syscall_64+0xcf/0x110 [ 988.908858] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.908858] [ 988.908858] Uninit was stored to memory at: [ 988.908858] kmsan_internal_chain_origin+0x136/0x240 [ 988.908858] __msan_chain_origin+0x6d/0xd0 [ 988.908858] __save_stack_trace+0x8be/0xc60 [ 988.908858] save_stack_trace+0xc6/0x110 [ 988.908858] kmsan_internal_chain_origin+0x136/0x240 [ 988.972039] kmsan_memcpy_origins+0x13d/0x1b0 [ 988.972039] __msan_memcpy+0x6f/0x80 [ 988.972039] pskb_expand_head+0x43b/0x1d20 [ 988.972039] l2tp_xmit_skb+0x5a7/0x24b0 [ 988.972039] pppol2tp_sendmsg+0x7a6/0xba0 [ 988.972039] ___sys_sendmsg+0xe68/0x1250 [ 988.972039] __sys_sendmmsg+0x56b/0xa90 [ 988.972039] __se_sys_sendmmsg+0xbd/0xe0 [ 988.972039] __x64_sys_sendmmsg+0x56/0x70 [ 988.972039] do_syscall_64+0xcf/0x110 [ 988.972039] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 988.972039] [ 988.972039] Uninit was stored to memory at: [ 988.972039] kmsan_internal_chain_origin+0x136/0x240 [ 988.972039] __msan_chain_origin+0x6d/0xd0 [ 988.972039] __save_stack_trace+0x8be/0xc60 [ 989.041994] save_stack_trace+0xc6/0x110 [ 989.041994] kmsan_internal_chain_origin+0x136/0x240 [ 989.041994] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.041994] __msan_memcpy+0x6f/0x80 [ 989.041994] pskb_expand_head+0x43b/0x1d20 [ 989.041994] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.041994] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.041994] ___sys_sendmsg+0xe68/0x1250 [ 989.041994] __sys_sendmmsg+0x56b/0xa90 [ 989.041994] __se_sys_sendmmsg+0xbd/0xe0 [ 989.041994] __x64_sys_sendmmsg+0x56/0x70 [ 989.041994] do_syscall_64+0xcf/0x110 [ 989.041994] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.041994] [ 989.041994] Local variable description: ----iph@ip_vs_out [ 989.041994] Variable was created at: [ 989.041994] ip_vs_out+0x1bf/0x4570 [ 989.111946] ip_vs_local_reply6+0xec/0x130 [ 989.213816] Dead loop on virtual device ip6_vti0, fix it urgently! [ 989.275814] not chained 1960000 origins [ 989.279826] CPU: 1 PID: 25932 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 989.281805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 989.281805] Call Trace: [ 989.281805] dump_stack+0x32d/0x480 [ 989.281805] kmsan_internal_chain_origin+0x222/0x240 [ 989.281805] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 989.281805] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.281805] ? save_stack_trace+0xc6/0x110 [ 989.281805] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 989.322006] ? kmsan_internal_chain_origin+0x90/0x240 [ 989.322006] ? get_stack_info+0x863/0x9d0 [ 989.322006] __msan_chain_origin+0x6d/0xd0 [ 989.322006] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 989.322006] __save_stack_trace+0x8be/0xc60 [ 989.322006] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 989.322006] save_stack_trace+0xc6/0x110 [ 989.322006] kmsan_internal_chain_origin+0x136/0x240 [ 989.322006] ? kmsan_internal_chain_origin+0x136/0x240 [ 989.322006] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 989.322006] ? __msan_memcpy+0x6f/0x80 06:06:04 executing program 2: 06:06:04 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:04 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a90", 0x1e) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:04 executing program 1: [ 989.322006] ? pskb_expand_head+0x43b/0x1d20 [ 989.322006] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 989.322006] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 989.322006] ? ___sys_sendmsg+0xe68/0x1250 [ 989.322006] ? __sys_sendmmsg+0x56b/0xa90 [ 989.322006] ? __se_sys_sendmmsg+0xbd/0xe0 [ 989.322006] ? __x64_sys_sendmmsg+0x56/0x70 [ 989.404863] ? do_syscall_64+0xcf/0x110 [ 989.404863] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.404863] ? __msan_poison_alloca+0x1e0/0x2b0 [ 989.404863] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 989.404863] ? memcg_kmem_put_cache+0x8e/0x460 [ 989.428709] ? __msan_get_context_state+0x9/0x30 [ 989.428709] ? INIT_INT+0xc/0x30 [ 989.428709] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 989.428709] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.446660] __msan_memcpy+0x6f/0x80 [ 989.446660] pskb_expand_head+0x43b/0x1d20 [ 989.446660] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.446660] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.446660] ___sys_sendmsg+0xe68/0x1250 [ 989.446660] ? pppol2tp_getsockopt+0x1060/0x1060 [ 989.446660] ? __msan_poison_alloca+0x1e0/0x2b0 [ 989.475029] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 989.475029] ? rcu_all_qs+0x3b/0x310 [ 989.475029] ? _cond_resched+0x59/0x120 [ 989.475029] ? rcu_all_qs+0x53/0x310 [ 989.475029] ? _cond_resched+0x37/0x120 [ 989.475029] ? __sys_sendmmsg+0x7c9/0xa90 [ 989.475029] ? _cond_resched+0x59/0x120 [ 989.475029] __sys_sendmmsg+0x56b/0xa90 [ 989.475029] ? syscall_return_slowpath+0x123/0x8c0 [ 989.475029] ? put_timespec64+0x162/0x220 [ 989.475029] __se_sys_sendmmsg+0xbd/0xe0 [ 989.522257] __x64_sys_sendmmsg+0x56/0x70 [ 989.522257] do_syscall_64+0xcf/0x110 [ 989.522257] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.522257] RIP: 0033:0x457569 [ 989.522257] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 989.549883] RSP: 002b:00007f8c33cf3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 989.549883] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 989.549883] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 989.549883] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 989.549883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf46d4 [ 989.549883] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 989.549883] Uninit was stored to memory at: [ 989.549883] kmsan_internal_chain_origin+0x136/0x240 [ 989.549883] __msan_chain_origin+0x6d/0xd0 [ 989.549883] __save_stack_trace+0x8be/0xc60 [ 989.549883] save_stack_trace+0xc6/0x110 [ 989.549883] kmsan_internal_chain_origin+0x136/0x240 [ 989.549883] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.549883] __msan_memcpy+0x6f/0x80 [ 989.549883] pskb_expand_head+0x43b/0x1d20 [ 989.549883] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.549883] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.549883] ___sys_sendmsg+0xe68/0x1250 [ 989.549883] __sys_sendmmsg+0x56b/0xa90 [ 989.549883] __se_sys_sendmmsg+0xbd/0xe0 [ 989.549883] __x64_sys_sendmmsg+0x56/0x70 [ 989.549883] do_syscall_64+0xcf/0x110 [ 989.549883] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.549883] [ 989.549883] Uninit was stored to memory at: [ 989.549883] kmsan_internal_chain_origin+0x136/0x240 [ 989.549883] __msan_chain_origin+0x6d/0xd0 [ 989.549883] __save_stack_trace+0x8be/0xc60 [ 989.549883] save_stack_trace+0xc6/0x110 [ 989.549883] kmsan_internal_chain_origin+0x136/0x240 [ 989.549883] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.549883] __msan_memcpy+0x6f/0x80 [ 989.549883] pskb_expand_head+0x43b/0x1d20 [ 989.549883] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.549883] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.549883] ___sys_sendmsg+0xe68/0x1250 [ 989.549883] __sys_sendmmsg+0x56b/0xa90 [ 989.549883] __se_sys_sendmmsg+0xbd/0xe0 [ 989.549883] __x64_sys_sendmmsg+0x56/0x70 [ 989.549883] do_syscall_64+0xcf/0x110 [ 989.549883] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.549883] [ 989.549883] Uninit was stored to memory at: [ 989.549883] kmsan_internal_chain_origin+0x136/0x240 [ 989.549883] __msan_chain_origin+0x6d/0xd0 [ 989.549883] __save_stack_trace+0x8be/0xc60 [ 989.549883] save_stack_trace+0xc6/0x110 06:06:04 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c07b4783c087854cdcfb0ea746e40b65aa22b12e70975502922ce8b71ec8f5eddf67c4ccf4896d8f94232d3f820e578ff090a08158bf488599523fa8de2dd27a84a08e4a0ed89a666f00c20aa0465d7d0fd910a5e8a6a70713b090948b74f00dbe5047b6c45b77c304d30cf090243f57ed060b3749395029c598de944a1f3f099fcf6fb4c5283c009316577c361a019962dd220c86eeb13efec71233a478"], 0x1}}, 0x0) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)={@empty, @loopback, 0x0, 0x2, [@multicast2, @multicast1]}, 0x18) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:04 executing program 2: [ 989.549883] kmsan_internal_chain_origin+0x136/0x240 [ 989.549883] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.549883] __msan_memcpy+0x6f/0x80 [ 989.549883] pskb_expand_head+0x43b/0x1d20 [ 989.549883] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.549883] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.549883] ___sys_sendmsg+0xe68/0x1250 [ 989.549883] __sys_sendmmsg+0x56b/0xa90 [ 989.549883] __se_sys_sendmmsg+0xbd/0xe0 [ 989.549883] __x64_sys_sendmmsg+0x56/0x70 [ 989.549883] do_syscall_64+0xcf/0x110 [ 989.549883] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.549883] [ 989.828919] Uninit was stored to memory at: [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] __msan_chain_origin+0x6d/0xd0 [ 989.828919] __save_stack_trace+0x8be/0xc60 [ 989.828919] save_stack_trace+0xc6/0x110 [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.828919] __msan_memcpy+0x6f/0x80 [ 989.828919] pskb_expand_head+0x43b/0x1d20 [ 989.828919] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.828919] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.828919] ___sys_sendmsg+0xe68/0x1250 [ 989.828919] __sys_sendmmsg+0x56b/0xa90 [ 989.828919] __se_sys_sendmmsg+0xbd/0xe0 [ 989.828919] __x64_sys_sendmmsg+0x56/0x70 [ 989.828919] do_syscall_64+0xcf/0x110 [ 989.828919] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.828919] [ 989.828919] Uninit was stored to memory at: [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] __msan_chain_origin+0x6d/0xd0 [ 989.828919] __save_stack_trace+0x8be/0xc60 [ 989.828919] save_stack_trace+0xc6/0x110 [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.828919] __msan_memcpy+0x6f/0x80 [ 989.828919] pskb_expand_head+0x43b/0x1d20 [ 989.828919] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.828919] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.828919] ___sys_sendmsg+0xe68/0x1250 [ 989.828919] __sys_sendmmsg+0x56b/0xa90 [ 989.828919] __se_sys_sendmmsg+0xbd/0xe0 [ 989.828919] __x64_sys_sendmmsg+0x56/0x70 [ 989.828919] do_syscall_64+0xcf/0x110 [ 989.828919] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.828919] [ 989.828919] Uninit was stored to memory at: [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] __msan_chain_origin+0x6d/0xd0 [ 989.828919] __save_stack_trace+0x8be/0xc60 [ 989.828919] save_stack_trace+0xc6/0x110 [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.828919] __msan_memcpy+0x6f/0x80 [ 989.828919] pskb_expand_head+0x43b/0x1d20 [ 989.828919] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.828919] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.828919] ___sys_sendmsg+0xe68/0x1250 [ 989.828919] __sys_sendmmsg+0x56b/0xa90 [ 989.828919] __se_sys_sendmmsg+0xbd/0xe0 [ 989.828919] __x64_sys_sendmmsg+0x56/0x70 [ 989.828919] do_syscall_64+0xcf/0x110 [ 989.828919] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.828919] [ 989.828919] Uninit was stored to memory at: [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] __msan_chain_origin+0x6d/0xd0 [ 989.828919] __save_stack_trace+0x8be/0xc60 [ 989.828919] save_stack_trace+0xc6/0x110 [ 989.828919] kmsan_internal_chain_origin+0x136/0x240 [ 989.828919] kmsan_memcpy_origins+0x13d/0x1b0 [ 989.828919] __msan_memcpy+0x6f/0x80 [ 989.828919] pskb_expand_head+0x43b/0x1d20 [ 989.828919] l2tp_xmit_skb+0x5a7/0x24b0 [ 989.828919] pppol2tp_sendmsg+0x7a6/0xba0 [ 989.828919] ___sys_sendmsg+0xe68/0x1250 [ 989.828919] __sys_sendmmsg+0x56b/0xa90 [ 989.828919] __se_sys_sendmmsg+0xbd/0xe0 [ 989.828919] __x64_sys_sendmmsg+0x56/0x70 [ 989.828919] do_syscall_64+0xcf/0x110 [ 989.828919] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 989.828919] [ 989.828919] Local variable description: ----iph@ip_vs_out [ 989.828919] Variable was created at: [ 989.828919] ip_vs_out+0x1bf/0x4570 [ 989.828919] ip_vs_local_reply6+0xec/0x130 [ 990.385391] Dead loop on virtual device ip6_vti0, fix it urgently! [ 990.461109] not chained 1970000 origins [ 990.461899] CPU: 1 PID: 25932 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 990.461899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 990.474616] Call Trace: [ 990.474616] dump_stack+0x32d/0x480 [ 990.474616] kmsan_internal_chain_origin+0x222/0x240 [ 990.474616] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 990.474616] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.502070] ? save_stack_trace+0xc6/0x110 [ 990.502771] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 990.502771] ? kmsan_internal_chain_origin+0x90/0x240 [ 990.502771] ? get_stack_info+0x863/0x9d0 [ 990.502771] __msan_chain_origin+0x6d/0xd0 [ 990.502771] __save_stack_trace+0x833/0xc60 [ 990.502771] ? save_stack_trace+0xc6/0x110 [ 990.502771] save_stack_trace+0xc6/0x110 [ 990.502771] kmsan_internal_chain_origin+0x136/0x240 [ 990.502771] ? kmsan_internal_chain_origin+0x136/0x240 [ 990.502771] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 990.502771] ? __msan_memcpy+0x6f/0x80 [ 990.502771] ? pskb_expand_head+0x43b/0x1d20 [ 990.502771] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 990.502771] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 990.502771] ? ___sys_sendmsg+0xe68/0x1250 [ 990.571952] ? __sys_sendmmsg+0x56b/0xa90 [ 990.576586] ? __se_sys_sendmmsg+0xbd/0xe0 [ 990.576586] ? __x64_sys_sendmmsg+0x56/0x70 [ 990.576586] ? do_syscall_64+0xcf/0x110 [ 990.576586] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.576586] ? __msan_poison_alloca+0x1e0/0x2b0 [ 990.576586] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 990.576586] ? memcg_kmem_put_cache+0x8e/0x460 [ 990.576586] ? __msan_get_context_state+0x9/0x30 [ 990.576586] ? INIT_INT+0xc/0x30 [ 990.576586] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 990.576586] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.576586] __msan_memcpy+0x6f/0x80 [ 990.576586] pskb_expand_head+0x43b/0x1d20 [ 990.576586] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.576586] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.641963] ___sys_sendmsg+0xe68/0x1250 [ 990.641963] ? pppol2tp_getsockopt+0x1060/0x1060 [ 990.641963] ? __msan_poison_alloca+0x1e0/0x2b0 [ 990.641963] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 990.641963] ? rcu_all_qs+0x3b/0x310 [ 990.641963] ? _cond_resched+0x59/0x120 [ 990.641963] ? rcu_all_qs+0x53/0x310 [ 990.641963] ? _cond_resched+0x37/0x120 [ 990.641963] ? __sys_sendmmsg+0x7c9/0xa90 [ 990.641963] ? _cond_resched+0x59/0x120 [ 990.641963] __sys_sendmmsg+0x56b/0xa90 [ 990.641963] ? syscall_return_slowpath+0x123/0x8c0 [ 990.641963] ? put_timespec64+0x162/0x220 [ 990.641963] __se_sys_sendmmsg+0xbd/0xe0 [ 990.641963] __x64_sys_sendmmsg+0x56/0x70 [ 990.641963] do_syscall_64+0xcf/0x110 [ 990.712019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.712019] RIP: 0033:0x457569 [ 990.712019] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 990.712019] RSP: 002b:00007f8c33cf3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 990.712019] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 990.712019] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 990.712019] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 990.712019] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf46d4 [ 990.712019] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] save_stack_trace+0xfa/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] __save_stack_trace+0x833/0xc60 [ 990.781972] save_stack_trace+0xc6/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] save_stack_trace+0xfa/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] __save_stack_trace+0x833/0xc60 [ 990.781972] save_stack_trace+0xc6/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] save_stack_trace+0xfa/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] __save_stack_trace+0x833/0xc60 [ 990.781972] save_stack_trace+0xc6/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Uninit was stored to memory at: [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] __msan_chain_origin+0x6d/0xd0 [ 990.781972] save_stack_trace+0xfa/0x110 [ 990.781972] kmsan_internal_chain_origin+0x136/0x240 [ 990.781972] kmsan_memcpy_origins+0x13d/0x1b0 [ 990.781972] __msan_memcpy+0x6f/0x80 [ 990.781972] pskb_expand_head+0x43b/0x1d20 [ 990.781972] l2tp_xmit_skb+0x5a7/0x24b0 [ 990.781972] pppol2tp_sendmsg+0x7a6/0xba0 [ 990.781972] ___sys_sendmsg+0xe68/0x1250 [ 990.781972] __sys_sendmmsg+0x56b/0xa90 [ 990.781972] __se_sys_sendmmsg+0xbd/0xe0 [ 990.781972] __x64_sys_sendmmsg+0x56/0x70 [ 990.781972] do_syscall_64+0xcf/0x110 [ 990.781972] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 990.781972] [ 990.781972] Local variable description: ----iph@ip_vs_out [ 990.781972] Variable was created at: [ 990.781972] ip_vs_out+0x1bf/0x4570 [ 990.781972] ip_vs_local_reply6+0xec/0x130 [ 991.312049] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:06 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x8e0, @loopback, 0x800000000000009}, 0x1c) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 991.512961] not chained 1980000 origins [ 991.516986] CPU: 0 PID: 25969 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 991.521829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 991.521829] Call Trace: [ 991.521829] dump_stack+0x32d/0x480 [ 991.521829] kmsan_internal_chain_origin+0x222/0x240 [ 991.521829] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 991.521829] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.521829] ? save_stack_trace+0xc6/0x110 [ 991.521829] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 991.521829] ? kmsan_internal_chain_origin+0x90/0x240 [ 991.521829] ? get_stack_info+0x863/0x9d0 [ 991.521829] __msan_chain_origin+0x6d/0xd0 [ 991.521829] ? __x64_sys_sendmmsg+0x56/0x70 [ 991.521829] __save_stack_trace+0x8be/0xc60 [ 991.521829] ? __x64_sys_sendmmsg+0x56/0x70 [ 991.521829] save_stack_trace+0xc6/0x110 [ 991.521829] kmsan_internal_chain_origin+0x136/0x240 [ 991.521829] ? kmsan_internal_chain_origin+0x136/0x240 [ 991.521829] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 991.521829] ? __msan_memcpy+0x6f/0x80 [ 991.521829] ? pskb_expand_head+0x43b/0x1d20 [ 991.521829] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 991.521829] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 991.521829] ? ___sys_sendmsg+0xe68/0x1250 [ 991.521829] ? __sys_sendmmsg+0x56b/0xa90 [ 991.521829] ? __se_sys_sendmmsg+0xbd/0xe0 [ 991.521829] ? __x64_sys_sendmmsg+0x56/0x70 [ 991.521829] ? do_syscall_64+0xcf/0x110 [ 991.521829] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.521829] ? __msan_poison_alloca+0x1e0/0x2b0 [ 991.657016] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 991.661896] ? memcg_kmem_put_cache+0x8e/0x460 [ 991.661896] ? __msan_get_context_state+0x9/0x30 [ 991.661896] ? INIT_INT+0xc/0x30 [ 991.661896] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] ? pppol2tp_getsockopt+0x1060/0x1060 [ 991.661896] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 991.661896] ? kmsan_set_origin+0x83/0x130 [ 991.661896] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 991.661896] ? _cond_resched+0xc7/0x120 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] ? syscall_return_slowpath+0x123/0x8c0 [ 991.661896] ? put_timespec64+0x162/0x220 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] RIP: 0033:0x457569 [ 991.661896] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 991.661896] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 991.661896] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 991.661896] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 991.661896] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 991.661896] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 991.661896] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Uninit was stored to memory at: [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] __msan_chain_origin+0x6d/0xd0 [ 991.661896] __save_stack_trace+0x8be/0xc60 [ 991.661896] save_stack_trace+0xc6/0x110 [ 991.661896] kmsan_internal_chain_origin+0x136/0x240 [ 991.661896] kmsan_memcpy_origins+0x13d/0x1b0 [ 991.661896] __msan_memcpy+0x6f/0x80 [ 991.661896] pskb_expand_head+0x43b/0x1d20 [ 991.661896] l2tp_xmit_skb+0x5a7/0x24b0 [ 991.661896] pppol2tp_sendmsg+0x7a6/0xba0 [ 991.661896] ___sys_sendmsg+0xe68/0x1250 [ 991.661896] __sys_sendmmsg+0x56b/0xa90 [ 991.661896] __se_sys_sendmmsg+0xbd/0xe0 [ 991.661896] __x64_sys_sendmmsg+0x56/0x70 [ 991.661896] do_syscall_64+0xcf/0x110 [ 991.661896] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 991.661896] [ 991.661896] Local variable description: ----iph@ip_vs_out [ 991.661896] Variable was created at: [ 991.661896] ip_vs_out+0x1bf/0x4570 [ 991.661896] ip_vs_local_reply6+0xec/0x130 [ 992.370849] Dead loop on virtual device ip6_vti0, fix it urgently! [ 992.404918] CPU: 0 PID: 25969 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 992.411870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 992.411870] Call Trace: [ 992.411870] dump_stack+0x32d/0x480 [ 992.411870] kmsan_internal_chain_origin+0x222/0x240 [ 992.411870] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 992.411870] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.411870] ? save_stack_trace+0xc6/0x110 [ 992.411870] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 992.411870] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 992.411870] ? get_stack_info+0x863/0x9d0 [ 992.411870] __msan_chain_origin+0x6d/0xd0 [ 992.411870] ? pskb_expand_head+0x43b/0x1d20 [ 992.411870] __save_stack_trace+0x8be/0xc60 [ 992.411870] ? pskb_expand_head+0x43b/0x1d20 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] ? kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] ? __msan_memcpy+0x6f/0x80 [ 992.477519] ? pskb_expand_head+0x43b/0x1d20 [ 992.477519] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ? ___sys_sendmsg+0xe68/0x1250 [ 992.477519] ? __sys_sendmmsg+0x56b/0xa90 [ 992.477519] ? __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] ? __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] ? do_syscall_64+0xcf/0x110 [ 992.477519] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] ? __msan_poison_alloca+0x1e0/0x2b0 [ 992.477519] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 992.477519] ? memcg_kmem_put_cache+0x8e/0x460 [ 992.477519] ? __msan_get_context_state+0x9/0x30 [ 992.477519] ? INIT_INT+0xc/0x30 [ 992.477519] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] ? pppol2tp_getsockopt+0x1060/0x1060 [ 992.477519] ? __msan_poison_alloca+0x1e0/0x2b0 [ 992.477519] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 992.477519] ? rcu_all_qs+0x3b/0x310 [ 992.477519] ? _cond_resched+0x59/0x120 [ 992.477519] ? rcu_all_qs+0x53/0x310 [ 992.477519] ? _cond_resched+0x37/0x120 [ 992.477519] ? __sys_sendmmsg+0x7c9/0xa90 [ 992.477519] ? _cond_resched+0x59/0x120 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] ? syscall_return_slowpath+0x123/0x8c0 [ 992.477519] ? put_timespec64+0x162/0x220 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] RIP: 0033:0x457569 [ 992.477519] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 992.477519] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 992.477519] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 992.477519] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 992.477519] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 992.477519] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 992.477519] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Uninit was stored to memory at: [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] __msan_chain_origin+0x6d/0xd0 [ 992.477519] __save_stack_trace+0x8be/0xc60 [ 992.477519] save_stack_trace+0xc6/0x110 [ 992.477519] kmsan_internal_chain_origin+0x136/0x240 [ 992.477519] kmsan_memcpy_origins+0x13d/0x1b0 [ 992.477519] __msan_memcpy+0x6f/0x80 [ 992.477519] pskb_expand_head+0x43b/0x1d20 [ 992.477519] l2tp_xmit_skb+0x5a7/0x24b0 [ 992.477519] pppol2tp_sendmsg+0x7a6/0xba0 [ 992.477519] ___sys_sendmsg+0xe68/0x1250 [ 992.477519] __sys_sendmmsg+0x56b/0xa90 [ 992.477519] __se_sys_sendmmsg+0xbd/0xe0 [ 992.477519] __x64_sys_sendmmsg+0x56/0x70 [ 992.477519] do_syscall_64+0xcf/0x110 [ 992.477519] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 992.477519] [ 992.477519] Local variable description: ----iph@ip_vs_out [ 992.477519] Variable was created at: [ 992.477519] ip_vs_out+0x1bf/0x4570 [ 992.477519] ip_vs_local_reply6+0xec/0x130 [ 993.272938] Dead loop on virtual device ip6_vti0, fix it urgently! [ 993.325747] not chained 2000000 origins [ 993.329803] CPU: 0 PID: 25969 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 993.331827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 993.331827] Call Trace: [ 993.331827] dump_stack+0x32d/0x480 [ 993.331827] ? save_stack_trace+0xc6/0x110 [ 993.331827] kmsan_internal_chain_origin+0x222/0x240 [ 993.331827] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 993.331827] ? is_bpf_text_address+0x49e/0x4d0 [ 993.331827] ? INIT_INT+0xc/0x30 [ 993.331827] ? __msan_warning+0x74/0xd0 [ 993.331827] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 993.331827] ? __save_stack_trace+0x9f2/0xc60 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] save_stack_trace+0xfa/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] ? kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] ? __msan_memcpy+0x6f/0x80 [ 993.331827] ? pskb_expand_head+0x43b/0x1d20 [ 993.331827] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ? ___sys_sendmsg+0xe68/0x1250 [ 993.331827] ? __sys_sendmmsg+0x56b/0xa90 [ 993.331827] ? __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] ? __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] ? do_syscall_64+0xcf/0x110 [ 993.331827] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] ? __msan_poison_alloca+0x1e0/0x2b0 [ 993.331827] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 993.331827] ? memcg_kmem_put_cache+0x8e/0x460 [ 993.331827] ? __msan_get_context_state+0x9/0x30 [ 993.331827] ? INIT_INT+0xc/0x30 [ 993.331827] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] ? pppol2tp_getsockopt+0x1060/0x1060 [ 993.331827] ? __msan_poison_alloca+0x1e0/0x2b0 [ 993.331827] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 993.331827] ? rcu_all_qs+0x3b/0x310 [ 993.331827] ? _cond_resched+0x59/0x120 [ 993.331827] ? rcu_all_qs+0x53/0x310 [ 993.331827] ? _cond_resched+0x37/0x120 [ 993.331827] ? __sys_sendmmsg+0x7c9/0xa90 [ 993.331827] ? _cond_resched+0x59/0x120 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] ? syscall_return_slowpath+0x123/0x8c0 [ 993.331827] ? put_timespec64+0x162/0x220 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] RIP: 0033:0x457569 [ 993.331827] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 993.331827] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 993.331827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 993.331827] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 993.331827] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 993.331827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 993.331827] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] save_stack_trace+0xfa/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] __save_stack_trace+0x833/0xc60 [ 993.331827] save_stack_trace+0xc6/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] save_stack_trace+0xfa/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] __save_stack_trace+0x833/0xc60 [ 993.331827] save_stack_trace+0xc6/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] save_stack_trace+0xfa/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] __save_stack_trace+0x833/0xc60 [ 993.331827] save_stack_trace+0xc6/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Uninit was stored to memory at: [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] __msan_chain_origin+0x6d/0xd0 [ 993.331827] save_stack_trace+0xfa/0x110 [ 993.331827] kmsan_internal_chain_origin+0x136/0x240 [ 993.331827] kmsan_memcpy_origins+0x13d/0x1b0 [ 993.331827] __msan_memcpy+0x6f/0x80 [ 993.331827] pskb_expand_head+0x43b/0x1d20 [ 993.331827] l2tp_xmit_skb+0x5a7/0x24b0 [ 993.331827] pppol2tp_sendmsg+0x7a6/0xba0 [ 993.331827] ___sys_sendmsg+0xe68/0x1250 [ 993.331827] __sys_sendmmsg+0x56b/0xa90 [ 993.331827] __se_sys_sendmmsg+0xbd/0xe0 [ 993.331827] __x64_sys_sendmmsg+0x56/0x70 [ 993.331827] do_syscall_64+0xcf/0x110 [ 993.331827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 993.331827] [ 993.331827] Local variable description: ----iph@ip_vs_out [ 993.331827] Variable was created at: [ 993.331827] ip_vs_out+0x1bf/0x4570 [ 993.331827] ip_vs_local_reply6+0xec/0x130 06:06:10 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000140)={0x0, 0x1, 0x0, [], &(0x7f0000000000)={0x98f905, 0x0, [], @ptr}}) 06:06:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000400)=""/89, &(0x7f0000000140)=0x59) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0x0) 06:06:10 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x1, 0x200480) ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f0000000200)) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000240)={0x0, 0x36}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000002c0)={r4, @in={{0x2, 0x4e22}}}, 0x84) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f00000000c0)=""/141) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:10 executing program 1: r0 = socket$inet6(0xa, 0x202000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback, 0x800, 0x0, 0xff}, 0x20) 06:06:10 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:10 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='eql\x00', 0x26d) r1 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000040)={{0xa, 0x4e21, 0x4, @loopback, 0xee5}, {0xa, 0x4e21, 0x9b1, @local, 0x1ff}, 0x100000000, [0x7, 0x3f, 0x3, 0xfff, 0x7, 0x6, 0x1ff, 0x800]}, 0x5c) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:10 executing program 4: 06:06:10 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:10 executing program 1: 06:06:10 executing program 2: 06:06:10 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f804894c1d21514f2ad12bd212a9ef143a0da10228273cd199315da1a4b545c61f5958f215667beebf4c8d7a974a23d2b359a608f09b32c7f69c919fd7bb14da4956110f2f821031895a2d76b2e68f85f83995b84e3f7249c882843e84911f13a49761fdee37ea1a07222f2e0c36bc39837be11e20785fe9b56e219a5dac644c2c1047e9bb10b67c5f656fd88a58f47e082fad0faae4f0c33eaf4823afa48c0e67b29bda2563fb681fdb777664426b61be88625fc10e86bb6f9c0c484bd1611be6a58ae2703c"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:10 executing program 4: 06:06:10 executing program 2: 06:06:11 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:11 executing program 1: 06:06:11 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000000040), 0x0, 0x0) 06:06:11 executing program 4: 06:06:11 executing program 2: 06:06:11 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x29c) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={r2, 0x1c, &(0x7f0000000180)=[@in6={0xa, 0x4e23, 0x7f, @mcast1, 0x2}]}, &(0x7f0000000200)=0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000240)=ANY=[@ANYBLOB="f4152b384df2f68b8e908ddaf39827f635430d1400e3261fe05aa08a135645557825"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000280)={'raw\x00', 0x4, [{}, {}, {}, {}]}, 0x68) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000000c0)) 06:06:11 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:11 executing program 2: 06:06:11 executing program 4: 06:06:11 executing program 1: 06:06:11 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)="000400", 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB='M'], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080)=0xde1, 0x4) 06:06:12 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) syz_open_pts(r0, 0x100) 06:06:12 executing program 2: 06:06:12 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:12 executing program 4: [ 997.242066] Dead loop on virtual device ip6_vti0, fix it urgently! [ 997.290375] Dead loop on virtual device ip6_vti0, fix it urgently! [ 997.303868] Dead loop on virtual device ip6_vti0, fix it urgently! [ 997.311387] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:12 executing program 2: 06:06:12 executing program 1: [ 997.490039] not chained 2010000 origins [ 997.491825] CPU: 0 PID: 26036 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 997.491825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 997.491825] Call Trace: [ 997.491825] dump_stack+0x32d/0x480 [ 997.491825] kmsan_internal_chain_origin+0x222/0x240 [ 997.491825] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 997.491825] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 997.491825] ? save_stack_trace+0xc6/0x110 [ 997.534173] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 997.534173] ? kmsan_internal_chain_origin+0x90/0x240 [ 997.534173] ? get_stack_info+0x863/0x9d0 [ 997.534173] __msan_chain_origin+0x6d/0xd0 [ 997.534173] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 997.534173] __save_stack_trace+0x8be/0xc60 [ 997.534173] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 997.534173] save_stack_trace+0xc6/0x110 [ 997.534173] kmsan_internal_chain_origin+0x136/0x240 [ 997.534173] ? kmsan_internal_chain_origin+0x136/0x240 [ 997.534173] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 997.534173] ? __msan_memcpy+0x6f/0x80 [ 997.534173] ? pskb_expand_head+0x43b/0x1d20 [ 997.534173] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 997.534173] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 997.534173] ? ___sys_sendmsg+0xe68/0x1250 [ 997.534173] ? __sys_sendmmsg+0x56b/0xa90 [ 997.534173] ? __se_sys_sendmmsg+0xbd/0xe0 [ 997.534173] ? __x64_sys_sendmmsg+0x56/0x70 [ 997.534173] ? do_syscall_64+0xcf/0x110 [ 997.534173] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 997.534173] ? __msan_poison_alloca+0x1e0/0x2b0 [ 997.534173] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 997.534173] ? memcg_kmem_put_cache+0x8e/0x460 [ 997.534173] ? __msan_get_context_state+0x9/0x30 [ 997.534173] ? INIT_INT+0xc/0x30 [ 997.534173] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 997.534173] kmsan_memcpy_origins+0x13d/0x1b0 [ 997.534173] __msan_memcpy+0x6f/0x80 [ 997.534173] pskb_expand_head+0x43b/0x1d20 [ 997.534173] l2tp_xmit_skb+0x5a7/0x24b0 [ 997.534173] pppol2tp_sendmsg+0x7a6/0xba0 [ 997.534173] ___sys_sendmsg+0xe68/0x1250 [ 997.682387] ? pppol2tp_getsockopt+0x1060/0x1060 [ 997.682387] ? __msan_poison_alloca+0x1e0/0x2b0 [ 997.682387] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 997.682387] ? rcu_all_qs+0x3b/0x310 [ 997.682387] ? _cond_resched+0x59/0x120 [ 997.682387] ? rcu_all_qs+0x53/0x310 [ 997.682387] ? _cond_resched+0x37/0x120 [ 997.682387] ? __sys_sendmmsg+0x7c9/0xa90 [ 997.682387] ? _cond_resched+0x59/0x120 [ 997.682387] __sys_sendmmsg+0x56b/0xa90 [ 997.682387] ? syscall_return_slowpath+0x123/0x8c0 [ 997.682387] ? put_timespec64+0x162/0x220 [ 997.682387] __se_sys_sendmmsg+0xbd/0xe0 [ 997.682387] __x64_sys_sendmmsg+0x56/0x70 [ 997.682387] do_syscall_64+0xcf/0x110 [ 997.682387] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 997.682387] RIP: 0033:0x457569 [ 997.682387] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 997.682387] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 997.682387] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 06:06:12 executing program 1: [ 997.682387] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 997.682387] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 997.682387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 997.682387] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 997.682387] Uninit was stored to memory at: [ 997.682387] kmsan_internal_chain_origin+0x136/0x240 [ 997.682387] __msan_chain_origin+0x6d/0xd0 [ 997.832910] __save_stack_trace+0x8be/0xc60 [ 997.832910] save_stack_trace+0xc6/0x110 06:06:12 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:12 executing program 1: [ 997.832910] kmsan_internal_chain_origin+0x136/0x240 [ 997.832910] kmsan_memcpy_origins+0x13d/0x1b0 [ 997.832910] __msan_memcpy+0x6f/0x80 [ 997.832910] pskb_expand_head+0x43b/0x1d20 [ 997.832910] l2tp_xmit_skb+0x5a7/0x24b0 [ 997.832910] pppol2tp_sendmsg+0x7a6/0xba0 [ 997.832910] ___sys_sendmsg+0xe68/0x1250 [ 997.832910] __sys_sendmmsg+0x56b/0xa90 [ 997.832910] __se_sys_sendmmsg+0xbd/0xe0 [ 997.832910] __x64_sys_sendmmsg+0x56/0x70 [ 997.832910] do_syscall_64+0xcf/0x110 [ 997.832910] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 997.889931] [ 997.889931] Uninit was stored to memory at: [ 997.889931] kmsan_internal_chain_origin+0x136/0x240 [ 997.889931] __msan_chain_origin+0x6d/0xd0 [ 997.889931] __save_stack_trace+0x8be/0xc60 [ 997.889931] save_stack_trace+0xc6/0x110 [ 997.889931] kmsan_internal_chain_origin+0x136/0x240 [ 997.889931] kmsan_memcpy_origins+0x13d/0x1b0 [ 997.889931] __msan_memcpy+0x6f/0x80 [ 997.889931] pskb_expand_head+0x43b/0x1d20 [ 997.889931] l2tp_xmit_skb+0x5a7/0x24b0 [ 997.889931] pppol2tp_sendmsg+0x7a6/0xba0 06:06:13 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0xffffffffffffffc4) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="ecfcfdba1a2ed3a1a0b365d582b83abf7d615b70256ddee70997e489a9836f14e6697f627c8c3c8d0a7753cfbd6130"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 997.889931] ___sys_sendmsg+0xe68/0x1250 [ 997.889931] __sys_sendmmsg+0x56b/0xa90 [ 997.889931] __se_sys_sendmmsg+0xbd/0xe0 [ 997.889931] __x64_sys_sendmmsg+0x56/0x70 [ 997.956116] do_syscall_64+0xcf/0x110 [ 997.960198] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 997.960198] [ 997.969157] Uninit was stored to memory at: [ 997.969157] kmsan_internal_chain_origin+0x136/0x240 [ 997.969157] __msan_chain_origin+0x6d/0xd0 [ 997.969157] __save_stack_trace+0x8be/0xc60 [ 997.969157] save_stack_trace+0xc6/0x110 [ 997.969157] kmsan_internal_chain_origin+0x136/0x240 [ 997.969157] kmsan_memcpy_origins+0x13d/0x1b0 [ 997.969157] __msan_memcpy+0x6f/0x80 [ 997.969157] pskb_expand_head+0x43b/0x1d20 [ 997.969157] l2tp_xmit_skb+0x5a7/0x24b0 [ 997.969157] pppol2tp_sendmsg+0x7a6/0xba0 [ 997.969157] ___sys_sendmsg+0xe68/0x1250 [ 997.969157] __sys_sendmmsg+0x56b/0xa90 [ 997.969157] __se_sys_sendmmsg+0xbd/0xe0 [ 997.969157] __x64_sys_sendmmsg+0x56/0x70 [ 997.969157] do_syscall_64+0xcf/0x110 [ 997.969157] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 997.969157] [ 997.969157] Uninit was stored to memory at: [ 997.969157] kmsan_internal_chain_origin+0x136/0x240 [ 997.969157] __msan_chain_origin+0x6d/0xd0 [ 997.969157] __save_stack_trace+0x8be/0xc60 [ 997.969157] save_stack_trace+0xc6/0x110 [ 997.969157] kmsan_internal_chain_origin+0x136/0x240 [ 997.969157] kmsan_memcpy_origins+0x13d/0x1b0 [ 997.969157] __msan_memcpy+0x6f/0x80 [ 997.969157] pskb_expand_head+0x43b/0x1d20 [ 997.969157] l2tp_xmit_skb+0x5a7/0x24b0 [ 997.969157] pppol2tp_sendmsg+0x7a6/0xba0 06:06:13 executing program 4: [ 997.969157] ___sys_sendmsg+0xe68/0x1250 [ 997.969157] __sys_sendmmsg+0x56b/0xa90 [ 997.969157] __se_sys_sendmmsg+0xbd/0xe0 [ 997.969157] __x64_sys_sendmmsg+0x56/0x70 [ 997.969157] do_syscall_64+0xcf/0x110 [ 997.969157] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.113678] [ 998.113678] Uninit was stored to memory at: [ 998.113678] kmsan_internal_chain_origin+0x136/0x240 [ 998.113678] __msan_chain_origin+0x6d/0xd0 [ 998.113678] __save_stack_trace+0x8be/0xc60 [ 998.113678] save_stack_trace+0xc6/0x110 [ 998.113678] kmsan_internal_chain_origin+0x136/0x240 [ 998.113678] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.113678] __msan_memcpy+0x6f/0x80 [ 998.113678] pskb_expand_head+0x43b/0x1d20 [ 998.113678] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.113678] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.113678] ___sys_sendmsg+0xe68/0x1250 [ 998.113678] __sys_sendmmsg+0x56b/0xa90 [ 998.113678] __se_sys_sendmmsg+0xbd/0xe0 [ 998.113678] __x64_sys_sendmmsg+0x56/0x70 [ 998.113678] do_syscall_64+0xcf/0x110 [ 998.113678] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.113678] [ 998.113678] Uninit was stored to memory at: [ 998.113678] kmsan_internal_chain_origin+0x136/0x240 [ 998.113678] __msan_chain_origin+0x6d/0xd0 [ 998.113678] __save_stack_trace+0x8be/0xc60 [ 998.113678] save_stack_trace+0xc6/0x110 [ 998.113678] kmsan_internal_chain_origin+0x136/0x240 [ 998.113678] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.113678] __msan_memcpy+0x6f/0x80 [ 998.113678] pskb_expand_head+0x43b/0x1d20 [ 998.113678] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.113678] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.113678] ___sys_sendmsg+0xe68/0x1250 [ 998.113678] __sys_sendmmsg+0x56b/0xa90 [ 998.113678] __se_sys_sendmmsg+0xbd/0xe0 [ 998.113678] __x64_sys_sendmmsg+0x56/0x70 [ 998.113678] do_syscall_64+0xcf/0x110 [ 998.113678] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.113678] [ 998.113678] Uninit was stored to memory at: [ 998.113678] kmsan_internal_chain_origin+0x136/0x240 [ 998.113678] __msan_chain_origin+0x6d/0xd0 [ 998.113678] __save_stack_trace+0x8be/0xc60 [ 998.113678] save_stack_trace+0xc6/0x110 06:06:13 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @local}, 0x4, 0x0, 0x3, 0x3}}, 0x26) signalfd(r2, &(0x7f00000000c0)={0x3ff}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)={0x6}) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000140)=ANY=[@ANYBLOB="c40597ef414921286160d356b6bf543be4cc4caec93447ea80faccd049caab3f8bf64b567cd736ccc752ec455917a2950bc3af66"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 998.113678] kmsan_internal_chain_origin+0x136/0x240 [ 998.113678] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.113678] __msan_memcpy+0x6f/0x80 [ 998.113678] pskb_expand_head+0x43b/0x1d20 [ 998.113678] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.113678] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.113678] ___sys_sendmsg+0xe68/0x1250 [ 998.113678] __sys_sendmmsg+0x56b/0xa90 [ 998.113678] __se_sys_sendmmsg+0xbd/0xe0 [ 998.113678] __x64_sys_sendmmsg+0x56/0x70 [ 998.113678] do_syscall_64+0xcf/0x110 [ 998.113678] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.113678] [ 998.113678] Local variable description: ----iph@ip_vs_out [ 998.113678] Variable was created at: [ 998.113678] ip_vs_out+0x1bf/0x4570 [ 998.113678] ip_vs_local_reply6+0xec/0x130 [ 998.363247] Dead loop on virtual device ip6_vti0, fix it urgently! [ 998.843551] not chained 2020000 origins [ 998.847579] CPU: 0 PID: 26036 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 998.852374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.858121] Call Trace: [ 998.858121] dump_stack+0x32d/0x480 [ 998.858121] kmsan_internal_chain_origin+0x222/0x240 [ 998.858121] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 998.858121] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.858121] ? save_stack_trace+0xc6/0x110 [ 998.858121] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 998.858121] ? kmsan_internal_chain_origin+0x90/0x240 [ 998.858121] ? get_stack_info+0x863/0x9d0 [ 998.901200] __msan_chain_origin+0x6d/0xd0 [ 998.905094] __save_stack_trace+0x833/0xc60 [ 998.905094] ? save_stack_trace+0xc6/0x110 [ 998.905094] save_stack_trace+0xc6/0x110 [ 998.905094] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] ? kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] ? __msan_memcpy+0x6f/0x80 [ 998.922738] ? pskb_expand_head+0x43b/0x1d20 [ 998.922738] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ? ___sys_sendmsg+0xe68/0x1250 [ 998.922738] ? __sys_sendmmsg+0x56b/0xa90 [ 998.922738] ? __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] ? __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] ? do_syscall_64+0xcf/0x110 [ 998.922738] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] ? __msan_poison_alloca+0x1e0/0x2b0 [ 998.922738] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 998.922738] ? memcg_kmem_put_cache+0x8e/0x460 [ 998.922738] ? __msan_get_context_state+0x9/0x30 [ 998.922738] ? INIT_INT+0xc/0x30 [ 998.922738] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] ? pppol2tp_getsockopt+0x1060/0x1060 [ 998.922738] ? __msan_poison_alloca+0x1e0/0x2b0 [ 998.922738] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 998.922738] ? rcu_all_qs+0x3b/0x310 [ 998.922738] ? _cond_resched+0x59/0x120 [ 998.922738] ? rcu_all_qs+0x53/0x310 [ 998.922738] ? _cond_resched+0x37/0x120 [ 998.922738] ? __sys_sendmmsg+0x7c9/0xa90 [ 998.922738] ? _cond_resched+0x59/0x120 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] ? syscall_return_slowpath+0x123/0x8c0 [ 998.922738] ? put_timespec64+0x162/0x220 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] RIP: 0033:0x457569 [ 998.922738] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 998.922738] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 998.922738] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 998.922738] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 998.922738] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 998.922738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 998.922738] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] save_stack_trace+0xfa/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] __save_stack_trace+0x833/0xc60 [ 998.922738] save_stack_trace+0xc6/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] save_stack_trace+0xfa/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] __save_stack_trace+0x833/0xc60 [ 998.922738] save_stack_trace+0xc6/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] save_stack_trace+0xfa/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] __save_stack_trace+0x833/0xc60 [ 998.922738] save_stack_trace+0xc6/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Uninit was stored to memory at: [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] __msan_chain_origin+0x6d/0xd0 [ 998.922738] save_stack_trace+0xfa/0x110 [ 998.922738] kmsan_internal_chain_origin+0x136/0x240 [ 998.922738] kmsan_memcpy_origins+0x13d/0x1b0 [ 998.922738] __msan_memcpy+0x6f/0x80 [ 998.922738] pskb_expand_head+0x43b/0x1d20 [ 998.922738] l2tp_xmit_skb+0x5a7/0x24b0 [ 998.922738] pppol2tp_sendmsg+0x7a6/0xba0 [ 998.922738] ___sys_sendmsg+0xe68/0x1250 [ 998.922738] __sys_sendmmsg+0x56b/0xa90 [ 998.922738] __se_sys_sendmmsg+0xbd/0xe0 [ 998.922738] __x64_sys_sendmmsg+0x56/0x70 [ 998.922738] do_syscall_64+0xcf/0x110 [ 998.922738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 998.922738] [ 998.922738] Local variable description: ----iph@ip_vs_out [ 998.922738] Variable was created at: [ 998.922738] ip_vs_out+0x1bf/0x4570 [ 998.922738] ip_vs_local_reply6+0xec/0x130 [ 999.690833] Dead loop on virtual device ip6_vti0, fix it urgently! [ 999.719783] not chained 2030000 origins [ 999.721876] CPU: 0 PID: 26036 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 999.721876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 999.721876] Call Trace: [ 999.721876] dump_stack+0x32d/0x480 [ 999.721876] kmsan_internal_chain_origin+0x222/0x240 [ 999.721876] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] ? save_stack_trace+0xc6/0x110 [ 999.721876] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 999.721876] ? kmsan_internal_chain_origin+0x90/0x240 [ 999.721876] ? get_stack_info+0x863/0x9d0 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] ? __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] ? __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] ? kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] ? __msan_memcpy+0x6f/0x80 [ 999.721876] ? pskb_expand_head+0x43b/0x1d20 [ 999.721876] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ? ___sys_sendmsg+0xe68/0x1250 [ 999.721876] ? __sys_sendmmsg+0x56b/0xa90 [ 999.721876] ? __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] ? __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] ? do_syscall_64+0xcf/0x110 [ 999.721876] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] ? __msan_poison_alloca+0x1e0/0x2b0 [ 999.721876] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 999.721876] ? memcg_kmem_put_cache+0x8e/0x460 [ 999.721876] ? __msan_get_context_state+0x9/0x30 [ 999.721876] ? INIT_INT+0xc/0x30 [ 999.721876] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] ? kmsan_set_origin+0x83/0x130 [ 999.721876] ? pppol2tp_getsockopt+0x1060/0x1060 [ 999.721876] ? __msan_poison_alloca+0x1e0/0x2b0 [ 999.721876] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 999.721876] ? rcu_all_qs+0x3b/0x310 [ 999.721876] ? _cond_resched+0x59/0x120 [ 999.721876] ? rcu_all_qs+0x53/0x310 [ 999.721876] ? _cond_resched+0x37/0x120 [ 999.721876] ? __sys_sendmmsg+0x7c9/0xa90 [ 999.721876] ? _cond_resched+0x59/0x120 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] ? syscall_return_slowpath+0x123/0x8c0 [ 999.721876] ? put_timespec64+0x162/0x220 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] RIP: 0033:0x457569 [ 999.721876] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 999.721876] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 999.721876] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 999.721876] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 999.721876] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 999.721876] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 999.721876] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Uninit was stored to memory at: [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] __msan_chain_origin+0x6d/0xd0 [ 999.721876] __save_stack_trace+0x8be/0xc60 [ 999.721876] save_stack_trace+0xc6/0x110 [ 999.721876] kmsan_internal_chain_origin+0x136/0x240 [ 999.721876] kmsan_memcpy_origins+0x13d/0x1b0 [ 999.721876] __msan_memcpy+0x6f/0x80 [ 999.721876] pskb_expand_head+0x43b/0x1d20 [ 999.721876] l2tp_xmit_skb+0x5a7/0x24b0 [ 999.721876] pppol2tp_sendmsg+0x7a6/0xba0 [ 999.721876] ___sys_sendmsg+0xe68/0x1250 [ 999.721876] __sys_sendmmsg+0x56b/0xa90 [ 999.721876] __se_sys_sendmmsg+0xbd/0xe0 [ 999.721876] __x64_sys_sendmmsg+0x56/0x70 [ 999.721876] do_syscall_64+0xcf/0x110 [ 999.721876] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 999.721876] [ 999.721876] Local variable description: ----iph@ip_vs_out [ 999.721876] Variable was created at: [ 999.721876] ip_vs_out+0x1bf/0x4570 [ 999.721876] ip_vs_local_reply6+0xec/0x130 [ 1000.591652] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:15 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:15 executing program 4: 06:06:15 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') finit_module(r0, &(0x7f0000000280)='ip6_vti0\x00', 0x0) sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x5c, r2, 0x202, 0x70bd26, 0x100, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1625}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8e1e}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xcbe}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0x10) r3 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000240)={0x4cf, 0x1, 0x3, 0x4000000, 0x8}, 0xc) connect$l2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r3, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:15 executing program 2: 06:06:15 executing program 1: 06:06:15 executing program 3: r0 = dup(0xffffffffffffffff) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x3) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0, 0x2}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e22, @broadcast}}}, &(0x7f0000000100)=0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:15 executing program 2: 06:06:16 executing program 1: [ 1000.986423] not chained 2040000 origins [ 1000.990455] CPU: 0 PID: 26074 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1000.991832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1000.998994] Call Trace: [ 1000.998994] dump_stack+0x32d/0x480 [ 1000.998994] kmsan_internal_chain_origin+0x222/0x240 [ 1000.998994] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1000.998994] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1000.998994] ? save_stack_trace+0xc6/0x110 [ 1000.998994] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1000.998994] ? kmsan_internal_chain_origin+0x90/0x240 [ 1000.998994] ? get_stack_info+0x863/0x9d0 [ 1000.998994] __msan_chain_origin+0x6d/0xd0 [ 1000.998994] ? pskb_expand_head+0x43b/0x1d20 [ 1000.998994] __save_stack_trace+0x8be/0xc60 [ 1000.998994] ? pskb_expand_head+0x43b/0x1d20 [ 1000.998994] save_stack_trace+0xc6/0x110 [ 1000.998994] kmsan_internal_chain_origin+0x136/0x240 [ 1000.998994] ? kmsan_internal_chain_origin+0x136/0x240 [ 1000.998994] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1000.998994] ? __msan_memcpy+0x6f/0x80 [ 1000.998994] ? pskb_expand_head+0x43b/0x1d20 [ 1000.998994] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1000.998994] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1000.998994] ? ___sys_sendmsg+0xe68/0x1250 [ 1000.998994] ? __sys_sendmmsg+0x56b/0xa90 [ 1000.998994] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1000.998994] ? __x64_sys_sendmmsg+0x56/0x70 [ 1001.115365] ? do_syscall_64+0xcf/0x110 [ 1001.115365] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.115365] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1001.115365] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1001.115365] ? memcg_kmem_put_cache+0x8e/0x460 [ 1001.115365] ? __msan_get_context_state+0x9/0x30 [ 1001.115365] ? INIT_INT+0xc/0x30 [ 1001.115365] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1001.115365] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.115365] __msan_memcpy+0x6f/0x80 [ 1001.115365] pskb_expand_head+0x43b/0x1d20 [ 1001.115365] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.115365] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.115365] ___sys_sendmsg+0xe68/0x1250 [ 1001.115365] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1001.115365] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1001.115365] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1001.115365] ? rcu_all_qs+0x3b/0x310 [ 1001.197436] ? _cond_resched+0x59/0x120 [ 1001.197436] ? rcu_all_qs+0x53/0x310 [ 1001.197436] ? _cond_resched+0x37/0x120 [ 1001.209565] ? __sys_sendmmsg+0x7c9/0xa90 [ 1001.209565] ? _cond_resched+0x59/0x120 [ 1001.209565] __sys_sendmmsg+0x56b/0xa90 [ 1001.209565] ? syscall_return_slowpath+0x123/0x8c0 [ 1001.209565] ? put_timespec64+0x162/0x220 [ 1001.209565] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.209565] __x64_sys_sendmmsg+0x56/0x70 [ 1001.209565] do_syscall_64+0xcf/0x110 [ 1001.209565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.209565] RIP: 0033:0x457569 [ 1001.209565] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1001.209565] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1001.209565] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1001.209565] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000005 [ 1001.209565] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1001.209565] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1001.209565] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1001.209565] Uninit was stored to memory at: [ 1001.209565] kmsan_internal_chain_origin+0x136/0x240 [ 1001.209565] __msan_chain_origin+0x6d/0xd0 [ 1001.209565] __save_stack_trace+0x8be/0xc60 [ 1001.209565] save_stack_trace+0xc6/0x110 [ 1001.209565] kmsan_internal_chain_origin+0x136/0x240 [ 1001.209565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.209565] __msan_memcpy+0x6f/0x80 [ 1001.209565] pskb_expand_head+0x43b/0x1d20 [ 1001.209565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.209565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.209565] ___sys_sendmsg+0xe68/0x1250 [ 1001.209565] __sys_sendmmsg+0x56b/0xa90 [ 1001.209565] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.209565] __x64_sys_sendmmsg+0x56/0x70 [ 1001.209565] do_syscall_64+0xcf/0x110 [ 1001.209565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.209565] [ 1001.209565] Uninit was stored to memory at: [ 1001.209565] kmsan_internal_chain_origin+0x136/0x240 [ 1001.209565] __msan_chain_origin+0x6d/0xd0 [ 1001.209565] __save_stack_trace+0x8be/0xc60 [ 1001.209565] save_stack_trace+0xc6/0x110 [ 1001.209565] kmsan_internal_chain_origin+0x136/0x240 [ 1001.209565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.209565] __msan_memcpy+0x6f/0x80 [ 1001.424471] pskb_expand_head+0x43b/0x1d20 [ 1001.424471] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.424471] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.424471] ___sys_sendmsg+0xe68/0x1250 [ 1001.424471] __sys_sendmmsg+0x56b/0xa90 [ 1001.424471] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.424471] __x64_sys_sendmmsg+0x56/0x70 [ 1001.424471] do_syscall_64+0xcf/0x110 [ 1001.424471] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.424471] [ 1001.424471] Uninit was stored to memory at: [ 1001.424471] kmsan_internal_chain_origin+0x136/0x240 [ 1001.475234] __msan_chain_origin+0x6d/0xd0 [ 1001.475234] __save_stack_trace+0x8be/0xc60 [ 1001.482223] save_stack_trace+0xc6/0x110 06:06:16 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:16 executing program 2: 06:06:16 executing program 4: request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='\x00', 0xfffffffffffffffe) 06:06:16 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f00000000c0)={0x80000001, 0x4, "36c9f7ebc6696481ed81df67632e20fbf153cf14e2e507adea255864991cea4e", 0x0, 0x40, 0x7, 0x0, 0x104}) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xffffffffffffff02, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4526948e7944b6fc4db5bacb59cff61ffbc2e2fc1417636bd2d7ec0f3fcb373ad7fcfa83bbbc0c34cb205c9803ee5b492f5c421d15a1e7065c2a471b86266908f31d904418d7c6e0f2e0b8419d8210a4ea3acf514f85667ece45779d83c68710d28837ffef8db7f739a12df278a2271a48e2a2c2c932b43c392c6bb9223dbc7dc1f226289b9b460500750ec0ef92cfd1abbdf027b6737a9e8e3068cc3e84092ae600402747b0d663ded332af25dfa3df5f803872f0575fda578632241d428cbfe54acdab790c26b3b72da9620804dea4e2b5ef07d196020ae0c9d5e7a162f0aeb0a8701d2c92858ebdc5c1eb42c434e255983c863d04b19133ddcb53ae8ff15c1d0fcb217d2c9be518c1d50180000000000000aa76100e7657873398c526bfd80cc76565c0335dd0abe18ecd0831a673f3042f4db0bc4f8a7550cc"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1001.482223] kmsan_internal_chain_origin+0x136/0x240 [ 1001.482223] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.482223] __msan_memcpy+0x6f/0x80 [ 1001.482223] pskb_expand_head+0x43b/0x1d20 [ 1001.482223] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.482223] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.482223] ___sys_sendmsg+0xe68/0x1250 [ 1001.482223] __sys_sendmmsg+0x56b/0xa90 [ 1001.482223] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.482223] __x64_sys_sendmmsg+0x56/0x70 [ 1001.482223] do_syscall_64+0xcf/0x110 [ 1001.482223] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.482223] [ 1001.482223] Uninit was stored to memory at: [ 1001.482223] kmsan_internal_chain_origin+0x136/0x240 [ 1001.482223] __msan_chain_origin+0x6d/0xd0 [ 1001.482223] __save_stack_trace+0x8be/0xc60 [ 1001.482223] save_stack_trace+0xc6/0x110 [ 1001.482223] kmsan_internal_chain_origin+0x136/0x240 [ 1001.482223] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.482223] __msan_memcpy+0x6f/0x80 [ 1001.575974] pskb_expand_head+0x43b/0x1d20 [ 1001.581315] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.581315] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.589094] ___sys_sendmsg+0xe68/0x1250 [ 1001.589094] __sys_sendmmsg+0x56b/0xa90 [ 1001.589094] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.589094] __x64_sys_sendmmsg+0x56/0x70 [ 1001.589094] do_syscall_64+0xcf/0x110 [ 1001.589094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.589094] [ 1001.589094] Uninit was stored to memory at: [ 1001.589094] kmsan_internal_chain_origin+0x136/0x240 [ 1001.589094] __msan_chain_origin+0x6d/0xd0 [ 1001.589094] __save_stack_trace+0x8be/0xc60 [ 1001.589094] save_stack_trace+0xc6/0x110 [ 1001.589094] kmsan_internal_chain_origin+0x136/0x240 [ 1001.589094] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.589094] __msan_memcpy+0x6f/0x80 [ 1001.589094] pskb_expand_head+0x43b/0x1d20 [ 1001.589094] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.589094] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.589094] ___sys_sendmsg+0xe68/0x1250 [ 1001.589094] __sys_sendmmsg+0x56b/0xa90 [ 1001.589094] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.589094] __x64_sys_sendmmsg+0x56/0x70 [ 1001.589094] do_syscall_64+0xcf/0x110 [ 1001.589094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.589094] [ 1001.589094] Uninit was stored to memory at: [ 1001.589094] kmsan_internal_chain_origin+0x136/0x240 [ 1001.589094] __msan_chain_origin+0x6d/0xd0 [ 1001.589094] __save_stack_trace+0x8be/0xc60 [ 1001.589094] save_stack_trace+0xc6/0x110 [ 1001.589094] kmsan_internal_chain_origin+0x136/0x240 [ 1001.589094] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.589094] __msan_memcpy+0x6f/0x80 [ 1001.589094] pskb_expand_head+0x43b/0x1d20 [ 1001.589094] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.589094] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.589094] ___sys_sendmsg+0xe68/0x1250 [ 1001.589094] __sys_sendmmsg+0x56b/0xa90 [ 1001.589094] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.589094] __x64_sys_sendmmsg+0x56/0x70 [ 1001.589094] do_syscall_64+0xcf/0x110 [ 1001.589094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.589094] [ 1001.589094] Uninit was stored to memory at: [ 1001.589094] kmsan_internal_chain_origin+0x136/0x240 [ 1001.589094] __msan_chain_origin+0x6d/0xd0 [ 1001.589094] __save_stack_trace+0x8be/0xc60 [ 1001.589094] save_stack_trace+0xc6/0x110 [ 1001.589094] kmsan_internal_chain_origin+0x136/0x240 [ 1001.589094] kmsan_memcpy_origins+0x13d/0x1b0 [ 1001.589094] __msan_memcpy+0x6f/0x80 [ 1001.589094] pskb_expand_head+0x43b/0x1d20 [ 1001.589094] l2tp_xmit_skb+0x5a7/0x24b0 [ 1001.589094] pppol2tp_sendmsg+0x7a6/0xba0 [ 1001.589094] ___sys_sendmsg+0xe68/0x1250 [ 1001.589094] __sys_sendmmsg+0x56b/0xa90 [ 1001.589094] __se_sys_sendmmsg+0xbd/0xe0 [ 1001.589094] __x64_sys_sendmmsg+0x56/0x70 [ 1001.589094] do_syscall_64+0xcf/0x110 [ 1001.589094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1001.589094] [ 1001.589094] Local variable description: ----iph@ip_vs_out [ 1001.589094] Variable was created at: [ 1001.589094] ip_vs_out+0x1bf/0x4570 [ 1001.589094] ip_vs_local_reply6+0xec/0x130 [ 1001.860092] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:17 executing program 1: r0 = memfd_create(&(0x7f0000000140)='md5sumbdev.vmnet1lo\x00', 0x0) r1 = creat(&(0x7f00000005c0)='./file0/../file0\x00', 0x9) pwrite64(r0, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x10) socketpair$unix(0x1, 0x10000200000001, 0x0, &(0x7f0000000640)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x2000200000002) chdir(&(0x7f0000000240)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') creat(&(0x7f00000000c0)='./file0/../file0\x00', 0x0) 06:06:17 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)={0xa, 0x2, 0x914, 0x4000000005, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f0000000440)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000000), &(0x7f0000000100)}, 0x20) [ 1002.461387] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1002.523026] not chained 2050000 origins [ 1002.527042] CPU: 0 PID: 26074 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1002.531822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.536856] Call Trace: [ 1002.536856] dump_stack+0x32d/0x480 [ 1002.536856] ? save_stack_trace+0xc6/0x110 [ 1002.536856] kmsan_internal_chain_origin+0x222/0x240 [ 1002.536856] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1002.536856] ? is_bpf_text_address+0x49e/0x4d0 [ 1002.536856] ? INIT_INT+0xc/0x30 [ 1002.536856] ? __msan_warning+0x74/0xd0 [ 1002.536856] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 1002.536856] ? __save_stack_trace+0x9f2/0xc60 [ 1002.536856] __msan_chain_origin+0x6d/0xd0 [ 1002.536856] save_stack_trace+0xfa/0x110 [ 1002.536856] kmsan_internal_chain_origin+0x136/0x240 [ 1002.536856] ? kmsan_internal_chain_origin+0x136/0x240 [ 1002.536856] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.536856] ? __msan_memcpy+0x6f/0x80 [ 1002.536856] ? pskb_expand_head+0x43b/0x1d20 [ 1002.536856] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.536856] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.536856] ? ___sys_sendmsg+0xe68/0x1250 [ 1002.536856] ? __sys_sendmmsg+0x56b/0xa90 [ 1002.536856] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1002.536856] ? __x64_sys_sendmmsg+0x56/0x70 [ 1002.536856] ? do_syscall_64+0xcf/0x110 [ 1002.536856] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.536856] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1002.657294] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1002.657565] ? memcg_kmem_put_cache+0x8e/0x460 [ 1002.657565] ? __msan_get_context_state+0x9/0x30 [ 1002.657565] ? INIT_INT+0xc/0x30 [ 1002.657565] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1002.657565] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1002.657565] ? kmsan_set_origin+0x83/0x130 [ 1002.657565] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1002.657565] ? _cond_resched+0xc7/0x120 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] ? syscall_return_slowpath+0x123/0x8c0 [ 1002.657565] ? put_timespec64+0x162/0x220 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] RIP: 0033:0x457569 [ 1002.657565] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1002.657565] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1002.657565] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1002.657565] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000005 [ 1002.657565] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1002.657565] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1002.657565] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] save_stack_trace+0xfa/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] __save_stack_trace+0x833/0xc60 [ 1002.657565] save_stack_trace+0xc6/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] save_stack_trace+0xfa/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] __save_stack_trace+0x833/0xc60 [ 1002.657565] save_stack_trace+0xc6/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] save_stack_trace+0xfa/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] __save_stack_trace+0x833/0xc60 [ 1002.657565] save_stack_trace+0xc6/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Uninit was stored to memory at: [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] __msan_chain_origin+0x6d/0xd0 [ 1002.657565] save_stack_trace+0xfa/0x110 [ 1002.657565] kmsan_internal_chain_origin+0x136/0x240 [ 1002.657565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1002.657565] __msan_memcpy+0x6f/0x80 [ 1002.657565] pskb_expand_head+0x43b/0x1d20 [ 1002.657565] l2tp_xmit_skb+0x5a7/0x24b0 [ 1002.657565] pppol2tp_sendmsg+0x7a6/0xba0 [ 1002.657565] ___sys_sendmsg+0xe68/0x1250 [ 1002.657565] __sys_sendmmsg+0x56b/0xa90 [ 1002.657565] __se_sys_sendmmsg+0xbd/0xe0 [ 1002.657565] __x64_sys_sendmmsg+0x56/0x70 [ 1002.657565] do_syscall_64+0xcf/0x110 [ 1002.657565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1002.657565] [ 1002.657565] Local variable description: ----iph@ip_vs_out [ 1002.657565] Variable was created at: [ 1002.657565] ip_vs_out+0x1bf/0x4570 [ 1002.657565] ip_vs_local_reply6+0xec/0x130 [ 1003.348486] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:18 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = gettid() stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getegid() r6 = getpid() stat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = gettid() stat(&(0x7f0000000a00)='./file0\x00', &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x7, &(0x7f0000000ac0)=[0xffffffffffffffff, 0xee00, 0xee00, 0xffffffffffffffff, 0xee01, 0xee00, 0xee00]) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000032c0)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000003300)={{{@in6=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@ipv4={[], [], @dev}}}, &(0x7f0000003400)=0xe8) r14 = getgid() ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000003440)=0x0) lstat(&(0x7f0000003480)='./file0\x00', &(0x7f00000034c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000003540)='./file0\x00', &(0x7f0000003580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000003600)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003640)={0x0, 0x0}, &(0x7f0000003680)=0xc) lstat(&(0x7f00000036c0)='./file0\x00', &(0x7f0000003700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r21 = gettid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000003780)={{{@in6=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f0000003880)=0xe8) r23 = getegid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000038c0)={0x0}, &(0x7f0000003900)=0xc) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000003940)={{{@in6, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000003a40)=0xe8) r26 = getgid() r27 = geteuid() r28 = getgid() sendmmsg$unix(r2, &(0x7f0000003c00)=[{&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000180)=[{&(0x7f0000000100)="20e548e21b3972eda8b777e6114911", 0xf}], 0x1, &(0x7f0000003d40)=ANY=[@ANYBLOB="3000000000000000040000000100000087cfe2d1fa8570aa2d79a53ead9e7220bb4a5e572339d4f8c1b41d913d1095ca112785f39f3b97ddb7486f0832d1890cdb8b3dac151e8863194a5df4990691a4c3288505644acb80081cbbee8cf8fe124051ff7512c78f0fb89416d0457d9c6c61f26d7904036e120baddcf3a24efc6920d277a66bb2", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="0000000020000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0xa0, 0x40090}, {&(0x7f0000000540)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000380)="ef7dc88d75300ab04904b73765654b501b09ca7b85", 0x15}], 0x1, 0x0, 0x0, 0x1}, {&(0x7f0000000600)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f00000009c0)=[{&(0x7f0000000680)="8faf1052e3fe03812420aa8f2a6b58ac6fa917aec987567de95357710b9bbc34818f7f4aeafaed59e816cdbe87297c3775693cf8ccf75b4d4bf70c6cd4e182861a7b140b6d79350549fba75743884621e244c2d661924442d15c20c161bc6da57a98fcfa6b90b84ea7ed5a1051eb76ec7dd2e73c7791b8fc9207f9c43955f01fe223538da2bfffd1053336e8ba2a913fd72943e510415865b9f10ed4b608cae6c955f42279771a8c5deb819ea493cf8e2ec7", 0xb2}, {&(0x7f0000000740)="763040d0de344cc0420a10e5ed7e2dc7caa9a852a58048f46343358ba30abde3bed19ebcab8beab19b9257ea7b23dc746d90ceac475f7e8b5dbed71e9c8afef5c9b785453f66bf06b4107df0f9709629d2a51b43b6cbb8a7dc0eb3e3aa32015f7f851baa4c6acadd2aedf5cf8a03de5f3da828ea377ef1a9a427cf69476431197d5cbe4290e3584e38208c3fcdf5345ee146c1d393c6fcc43dd157316618cee770714576a23b961b4822fcb2a3a69fb5b08660036de7fede07a9f2a4a9275b3ecd267a7626a0c7672723448a75981e0d73d0cd79", 0xd4}, {&(0x7f0000000840)="b56622a2a36d10cc35a5c22e53311f9fc7435cab780aa59a1d31f8bf357c704768583fd0e170e544319a5c626e7924f48b4d4b46743f104fae30e440969d46d6dd28f39ca4d512ee03874b9919cc22a69ce8db888c5e7b7bc6690658b2b143942da89e63a50f22c4a789787be753346580f2ec75ad90c89e69ec537932b257283d92abcf3b075387b8e0d0c1ddd25cf4c7a594fa", 0x94}, {&(0x7f0000000900)="a469c5937e0a16af80a88474f8e1e47980a6ecb2d9339b8082a9e0098d1aba636dfb9402f60f6bc0bf06cac26afc6cb2d08ac48235a5d674d1c2d2ef600642b8fbcdeaf196652132650174f592a6ca5170270c2e6fb45bdef3999a3c2b8123f311562b260f9144e527f0e45f98adc76e641569c11cc485d7ed7637ec3d1eb7787d456aaa0b29fa8863280e643fef3be0062c6173ca1c553ed104d5feba69dd6a51d5eae80350c88975df013ac8195c7c87e0662c76489062802ccd", 0xbb}], 0x4, &(0x7f0000000b00)=[@cred={0x20, 0x1, 0x2, r9, r10, r11}], 0x20, 0x40}, {&(0x7f0000000b40)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000002fc0)=[{&(0x7f0000000bc0)="91bdba351b52618823675d1b51570bdb209e4be29e623a644f299500611c3bdb5f7405c1eeed37bb5f21921a0be067b82829a5b95937b21a4835752ac7731647b3636d02dca230e0c5ec718f1baed085d30b3843187b52059ce2d0ec0f8fee6ac41caaa8b1aecf3518a6324c8897c06aa672e5550d8eb3e9699f749d336010709e65a3fccc455b2b94af8b819b2a478f1ea336865feeb6b021ae6490a4ab4b0b17e2", 0xa2}, {&(0x7f0000000c80)="b6b3c2763703531cd9adc7a2639039a81ffc645f2af08ff19d0246c43db17a89fbb133a5e1622517e64f70ea42cfc399597031ad82ecef7c202dd99fbd566b61bcb5de033db907ee53dcc96fd89ede62379725844f8b5e7d264396f55a4d3a9ccdf8dac3c29e3edc3f5de44667cfa839a29dfba1ef8a04b8393393677e19c7a907699316016d2a2e09ba9e806e96c9697866b2a2b255", 0x96}, {&(0x7f0000000d40)="cddd65b8f14322458a2b4cfa8c9d67591fe683bab6f5babc72f1bd98496657c143cbc7f9c6ddacdd0ed110b29251949404e74ba9962a4f9e61a968b327b5f668a04e8560d65350a291a9f8d46034a3fd227a6d0a18738691c891d06b235d436d1aa895615c32534adf4d1642e1c99219a0ddb2e1340702a3e42277d216f6ecb715d849c657a18fd4460bf5a40f1880d5fc9bf48cab1590f2bdcdf82bb84f9b4fd38c8ea2bb4d0904037c5aa70b4f188a856cc9db9d5c98c3307ffa597b8b0bc35196324d42f0b44d209b754dd9013e7f600caf52d7d51b02fa6f2354241e6aaa8732a33dca83573cfceec7f2a467d5e660e64438c2a583c8d52addd68767", 0xfe}, {&(0x7f0000000e40)="22571aa032052c8e3c190ca52ff0eb7fe81a51a68e58bc72af83b3f9a407affbb0a33defd1471c4495581bb39abe629c636912dc6440e7415efaa5b3f46dd06f645c506b84188659c0cafbcd32965d20c9782a192f8a03bcdadf6efe27a7ba45d5deda0df416b6718e7d42fb3f0c14f3eeb4cea474ada6507b2fe72ef059808365fa5c8ae5b5d2d9fcc9aa1f9e8ead21bb4b2f1b643042be", 0x98}, {&(0x7f0000000f00)="41437890459b019888785beb1d517d84ad537ae3def22fc5281b3bbfb4242bbf38affb63959c4f5fb634134b86a7b6feac9864b88af4fac286eb0fb0b17fc566ddca9e40c6254961cd60d1cc369f5085793c04b91b7275730163dcc76ea971b4e2208802c000a49ba3246238a6d96797de76baa4ef08faf6f9036a9c51138ba46a225534817543688b425c5197367121f1d6e36493411772e62974e417e685e2206cd4f1f604e282da856caa7b576068cfe1fe286ef0d3f21ad5fd7e39fc7320f26831643a8681696d3c74152e08d46c0b6580c6a1c89094cfc7b088a82f26c6a852014fe0bae77bab5151bc77602ec238c2845e68ce0f9086d984177b41b0f05f15072ffba61c21826c06c1ecb7830b9ee5419b0bb3a5190b0e0a247ceebda1e1f1c1958c74538bf77b651b0ccb660c89cac99c41477d8367b8d8f76efd79cdf5994f7991d4bb516315c055bca723d57f5da09bdcbab1f4775d538e9a2ecb09d5158bd845aa1431c10a67e043c9517c04faaa0d6f8adb42f83be792b7a133e322ea390c3b21553de6ad508a38c76064a6a8a2b64031c71a3da64556c0ba8a963f5c816b97377fe2f63d6571d3dfd8294af55234d83b3ca5275d4d42d4592ee8cf9707964bc60b73251f018bba5209184fe354b04c54d728f8c6f8e7c4b2bcce1013157b774406806616e4f41e014bda6166b59db349cdc3dfec39931b7106e1b7a693f4c2c41f7a159e60ddd7463d7e23f67227f874d135500d6fc29bcc258232469f8671ea8db30d22c57bb2fa30b8e0ed06b5834042f700a521b6973cb395fce24b4c013ba308691c8ab1f437a7986b83477135dc03d7b593587e0467116518f7eee636dd52396dd24970e017b3795d50f86aca75703d4cfdca1c046e888a2cff5d40aabeea91760b866d396e9fe07b86a3c40135e3db28f55d0209fd2e3d2f45e968db8992947b0f737bf6114003d344159ddd0daa8146d305d31a4493ba49d2f713357cd6dfc98a96f41b3cf00c5e8a3cf79e45bc04778fbc529f46f7733ba518d52690bd636b5417901e36d3aea5f477a8bd8fb7eca9dbfbfbdba3e46b463558aba296cca7494c96b5ea7bd9d6c2b5ce01e595b7394f131d9ada4b672fe7555aadae79dd3e72c5229ecb703931e7b30d404f017e5d7bbeaa6dabd9c0d80be23de6706bbbee4952619816c5ffeb588040b41b11cc2ae2ed3406f3a52807ad72b2431851fd8544bc5545358873b04a5993fa99dcf65e4877f7c55f9eb8946a1ee585de1d0167b9b218d7e86b7b1155f59c9f882841514a4e02f46ab23b9479ca003498bd8746f1e84b1aa92dd3ad9bd0e0c6238d7e0af2ce9e0daac11a16195e1c5b47f23e6c8badb3489c6bc097b5f4e0669d10bece1bb01c4d954f1f13f697977718f483a2b1c81af41affab9e1cde5b5807edabfa09b0aad84aa8cd120b265f0fdf3d72ae2a0e4dcedab3cd2e60996a30e6de3bf405978e6a0e1963a96dca4c19c7f009dd59519ed8ede364b6133b06a70285a2d6046aace750883f4944fd2f84855581e5745fb3c96ff6b4223ec07ff0303e2e9bdb82e57c0a1da6b791eb7503793a8be2c942cb0c4c30234cfd209aaab7e9874d93b37ff1125b0aa6f6e9e004e4278f04800df3aabf8f56998270d469c62115010ddb68b0139b0077f3a1419dda2b30ab6ed400f72c114ba618c13c35109b943dda4a674f81bb92eba489b616a375c7ecdd3b3f7e245d3a776612c8e6d1b72f8b6956cab8b725f6ed9712358a2488a235daa11e56bc342f9a999a5c98adfcd0ac980fca24f2483ddbe3064636e29a82260a7c2ca0e98baca05720c43d1d8abeb8812fe267136e6e170058ad9fadbdbe047e9b8baaa6fe26c233aac2ea5f84f4806c15a43e1fe4579f5b2b112c38bfe90d2b1cfaca1e2337e43ebca5ec143d422bc16f5a8e6d5362fa57966c2186fde678e87137d0f8e4f3696c60ec5a983074dbf5e6dca657b3600ba158cd48249528f912b5524b624b8cf259032a2f0663840ac32b7b9f838068627bc05745d4820f5e546e747f75138758f834555cafa7561298a2dbf39c5518f819ca0454870e21d8f930909dd8f46bdd4537844ff39ad40f63d4019e1cdcf2a5964c97a704d31fe93d822db22432364be233b1bdb266d9ec84dc968809f7c9a9659acef4553443c195e3297451c5f5d8abc3cc69c361a475f5a88ad76204a1c5ff737c0b2f5cf64a6635787fd3d405230ce0be4baf6c8cd9b59be920f9c5121d5acb21dbdfe227a648860abe3dca82737eb683181ae3baf2bed5f44573ec36420b9ecb852a86eb6c3a0e3e35423b81c294c1c75200c2f1eb0f76dc46e95c8e6134b879b44ba10dcd2d94bfca89bc6a7347a800cfcec66b2d63bf9da2d3a195d0ef8988af848849f86976f5ea9538a3a622fbb08783031eeae139eb7f9c1cca19436d37ce963b8a1f5564ae2724c0a11619b375bb3e0e5bb48c7921a2f8e29b62c6253c6877829f541d577ec02e737675166bb55ec819d52cc4a532414e25aa2aec23d18ce9e21147c184d4c39a549ee16aa1cfdf90ea711e0cfc33ab2fe4b19a6261da70df8a4d81b03427ae359d7c07d7c85a4ec35ee75fa030ee30a4c9c19d36416be3d352a1667bd3f1a5542860acb7b663ced7af8ebfb613abfc067ba5667ac4ed66b39d0ac46feb76ded1208c8d63cfdbe90fe83e6c9b1c7651a3b052821b41617510bfc670879a2083450f1ec20bf6a3d93840227ae2d1d2deaee05bc69f58d4388eb7d496495e8abbc60b86d38c94759decc7b30a68c405623ef833fa3d8e1d37846a7b065c190ae3638f86377930c8d0ff0b177f06320a06db84cb436fe6fc995067076e6adec483ee84d5f466f15442cbfb8d628099f6024196d5f1356db089e0d877299b3825a854d57ea25f428080343ff5aaea9c787018b34db7ab6ef656edb1c36b4e9d990b9f9bc1f6d2e6b1cd0ab39ab155b1d3438b284313546f6f5e21e24825e1cde31262da15a3d0e8ff1d4aac3f2643125cfa9d1dd1c54685aab9031a7124a3df87fcc2fc545129462eb1c85712ff6df9c2d9e272e58b01e0db0b450532a5a2149b4926a9d35e63da8c10e19c987c0b71ba1949572d788d2dd182bc60e66a01ed8f10a93154da7c2371ef1c48aa926c3ea4fea7fc4d927258199f24d833ed19a7f9479dc0bac7bc04e11df976568a7c385ff33ff1f1baeff3e513710dd84414c5fc94c245f812eb6fb6cb60bc946b2e088197258354c47defa0d9ca15f4f7d975838c3ae43cf8ece6f5348cfec3596286b7c1c41feec210971017bbbe5f4a0e99c49c30bac9666b202a3465496650e46f4091ee3bfe881b0e4f2950aa08b709d47201b7019d597e09cd3778f60f0ccb130e31380d0501c7a274e9005bf400ab17d5f64f3bfe3b6616643aa475387d20d78ab6e17396b6b303b60d3c15d9c33494a8f8765f7abd545c2e9e6a2d65d2d590444013e74609a0cebd60638302144ffd170f42a903e42ef1fba8324b1f9c7dace9958c4f98ce9e6a89248c260d1a7ee31c751e348ab0614e4129886344cf0a8ff99cf7f042d5091d79f2ddc0e7de249dbba4035eb3fcb193cc1e539487bb15e7a3ab751e0b976bc0a845833453decab9c347a3ac57e159f38c8da07e205dbbded8c2846ddf7a87091e7a9e08041f726c6a1b514b5667f2d8671022d23e657c199f9f21fbfe394d68ba7b9c6cb8d02fa8f32e16c42f647970511b24dd0c8850ffd6b3978cf3d3c62e93ad0ff01faa45f0bb6306b6b064434722a929f506de9d2387eea99cf3aaaa5d6d51ec68e0871bbae32a52a369699d65d1c1c1d7c72f7407d83420b972ce2dc3bb5081b252479fb9a3a71b288a17f1a0ec080ca2a94626acf8b42d146e4969d8aaffc3a36fc37c05a9ab92e0a0c115cc1c517c9f267a1440bcffe804c08c903d59872eba08e7e3a5d91f46cb4fa6b0962e5b8e763df34fdfb705fb30d640298216897e3afe89a8a4f74cddc9f888badcafc58e2ec7c01c6eb76b43f03ec93a7393b065d46b3904b52575823f359c7f692718f0f5928158d160aa0d4205465ad8ecd91dfa16532a78ad62e5190eeaa803331b3730d7e6d8b04019b16b89ad531a4a1c3019d4e6fed48c1198d485e0babc6320acd3498231fdb18082f478c1fb545ede68883f157761c0b7a873025ecbd492d29a52b8c5f65b4bd165502b8578ec8e216bc98fd103e6098f36bd13f0d8fbfb334690be1e5aaeeadbb4202951b96689ec6400a3545dfba247f02c4fd55fce134f74fc218f9a06bb8a1e299753c5cbda586755625a0ebc38335e63c114e8bfdcc3b4948ddd7828e6ed068cd5ef746df692df918a8cf067eef9aefe140431252b48d49ed67c35913a849b759897f344013cec9b4845a439e4d5a0cea1a0187b9c1c13aaa375c9fe521d66c4153ebaf95b04d9d7d3b61e14766408c13fb6d927f63f6da5b62c3ace242381f1b17aaa5148b7508b0fa19f9cf7e3c5094ce2a1e0a7eb9a507790c4d697117e774e0ce9d9360228b1f2bbef9c1802cbd85c6b99636480b1a6edbc2e1701e1b3a7ac4fc6864f2e3e5323e76dea89629695b4a5f6c908b3fe7852dfd1da9aa11c2991da1f6ca80b23663b040e1611f19264856d98dc10b3e16adf4178e5ea4ce3e3d6fa32cc1fffb754833c497d310d2e889234b9968d9b2f2f85d662e6f158edd132efd8a40f5d7507db2c961bcf011591a4c7906076033488d8b038e81c1c0d1d487edddc25efeb43615381de3dcc643c36ae640f967edb12165c866138ccd9615a32dd7103cbd61c91871ba31d98e9b56ac5d4e854ea7a16ca2396d5197195de026939efb074796c2e5ed1321b01ed7a7a6c565a17d7e5184c2b1057083ad403d3865635900dbf058a7b45ea4c1950b314ce7511f226f7bb324a8d4f462645d11eb743863d827bc8fa1735dc7ae7fbc2915553faa1875e1639fc97ae043bcd1f4308bf41e538cdd35e51b45deb3375a1094c96828c55de6de86c01c09794e50b2681c1f6ba783b217f57a3389d92c0e642a2cec49eba516f197a97954f975d590e0a2147b7f865be0089bd6c76271600c10aead3d756ee342536db81f783223fe25d2d1a4dda03d8dd35acdb300c485df2a84cf02b99ec0cd3fc5a3d695cf6fb90fc793e67fdd43d6d2519bf9497309b7542f1ba35b86063f909af01902425bea5df33cb7a337c05a3bb8a84cfc770aae3348f6537851350e963f00bb6b67686116db0589603722d5ef064f52ca90875a4eb02f351a4b7637b537a9808b2de66f2cec7d116cbfeca72515f03b44ee78488f8df3ac5aa2731f434e559fffbd8ad3c3ca79cb1f2136db8d9998e92c9441901e4e8662c8089446423284b6e6aaac4aef325cc84b506d128d8091ac2636c4177c0e426776c1f28deae6ea41a513a6c3609281ef2dd0d7457876521f8e52c12ff04d42afab670b89ed263580d9250a8dbe17793dffbbc2938344ded7289e8a7ad7b393ecd2f45e319561a962814f01e5725746cf0e2ee70481d7a8b4b98e58830499207da972d5913d00c0a188268628a4ee70117aabf3b9090257e03a6b5c9853540a9ceafbc54b6dca4a6a0dce4b828c010b45522c875a36b422ed81bf3ad34767c46d67116898ae4519dc2060a63a7815d06bf27c049eb96f79730f168482bc7b61bbb91e2c9ed08277874492de9edc2e790af3f17568fc567005aed7652199396bf73960a5f99c930a2c966cd17a058197974ec8513bfaa0e7465bf1ebf92240517f37c70391cb5284f4008348bf9bb", 0x1000}, {&(0x7f0000001f00)="f2341940138be88c1613cbc28a03caa651f34771ee36695cc5056f1abe46ba62c78acf0a532f4f8b83345af5716404e8bd68a5963af4e48158950e286f72f4b60851c53abc8fb729e8fa32c126e91327415208eae0b3ca22a9f2f39352904aff40562ee2d13c82322e832a6d7522be5706dfe5716b121c0225e69726b34f8e84d2879a8962b8d4b3e93ad76075b13c4d412f9c71fda8ac8ace1783a9aeb5e444aaae84aea4a3e634f2a180a6993b92be1f8bba539b9887bb55b00d285f92314f37968584788df63fe5f3101d7c271f15c28f00b97fd11eb7d17388c0c9ec2dc2e6c4684ffebe5d4bd2db7102a34b6b1e2b500067394216274325108d59f51be3f146e28b7bb8dc9d288cbc83d8f50bccd023294e266d8be464c350086a26b4bcb9bfac210a7dc833a1df07540225723aec0beef2329f9eba3647e24e1a3de9b9ef8e917d9f55b747ed9a0cce0d95e960d5312f73a860aa086355313be945dcf135b6a9905001abb04fbcf1f8687c8b0070f9f4004629491583d75e0be40801ba14301819bf5984a6ebcc931260f11cbdc9b5a0f0a4f9e0e8a40892fdd5e1a11f3cb178b9ec89f444705747cc3bb58f7c7203c254baaebb689d542cce8d9a533d7e5a1c4b781a9b2e711e3642690960e10b8c4c62281f2ed3249d1cd12e307c42dd37336bfcaeaa39aa7ea7fe3c10c29ed9704e4da19b8063563583f360a90a92de753b975ed173088f8c51d74475b1adc5ba34ebb2f32d26cb11797f6b68a44be427b3eeb527c8785bb7dce49e299a4bc718587552ac462e00b87f5f6d7b995fc0ffcb9900a7045dd8f5da06533230652a29ab46a5ef96bf7c7993c815303edb94ee7143ff91edc01c2f17bb3fb4eb2ee47c2798c6ba5e70b5bed6af3e23df538a3f03483096b4cc49ddcccf70e8f1bf23b9c7520ea3dadc3bfaf5028554a7250e8ff05c805c23c9e2d6c9b8e7e908e371449c586cb6ab9e3664eb9a5d85b4d0d2a0e693903de0eaecc7c1a1f14cf2591c64cc885d951cc0140845e992f78d3368a615af1afcd2170dfcfe91836a7ebe7179a93014a93979502e2855b321556d4d5d1ef2f087d07205d6db1d2ff2672a1e99c8d72fe68dc8b89db4b06975c4e8434b3eac78a933121adb2ff5a68a7d67dae4e033c0d3df99ebe377a6d0cceb810f30685633aff8190a72bb23abd899c5afc16705db17ce4783e98234fb6f1622ab0db426ff828dbe4b39fd6bbd20fc0fffbd3c98b08a7651846d3781e2f471a4ed909d32158eedff4fbc13d9d5b15ecb5f793135e8cf50ea142b2be70d59a2e14eb43767a7c5ebc77648c903986eb57d563d0299bd2a65871e1412b3fec3da3d9a1bd4ec5a1767fa5a285c5317e88625c9c7a12cbcd95263c24bd3a5aaf206068a347e8be1e23c088da71ba5dbafb457e90997baa8fae5761f9ff9d473258aba70e93396b908eea9d198fa640a429ec77110b2d9a1acf06dc631a568b8822fe6853ae541f1cb14fee6eee01eb9ca57d07590ad67cba67d58b036ad5d2623cc5b9f0d4fdde16a0d8a1892e1b4b7936bc5f15e7d09f2b3134e4e8d651bccb66b783aeb58c5d74e1f5ed4d4c0c6aaac1cdbdde0f867192ca858d0c5b868d3626ce036b2acf2bf7802d1096151d6aa7c3f38bd4506efdf5cbceeb8cf1c80556e101ecb2b1232dcec2c29dfef317f1a3ebecc0af9fbdd563e8568410a10de33d74a4a6cc881022baaeb81b636cf5167e9f1bfbac2b39aa6b9881db931d79a77f63c1164cd10d2c371a69b418e1b438e9bb22ac051878c2fbbbe770283aaa0fa83d4c3e6d9661716cbc3c84de858e0be7c08fbff0c429f4d65a6240dbc3357eabf13706857a342178297dd3588d397b4aadc4c4a51c243d60e8c28072bd8721547fdc0778b3fc7649ebd8b55afc830c8a4e23ed5493e63861ae45eb840e894d60c00b82310516e90c22518252aab940e34e08a1203c388ac6517d8fb89842a3c6e9560271c8d71114d3ec234ffbb5ff351ca46c517e56dc69f12eeb4800722a296fd4f68269c399fd775c66073f3c759ef34c0e03231ee49ab34af1361232dee30616adabf1ffa5fe3fcd0a13e75ceff30e74907a861318ca1fc6fefeeb8b145d88edf5058f4c92994b9d8d9cc0aac4cd5c29b8a9602f8a1145bbac76d76299c307c00def7b82f521b8335c0cc87420faf002b01e97224417c53e2dc609c57a498b9a217d3f99db7b460014c69104a4070e4dd380a84601c69e65928092e7d89bbb16680c8dda32512161ad022d1b421ca9fe6ca0e45e8c24915dd2a4e833b56525f522708dff86c74c3b5f7b3a5f2d774d472c9d5eaf31a812fec4acb9263173d1b65c5f845b454c063fec7dca73ef5933f0af1d48358178ea5eff9e15ce182bfac695414f5c6d7d4292a809634beb50d5cefaee52f8eecb226c454c68fbf7dc5686fac39f8083d690a0984d328ceda0a0b3e4ad3273926083bcc965aa649316b111efcb49b20aa8f7305d141c5622e85114c245648d426e58271a7f54d5f1b5df38dc79dc8dfe5cd3d3baaf9ec90675bfd87f9dad40e6dd783c440d1aabb1a59f96cf482eb9dcf2dfd0918abb1044096577465cb6ea0573fd11a32240487417c8248aa48dc48d1c30527e8434dbc193be571b708540d5fe48a199e7bc3cb37f68d85c030255cb4861162c6832f42b85e4e5e5e6aa72c5d1399d1712a0a8fb2eae43cc96d180175b25e65751e62470ef38965b7873b1cc2e0e96a2aa04ebc85f354b695319ce7f7d519fa9ec212248665fd81b293787ce1bc32e16b682a0acbb6c67fff0053c05012cb4cefff5b9df45d507b726fc1a46d5442069208fe643d706b325ad744398665cb70cb51b9999afbb2d636e12161c0bc7d2885d86367f92cd47a72c18fe7ab9cace3e59abda74f501dd3c0f88c128a1a7d509dce26dac0c8c5d74619d434f269a72502b59fa9ec01a2011555b4773fcb9dedf8d05df7dccf75a8cd599497351017abe63cd1515c04180cdfac417d5c2d7ecc945e6ceaec963cc4687037a628e21a4be525bed27a38228f6f325567d80769edc362dad4da7201653258085fe1bd14e63a81754aff96c71d464ecd346b5c0c866ea39cec03bf5a0a2e942b602fd8faba8dfb54708724da1ec4db195f300db3444922fe6976e5b72589928be5f1a4712995105b027e9f288f54e9f36e4180ff1617816272db0fc31573b7241665d1520ae23947f4f87c7a5c07de305cc72b54c55228323c59466506eb2ba8f936e9e7febeba971975561b8360a24f7c9ad26000a9745a3a6db7bfca0cb901c97c95230124c59c01e5cc0710aa6e52fb3c2e353d80a9ffd115fe1f9fb6b1765e07b2d16e2ebd338b7cee1b9afe152dbb7db782bfa1349cedae5092dfaaa88c264b9a6828c680efd445e91d359e3d7ea47eaca65a1c8fe1d82c74a516115acf2494d611819974661b6a32e66630a0f95f9eb3d7460b3f09b7c781df726622969ff77083f4cabb60b528e830121282a18a44b9f1983551c78b6715aa9a4eea37cee5427079c87864b6c7c443168f31bee8f88a76e2549f9f0ded63dbf2fc6dea6821a0e5753479c9706664757a9daed3e6f64e3c7daa30f6cde74c33108da3c62832e126f387654cb8a157c8179a64a78ab568cb5267e9c563cf3cd51a83b462a08f661e4fff04124f98bd32313ace5d6e1ebf9bb50a232ad97151ff62e7efa7d861089e018f394399ccc7d55581d713361a84db574791252db851688e5b8efdd957299a675a5edcec3dcb2353d736bb1740c9eb05f6ec5baf9d0ac1644e7371700e25d2a90fbc39cddacf75ba6cc5d20ff031c30a52f66c43ebe0dbb3c0c5382e6fb65ebe83dc9065bbdf8ebf1fa7a0f2cd753d185337a54c4c64ad99824a29ca6d5f05d7bef32442c489a419cca3520fd64e2f33dca34d3f28c92a756e9791a0a60c71b164c9ea9fa4b5812240caa156c42d275318d165cc30c16fa30ec80f02bff108ca78ffa17df2c16af8eba702f735e6266f1586cec39d597c52a92549992e27926063c2ec4402f7cc2a047622a4208f7c35d16277ed5f5bd2a6e95ee4c34071c97dee52172256ebad0640184c6f04b6cdf029c1769ce032cec08129d1492001829a12deaa9b83d3d5c830ab0b98acb72a44dcb59949a3fc96300cd80037ac63ca0fcb92ed417ba41a6cd2a16fae9e446352520e8d4ecbf96e2b6be223d9c2c1a0f1c78582e832077ad9c9ee80b5e6f275fff31fc93fb54dbf3967abceeb8d369e0499420bea3669994cd600eea77614b92267a0cc50b669a0b6749cc8e6e5e7d0c8a743bfb8710f305b1668f730537e537cf06d80b2218427e745d76a99c74822f10f78878eb560d38226b05353bcb18a3e1b3f8b08929d5cb9e22375e839a560efe87a3c9688e16f0c84680e4224a509e60003d0d9a8dee9c997efdf44440604b1af9bd3de52d4d56f54bc44db117cee74aee41fff6f89fc3baa06407f502aa95556767918f4a84a682529b387b1eb54e984d7417ad759ee587d934b9bfeca072a49ee043107d62ed0ff6a471ef64719d533f56b5e927a06025c7a79d0b63d45f28c95a85a16a04fef037e193e5e9d18e783edb33a3a9b95d668c6c8d7de8159d05ecf0b070ad9a0976f22c20eb4783c94f0f5f2a9f5f8cee8bf4771fccd48bdc9dea06da61f2c230c7c47abb818a9f222bf1387aa984cc2f0214e9667e6b23dd65981d33c91b043468fe5ca380f04617629b4c5d3f262f955cc507ac1b3c28848323f814f9237b6295d34334b3768d83c9235b9655fb256dea41509b54f95566eafeaa2758f29002a933945a4716c5a1d831567039fc277e43863bf03cc1a4667734f6211c1d981e8e2adfd7665779abfdb2439177170fbf48d6fc2e2ae434cb7ac701c4471a383f3cfa0386c2b7b00d98cc0dc638cd97d172ee42d8890c0c407284b18c24a3f81471aa8e97e87832e6fb40232888ce461d019d5c73940e0372bc52e88360e0f64c681745e748f08c53685f718af03a009ad70705a6f727f880727de366e4d1064a1892ff51040319a10d86cef39a08d578fefa0216d7ab89bbaa842fcb9b213268bdfa1047c595cb230f623c0888a51e9aaf25dd0576ead08fab9349ffc3c8caed056baf7f0d56ce4efe8fe9038b832ed2bc6251b18330731808051ee2b74900d6d469c455c34a21247dc309dc4f9b6114502fed20ced945d69960aa31d6472449d948cb77cb4575962a7fe57f4ae1d93640b5895371bc566823917bac2f8e07d7f5c9cb1e687b8294cbb7c4ac4225b6c1be2aee47d72302db074609f2f386249d1d472bf3f047e3472ec474a874b477b2b4d5b273aa830d884e52e1a2631d74c87f9cd5c792594c9bc0207a8608ffd67e159cc105d3f97330f258a281f8631710917b78f51b68b55bbfd933dc8e95412c01b03ffac4d862426a580c705daf07c5b0e08de7f0b939f1ea75b7c375447e98f52a779e3fdb22c1000022acb622be859ccb56c85cfaa42f9f0abde95f40b746e18c7b7c5399235c39056a5af64dc3f697372de34c2252af19407fc867736812fbcdd032c0e71796bc8af6c2e743cfda12acc36e2114e0a861e5cdd957f5dc710ed0e4d6a3e3da08ba2284de92c6546f0993ea4cd9ff302f8b8f37c1a744fbe22956551007cde27d9375df1daee23860054275355e9cc4eb0c6dc633ef1af46823593768c5a4be5a8c24e590b61cd2f5dd84bd18cb142f0b4a81f458c972dcbdaf6bcaf0bbd724c752c1e4c1a0313f0368191383bd94071bfd001eeb5f903499f", 0x1000}, {&(0x7f0000002f00)="1f117b937d06155588086a9b2d680481862f7cf5d829d80954ea3cc19531d6421e5f43be654c30928b46b80e6b03b11c09ecc3e9b20818b22e6c6bd858c92624", 0x40}, {&(0x7f0000002f40)="b169d826192ba558acfe9d0ed8f7f7d4a20d2f8090463cbc6c2e0994df58ed5de0d33390c0ae9a9ec260d1c0595c88c0a26f8f8938f67f5ee7effefb24a4901a49c3bbbe581a222e2e1ecbe5ff22d7222d898a3261061c19", 0x58}], 0x8, 0x0, 0x0, 0x44}, {&(0x7f0000003040)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000003280)=[{&(0x7f00000030c0)="250309d422eb91ff6888ff273340ea4635e4ba69f9c7b0354dda0eed0f2be3b3ad8ca619430828f4313bb66e82ed5217c529cc63e13e6c15ac2776a8a237c4e7bf07f277e36e76702ed2e5650eab6b06f0e51f6f30261843d51d12ad84449d46ee7fc5519da0cf8396e989903e2ab70800da0744ff3b2b36c4ba638e5068b329ffc06df5902288ae9a6738140e5b", 0x8e}, {&(0x7f0000003180)="0e3d31383960dd75ef105878db6a5a14affc15ee037fb819c7019dba267e1cfb488df7866a36b9177a37e813ebeb8d7c872fb0c815f6842d14084ba3570fb5d1a272b9559a2168b7b4a56b80f44fd213396e99534d25969c46e583ab38b40ce5bddf2fe1c5e25b83047ff4e91afeffc20889472d95272cb179e2c106d1f71cfaedb2750397288ea193553609458ff4cd544098ff792578463ae95b584e68833e4fb5f4036f6e6fe5ca7a5a3b22e054107e1c497d568d2b37418dc8a91e15ebc0f765e451d191fc7183f938bbf777bab7b7c2", 0xd2}], 0x2, &(0x7f0000003ac0)=[@cred={0x20, 0x1, 0x2, r12, r13, r14}, @cred={0x20, 0x1, 0x2, r15, r16, r17}, @rights={0x28, 0x1, 0x1, [r0, r0, r0, r0, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}, @cred={0x20, 0x1, 0x2, r18, r19, r20}, @cred={0x20, 0x1, 0x2, r21, r22, r23}, @rights={0x18, 0x1, 0x1, [r0, r0]}, @cred={0x20, 0x1, 0x2, r24, r25, r26}, @cred={0x20, 0x1, 0x2, 0x0, r27, r28}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x130, 0x8880}], 0x5, 0x1) r29 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x0) sendmmsg(r29, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:18 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@int=0x800, 0x4) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c4d80c0ccfcda7afeb182d7d8a4824d7e96a6bf5e75da5ce6cd7e27471d711084374e252d9cacfeb9abed316aafb672829e562b866d6433d7b248584e5fdcfcb7c18da11e9801e87b164e879453716357e82b9f35018a2abfb286f18c381851706174445226668020f31919539a51585afbee78ea8c601c2ef74bc04aced044541aa9c1e26fd3404738b74bf32ad0d283fb6632808b1425690db0074ca1690fececce547"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:18 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:18 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f00000012c0)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0x9204, 0x0) 06:06:18 executing program 1: seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0xfffffffffffffffe}]}) write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000036c0)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846eab1a9d914b0695b16dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1a375b63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c128cf35ddf4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7912ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6692ceb4831b5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8297cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057288d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858ae38ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d294285497a42736454ccb62fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006) 06:06:18 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:18 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:18 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1003.879735] audit: type=1326 audit(1541225178.927:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=26113 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 06:06:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0), 0x0, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:19 executing program 4 (fault-call:2 fault-nth:0): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:06:19 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0xb00, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x20102, 0x0) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) fcntl$setflags(r2, 0x2, 0x1) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 1004.229776] FAULT_INJECTION: forcing a failure. [ 1004.229776] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.241355] CPU: 1 PID: 26135 Comm: syz-executor4 Not tainted 4.19.0+ #77 [ 1004.248338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.251152] Call Trace: [ 1004.251152] dump_stack+0x32d/0x480 [ 1004.251152] should_fail+0x11e5/0x13c0 [ 1004.251152] __should_failslab+0x278/0x2a0 [ 1004.272024] should_failslab+0x29/0x70 [ 1004.272024] __kmalloc+0xcf/0x4d0 [ 1004.272024] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1004.272024] ? sock_kmalloc+0x2c5/0x590 [ 1004.272024] sock_kmalloc+0x2c5/0x590 [ 1004.272024] ? aead_release+0x90/0x90 [ 1004.272024] alg_setsockopt+0x44a/0x710 [ 1004.272024] ? alg_accept+0xd0/0xd0 [ 1004.272024] __sys_setsockopt+0x493/0x540 [ 1004.272024] __se_sys_setsockopt+0xdd/0x100 [ 1004.272024] __x64_sys_setsockopt+0x62/0x80 [ 1004.272024] do_syscall_64+0xcf/0x110 [ 1004.272024] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.272024] RIP: 0033:0x457569 [ 1004.272024] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1004.341957] RSP: 002b:00007ff48233dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1004.341957] RAX: ffffffffffffffda RBX: 00007ff48233dc90 RCX: 0000000000457569 [ 1004.341957] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 1004.341957] RBP: 000000000072bf00 R08: 0000000000000010 R09: 0000000000000000 [ 1004.341957] R10: 0000000020000100 R11: 0000000000000246 R12: 00007ff48233e6d4 [ 1004.341957] R13: 00000000004c3c71 R14: 00000000004d5f20 R15: 0000000000000004 06:06:19 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1004.466914] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.490436] not chained 2060000 origins [ 1004.491917] CPU: 1 PID: 26138 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1004.491917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.491917] Call Trace: [ 1004.491917] dump_stack+0x32d/0x480 [ 1004.491917] kmsan_internal_chain_origin+0x222/0x240 [ 1004.491917] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.491917] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.529985] ? save_stack_trace+0xc6/0x110 [ 1004.529985] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1004.538346] ? kmsan_internal_chain_origin+0x90/0x240 [ 1004.538346] ? get_stack_info+0x863/0x9d0 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] ? kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] ? __msan_memcpy+0x6f/0x80 [ 1004.538346] ? pskb_expand_head+0x43b/0x1d20 [ 1004.538346] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ? ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] ? __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] ? __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] ? do_syscall_64+0xcf/0x110 [ 1004.538346] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1004.538346] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1004.538346] ? memcg_kmem_put_cache+0x8e/0x460 [ 1004.538346] ? __msan_get_context_state+0x9/0x30 [ 1004.538346] ? INIT_INT+0xc/0x30 [ 1004.538346] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1004.538346] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1004.538346] ? kmsan_set_origin+0x83/0x130 [ 1004.538346] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1004.538346] ? _cond_resched+0xc7/0x120 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] ? syscall_return_slowpath+0x123/0x8c0 [ 1004.538346] ? put_timespec64+0x162/0x220 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] RIP: 0033:0x457569 [ 1004.538346] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1004.538346] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1004.538346] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1004.538346] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1004.538346] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1004.538346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1004.538346] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Uninit was stored to memory at: [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] __msan_chain_origin+0x6d/0xd0 [ 1004.538346] __save_stack_trace+0x8be/0xc60 [ 1004.538346] save_stack_trace+0xc6/0x110 [ 1004.538346] kmsan_internal_chain_origin+0x136/0x240 [ 1004.538346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1004.538346] __msan_memcpy+0x6f/0x80 [ 1004.538346] pskb_expand_head+0x43b/0x1d20 [ 1004.538346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1004.538346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1004.538346] ___sys_sendmsg+0xe68/0x1250 [ 1004.538346] __sys_sendmmsg+0x56b/0xa90 [ 1004.538346] __se_sys_sendmmsg+0xbd/0xe0 [ 1004.538346] __x64_sys_sendmmsg+0x56/0x70 06:06:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0), 0x0, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:20 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000000c0)=0xfffffffffffffff9, 0x4) [ 1004.538346] do_syscall_64+0xcf/0x110 [ 1004.538346] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1004.538346] [ 1004.538346] Local variable description: ----iph@ip_vs_out [ 1004.538346] Variable was created at: [ 1004.538346] ip_vs_out+0x1bf/0x4570 [ 1004.538346] ip_vs_local_reply6+0xec/0x130 [ 1005.347540] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:20 executing program 4 (fault-call:2 fault-nth:1): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:06:20 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1005.727563] not chained 2070000 origins [ 1005.731589] CPU: 1 PID: 26138 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1005.731814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.746138] Call Trace: [ 1005.748024] dump_stack+0x32d/0x480 [ 1005.752550] kmsan_internal_chain_origin+0x222/0x240 [ 1005.752550] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1005.752550] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1005.752550] ? save_stack_trace+0xc6/0x110 [ 1005.752550] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1005.752550] ? kmsan_internal_chain_origin+0x90/0x240 [ 1005.752550] ? get_stack_info+0x863/0x9d0 [ 1005.752550] __msan_chain_origin+0x6d/0xd0 [ 1005.752550] ? pskb_expand_head+0x43b/0x1d20 [ 1005.752550] __save_stack_trace+0x8be/0xc60 [ 1005.752550] ? pskb_expand_head+0x43b/0x1d20 [ 1005.752550] save_stack_trace+0xc6/0x110 [ 1005.752550] kmsan_internal_chain_origin+0x136/0x240 [ 1005.752550] ? kmsan_internal_chain_origin+0x136/0x240 [ 1005.752550] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1005.752550] ? __msan_memcpy+0x6f/0x80 [ 1005.752550] ? pskb_expand_head+0x43b/0x1d20 [ 1005.752550] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1005.752550] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1005.752550] ? ___sys_sendmsg+0xe68/0x1250 [ 1005.841962] ? __sys_sendmmsg+0x56b/0xa90 [ 1005.841962] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1005.841962] ? __x64_sys_sendmmsg+0x56/0x70 [ 1005.841962] ? do_syscall_64+0xcf/0x110 [ 1005.841962] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1005.841962] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1005.841962] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1005.841962] ? memcg_kmem_put_cache+0x8e/0x460 [ 1005.841962] ? __msan_get_context_state+0x9/0x30 [ 1005.841962] ? INIT_INT+0xc/0x30 [ 1005.841962] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1005.841962] kmsan_memcpy_origins+0x13d/0x1b0 [ 1005.841962] __msan_memcpy+0x6f/0x80 [ 1005.841962] pskb_expand_head+0x43b/0x1d20 [ 1005.841962] l2tp_xmit_skb+0x5a7/0x24b0 [ 1005.911955] pppol2tp_sendmsg+0x7a6/0xba0 [ 1005.911955] ___sys_sendmsg+0xe68/0x1250 [ 1005.919447] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1005.919447] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1005.919447] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1005.919447] ? rcu_all_qs+0x3b/0x310 [ 1005.919447] ? _cond_resched+0x59/0x120 [ 1005.919447] ? rcu_all_qs+0x53/0x310 [ 1005.919447] ? _cond_resched+0x37/0x120 [ 1005.948290] ? __sys_sendmmsg+0x7c9/0xa90 [ 1005.948290] ? _cond_resched+0x59/0x120 [ 1005.948290] __sys_sendmmsg+0x56b/0xa90 [ 1005.962014] ? syscall_return_slowpath+0x123/0x8c0 [ 1005.962014] ? put_timespec64+0x162/0x220 [ 1005.962014] __se_sys_sendmmsg+0xbd/0xe0 [ 1005.962014] __x64_sys_sendmmsg+0x56/0x70 [ 1005.962014] do_syscall_64+0xcf/0x110 [ 1005.983559] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1005.983559] RIP: 0033:0x457569 [ 1005.983559] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1005.983559] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1006.016099] FAULT_INJECTION: forcing a failure. [ 1006.016099] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.013376] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1006.013376] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1006.013376] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1006.013376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1006.013376] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1006.013376] Uninit was stored to memory at: [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.031965] CPU: 0 PID: 26158 Comm: syz-executor4 Not tainted 4.19.0+ #77 [ 1006.013376] __msan_chain_origin+0x6d/0xd0 [ 1006.013376] __save_stack_trace+0x8be/0xc60 [ 1006.041838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1006.013376] save_stack_trace+0xc6/0x110 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] Call Trace: [ 1006.013376] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.013376] __msan_memcpy+0x6f/0x80 [ 1006.041838] dump_stack+0x32d/0x480 [ 1006.013376] pskb_expand_head+0x43b/0x1d20 [ 1006.013376] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.041838] should_fail+0x11e5/0x13c0 [ 1006.013376] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.013376] ___sys_sendmsg+0xe68/0x1250 [ 1006.041838] __should_failslab+0x278/0x2a0 [ 1006.013376] __sys_sendmmsg+0x56b/0xa90 [ 1006.013376] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.041838] should_failslab+0x29/0x70 [ 1006.013376] __x64_sys_sendmmsg+0x56/0x70 [ 1006.013376] do_syscall_64+0xcf/0x110 [ 1006.041838] __kmalloc+0xcf/0x4d0 [ 1006.013376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1006.013376] __msan_chain_origin+0x6d/0xd0 [ 1006.013376] __save_stack_trace+0x8be/0xc60 [ 1006.041838] ? skcipher_setkey_blkcipher+0x226/0x2f0 [ 1006.013376] save_stack_trace+0xc6/0x110 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] ? crypto_gcm_setkey+0x309/0xbc0 [ 1006.013376] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.013376] __msan_memcpy+0x6f/0x80 [ 1006.041838] crypto_gcm_setkey+0x309/0xbc0 [ 1006.013376] pskb_expand_head+0x43b/0x1d20 [ 1006.013376] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.041838] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 1006.013376] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.013376] ___sys_sendmsg+0xe68/0x1250 [ 1006.041838] crypto_aead_setkey+0x34b/0x4a0 [ 1006.013376] __sys_sendmmsg+0x56b/0xa90 [ 1006.013376] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.041838] aead_setkey+0xa0/0xc0 [ 1006.013376] __x64_sys_sendmmsg+0x56/0x70 [ 1006.013376] do_syscall_64+0xcf/0x110 [ 1006.041838] alg_setsockopt+0x613/0x710 [ 1006.013376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] ? aead_release+0x90/0x90 [ 1006.013376] __msan_chain_origin+0x6d/0xd0 [ 1006.013376] __save_stack_trace+0x8be/0xc60 [ 1006.041838] ? alg_accept+0xd0/0xd0 [ 1006.013376] save_stack_trace+0xc6/0x110 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] __sys_setsockopt+0x493/0x540 [ 1006.013376] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.013376] __msan_memcpy+0x6f/0x80 [ 1006.041838] __se_sys_setsockopt+0xdd/0x100 [ 1006.013376] pskb_expand_head+0x43b/0x1d20 [ 1006.013376] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.041838] __x64_sys_setsockopt+0x62/0x80 [ 1006.013376] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.013376] ___sys_sendmsg+0xe68/0x1250 [ 1006.041838] do_syscall_64+0xcf/0x110 [ 1006.013376] __sys_sendmmsg+0x56b/0xa90 [ 1006.013376] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.041838] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.013376] __x64_sys_sendmmsg+0x56/0x70 [ 1006.013376] do_syscall_64+0xcf/0x110 [ 1006.041838] RIP: 0033:0x457569 [ 1006.013376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1006.013376] __msan_chain_origin+0x6d/0xd0 [ 1006.013376] __save_stack_trace+0x8be/0xc60 [ 1006.041838] RSP: 002b:00007ff48233dc78 EFLAGS: 00000246 [ 1006.013376] save_stack_trace+0xc6/0x110 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.041838] ORIG_RAX: 0000000000000036 [ 1006.013376] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.013376] __msan_memcpy+0x6f/0x80 [ 1006.041838] RAX: ffffffffffffffda RBX: 00007ff48233dc90 RCX: 0000000000457569 [ 1006.013376] pskb_expand_head+0x43b/0x1d20 [ 1006.013376] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.041838] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 1006.013376] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.013376] ___sys_sendmsg+0xe68/0x1250 [ 1006.041838] RBP: 000000000072bf00 R08: 0000000000000010 R09: 0000000000000000 [ 1006.013376] __sys_sendmmsg+0x56b/0xa90 [ 1006.013376] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.041838] R10: 0000000020000100 R11: 0000000000000246 R12: 00007ff48233e6d4 [ 1006.013376] __x64_sys_sendmmsg+0x56/0x70 [ 1006.013376] do_syscall_64+0xcf/0x110 [ 1006.041838] R13: 00000000004c3c71 R14: 00000000004d5f20 R15: 0000000000000004 [ 1006.013376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.013376] kmsan_internal_chain_origin+0x136/0x240 [ 1006.500650] __msan_chain_origin+0x6d/0xd0 [ 1006.500650] __save_stack_trace+0x8be/0xc60 [ 1006.531963] save_stack_trace+0xc6/0x110 [ 1006.531963] kmsan_internal_chain_origin+0x136/0x240 [ 1006.531963] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.531963] __msan_memcpy+0x6f/0x80 [ 1006.531963] pskb_expand_head+0x43b/0x1d20 [ 1006.531963] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.531963] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.531963] ___sys_sendmsg+0xe68/0x1250 [ 1006.531963] __sys_sendmmsg+0x56b/0xa90 [ 1006.531963] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.531963] __x64_sys_sendmmsg+0x56/0x70 [ 1006.531963] do_syscall_64+0xcf/0x110 [ 1006.531963] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.531963] [ 1006.531963] Uninit was stored to memory at: [ 1006.531963] kmsan_internal_chain_origin+0x136/0x240 [ 1006.531963] __msan_chain_origin+0x6d/0xd0 [ 1006.601995] __save_stack_trace+0x8be/0xc60 [ 1006.601995] save_stack_trace+0xc6/0x110 [ 1006.601995] kmsan_internal_chain_origin+0x136/0x240 [ 1006.611495] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.611495] __msan_memcpy+0x6f/0x80 [ 1006.611495] pskb_expand_head+0x43b/0x1d20 [ 1006.611495] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.611495] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.611495] ___sys_sendmsg+0xe68/0x1250 [ 1006.611495] __sys_sendmmsg+0x56b/0xa90 [ 1006.611495] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.647487] __x64_sys_sendmmsg+0x56/0x70 [ 1006.647487] do_syscall_64+0xcf/0x110 [ 1006.647487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.647487] [ 1006.647487] Uninit was stored to memory at: [ 1006.647487] kmsan_internal_chain_origin+0x136/0x240 [ 1006.647487] __msan_chain_origin+0x6d/0xd0 [ 1006.647487] __save_stack_trace+0x8be/0xc60 [ 1006.647487] save_stack_trace+0xc6/0x110 [ 1006.647487] kmsan_internal_chain_origin+0x136/0x240 [ 1006.647487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1006.647487] __msan_memcpy+0x6f/0x80 [ 1006.647487] pskb_expand_head+0x43b/0x1d20 [ 1006.647487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1006.647487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1006.708669] ___sys_sendmsg+0xe68/0x1250 [ 1006.708669] __sys_sendmmsg+0x56b/0xa90 [ 1006.708669] __se_sys_sendmmsg+0xbd/0xe0 [ 1006.708669] __x64_sys_sendmmsg+0x56/0x70 06:06:21 executing program 1 (fault-call:2 fault-nth:0): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:21 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0), 0x0, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:21 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:21 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syS_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:21 executing program 4 (fault-call:2 fault-nth:2): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) [ 1006.708669] do_syscall_64+0xcf/0x110 [ 1006.708669] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.708669] [ 1006.739066] Local variable description: ----iph@ip_vs_out [ 1006.739066] Variable was created at: [ 1006.748169] ip_vs_out+0x1bf/0x4570 [ 1006.748169] ip_vs_local_reply6+0xec/0x130 [ 1006.758112] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1006.833423] FAULT_INJECTION: forcing a failure. [ 1006.833423] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.845019] CPU: 1 PID: 26169 Comm: syz-executor4 Not tainted 4.19.0+ #77 [ 1006.852024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1006.854747] Call Trace: [ 1006.854747] dump_stack+0x32d/0x480 [ 1006.854747] should_fail+0x11e5/0x13c0 [ 1006.854747] __should_failslab+0x278/0x2a0 [ 1006.854747] should_failslab+0x29/0x70 [ 1006.854747] __kmalloc+0xcf/0x4d0 [ 1006.854747] ? gf128mul_init_4k_lle+0x4c/0x5f0 [ 1006.854747] gf128mul_init_4k_lle+0x4c/0x5f0 [ 1006.854747] ghash_setkey+0x185/0x260 [ 1006.854747] ? ghash_final+0x1b0/0x1b0 [ 1006.854747] shash_async_setkey+0x324/0x4d0 [ 1006.903910] FAULT_INJECTION: forcing a failure. [ 1006.903910] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1006.854747] ? skcipher_encrypt_blkcipher+0x4a/0x340 [ 1006.854747] ? shash_async_digest+0x1a0/0x1a0 [ 1006.854747] crypto_ahash_setkey+0x2c5/0x470 [ 1006.854747] crypto_gcm_setkey+0xa1d/0xbc0 [ 1006.932030] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 1006.932030] crypto_aead_setkey+0x34b/0x4a0 [ 1006.932030] aead_setkey+0xa0/0xc0 [ 1006.932030] alg_setsockopt+0x613/0x710 [ 1006.932030] ? aead_release+0x90/0x90 [ 1006.932030] ? alg_accept+0xd0/0xd0 [ 1006.932030] __sys_setsockopt+0x493/0x540 [ 1006.932030] __se_sys_setsockopt+0xdd/0x100 [ 1006.932030] __x64_sys_setsockopt+0x62/0x80 [ 1006.932030] do_syscall_64+0xcf/0x110 [ 1006.932030] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1006.932030] RIP: 0033:0x457569 [ 1006.932030] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1006.932030] RSP: 002b:00007ff48233dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1006.932030] RAX: ffffffffffffffda RBX: 00007ff48233dc90 RCX: 0000000000457569 [ 1006.932030] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 1006.932030] RBP: 000000000072bf00 R08: 0000000000000010 R09: 0000000000000000 [ 1006.932030] R10: 0000000020000100 R11: 0000000000000246 R12: 00007ff48233e6d4 [ 1006.932030] R13: 00000000004c3c71 R14: 00000000004d5f20 R15: 0000000000000004 [ 1007.049077] CPU: 0 PID: 26171 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1007.051850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1007.051850] Call Trace: [ 1007.067835] dump_stack+0x32d/0x480 [ 1007.067835] should_fail+0x11e5/0x13c0 [ 1007.067835] __alloc_pages_nodemask+0x6fd/0x6640 [ 1007.080337] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 1007.080337] ? update_cfs_rq_load_avg+0x5e1/0xa10 [ 1007.080337] alloc_pages_current+0x584/0x7e0 [ 1007.080337] kmalloc_order_trace+0xd9/0x470 [ 1007.080337] ? drm_invalid_op+0x30/0x30 [ 1007.080337] __kmalloc+0x4b2/0x4d0 [ 1007.080337] ? __srcu_read_unlock+0x76/0xb0 [ 1007.080337] ? drm_invalid_op+0x30/0x30 [ 1007.080337] drm_ioctl+0x862/0x1160 [ 1007.080337] ? drm_invalid_op+0x30/0x30 [ 1007.080337] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1007.080337] ? do_vfs_ioctl+0x187/0x2d30 06:06:22 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=ANY=[@ANYBLOB], 0x5, 0x1) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1007.080337] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1007.080337] do_vfs_ioctl+0xf77/0x2d30 [ 1007.080337] ? security_file_ioctl+0x92/0x200 [ 1007.080337] __se_sys_ioctl+0x1da/0x270 [ 1007.080337] __x64_sys_ioctl+0x4a/0x70 [ 1007.080337] do_syscall_64+0xcf/0x110 [ 1007.080337] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.080337] RIP: 0033:0x457569 [ 1007.165364] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1007.165364] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1007.165364] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1007.165364] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1007.165364] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1007.165364] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1007.165364] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 [ 1007.246545] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1007.432944] not chained 2080000 origins [ 1007.437025] CPU: 0 PID: 26138 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1007.441821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1007.441821] Call Trace: [ 1007.441821] dump_stack+0x32d/0x480 [ 1007.441821] ? save_stack_trace+0xc6/0x110 [ 1007.441821] kmsan_internal_chain_origin+0x222/0x240 [ 1007.441821] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.469743] ? kmsan_internal_chain_origin+0x136/0x240 [ 1007.469743] ? __msan_chain_origin+0x6d/0xd0 [ 1007.469743] ? __save_stack_trace+0x8be/0xc60 [ 1007.469743] ? save_stack_trace+0xc6/0x110 [ 1007.469743] ? kmsan_internal_chain_origin+0x136/0x240 [ 1007.469743] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.469743] ? __msan_memcpy+0x6f/0x80 [ 1007.469743] ? pskb_expand_head+0x43b/0x1d20 [ 1007.469743] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.469743] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.515869] ? ___sys_sendmsg+0xe68/0x1250 [ 1007.522864] ? __sys_sendmmsg+0x56b/0xa90 [ 1007.522864] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1007.530789] ? __x64_sys_sendmmsg+0x56/0x70 [ 1007.530789] ? do_syscall_64+0xcf/0x110 [ 1007.537530] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.537530] ? save_stack_trace+0xc6/0x110 [ 1007.537530] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1007.537530] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 1007.537530] ? get_stack_info+0x863/0x9d0 [ 1007.537530] __msan_chain_origin+0x6d/0xd0 [ 1007.537530] ? __sys_sendmmsg+0x56b/0xa90 [ 1007.537530] __save_stack_trace+0x8be/0xc60 [ 1007.537530] ? __sys_sendmmsg+0x56b/0xa90 [ 1007.581490] save_stack_trace+0xc6/0x110 [ 1007.581490] kmsan_internal_chain_origin+0x136/0x240 [ 1007.581490] ? kmsan_internal_chain_origin+0x136/0x240 [ 1007.581490] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.600333] ? __msan_memcpy+0x6f/0x80 [ 1007.600333] ? pskb_expand_head+0x43b/0x1d20 [ 1007.600333] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.600333] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.600333] ? ___sys_sendmsg+0xe68/0x1250 [ 1007.600333] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1007.600333] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1007.600333] ? memcg_kmem_put_cache+0x8e/0x460 [ 1007.634215] ? __msan_get_context_state+0x9/0x30 [ 1007.634215] ? INIT_INT+0xc/0x30 [ 1007.634215] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1007.647442] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.647442] __msan_memcpy+0x6f/0x80 [ 1007.647442] pskb_expand_head+0x43b/0x1d20 [ 1007.647442] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.647442] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.647442] ___sys_sendmsg+0xe68/0x1250 [ 1007.647442] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1007.647442] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1007.647442] ? kmsan_set_origin+0x83/0x130 [ 1007.689882] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1007.694999] ? _cond_resched+0xc7/0x120 [ 1007.698832] __sys_sendmmsg+0x56b/0xa90 [ 1007.702664] ? syscall_return_slowpath+0x123/0x8c0 [ 1007.707782] ? put_timespec64+0x162/0x220 [ 1007.711628] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.716781] __x64_sys_sendmmsg+0x56/0x70 [ 1007.720612] do_syscall_64+0xcf/0x110 [ 1007.724599] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.729782] RIP: 0033:0x457569 [ 1007.732334] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1007.739523] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1007.739523] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1007.739523] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1007.739523] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1007.739523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1007.739523] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1007.739523] Uninit was stored to memory at: [ 1007.739523] kmsan_internal_chain_origin+0x136/0x240 [ 1007.739523] __msan_chain_origin+0x6d/0xd0 [ 1007.739523] __save_stack_trace+0x8be/0xc60 [ 1007.739523] save_stack_trace+0xc6/0x110 [ 1007.739523] kmsan_internal_chain_origin+0x136/0x240 [ 1007.739523] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.739523] __msan_memcpy+0x6f/0x80 [ 1007.739523] pskb_expand_head+0x43b/0x1d20 [ 1007.739523] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.739523] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.739523] ___sys_sendmsg+0xe68/0x1250 [ 1007.847050] __sys_sendmmsg+0x56b/0xa90 [ 1007.847050] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.847050] __x64_sys_sendmmsg+0x56/0x70 [ 1007.847050] do_syscall_64+0xcf/0x110 [ 1007.847050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.847050] [ 1007.847050] Uninit was stored to memory at: [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] __msan_chain_origin+0x6d/0xd0 [ 1007.847050] __save_stack_trace+0x8be/0xc60 [ 1007.847050] save_stack_trace+0xc6/0x110 [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.847050] __msan_memcpy+0x6f/0x80 [ 1007.847050] pskb_expand_head+0x43b/0x1d20 [ 1007.847050] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.847050] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.847050] ___sys_sendmsg+0xe68/0x1250 [ 1007.847050] __sys_sendmmsg+0x56b/0xa90 [ 1007.847050] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.847050] __x64_sys_sendmmsg+0x56/0x70 [ 1007.847050] do_syscall_64+0xcf/0x110 [ 1007.847050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.847050] [ 1007.847050] Uninit was stored to memory at: [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] __msan_chain_origin+0x6d/0xd0 [ 1007.847050] __save_stack_trace+0x8be/0xc60 [ 1007.847050] save_stack_trace+0xc6/0x110 [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.847050] __msan_memcpy+0x6f/0x80 [ 1007.847050] pskb_expand_head+0x43b/0x1d20 [ 1007.847050] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.847050] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.847050] ___sys_sendmsg+0xe68/0x1250 [ 1007.847050] __sys_sendmmsg+0x56b/0xa90 [ 1007.847050] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.847050] __x64_sys_sendmmsg+0x56/0x70 [ 1007.847050] do_syscall_64+0xcf/0x110 [ 1007.847050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.847050] [ 1007.847050] Uninit was stored to memory at: [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] __msan_chain_origin+0x6d/0xd0 [ 1007.847050] __save_stack_trace+0x8be/0xc60 [ 1007.847050] save_stack_trace+0xc6/0x110 [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.847050] __msan_memcpy+0x6f/0x80 [ 1007.847050] pskb_expand_head+0x43b/0x1d20 [ 1007.847050] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.847050] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.847050] ___sys_sendmsg+0xe68/0x1250 [ 1007.847050] __sys_sendmmsg+0x56b/0xa90 [ 1007.847050] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.847050] __x64_sys_sendmmsg+0x56/0x70 [ 1007.847050] do_syscall_64+0xcf/0x110 [ 1007.847050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.847050] [ 1007.847050] Uninit was stored to memory at: [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] __msan_chain_origin+0x6d/0xd0 [ 1007.847050] __save_stack_trace+0x8be/0xc60 [ 1007.847050] save_stack_trace+0xc6/0x110 [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.847050] __msan_memcpy+0x6f/0x80 [ 1007.847050] pskb_expand_head+0x43b/0x1d20 [ 1007.847050] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.847050] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.847050] ___sys_sendmsg+0xe68/0x1250 [ 1007.847050] __sys_sendmmsg+0x56b/0xa90 [ 1007.847050] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.847050] __x64_sys_sendmmsg+0x56/0x70 [ 1007.847050] do_syscall_64+0xcf/0x110 [ 1007.847050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.847050] [ 1007.847050] Uninit was stored to memory at: [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] __msan_chain_origin+0x6d/0xd0 [ 1007.847050] __save_stack_trace+0x8be/0xc60 [ 1007.847050] save_stack_trace+0xc6/0x110 [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.847050] __msan_memcpy+0x6f/0x80 [ 1007.847050] pskb_expand_head+0x43b/0x1d20 [ 1007.847050] l2tp_xmit_skb+0x5a7/0x24b0 [ 1007.847050] pppol2tp_sendmsg+0x7a6/0xba0 [ 1007.847050] ___sys_sendmsg+0xe68/0x1250 [ 1007.847050] __sys_sendmmsg+0x56b/0xa90 [ 1007.847050] __se_sys_sendmmsg+0xbd/0xe0 [ 1007.847050] __x64_sys_sendmmsg+0x56/0x70 [ 1007.847050] do_syscall_64+0xcf/0x110 [ 1007.847050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1007.847050] [ 1007.847050] Uninit was stored to memory at: [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] __msan_chain_origin+0x6d/0xd0 [ 1007.847050] __save_stack_trace+0x8be/0xc60 [ 1007.847050] save_stack_trace+0xc6/0x110 [ 1007.847050] kmsan_internal_chain_origin+0x136/0x240 [ 1007.847050] kmsan_memcpy_origins+0x13d/0x1b0 [ 1007.847050] __msan_memcpy+0x6f/0x80 [ 1007.847050] pskb_expand_head+0x43b/0x1d20 [ 1008.282415] l2tp_xmit_skb+0x5a7/0x24b0 [ 1008.282415] pppol2tp_sendmsg+0x7a6/0xba0 [ 1008.282415] ___sys_sendmsg+0xe68/0x1250 [ 1008.282415] __sys_sendmmsg+0x56b/0xa90 [ 1008.282415] __se_sys_sendmmsg+0xbd/0xe0 [ 1008.282415] __x64_sys_sendmmsg+0x56/0x70 [ 1008.282415] do_syscall_64+0xcf/0x110 [ 1008.282415] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1008.282415] [ 1008.282415] Local variable description: ----iph@ip_vs_out [ 1008.282415] Variable was created at: [ 1008.282415] ip_vs_out+0x1bf/0x4570 [ 1008.282415] ip_vs_local_reply6+0xec/0x130 [ 1008.336419] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:23 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r1 = dup(r0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000040)={0x0, 0xe09, 0x7, [0x100000001, 0x9, 0x5a, 0x6, 0x6, 0x0, 0x9]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000100)={r2, 0x9}, &(0x7f0000000180)=0x8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='dummy0\x00', 0x10) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r3, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:23 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:23 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:23 executing program 4 (fault-call:2 fault-nth:3): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:06:23 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) fcntl$getflags(r1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="d406a6d8bda5f34344a536144d85009364f655c8c1e04ae3e298f3b257c5201ffdb3126540fb9e7193660ca20682ad462f667bbdfb7a9cc8de34e34cbc0d103bf1d97f650bddd4204431313958b649950b95eb25cfae5722ea02a524a0f0a6c960870cf2a0af48a4c17759193a1fb57cedeb7a05851cd33e126fcc9f6f1ec0550b099d507617ebe10a55ae8d84226b41bf3f97abfb67c7ad90ffa8e44f7940b53760a7c9258b28fedb205f9049cafba0adb65a7c96bc0717976de4153fcbc6a7d733fa52ca5388a2478628e92d118a426b13e50ef099095702bc68737848ec2b8d005270908d5ec2d76b956d6bafe8749ab669e8d05c57a21b109fbb064ee9d5"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:23 executing program 1 (fault-call:2 fault-nth:1): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 1008.551278] FAULT_INJECTION: forcing a failure. [ 1008.551278] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1008.557402] CPU: 0 PID: 26188 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1008.557402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1008.577820] Call Trace: [ 1008.577820] dump_stack+0x32d/0x480 [ 1008.577820] should_fail+0x11e5/0x13c0 [ 1008.577820] ? __msan_memset+0x29/0xe0 [ 1008.577820] __alloc_pages_nodemask+0x6fd/0x6640 [ 1008.577820] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 1008.577820] ? __save_stack_trace+0x9f2/0xc60 [ 1008.604689] ? __inc_numa_state+0x96/0x4a0 [ 1008.604689] ? zone_statistics+0x26b/0x2f0 [ 1008.604689] kmsan_internal_alloc_meta_for_pages+0x9d/0x740 [ 1008.604689] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1008.604689] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1008.604689] ? prep_compound_page+0x49b/0x570 [ 1008.604689] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1008.604689] ? get_page_from_freelist+0x1617/0x1c90 06:06:23 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7fffffff, 0x1) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000240)={0x9, 0x5, [], {0x0, @bt={0x3800000000, 0x6, 0x1, 0x1, 0x3, 0x7, 0x10001, 0xaecb, 0x1ff, 0xffffffffffffffe0, 0x9, 0xc33b, 0x0, 0xc52, 0x19, 0x18}}}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000040)={[{0x5, 0x1000, 0x20, 0x7, 0x20, 0x2, 0x3aa, 0x6, 0x9, 0x6, 0x3000000, 0x5}, {0x7f, 0x3ff, 0x4, 0x7, 0x1000, 0x2, 0xc8a7, 0x6, 0x4, 0x10000, 0x2, 0xbfa, 0x200}, {0x1, 0x2, 0x7, 0x2, 0x81, 0x92ff, 0xffffffff, 0xfffffffffffffffc, 0x7, 0x6, 0x3, 0x3, 0x7}], 0x8}) [ 1008.604689] kmsan_alloc_page+0x77/0xe0 [ 1008.604689] __alloc_pages_nodemask+0x12cc/0x6640 [ 1008.604689] ? kmsan_set_origin+0x83/0x130 [ 1008.604689] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1008.604689] ? mntput_no_expire+0xa0/0x1860 [ 1008.604689] ? lockref_put_or_lock+0x57a/0x6a0 [ 1008.604689] alloc_pages_current+0x584/0x7e0 [ 1008.604689] kmalloc_order_trace+0xd9/0x470 [ 1008.604689] ? drm_invalid_op+0x30/0x30 [ 1008.604689] __kmalloc+0x4b2/0x4d0 [ 1008.604689] ? __srcu_read_unlock+0x76/0xb0 [ 1008.604689] ? drm_invalid_op+0x30/0x30 [ 1008.698872] drm_ioctl+0x862/0x1160 [ 1008.698872] ? drm_invalid_op+0x30/0x30 [ 1008.698872] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1008.698872] ? do_vfs_ioctl+0x187/0x2d30 [ 1008.698872] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1008.698872] do_vfs_ioctl+0xf77/0x2d30 [ 1008.722836] ? security_file_ioctl+0x92/0x200 [ 1008.722836] __se_sys_ioctl+0x1da/0x270 [ 1008.722836] __x64_sys_ioctl+0x4a/0x70 [ 1008.722836] do_syscall_64+0xcf/0x110 [ 1008.722836] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1008.722836] RIP: 0033:0x457569 [ 1008.722836] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1008.722836] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1008.722836] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1008.722836] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1008.722836] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1008.722836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1008.722836] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 06:06:24 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:24 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:24 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = memfd_create(&(0x7f0000000000)='aead\x00', 0x2) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x1b) 06:06:24 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x5) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="fe5b10c104a1ecf20b3165a4e3aa34143db7aa78b5ce4f6314ffffff1c00000000feffff0700000007000000018000009d06000000000000f9000000"]) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f00000001c0)={0x0, @frame_sync}) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) getpeername$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x1c) 06:06:24 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580)='/dev/nullb0\x00', 0x34002, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f0000000000)={'syz1'}, 0x3e00406000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000004c0)={&(0x7f0000000480)='./file0\x00', 0x0, 0x18}, 0x10) get_robust_list(r1, &(0x7f0000000340)=&(0x7f0000000300)={&(0x7f0000000240)={&(0x7f0000000200)}, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)}}, &(0x7f0000000380)=0x18) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000400)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000440)) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r4 = socket$l2tp(0x18, 0x1, 0x1) r5 = accept4(r3, 0x0, &(0x7f0000000100), 0x800) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r5, 0x84, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) connect$l2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r4, &(0x7f0000005fc0), 0x800000000000059, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) fcntl$setown(r4, 0x8, r6) 06:06:24 executing program 1 (fault-call:2 fault-nth:2): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:24 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:24 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000240)=ANY=[@ANYBLOB="0600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b9d388b8e662c7cf5e54bd333b324dd0dfcd532de6de8418a63e0609eaa338106d7ba16723c0f52aea2168af"]) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) [ 1009.823768] FAULT_INJECTION: forcing a failure. [ 1009.823768] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1009.831818] CPU: 0 PID: 26223 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1009.831818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.831818] Call Trace: [ 1009.831818] dump_stack+0x32d/0x480 [ 1009.831818] should_fail+0x11e5/0x13c0 [ 1009.831818] ? __msan_memset+0x29/0xe0 [ 1009.831818] __alloc_pages_nodemask+0x6fd/0x6640 [ 1009.831818] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 1009.831818] ? __save_stack_trace+0x9f2/0xc60 [ 1009.831818] kmsan_internal_alloc_meta_for_pages+0x109/0x740 [ 1009.883839] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1009.883839] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1009.883839] ? prep_compound_page+0x49b/0x570 [ 1009.883839] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1009.883839] ? get_page_from_freelist+0x1617/0x1c90 [ 1009.883839] kmsan_alloc_page+0x77/0xe0 [ 1009.883839] __alloc_pages_nodemask+0x12cc/0x6640 [ 1009.883839] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 1009.883839] ? update_cfs_rq_load_avg+0x5e1/0xa10 [ 1009.883839] alloc_pages_current+0x584/0x7e0 [ 1009.883839] kmalloc_order_trace+0xd9/0x470 [ 1009.883839] ? drm_invalid_op+0x30/0x30 [ 1009.883839] __kmalloc+0x4b2/0x4d0 [ 1009.883839] ? __srcu_read_unlock+0x76/0xb0 [ 1009.883839] ? drm_invalid_op+0x30/0x30 [ 1009.883839] drm_ioctl+0x862/0x1160 [ 1009.883839] ? drm_invalid_op+0x30/0x30 [ 1009.883839] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1009.883839] ? do_vfs_ioctl+0x187/0x2d30 [ 1009.883839] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1009.883839] do_vfs_ioctl+0xf77/0x2d30 [ 1009.883839] ? security_file_ioctl+0x92/0x200 [ 1009.883839] __se_sys_ioctl+0x1da/0x270 [ 1009.883839] __x64_sys_ioctl+0x4a/0x70 [ 1009.883839] do_syscall_64+0xcf/0x110 [ 1009.883839] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1009.883839] RIP: 0033:0x457569 06:06:25 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a9109a3699078064443fb6a7a12631993f0265df5cf05dd8b55", 0x7827) 06:06:25 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="040b79fe2b11073b7f6975d983deb263a09b651e60d3c51b1eb25b348ac97986981abaca3a11a7c382e3c877b7039e1bb7199ca875d8ab90a574cecc25ea5ffbcaaf8edbb96efeef2c32ce39c39e665012e78a407d2f65c5591ea9cc043ebe1e49eca752790967f2e4965d79a673a4e99b4984a00faa22546ae6cbe93d8695bfddc9f77d4bce0cc746ff5b0fce3b8ecda433b9a9345bc0c0d347d01feb7100000000000000000000000000"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1009.883839] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1009.883839] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1009.883839] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1010.038493] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1010.038493] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1010.053619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1010.061088] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 06:06:25 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:25 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:25 executing program 1 (fault-call:2 fault-nth:3): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:25 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x1, 0x4) setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000040), 0x4) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x200000, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x5) fcntl$getown(r0, 0x9) 06:06:25 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x80) ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000140)={0x89, &(0x7f0000000240)="3f507dd7ebe253f178061d2cb81a9bab9b24985c6fe7852fe9d4ba82035efe1cefb8fa6f7ac7aece1e7568b9c0afca885986bf3ba626f7794fe591eaea71131813fe6ea28978d8ce44d85db5da52995d2467c891491e9ae4913158640bb9798a35214aac244f6ac6c405f52df1891f14aad510031f38c5d3803c44c6801f1e139f4bb465008ba8a0e9"}) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/hwrng\x00', 0x42, 0x0) epoll_pwait(r1, &(0x7f0000000180)=[{}], 0x1, 0x100000000, &(0x7f0000000300)={0x5c9}, 0x8) write$USERIO_CMD_REGISTER(r1, &(0x7f0000000340)={0x0, 0x118b}, 0x2) ioctl$TUNGETFILTER(r2, 0x801054db, &(0x7f0000000040)=""/84) [ 1010.635649] FAULT_INJECTION: forcing a failure. [ 1010.635649] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1010.647878] CPU: 1 PID: 26247 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1010.654859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1010.657731] Call Trace: [ 1010.657731] dump_stack+0x32d/0x480 [ 1010.657731] should_fail+0x11e5/0x13c0 [ 1010.657731] __alloc_pages_nodemask+0x6fd/0x6640 [ 1010.657731] ? __msan_metadata_ptr_for_load_4+0x10/0x20 06:06:25 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socket$inet6(0xa, 0x5, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BLKBSZGET(r1, 0x80081270, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1010.657731] ? is_bpf_text_address+0x49e/0x4d0 [ 1010.657731] ? INIT_INT+0xc/0x30 [ 1010.657731] ? __kernel_text_address+0x250/0x350 [ 1010.694889] ? __save_stack_trace+0x9f2/0xc60 [ 1010.694889] ? alloc_pages_vma+0x178/0x1c70 [ 1010.694889] alloc_pages_vma+0xee6/0x1c70 [ 1010.694889] wp_page_copy+0x465/0x2fe0 [ 1010.694889] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1010.694889] ? prep_compound_page+0x49b/0x570 [ 1010.722013] ? handle_mm_fault+0x4819/0xa560 [ 1010.722013] do_wp_page+0x1160/0x39d0 06:06:25 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1010.722013] handle_mm_fault+0x4819/0xa560 [ 1010.722013] ? handle_mm_fault+0x1ffe/0xa560 [ 1010.722013] __do_page_fault+0x10f8/0x1bb0 [ 1010.722013] do_page_fault+0x98/0xd0 [ 1010.722013] page_fault+0x1e/0x30 [ 1010.722013] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 1010.722013] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 1010.722013] RSP: 0018:ffff88003f5efb28 EFLAGS: 00010202 [ 1010.722013] RAX: 9890f96a14b46800 RBX: 0000000000003fff RCX: 0000000000002fff [ 1010.791960] RDX: 0000000000003fff RSI: ffff8800401d9000 RDI: 0000000020001000 [ 1010.791960] RBP: ffff88003f5efba0 R08: ffff880000000000 R09: 0000000000000002 [ 1010.791960] R10: ffffffff8ae013f8 R11: ffffffff854d0080 R12: ffff88004844a788 [ 1010.810441] R13: 0000000000000000 R14: 0000000020000000 R15: ffff8800401d8000 [ 1010.810441] ? drm_invalid_op+0x30/0x30 [ 1010.810441] ? __entry_text_end+0x7/0x7 [ 1010.810441] ? _copy_to_user+0x142/0x230 [ 1010.810441] ? drm_invalid_op+0x30/0x30 [ 1010.810441] drm_ioctl+0xb3b/0x1160 [ 1010.841284] ? drm_invalid_op+0x30/0x30 [ 1010.841284] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1010.841284] ? do_vfs_ioctl+0x187/0x2d30 [ 1010.841284] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1010.841284] do_vfs_ioctl+0xf77/0x2d30 [ 1010.841284] ? security_file_ioctl+0x92/0x200 [ 1010.841284] __se_sys_ioctl+0x1da/0x270 [ 1010.841284] __x64_sys_ioctl+0x4a/0x70 [ 1010.841284] do_syscall_64+0xcf/0x110 [ 1010.841284] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1010.841284] RIP: 0033:0x457569 [ 1010.841284] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1010.841284] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1010.841284] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1010.841284] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1010.841284] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1010.841284] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1010.841284] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 06:06:26 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:26 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:26 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:26 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)="73790300000000000300", 0xfd18) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8) accept$packet(r1, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x30000000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0x114, r3, 0x420, 0x70bd2b, 0x25dfdbfc, {}, [{{0x8, 0x1, r4}, {0xf8, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x7f}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r5}}}]}}]}, 0x114}, 0x1, 0x0, 0x0, 0x4000}, 0x1) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f00000005c0)=""/212) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f00000006c0)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000580)={0x0, 0x0}) prctl$setptracer(0x59616d61, r6) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000700)={0xa, 0x8, 0x40}) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x18, "7f59245915f17862b8794b13050d4771383e450e740ab6b325feb2e7409f5268d96e21967873024350d87708cbf8415b3f17dc2a5da8be53cf4ffeb8c51b9052", "5c929c80f6b48115bd29f2db8d9b00454a03cb4704ace83fa75e94f8acbf71e2", [0xfffffffffffff001, 0x9]}) 06:06:26 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x4, 0x200800) write$USERIO_CMD_REGISTER(r1, &(0x7f0000000040)={0x0, 0x1}, 0x2) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:06:26 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x400000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x4, 0x7, 0x1690000000000000, 0x8, 0x6a198fb565f4579a, r2, 0x8}, 0x2c) connect$l2tp(r1, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x2, 0x2, 0x3, {0xa, 0x4e22, 0x5, @mcast2, 0x8000}}}, 0x32) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:26 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:27 executing program 1 (fault-call:2 fault-nth:4): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:27 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:27 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:27 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x4, 0x10000) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000003c0)='nbd\x00') r3 = syz_open_dev$vcsa(&(0x7f0000000400)='/dev/vcsa#\x00', 0x2, 0x420000) r4 = accept(r0, &(0x7f0000000440)=@l2, &(0x7f00000004c0)=0x80) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vcs\x00', 0x40040, 0x0) r6 = syz_open_dev$mice(&(0x7f0000000540)='/dev/input/mice\x00', 0x0, 0x8000) r7 = fcntl$dupfd(r0, 0x406, r0) recvmsg$kcm(0xffffffffffffff9c, &(0x7f00000008c0)={&(0x7f0000000580)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000600)=""/59, 0x3b}, {&(0x7f0000000640)=""/4, 0x4}, {&(0x7f0000000680)=""/189, 0xbd}, {&(0x7f0000000740)=""/75, 0x4b}], 0x4, &(0x7f0000000800)=""/158, 0x9e, 0x1ff}, 0x102) r9 = open(&(0x7f0000000900)='./file0\x00', 0x8000, 0x80) r10 = syz_open_dev$dmmidi(&(0x7f0000000940)='/dev/dmmidi#\x00', 0x4, 0x600040) r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000980)='/dev/snapshot\x00', 0x1, 0x0) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000a80)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000002}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="04002cbd7000fddbdf25010000004c00070008000100", @ANYRES32=r3, @ANYBLOB="08001100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=r11, @ANYBLOB="04000700"], 0x64}}, 0x11) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="b7f2288a911993f0265df5cf1cdd8b55", 0x7) r12 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x1ff, 0x50002) setsockopt$inet6_tcp_TCP_CONGESTION(r12, 0x6, 0xd, &(0x7f0000000080)='lp\x00', 0x3) ioctl$VIDIOC_G_FBUF(r1, 0x8030560a, &(0x7f0000000b00)={0x50, 0x4, &(0x7f0000000ac0)="a9b669dd45eecf75e325bec03752dca44adb631ac801fecf937dee1bba89823ebd5ab468b8716e338cb3806fca61f9a902837cdc76", {0x7f, 0x2, 0x7f737f7f, 0x5, 0xe1a, 0x3, 0x5, 0x5}}) getsockopt$inet_IP_IPSEC_POLICY(r12, 0x0, 0x10, &(0x7f00000000c0)={{{@in6, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000240)=0xe8) getresgid(&(0x7f0000000280)=0x0, &(0x7f00000002c0), &(0x7f0000000300)) fchown(r12, r13, r14) 06:06:27 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x0, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x400) recvmsg$kcm(r2, &(0x7f0000000700)={&(0x7f0000000080)=@l2, 0x80, &(0x7f0000000580)=[{&(0x7f0000000180)=""/103, 0x67}, {&(0x7f0000000200)=""/219, 0xdb}, {&(0x7f0000000100)=""/2, 0x2}, {&(0x7f0000000300)=""/27, 0x1b}, {&(0x7f0000000340)=""/109, 0x6d}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000440)}, {&(0x7f0000000480)=""/195, 0xc3}], 0x8, &(0x7f0000000600)=""/242, 0xf2, 0xffffffff}, 0x122) [ 1012.254348] FAULT_INJECTION: forcing a failure. [ 1012.254348] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1012.261811] CPU: 1 PID: 26303 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1012.261811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1012.261811] Call Trace: [ 1012.261811] dump_stack+0x32d/0x480 [ 1012.261811] should_fail+0x11e5/0x13c0 [ 1012.261811] ? __msan_memset+0x29/0xe0 [ 1012.261811] __alloc_pages_nodemask+0x6fd/0x6640 [ 1012.261811] kmsan_internal_alloc_meta_for_pages+0x9d/0x740 [ 1012.261811] ? kmsan_set_origin+0x83/0x130 [ 1012.292592] ? __msan_instrument_asm_load+0x9a/0x110 [ 1012.292592] ? kernel_poison_pages+0x1ae/0x380 [ 1012.292592] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1012.292592] ? get_page_from_freelist+0x1617/0x1c90 [ 1012.292592] kmsan_alloc_page+0x77/0xe0 [ 1012.292592] __alloc_pages_nodemask+0x12cc/0x6640 [ 1012.292592] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1012.343566] ? is_bpf_text_address+0x49e/0x4d0 [ 1012.343566] ? INIT_INT+0xc/0x30 [ 1012.343566] ? __kernel_text_address+0x250/0x350 [ 1012.343566] ? __save_stack_trace+0x9f2/0xc60 [ 1012.343566] ? alloc_pages_vma+0x178/0x1c70 [ 1012.343566] alloc_pages_vma+0xee6/0x1c70 [ 1012.343566] wp_page_copy+0x465/0x2fe0 [ 1012.343566] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1012.343566] ? prep_compound_page+0x49b/0x570 [ 1012.343566] ? handle_mm_fault+0x4819/0xa560 [ 1012.343566] do_wp_page+0x1160/0x39d0 [ 1012.343566] handle_mm_fault+0x4819/0xa560 [ 1012.343566] ? handle_mm_fault+0x1ffe/0xa560 06:06:27 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1012.343566] __do_page_fault+0x10f8/0x1bb0 [ 1012.343566] do_page_fault+0x98/0xd0 [ 1012.343566] page_fault+0x1e/0x30 [ 1012.343566] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 1012.343566] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 1012.343566] RSP: 0018:ffff88003f5efb28 EFLAGS: 00010202 [ 1012.343566] RAX: 9592ebc840557f00 RBX: 0000000000003fff RCX: 0000000000002fff [ 1012.452013] RDX: 0000000000003fff RSI: ffff880040011000 RDI: 0000000020001000 [ 1012.452013] RBP: ffff88003f5efba0 R08: ffff880000000000 R09: 0000000000000002 [ 1012.452013] R10: ffffffff8ae013f8 R11: ffffffff854d0080 R12: ffff88004844a788 [ 1012.452013] R13: 0000000000000000 R14: 0000000020000000 R15: ffff880040010000 [ 1012.452013] ? drm_invalid_op+0x30/0x30 [ 1012.452013] ? __entry_text_end+0x7/0x7 [ 1012.452013] ? _copy_to_user+0x142/0x230 [ 1012.452013] ? drm_invalid_op+0x30/0x30 [ 1012.452013] drm_ioctl+0xb3b/0x1160 [ 1012.452013] ? drm_invalid_op+0x30/0x30 [ 1012.452013] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1012.452013] ? do_vfs_ioctl+0x187/0x2d30 [ 1012.452013] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1012.452013] do_vfs_ioctl+0xf77/0x2d30 [ 1012.452013] ? security_file_ioctl+0x92/0x200 [ 1012.452013] __se_sys_ioctl+0x1da/0x270 [ 1012.452013] __x64_sys_ioctl+0x4a/0x70 [ 1012.452013] do_syscall_64+0xcf/0x110 [ 1012.452013] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1012.543716] RIP: 0033:0x457569 [ 1012.543716] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 06:06:27 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1012.543716] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:06:27 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="64ec74bf5613b749e81e8361a1545d1852ef396d7b8b96cce60d3846"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1012.543716] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1012.543716] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 06:06:27 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x1, 0x4, 0x3, 0x3, {0xa, 0x4e20, 0x995, @local, 0xde}}}, 0x3a) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 1012.543716] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 06:06:27 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1012.543716] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1012.543716] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 06:06:28 executing program 1 (fault-call:2 fault-nth:5): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:28 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1013.240627] FAULT_INJECTION: forcing a failure. [ 1013.240627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1013.247732] CPU: 0 PID: 26331 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1013.247732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1013.264998] Call Trace: [ 1013.264998] dump_stack+0x32d/0x480 [ 1013.264998] should_fail+0x11e5/0x13c0 [ 1013.264998] ? __msan_memset+0x29/0xe0 [ 1013.264998] __alloc_pages_nodemask+0x6fd/0x6640 [ 1013.264998] kmsan_internal_alloc_meta_for_pages+0x109/0x740 [ 1013.264998] ? kmsan_set_origin+0x83/0x130 [ 1013.264998] ? __msan_instrument_asm_load+0x9a/0x110 [ 1013.264998] ? kernel_poison_pages+0x1ae/0x380 [ 1013.264998] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1013.264998] ? get_page_from_freelist+0x1617/0x1c90 [ 1013.264998] kmsan_alloc_page+0x77/0xe0 [ 1013.264998] __alloc_pages_nodemask+0x12cc/0x6640 [ 1013.264998] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1013.264998] ? is_bpf_text_address+0x49e/0x4d0 [ 1013.264998] ? INIT_INT+0xc/0x30 [ 1013.264998] ? __kernel_text_address+0x250/0x350 [ 1013.264998] ? __save_stack_trace+0x9f2/0xc60 [ 1013.264998] ? alloc_pages_vma+0x178/0x1c70 [ 1013.264998] alloc_pages_vma+0xee6/0x1c70 [ 1013.264998] wp_page_copy+0x465/0x2fe0 [ 1013.264998] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1013.264998] ? prep_compound_page+0x49b/0x570 [ 1013.264998] ? handle_mm_fault+0x4819/0xa560 [ 1013.264998] do_wp_page+0x1160/0x39d0 [ 1013.264998] handle_mm_fault+0x4819/0xa560 [ 1013.264998] ? handle_mm_fault+0x1ffe/0xa560 [ 1013.264998] __do_page_fault+0x10f8/0x1bb0 [ 1013.264998] do_page_fault+0x98/0xd0 [ 1013.264998] page_fault+0x1e/0x30 [ 1013.264998] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 1013.264998] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 1013.264998] RSP: 0018:ffff88004270fb28 EFLAGS: 00010202 [ 1013.264998] RAX: b61b11c5b5563300 RBX: 0000000000003fff RCX: 0000000000002fff [ 1013.264998] RDX: 0000000000003fff RSI: ffff880040019000 RDI: 0000000020001000 [ 1013.264998] RBP: ffff88004270fba0 R08: ffff880000000000 R09: 0000000000000002 [ 1013.264998] R10: ffffffff8ae013f8 R11: ffffffff854d0080 R12: ffff88004a680988 [ 1013.264998] R13: 0000000000000000 R14: 0000000020000000 R15: ffff880040018000 [ 1013.264998] ? drm_invalid_op+0x30/0x30 [ 1013.264998] ? __entry_text_end+0x7/0x7 [ 1013.264998] ? _copy_to_user+0x142/0x230 [ 1013.264998] ? drm_invalid_op+0x30/0x30 [ 1013.264998] drm_ioctl+0xb3b/0x1160 [ 1013.264998] ? drm_invalid_op+0x30/0x30 06:06:28 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = creat(&(0x7f0000000440)='./file0\x00', 0x1) r2 = gettid() write$cgroup_pid(r1, &(0x7f0000000000)=r2, 0x12) ioctl$NBD_DO_IT(r1, 0xab03) read(r1, &(0x7f0000000340)=""/113, 0x71) ioctl$TUNSETLINK(r1, 0x400454cd, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000180)='eth1)\x00', 0xffffffffffffffff}, 0xfffffffffffffcc0) fremovexattr(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7365637572279ca65c7b26648d74776f666973682900"]) sched_setattr(r3, &(0x7f0000000080)={0x30, 0x6, 0x1, 0xffffffffffffffff, 0x3ad, 0x80000000, 0x5a4, 0x3}, 0xfffffffffffffffe) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) setxattr$security_smack_entry(&(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='security.SMACK64EXEC\x00', &(0x7f0000000300)='eth1)\x00', 0x6, 0x1) 06:06:28 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0xc, &(0x7f00000000c0), 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="7b021feda4fd8d"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1013.264998] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1013.264998] ? do_vfs_ioctl+0x187/0x2d30 [ 1013.264998] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1013.264998] do_vfs_ioctl+0xf77/0x2d30 [ 1013.264998] ? security_file_ioctl+0x92/0x200 [ 1013.264998] __se_sys_ioctl+0x1da/0x270 [ 1013.264998] __x64_sys_ioctl+0x4a/0x70 [ 1013.520252] do_syscall_64+0xcf/0x110 [ 1013.522749] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1013.522749] RIP: 0033:0x457569 [ 1013.522749] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1013.542288] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1013.542288] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1013.561975] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1013.561975] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1013.561975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 06:06:28 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x456400) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000240)={0x0, 0x1000, "429a433cfa12cc313b2c2e7d089df3ad820cdda0562f9659473ad84c97db528ce9ce501205df4a6462aa10e2f6ceb74ef6b20a44942b470ffce7fee03689116083bd5927d6270e6d5d4e1d0d5c3af899b1ed705fa60d0984cc35b615180f5103667086922607a2f44e605f2b17003bff95da496836d5c166bab4c7c26d5cb2a8e8ed60e8bf7ab100c68df442c9d4f2bc78d9520f9a5682493cd39f70190a9eddbb6ded7bb10911a364ce9ad20e1e2004b3fe85abe658c05f03247b8e23fb5a9b75348b7242a8b80f218aa1680864a9f43bbd40de75ba5225e2309bbe73d3358b19f95bd16f4cfb738f07a252d21086b28c11ec07dfd586c5373bb38c03546ba9ca674f1d0b9834d48cf541c96c0063b97b396a5c15f9bf69416ef56ab3565bf9873a4170577a9e67ab8938f0cfc39e877ec5952dc6bbf6b31ec160a0199f998c0db9d58f8c4387b52437881f93666316bb862898fb17816802bf73b014f8116bba096502d1820f09e0ad63e935e8e724778cc24c8a5ae82d2fb9e4563474ba9d7dea98a38c42c3bbba64419a6bf19a81329ae061376ca0ae422f9f53d748bdde2e08ece22a04672e7d132f530db4b79df51a07419d378d100ae6e31792323c9f6f19714a9766a11d119a9d626691b3d67046b2c17907683ebe6ce804335a3f0d553cea265db8bf35e12cc634f7bb8140e67b8e8e18ecbe1c6883a980f2da774e53358bb23ea00e26b1db752f6cda49b474c0aad49df2b601fdf88ea9494a226a0b8d8cc5d17748cbc61833b953efaf03299779b1439fa3d50fbae963547c8b095a4852a333218168e10d90f801939f51b31d015d86bed63377ed086e2eca62a5b1fec222aac749bc95303c7c4d07a6947897a9bc3267db5644b9fafac48774d0f3c79fc72bd4bf4ad73f9bda24ecc3b150882e2cced352c0a3b84477237d511d3f8bc2b68946dafefc603cfb8dd0e16fcc9f6893ef34883463332848625eb81d0d7cac2e49402bdb706a12fa17cd31d27ab981a81f58cc5cd2d95d0bbf18399bc3d02e723c2b082fccb2afb2d92517b7e6a74b857ce002fb08809cdf3e96983daed3f640982a8f23ea0356b89e13de2b4cd9e1720bfeff124a2d69992ac775bee8ff33ec7c5601d88b9f60960ef23e5e274c6b017f239c2bfc62d7a68c887bc8fd8568e8fe3e1232dcb20cbb73da2f181a46503178b9e6b9a49499934c6d3c69b9023b0cf5bb936228b9b7756e9283ddde1b5ad81c6a318a2a8a9bf0d2a9002dceba080136d1cf86e07ca9cabe630ef29688f566832287dd0c38e0b579be78d16a2517bb70568876f82bd7d8de87940ca36823bdce0aafdcbd701051f49e3b9c7831a13a15fe3e69e1c61c5e30498230aacfc83789316d5a9554c0476fd26bafbc125c0debe31486c01373c8fc599a6c35a43266deddd94b5e6b0686fa970345c0d38a7689e40f7f0e38d3a994f6348d57b6159477253a9a09cd1ae8eadbb34e44be2379d8ad1c11ace890cf2bdd9de6049bc1acf4e494bf4573a493f04d00949a1172c9ba3f587d57c296cf610ec961448b1481d5bc5a7bb68632ff96eb29834ea6f98ed287e098941ac3066d9521b02a63d6d8feacbc915bb66300bf91fc8f6b6be02c4f6536f8a35d43eee081ac2ac4486b4ba0d9a7de40cadffd46496c693be92b2987058a69ea9c30e248190f2cee6b839e7947890063009906a2412c450b668bce8517c6450df9ed5e599a32b43421eed4a1f1558322dcc1e1e6a51a75f74a97f40b487c449a312fe5333283bb38eb3f2be03da3b83f058b97464e76daf8f85abcacb8dbd6ab9b679357db06cfe429667aab111872b3378036084d14420903e45ed4a201aa041cc832b61cad2d07c66642d1a409efea09f34fe8657960b7320dfed8fd146172f4267db80705e63ce596efaabc3a61fef3a1d565f94b77353bcbacab65df457e0c3ed1137516755c2f18058dd2992ac6feb3eecde3540ab05d50522f00844730bb4c71f3feef24dcd76d604feb90325a7b04d0765b4aa9b02d31698ab20c84914d8653d8756187b08b1aa4e26ebe2efd83307d4f8482c82e297878590daab2ba1a760799261f0b60663ea839b7a2f1d0a8eac0075ac7016e3c2325a5717836ffcba67f44f597b1feedb01a169326897c7ae6a9a3ac03eee14fa6b08269b49ce317de6a1eda5a19421bb529c65c959846bcec5b3192787e0186637c79ea7bfa39cf95b0808b7dbf12d23b6e8f41fd96ffc564370421cc694064d35125e62bca025ed2f0a882d1af05ea99ecdbb14872cc787b2014bc4dc6b9c65c1fd3ba3b499ad29d36cb9a87a22d4bcf43d1e5ffe91398f528acc6c35b337fa8f0b3a9e3461256cedfcc6aca59a5710a4537c4c0c9bbd54f3dbff3938a364fa1279fa869e7f5f04a66de3fbd8e35c4ae0626e42ec30ac34d1c3e01f8b02da91aec2bc3075348c18a9d127035ad2c05027724159e05681d1b369996b58a7640928e0d70b0464f1397ca41b4858c4ad987c3ff4d4fb801dfc9ecc8b15ed39a2a16381fa0fd1025ad5d2ec2b3d8f25a64ee20f70c69179d7d1d80ab4b1f6680ceea3b418da1a392341a46f56447aca0f05a056dce6d9dd6fab17c559a007509a9c646b60c8698c72eaa986a88dc04557f8fb48ec99f6ad08ef5193e1f5cc9a760a646a4b687f30d330cd2fc1a8c32ef20400731eb2def801a08a683dfdc90a612a9a3e6d2900306dbcbab4559f4cb2199c27a95bc98cd4f06a6b64445cb818cb26fe2424b2532bee1520844c4dad06fcc3e4be3da0a68db97c5b06029b7f3ca01715a6b0529accf49946091557755df46afa7bec5edcd52fcb05781677ae50a7d583277a95ccfc1b48e0e3589ba9261e3a0e27a9da30ac154e40d258c5e35b97b4312760cd1e1068732a2622a380e5fb4cff9a7decffa94562aacb3457c071cd2dc472da1be23321385b6a6ca5680ccbf7624f3e37f714c7cf422a0bd66b5e8c3150076e5056c697c7af671ed4bff62bac4dddadc950213add74e446d77bd54fc2f111d42658281aef814f499399fe55d896da23a4fceb0f98e3e6574988eb8529cb9f1ace566bf16cb8831009eee63e18039e5e3698fc86a12d0cc11c33430f5ebe861c0879b2b22f74e3915f4d06b259e4b938bbdf1ab390267c4928a9496ccec11051f23a43a79cd914ae7cce53e994442406aef3c45c572412755b1aad487366251a20bff2421db7cc24bc0205715c38ff6377318a410f14d02c813f0e1020a408ae48598fb0bbac34de31b93fa688269f6a4cfdba453a471a45bda66b879a1fabcae3217bc1ef33c1de9f2a80c1f49015ccca726414e4a1e4c5c55ccc05f4d8394a32acf85e34736d62649b08f7087144dc69e064c336843a7cfc1e52a78f2e47dd7edbbaf70dc9a011d60d122421c271d875a02009f2fa45f14ffb96dd099cafa44dee102ca4084a2ac20397e135709885f4abb61709221233275a898292837456b7c30be73027c58a91619b4bfa979b1002b582a213c356d96df9c30116b43011b7fcb25b70cfe8151c47ab5d7d31efd320ea4be431f5071267873f7e73c2a15d06ef5181070b79b1b21d2449701cb1fea6f5b06cad81fc28dcc4cd2c7f706db1b6a31f9f7193612dd9883bd1f4eed1a944c602fc1bb1bed04d6e5946bc3ee6f20519f2439b436c71bb0baac672160bfa97c85146c7675a498cffd266451c1abb99b68dbcf5d7fa707eeb6af6141c72137aeeb236af16dc3345c032bd382fd201fa7a48e7ed5cb6ddfde209af9719ac34dd28211d91d90df7d247ca4fe894ac9dbab8d168556d56fb594cc78e3f48cae7ab62a5ef6ece041086209fc9313ceef8ecbb437db66040e6f31d8625d060314da6d8fde96c246ead0676a15e4d1c7bc1783ad06233530cfa736c4f9ba7f0d7e50e92fc5b4f571731adf7ccc5191c5cbe299cdba89cc50501015db547821220e7e60375f2ae03dc95e5052c72f7f628ca6869b7dfd191135b75e387171128b91990c156bfb5edec99d722f4fa931540d3e3987d9fc520603b9e9147fd9ae03595e5d9764967adb8c78c68441e3c97202cba9a0a6efe938c164b82612e9f447f81ed24079cc1d6048baf8cfb9baa2ccaca7d0a9f7de2d3e50dec8566bad3d79a2f0fa4cf832f07a26484596993cf32e48f6648fa005163a79d226319cee00e6167002ecdb60a4a331c481552bc6678930d8493b0ea52dc3078bb8f27a83a861948d9517e8a01e0dd4cf545b50554284db02951d00bb30c3644aa189ac310bef4f171a834d36c79444cf60a39592847a525c32ebf90538981e94535e90245b1a24159dfb3e4dabef82c6b8ae057db0678d8aaf1eab61a739e6df78041271a93063b7ffb0bdba3387a814538f4adcb514a6106432cd77fae02f8d17270722c82e871ce2f7cbf94dc42d7b2ce1fcbc03c3d4c75375a7d44e15f7ad4b0a1c43afe85d7226af6b7e0fabc68db18bed0aefcf62624fcb379203303de13db5ef08a8bd60f807ff6bb2fa1a4327c45cc22e9cac99f48f1f85ad68b795d602f2feba9db3d7c57b78fb167abbd248cf4c95eeafaba0b2d8ddbc39e04bab207b31b66c8e89c0dfc46da6ff12f0f7638ee4c5fc81c9803c322396be6b8cedb2f0ef55c2ef05d1ae84a6f71d4b0f4188c74688357cd4cbfaa53108a30b364ad99bd987891e33f4088690e2e6e67aa0809e50f2a4f24aa8f0cad5d6a451b95eb49e1b0b0c80c441fb1a8db56da8910a4d498de8e3386648e66506d3f2ea022eded94c49c9ea33648f3f29e6c2e96efb0f0ae37898e8931020e99c8197499dd4425781591ede124134ffb39f881117744700133a9ba63b8fe30ea4ac8490446224c622fd009580696f78bac79570cccdaf108d5f205cb5fb9a80e1fcbeb9fdd42d3c43367132f50af68bf3b60088f4305c5b44d5c72da07f81662268e44f3b1f8b6fe2368a35a8c972f252aada992806a3ef34eb59383a309088bb4bd33e62cebfb9f992027523b97b882a55863891d53349892c48f038fc363d25ac0e57c5e167b96434881c9244cde78192ac473dfbcb2ec69fef124f0b3e4495350fa9ed05597318d39a0587d83d08b276f5b22589b30fee714d905bc7d7181a49e5310cdcabd7f5bff4d3877e6269b23c9b872fd18e826edece433d8f977b382e1e5b07024e6d9a08d4b30da9ae1b28ea2c87cb648df05dfe0a856b9cf053aa1546c2f8f6ec4c1284e4cc09f38e94cb5edf0b3958b6b410ffb2143c91cea14531c276a059e4d618af274ee3d1dd924bdb4982e678010e38ff3a3406bd5e6b32c8051580a27b67778784af8b13a530d1a1779015c9d1165dec2659980b193e29e4ad0ad70a4458df3d931699333890f46e45ee818a931c7c282eaf0f18489b0dd7bd3ece67d7254744c9fcc8fe77af393c26c92a0eb1b44f52e434bd451daaa4ba72f8f25d76fde5332e78d32ed0abea9448ffa150943e3814556486c30a619f70e181a0d779a364b16053620a4b7e103894f57295a3f25f2b3bc89e822393725547d2d1086c680af8fd01374516275d1f1599fc88a09f5f3efb1f5bfd7384f2cc3be6e68002a9fc697ecfc766b77e0818bdd8cc463f7935f6bd4a14ef589468be48e23a173202fedaeae578cbd0f788081b3171af64c84fb198ba5f03bb7a13e324e75728d0826857dd4c763abc110bbbd91c8ac7a28ea1122ec03e6f2149dd5631bbf33990f3135d82a7c30883d306bf5579d7861bd1b7ff99491133b31a8db22742c2aec6d652ed5a23b905a33c520d60b26e2ac31cfb"}, &(0x7f0000000040)=0x1008) fcntl$setstatus(r0, 0x4, 0x2000) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000080)={r2, 0x1, 0x1, 0x8, 0x1, 0xaa2}, 0xff73) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000000c0)=""/139, &(0x7f0000000180)=0x8b) 06:06:28 executing program 0: r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x6, 0x10000) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@broadcast}}, &(0x7f0000000100)=0xe8) fstat(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@ipv4, @in=@multicast2, 0x4e21, 0x0, 0x4e20, 0x7, 0xa, 0xa0, 0x0, 0x3b, r1, r2}, {0x3, 0x0, 0x200, 0x1ff, 0x7, 0x10000, 0x3, 0x80}, {0x800, 0x2, 0xfffffffffffffffb, 0xa}, 0x57, 0x6e6bb5, 0x1, 0x1, 0x3}, {{@in=@remote, 0x4d4, 0x3c}, 0xa, @in=@remote, 0x3500, 0x3, 0x3, 0x6, 0x427, 0x0, 0xfffffffffffff824}}, 0xe8) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x7) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r4 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000080)=0x3, 0x4) sendmmsg(r4, &(0x7f0000005fc0), 0x800000000000059, 0x0) setsockopt$sock_int(r3, 0x1, 0x0, &(0x7f0000000040)=0xffff, 0x4) [ 1013.561975] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 [ 1013.678368] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1013.740715] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1013.773688] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1013.781348] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1013.804976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1013.823086] not chained 2090000 origins [ 1013.827098] CPU: 0 PID: 26336 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1013.831913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1013.831913] Call Trace: [ 1013.831913] dump_stack+0x32d/0x480 [ 1013.831913] kmsan_internal_chain_origin+0x222/0x240 [ 1013.854460] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1013.854460] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1013.854460] ? save_stack_trace+0xc6/0x110 [ 1013.854460] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1013.854460] ? kmsan_internal_chain_origin+0x90/0x240 [ 1013.854460] ? get_stack_info+0x863/0x9d0 [ 1013.854460] __msan_chain_origin+0x6d/0xd0 [ 1013.854460] ? __sys_sendmmsg+0x56b/0xa90 [ 1013.891090] __save_stack_trace+0x8be/0xc60 [ 1013.891090] ? __sys_sendmmsg+0x56b/0xa90 [ 1013.891090] save_stack_trace+0xc6/0x110 [ 1013.891090] kmsan_internal_chain_origin+0x136/0x240 [ 1013.891090] ? kmsan_internal_chain_origin+0x136/0x240 [ 1013.891090] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1013.891090] ? __msan_memcpy+0x6f/0x80 [ 1013.891090] ? pskb_expand_head+0x43b/0x1d20 [ 1013.891090] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1013.928902] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1013.928902] ? ___sys_sendmsg+0xe68/0x1250 [ 1013.928902] ? __sys_sendmmsg+0x56b/0xa90 [ 1013.928902] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1013.928902] ? __x64_sys_sendmmsg+0x56/0x70 [ 1013.928902] ? do_syscall_64+0xcf/0x110 [ 1013.928902] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1013.928902] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1013.928902] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1013.928902] ? memcg_kmem_put_cache+0x8e/0x460 [ 1013.928902] ? __msan_get_context_state+0x9/0x30 [ 1013.928902] ? INIT_INT+0xc/0x30 [ 1013.928902] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1013.928902] kmsan_memcpy_origins+0x13d/0x1b0 [ 1013.928902] __msan_memcpy+0x6f/0x80 [ 1013.928902] pskb_expand_head+0x43b/0x1d20 [ 1013.928902] l2tp_xmit_skb+0x5a7/0x24b0 [ 1013.928902] pppol2tp_sendmsg+0x7a6/0xba0 [ 1013.928902] ___sys_sendmsg+0xe68/0x1250 [ 1013.928902] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1013.928902] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1013.928902] ? kmsan_set_origin+0x83/0x130 [ 1013.928902] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1013.928902] ? _cond_resched+0xc7/0x120 [ 1013.928902] __sys_sendmmsg+0x56b/0xa90 [ 1013.928902] ? syscall_return_slowpath+0x123/0x8c0 [ 1013.928902] ? put_timespec64+0x162/0x220 [ 1013.928902] __se_sys_sendmmsg+0xbd/0xe0 [ 1013.928902] __x64_sys_sendmmsg+0x56/0x70 [ 1013.928902] do_syscall_64+0xcf/0x110 [ 1013.928902] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1013.928902] RIP: 0033:0x457569 [ 1013.928902] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1013.928902] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 06:06:29 executing program 3: r0 = socket$inet6(0xa, 0x400000000003, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9870151eb810665fc6ad2fe2ee66cd198e0d34516467179bc8985d70f16373b345d2afebd87c33ba9c72f409e14e21a0111b499e180e45cefcd070e7c4bf609fac6d89997c4d0ed9f17c36fb79df017b9563dff9c2521a4456eaa1353a00cb8c3d01ee58730740ef5b1d9089f8ee8362a2a4cc09e6a09e7e025059c648"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:29 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1013.928902] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1014.103777] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1014.103777] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1014.103777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1014.103777] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1014.132686] Uninit was stored to memory at: [ 1014.132686] kmsan_internal_chain_origin+0x136/0x240 [ 1014.132686] __msan_chain_origin+0x6d/0xd0 [ 1014.132686] __save_stack_trace+0x8be/0xc60 [ 1014.132686] save_stack_trace+0xc6/0x110 [ 1014.159291] kmsan_internal_chain_origin+0x136/0x240 [ 1014.160674] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.160674] __msan_memcpy+0x6f/0x80 [ 1014.171406] pskb_expand_head+0x43b/0x1d20 [ 1014.171406] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.171406] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.171406] ___sys_sendmsg+0xe68/0x1250 [ 1014.171406] __sys_sendmmsg+0x56b/0xa90 [ 1014.171406] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.171406] __x64_sys_sendmmsg+0x56/0x70 [ 1014.171406] do_syscall_64+0xcf/0x110 [ 1014.204411] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.204411] [ 1014.204411] Uninit was stored to memory at: [ 1014.204411] kmsan_internal_chain_origin+0x136/0x240 [ 1014.204411] __msan_chain_origin+0x6d/0xd0 [ 1014.204411] __save_stack_trace+0x8be/0xc60 [ 1014.204411] save_stack_trace+0xc6/0x110 [ 1014.204411] kmsan_internal_chain_origin+0x136/0x240 [ 1014.204411] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.204411] __msan_memcpy+0x6f/0x80 [ 1014.204411] pskb_expand_head+0x43b/0x1d20 [ 1014.204411] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.204411] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.204411] ___sys_sendmsg+0xe68/0x1250 [ 1014.204411] __sys_sendmmsg+0x56b/0xa90 [ 1014.204411] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.204411] __x64_sys_sendmmsg+0x56/0x70 [ 1014.204411] do_syscall_64+0xcf/0x110 [ 1014.204411] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.204411] [ 1014.204411] Uninit was stored to memory at: [ 1014.204411] kmsan_internal_chain_origin+0x136/0x240 [ 1014.204411] __msan_chain_origin+0x6d/0xd0 [ 1014.298149] __save_stack_trace+0x8be/0xc60 [ 1014.298149] save_stack_trace+0xc6/0x110 [ 1014.298149] kmsan_internal_chain_origin+0x136/0x240 [ 1014.298149] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.298149] __msan_memcpy+0x6f/0x80 [ 1014.298149] pskb_expand_head+0x43b/0x1d20 [ 1014.298149] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.298149] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.298149] ___sys_sendmsg+0xe68/0x1250 [ 1014.298149] __sys_sendmmsg+0x56b/0xa90 [ 1014.298149] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.298149] __x64_sys_sendmmsg+0x56/0x70 [ 1014.298149] do_syscall_64+0xcf/0x110 06:06:29 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x4, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000040)={0x9, 0xa, 0x2, 0x1ff, 0x0}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000000c0)={r2, 0x1}, 0x8) 06:06:29 executing program 1 (fault-call:2 fault-nth:6): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 1014.298149] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.298149] [ 1014.298149] Uninit was stored to memory at: [ 1014.298149] kmsan_internal_chain_origin+0x136/0x240 [ 1014.298149] __msan_chain_origin+0x6d/0xd0 [ 1014.298149] __save_stack_trace+0x8be/0xc60 [ 1014.298149] save_stack_trace+0xc6/0x110 [ 1014.298149] kmsan_internal_chain_origin+0x136/0x240 [ 1014.298149] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.298149] __msan_memcpy+0x6f/0x80 [ 1014.298149] pskb_expand_head+0x43b/0x1d20 [ 1014.298149] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.298149] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.298149] ___sys_sendmsg+0xe68/0x1250 [ 1014.298149] __sys_sendmmsg+0x56b/0xa90 [ 1014.417693] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.417693] __x64_sys_sendmmsg+0x56/0x70 [ 1014.417693] do_syscall_64+0xcf/0x110 [ 1014.417693] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.417693] [ 1014.417693] Uninit was stored to memory at: [ 1014.417693] kmsan_internal_chain_origin+0x136/0x240 [ 1014.417693] __msan_chain_origin+0x6d/0xd0 [ 1014.417693] __save_stack_trace+0x8be/0xc60 [ 1014.454671] save_stack_trace+0xc6/0x110 [ 1014.454671] kmsan_internal_chain_origin+0x136/0x240 [ 1014.454671] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.454671] __msan_memcpy+0x6f/0x80 [ 1014.454671] pskb_expand_head+0x43b/0x1d20 [ 1014.454671] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.454671] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.454671] ___sys_sendmsg+0xe68/0x1250 [ 1014.454671] __sys_sendmmsg+0x56b/0xa90 [ 1014.454671] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.454671] __x64_sys_sendmmsg+0x56/0x70 [ 1014.454671] do_syscall_64+0xcf/0x110 [ 1014.454671] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.454671] [ 1014.454671] Uninit was stored to memory at: [ 1014.454671] kmsan_internal_chain_origin+0x136/0x240 [ 1014.454671] __msan_chain_origin+0x6d/0xd0 [ 1014.454671] __save_stack_trace+0x8be/0xc60 [ 1014.454671] save_stack_trace+0xc6/0x110 [ 1014.454671] kmsan_internal_chain_origin+0x136/0x240 [ 1014.454671] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.454671] __msan_memcpy+0x6f/0x80 [ 1014.454671] pskb_expand_head+0x43b/0x1d20 [ 1014.454671] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.454671] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.454671] ___sys_sendmsg+0xe68/0x1250 [ 1014.454671] __sys_sendmmsg+0x56b/0xa90 [ 1014.454671] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.454671] __x64_sys_sendmmsg+0x56/0x70 [ 1014.454671] do_syscall_64+0xcf/0x110 [ 1014.454671] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.585579] FAULT_INJECTION: forcing a failure. [ 1014.585579] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1014.454671] [ 1014.454671] Uninit was stored to memory at: [ 1014.454671] kmsan_internal_chain_origin+0x136/0x240 [ 1014.454671] __msan_chain_origin+0x6d/0xd0 [ 1014.454671] __save_stack_trace+0x8be/0xc60 [ 1014.454671] save_stack_trace+0xc6/0x110 [ 1014.454671] kmsan_internal_chain_origin+0x136/0x240 [ 1014.454671] kmsan_memcpy_origins+0x13d/0x1b0 [ 1014.454671] __msan_memcpy+0x6f/0x80 [ 1014.454671] pskb_expand_head+0x43b/0x1d20 [ 1014.598208] CPU: 1 PID: 26361 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1014.454671] l2tp_xmit_skb+0x5a7/0x24b0 [ 1014.454671] pppol2tp_sendmsg+0x7a6/0xba0 [ 1014.603822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1014.454671] ___sys_sendmsg+0xe68/0x1250 [ 1014.454671] __sys_sendmmsg+0x56b/0xa90 [ 1014.608039] Call Trace: [ 1014.454671] __se_sys_sendmmsg+0xbd/0xe0 [ 1014.454671] __x64_sys_sendmmsg+0x56/0x70 [ 1014.608039] dump_stack+0x32d/0x480 [ 1014.454671] do_syscall_64+0xcf/0x110 [ 1014.454671] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.608039] should_fail+0x11e5/0x13c0 [ 1014.454671] [ 1014.636381] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1014.608039] __alloc_pages_nodemask+0x6fd/0x6640 [ 1014.677220] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1014.677220] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1014.677220] ? find_next_bit+0x25b/0x2a0 [ 1014.677220] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1014.677220] ? memcg_check_events+0x94/0x1310 [ 1014.677220] ? mem_cgroup_commit_charge+0x2d1/0x670 [ 1014.677220] ? alloc_pages_vma+0x178/0x1c70 [ 1014.677220] alloc_pages_vma+0xee6/0x1c70 [ 1014.748787] wp_page_copy+0x465/0x2fe0 [ 1014.748787] ? handle_mm_fault+0x4819/0xa560 [ 1014.748787] do_wp_page+0x1160/0x39d0 [ 1014.748787] handle_mm_fault+0x4819/0xa560 [ 1014.748787] ? handle_mm_fault+0x1ffe/0xa560 [ 1014.748787] __do_page_fault+0x10f8/0x1bb0 [ 1014.771973] do_page_fault+0x98/0xd0 [ 1014.777404] page_fault+0x1e/0x30 [ 1014.777404] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 1014.777404] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 1014.777404] RSP: 0018:ffff88004066fb28 EFLAGS: 00010202 [ 1014.777404] RAX: bfc7e20572cd8e00 RBX: 0000000000003fff RCX: 0000000000001fff [ 1014.777404] RDX: 0000000000003fff RSI: ffff8800406c6000 RDI: 0000000020002000 [ 1014.777404] RBP: ffff88004066fba0 R08: ffff880000000000 R09: 0000000000000002 [ 1014.777404] R10: ffffffff8ae013f8 R11: ffffffff854d0080 R12: ffff88004844c588 [ 1014.842604] R13: 0000000000000000 R14: 0000000020000000 R15: ffff8800406c4000 [ 1014.842604] ? drm_invalid_op+0x30/0x30 [ 1014.842604] ? __entry_text_end+0x7/0x7 [ 1014.842604] ? _copy_to_user+0x142/0x230 [ 1014.842604] ? drm_invalid_op+0x30/0x30 [ 1014.842604] drm_ioctl+0xb3b/0x1160 [ 1014.842604] ? drm_invalid_op+0x30/0x30 [ 1014.842604] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1014.842604] ? do_vfs_ioctl+0x187/0x2d30 [ 1014.842604] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1014.842604] do_vfs_ioctl+0xf77/0x2d30 [ 1014.842604] ? security_file_ioctl+0x92/0x200 [ 1014.842604] __se_sys_ioctl+0x1da/0x270 [ 1014.842604] __x64_sys_ioctl+0x4a/0x70 [ 1014.842604] do_syscall_64+0xcf/0x110 [ 1014.842604] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1014.912320] RIP: 0033:0x457569 [ 1014.912320] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1014.912320] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1014.912320] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1014.912320] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1014.912320] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1014.912320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1014.912320] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 [ 1015.058127] not chained 2100000 origins [ 1015.061919] CPU: 1 PID: 26336 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1015.061919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1015.061919] Call Trace: [ 1015.061919] dump_stack+0x32d/0x480 [ 1015.061919] kmsan_internal_chain_origin+0x222/0x240 [ 1015.061919] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.061919] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.061919] ? save_stack_trace+0xc6/0x110 [ 1015.061919] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1015.061919] ? kmsan_internal_chain_origin+0x90/0x240 [ 1015.061919] ? get_stack_info+0x863/0x9d0 [ 1015.061919] __msan_chain_origin+0x6d/0xd0 [ 1015.061919] ? __msan_memcpy+0x6f/0x80 [ 1015.124441] __save_stack_trace+0x8be/0xc60 [ 1015.124441] ? __msan_memcpy+0x6f/0x80 [ 1015.131458] save_stack_trace+0xc6/0x110 [ 1015.131458] kmsan_internal_chain_origin+0x136/0x240 [ 1015.131458] ? kmsan_internal_chain_origin+0x136/0x240 [ 1015.131458] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.131458] ? __msan_memcpy+0x6f/0x80 [ 1015.154994] ? pskb_expand_head+0x43b/0x1d20 [ 1015.162371] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.162371] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.162371] ? ___sys_sendmsg+0xe68/0x1250 [ 1015.162371] ? __sys_sendmmsg+0x56b/0xa90 [ 1015.162371] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1015.162371] ? __x64_sys_sendmmsg+0x56/0x70 [ 1015.162371] ? do_syscall_64+0xcf/0x110 [ 1015.162371] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.162371] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1015.162371] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1015.162371] ? memcg_kmem_put_cache+0x8e/0x460 [ 1015.162371] ? __msan_get_context_state+0x9/0x30 [ 1015.162371] ? INIT_INT+0xc/0x30 [ 1015.162371] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1015.221590] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.221590] __msan_memcpy+0x6f/0x80 [ 1015.221590] pskb_expand_head+0x43b/0x1d20 [ 1015.221590] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.221590] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.221590] ___sys_sendmsg+0xe68/0x1250 [ 1015.221590] ? kmsan_set_origin+0x83/0x130 [ 1015.221590] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1015.221590] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1015.221590] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1015.268741] ? rcu_all_qs+0x3b/0x310 [ 1015.268741] ? _cond_resched+0x59/0x120 [ 1015.268741] ? rcu_all_qs+0x53/0x310 [ 1015.268741] ? _cond_resched+0x37/0x120 [ 1015.268741] ? __sys_sendmmsg+0x7c9/0xa90 [ 1015.268741] ? _cond_resched+0x59/0x120 [ 1015.268741] __sys_sendmmsg+0x56b/0xa90 [ 1015.268741] ? syscall_return_slowpath+0x123/0x8c0 [ 1015.268741] ? put_timespec64+0x162/0x220 [ 1015.268741] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.268741] __x64_sys_sendmmsg+0x56/0x70 [ 1015.268741] do_syscall_64+0xcf/0x110 [ 1015.268741] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.268741] RIP: 0033:0x457569 [ 1015.268741] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1015.268741] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1015.268741] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1015.268741] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1015.268741] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1015.268741] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1015.268741] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1015.268741] Uninit was stored to memory at: [ 1015.268741] kmsan_internal_chain_origin+0x136/0x240 [ 1015.268741] __msan_chain_origin+0x6d/0xd0 [ 1015.268741] __save_stack_trace+0x8be/0xc60 [ 1015.268741] save_stack_trace+0xc6/0x110 [ 1015.268741] kmsan_internal_chain_origin+0x136/0x240 [ 1015.268741] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.268741] __msan_memcpy+0x6f/0x80 [ 1015.268741] pskb_expand_head+0x43b/0x1d20 [ 1015.268741] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.268741] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.268741] ___sys_sendmsg+0xe68/0x1250 [ 1015.268741] __sys_sendmmsg+0x56b/0xa90 [ 1015.268741] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.268741] __x64_sys_sendmmsg+0x56/0x70 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.454487] [ 1015.454487] Uninit was stored to memory at: [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.454487] __msan_chain_origin+0x6d/0xd0 [ 1015.454487] __save_stack_trace+0x8be/0xc60 [ 1015.454487] save_stack_trace+0xc6/0x110 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.454487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.454487] __msan_memcpy+0x6f/0x80 [ 1015.454487] pskb_expand_head+0x43b/0x1d20 [ 1015.454487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.454487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.454487] ___sys_sendmsg+0xe68/0x1250 [ 1015.454487] __sys_sendmmsg+0x56b/0xa90 [ 1015.454487] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.454487] __x64_sys_sendmmsg+0x56/0x70 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.454487] [ 1015.454487] Uninit was stored to memory at: [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.454487] __msan_chain_origin+0x6d/0xd0 [ 1015.454487] __save_stack_trace+0x8be/0xc60 [ 1015.454487] save_stack_trace+0xc6/0x110 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.454487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.454487] __msan_memcpy+0x6f/0x80 [ 1015.454487] pskb_expand_head+0x43b/0x1d20 [ 1015.454487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.454487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.454487] ___sys_sendmsg+0xe68/0x1250 [ 1015.454487] __sys_sendmmsg+0x56b/0xa90 [ 1015.454487] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.454487] __x64_sys_sendmmsg+0x56/0x70 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.454487] [ 1015.454487] Uninit was stored to memory at: [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.454487] __msan_chain_origin+0x6d/0xd0 [ 1015.454487] __save_stack_trace+0x8be/0xc60 [ 1015.454487] save_stack_trace+0xc6/0x110 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.454487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.454487] __msan_memcpy+0x6f/0x80 [ 1015.454487] pskb_expand_head+0x43b/0x1d20 [ 1015.454487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.454487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.454487] ___sys_sendmsg+0xe68/0x1250 [ 1015.454487] __sys_sendmmsg+0x56b/0xa90 [ 1015.454487] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.676073] FAULT_INJECTION: forcing a failure. [ 1015.676073] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1015.454487] __x64_sys_sendmmsg+0x56/0x70 [ 1015.681820] CPU: 0 PID: 26377 Comm: syz-executor1 Not tainted 4.19.0+ #77 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.681820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.681820] Call Trace: [ 1015.454487] [ 1015.681820] dump_stack+0x32d/0x480 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.681820] should_fail+0x11e5/0x13c0 [ 1015.454487] __msan_chain_origin+0x6d/0xd0 [ 1015.681820] ? __msan_memset+0x29/0xe0 [ 1015.454487] __save_stack_trace+0x8be/0xc60 [ 1015.681820] __alloc_pages_nodemask+0x6fd/0x6640 [ 1015.454487] save_stack_trace+0xc6/0x110 [ 1015.681820] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.681820] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 1015.454487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.681820] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 1015.454487] __msan_memcpy+0x6f/0x80 [ 1015.681820] kmsan_internal_alloc_meta_for_pages+0x9d/0x740 [ 1015.454487] pskb_expand_head+0x43b/0x1d20 [ 1015.681820] ? kmsan_set_origin+0x83/0x130 [ 1015.454487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.681820] ? __msan_instrument_asm_load+0x9a/0x110 [ 1015.454487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.681820] ? kernel_poison_pages+0x1ae/0x380 [ 1015.454487] ___sys_sendmsg+0xe68/0x1250 [ 1015.681820] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1015.454487] __sys_sendmmsg+0x56b/0xa90 [ 1015.681820] ? get_page_from_freelist+0x1617/0x1c90 [ 1015.454487] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.681820] kmsan_alloc_page+0x77/0xe0 [ 1015.454487] __x64_sys_sendmmsg+0x56/0x70 [ 1015.681820] __alloc_pages_nodemask+0x12cc/0x6640 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.681820] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.681820] ? is_bpf_text_address+0x49e/0x4d0 [ 1015.454487] [ 1015.681820] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1015.454487] Uninit was stored to memory at: [ 1015.681820] ? find_next_bit+0x25b/0x2a0 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.681820] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1015.454487] __msan_chain_origin+0x6d/0xd0 [ 1015.681820] ? memcg_check_events+0x94/0x1310 [ 1015.454487] __save_stack_trace+0x8be/0xc60 [ 1015.681820] ? mem_cgroup_commit_charge+0x2d1/0x670 [ 1015.454487] save_stack_trace+0xc6/0x110 [ 1015.681820] ? alloc_pages_vma+0x178/0x1c70 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.681820] alloc_pages_vma+0xee6/0x1c70 [ 1015.454487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.681820] wp_page_copy+0x465/0x2fe0 [ 1015.454487] __msan_memcpy+0x6f/0x80 [ 1015.681820] ? handle_mm_fault+0x4819/0xa560 [ 1015.454487] pskb_expand_head+0x43b/0x1d20 [ 1015.681820] do_wp_page+0x1160/0x39d0 [ 1015.454487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.681820] handle_mm_fault+0x4819/0xa560 [ 1015.454487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.681820] ? handle_mm_fault+0x1ffe/0xa560 [ 1015.454487] ___sys_sendmsg+0xe68/0x1250 [ 1015.681820] __do_page_fault+0x10f8/0x1bb0 [ 1015.454487] __sys_sendmmsg+0x56b/0xa90 [ 1015.681820] do_page_fault+0x98/0xd0 [ 1015.454487] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.681820] page_fault+0x1e/0x30 [ 1015.454487] __x64_sys_sendmmsg+0x56/0x70 [ 1015.681820] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.681820] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.681820] RSP: 0018:ffff880040ddfb28 EFLAGS: 00010202 [ 1015.454487] [ 1015.454487] Uninit was stored to memory at: [ 1015.681820] RAX: 19b690cd77631000 RBX: 0000000000003fff RCX: 0000000000001fff [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.681820] RDX: 0000000000003fff RSI: ffff88004276a000 RDI: 0000000020002000 [ 1015.454487] __msan_chain_origin+0x6d/0xd0 [ 1015.681820] RBP: ffff880040ddfba0 R08: ffff880000000000 R09: 0000000000000002 [ 1015.454487] __save_stack_trace+0x8be/0xc60 [ 1015.681820] R10: ffffffff8ae013f8 R11: ffffffff854d0080 R12: ffff88004a684588 [ 1015.454487] save_stack_trace+0xc6/0x110 [ 1015.681820] R13: 0000000000000000 R14: 0000000020000000 R15: ffff880042768000 [ 1015.454487] kmsan_internal_chain_origin+0x136/0x240 [ 1015.681820] ? drm_invalid_op+0x30/0x30 [ 1015.454487] kmsan_memcpy_origins+0x13d/0x1b0 [ 1015.681820] ? __entry_text_end+0x7/0x7 [ 1015.454487] __msan_memcpy+0x6f/0x80 [ 1015.681820] ? _copy_to_user+0x142/0x230 [ 1015.454487] pskb_expand_head+0x43b/0x1d20 [ 1015.681820] ? drm_invalid_op+0x30/0x30 [ 1015.454487] l2tp_xmit_skb+0x5a7/0x24b0 [ 1015.681820] drm_ioctl+0xb3b/0x1160 [ 1015.454487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1015.681820] ? drm_invalid_op+0x30/0x30 [ 1015.454487] ___sys_sendmsg+0xe68/0x1250 [ 1015.681820] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1015.454487] __sys_sendmmsg+0x56b/0xa90 [ 1015.681820] ? do_vfs_ioctl+0x187/0x2d30 [ 1015.454487] __se_sys_sendmmsg+0xbd/0xe0 [ 1015.681820] ? drm_ioctl_kernel+0x6a0/0x6a0 [ 1015.454487] __x64_sys_sendmmsg+0x56/0x70 [ 1015.681820] do_vfs_ioctl+0xf77/0x2d30 [ 1015.454487] do_syscall_64+0xcf/0x110 [ 1015.681820] ? security_file_ioctl+0x92/0x200 [ 1015.454487] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1015.681820] __se_sys_ioctl+0x1da/0x270 [ 1015.454487] [ 1015.681820] __x64_sys_ioctl+0x4a/0x70 [ 1016.202049] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:30 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:30 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:30 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) uselib(&(0x7f0000000000)='./file0\x00') 06:06:30 executing program 1 (fault-call:2 fault-nth:7): mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:30 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) sendmsg$alg(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1015.681820] do_syscall_64+0xcf/0x110 [ 1016.214065] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.214065] RIP: 0033:0x457569 [ 1016.214065] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1016.232138] RSP: 002b:00007f1d8b5a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1016.232138] RAX: ffffffffffffffda RBX: 00007f1d8b5a2c90 RCX: 0000000000457569 [ 1016.232138] RDX: 0000000020000000 RSI: ffffffffffff8000 RDI: 0000000000000003 [ 1016.232138] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1016.232138] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d8b5a36d4 [ 1016.232138] R13: 00000000004be737 R14: 00000000004ce618 R15: 0000000000000004 06:06:31 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = msgget(0x1, 0x1) msgctl$IPC_INFO(r2, 0x3, &(0x7f00000000c0)=""/123) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_int(r0, 0x29, 0xdb, &(0x7f0000000000)=0x5, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1016.674106] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1016.748586] not chained 2110000 origins [ 1016.751840] CPU: 0 PID: 26336 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1016.751840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1016.751840] Call Trace: [ 1016.751840] dump_stack+0x32d/0x480 [ 1016.751840] ? save_stack_trace+0xc6/0x110 [ 1016.776866] kmsan_internal_chain_origin+0x222/0x240 [ 1016.776866] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.776866] ? kmsan_internal_chain_origin+0x136/0x240 [ 1016.793717] ? __msan_chain_origin+0x6d/0xd0 [ 1016.793717] ? __save_stack_trace+0x8be/0xc60 [ 1016.793717] ? save_stack_trace+0xc6/0x110 [ 1016.804645] ? kmsan_internal_chain_origin+0x136/0x240 [ 1016.812269] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.812269] ? __msan_memcpy+0x6f/0x80 [ 1016.812269] ? pskb_expand_head+0x43b/0x1d20 [ 1016.812269] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.812269] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.812269] ? ___sys_sendmsg+0xe68/0x1250 [ 1016.812269] ? __sys_sendmmsg+0x56b/0xa90 [ 1016.839591] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1016.839591] ? __x64_sys_sendmmsg+0x56/0x70 [ 1016.839591] ? do_syscall_64+0xcf/0x110 [ 1016.839591] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.839591] ? save_stack_trace+0xc6/0x110 [ 1016.839591] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1016.839591] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1016.839591] ? __module_address+0x6a/0x610 [ 1016.839591] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1016.839591] ? is_bpf_text_address+0x49e/0x4d0 [ 1016.839591] ? INIT_INT+0xc/0x30 [ 1016.892489] __msan_chain_origin+0x6d/0xd0 [ 1016.892489] __save_stack_trace+0xaff/0xc60 [ 1016.892489] save_stack_trace+0xc6/0x110 [ 1016.892489] kmsan_internal_chain_origin+0x136/0x240 [ 1016.892489] ? kmsan_internal_chain_origin+0x136/0x240 [ 1016.912282] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.912282] ? __msan_memcpy+0x6f/0x80 [ 1016.912282] ? pskb_expand_head+0x43b/0x1d20 [ 1016.925428] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.933736] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.934021] ? ___sys_sendmsg+0xe68/0x1250 [ 1016.934021] ? __sys_sendmmsg+0x56b/0xa90 [ 1016.934021] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1016.934021] ? __x64_sys_sendmmsg+0x56/0x70 [ 1016.934021] ? do_syscall_64+0xcf/0x110 [ 1016.934021] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.934021] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1016.967656] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1016.967656] ? memcg_kmem_put_cache+0x8e/0x460 [ 1016.967656] ? __msan_get_context_state+0x9/0x30 [ 1016.967656] ? INIT_INT+0xc/0x30 [ 1016.967656] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1016.967656] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1016.967656] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1016.967656] ? rcu_all_qs+0x3b/0x310 [ 1016.967656] ? _cond_resched+0x59/0x120 [ 1016.967656] ? rcu_all_qs+0x53/0x310 [ 1016.967656] ? _cond_resched+0x37/0x120 [ 1016.967656] ? __sys_sendmmsg+0x7c9/0xa90 [ 1016.967656] ? _cond_resched+0x59/0x120 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] ? syscall_return_slowpath+0x123/0x8c0 [ 1016.967656] ? put_timespec64+0x162/0x220 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] RIP: 0033:0x457569 [ 1016.967656] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1016.967656] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1016.967656] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1016.967656] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1016.967656] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1016.967656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1016.967656] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Uninit was stored to memory at: [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] __msan_chain_origin+0x6d/0xd0 [ 1016.967656] __save_stack_trace+0x8be/0xc60 [ 1016.967656] save_stack_trace+0xc6/0x110 [ 1016.967656] kmsan_internal_chain_origin+0x136/0x240 [ 1016.967656] kmsan_memcpy_origins+0x13d/0x1b0 [ 1016.967656] __msan_memcpy+0x6f/0x80 [ 1016.967656] pskb_expand_head+0x43b/0x1d20 [ 1016.967656] l2tp_xmit_skb+0x5a7/0x24b0 [ 1016.967656] pppol2tp_sendmsg+0x7a6/0xba0 [ 1016.967656] ___sys_sendmsg+0xe68/0x1250 [ 1016.967656] __sys_sendmmsg+0x56b/0xa90 [ 1016.967656] __se_sys_sendmmsg+0xbd/0xe0 [ 1016.967656] __x64_sys_sendmmsg+0x56/0x70 [ 1016.967656] do_syscall_64+0xcf/0x110 [ 1016.967656] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1016.967656] [ 1016.967656] Local variable description: ----iph@ip_vs_out [ 1016.967656] Variable was created at: [ 1016.967656] ip_vs_out+0x1bf/0x4570 [ 1016.967656] ip_vs_local_reply6+0xec/0x130 [ 1017.693043] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:32 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:32 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) getsockname(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f00000000c0)=0x80) bind$rds(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) 06:06:32 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) syncfs(r0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8100, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000240)={0x400}, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={&(0x7f00000000c0)={0x10, 0x34000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="14003cac5435617d86b6ffea9a91000010002908"], 0x14}}, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x400, 0x10400) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x3ff}, 0xfffffffffffffddc) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r3, 0xc0305616, &(0x7f0000000080)={0x3f, {0x8, 0x7}}) 06:06:32 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400203) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="50891f594a2fa9e92ddfa0d3c19b2a5f0a8c5b2befb4d8ad785e4ad1d895bb6e9bcbfd2db21b751dc042e4f599af9995d9db0b7e615189991805a63f7679ebbcdfff1b57c79a83bd882427141c5411f1ba8580c208c513d2aa77963e9f772f0323e84a29c6193e800d71784fb2cce1fa592bfe931b2fea945f01fa6877917a07be4ddacbf314cebcaec49c603ac4c9dc653d2fee2b76d8029d2f03b321349c69e1681996445d83c7726691c294d6fe07"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:32 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:32 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0xfffffffffffffffd, 0x2004) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x5) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) [ 1017.966308] not chained 2120000 origins [ 1017.970448] CPU: 0 PID: 26406 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1017.971839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1017.971839] Call Trace: [ 1017.971839] dump_stack+0x32d/0x480 [ 1017.971839] kmsan_internal_chain_origin+0x222/0x240 [ 1017.971839] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1017.971839] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1017.971839] ? save_stack_trace+0xc6/0x110 [ 1017.971839] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1017.971839] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1017.971839] ? __module_address+0x6a/0x610 [ 1017.971839] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1017.971839] ? is_bpf_text_address+0x49e/0x4d0 [ 1017.971839] ? INIT_INT+0xc/0x30 [ 1017.971839] __msan_chain_origin+0x6d/0xd0 [ 1017.971839] __save_stack_trace+0xaff/0xc60 [ 1017.971839] save_stack_trace+0xc6/0x110 [ 1017.971839] kmsan_internal_chain_origin+0x136/0x240 [ 1017.971839] ? kmsan_internal_chain_origin+0x136/0x240 [ 1017.971839] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1017.971839] ? __msan_memcpy+0x6f/0x80 [ 1017.971839] ? pskb_expand_head+0x43b/0x1d20 [ 1017.971839] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1017.971839] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1017.971839] ? ___sys_sendmsg+0xe68/0x1250 [ 1018.087386] ? __sys_sendmmsg+0x56b/0xa90 [ 1018.087386] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1018.087386] ? __x64_sys_sendmmsg+0x56/0x70 [ 1018.087386] ? do_syscall_64+0xcf/0x110 [ 1018.087386] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.087386] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1018.087386] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1018.087386] ? memcg_kmem_put_cache+0x8e/0x460 [ 1018.087386] ? __msan_get_context_state+0x9/0x30 [ 1018.087386] ? INIT_INT+0xc/0x30 [ 1018.087386] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1018.087386] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.087386] __msan_memcpy+0x6f/0x80 [ 1018.087386] pskb_expand_head+0x43b/0x1d20 [ 1018.087386] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.087386] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.087386] ___sys_sendmsg+0xe68/0x1250 [ 1018.087386] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1018.087386] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1018.087386] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1018.087386] ? rcu_all_qs+0x3b/0x310 [ 1018.087386] ? _cond_resched+0x59/0x120 [ 1018.087386] ? rcu_all_qs+0x53/0x310 [ 1018.087386] ? _cond_resched+0x37/0x120 [ 1018.087386] ? __sys_sendmmsg+0x7c9/0xa90 [ 1018.087386] ? _cond_resched+0x59/0x120 [ 1018.087386] __sys_sendmmsg+0x56b/0xa90 [ 1018.207542] ? syscall_return_slowpath+0x123/0x8c0 [ 1018.211915] ? put_timespec64+0x162/0x220 [ 1018.211915] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.211915] __x64_sys_sendmmsg+0x56/0x70 [ 1018.211915] do_syscall_64+0xcf/0x110 [ 1018.211915] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.211915] RIP: 0033:0x457569 [ 1018.211915] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1018.211915] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1018.258946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1018.258946] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1018.258946] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1018.258946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1018.258946] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1018.258946] Uninit was stored to memory at: [ 1018.258946] kmsan_internal_chain_origin+0x136/0x240 [ 1018.258946] __msan_chain_origin+0x6d/0xd0 [ 1018.258946] __save_stack_trace+0x8be/0xc60 [ 1018.258946] save_stack_trace+0xc6/0x110 [ 1018.258946] kmsan_internal_chain_origin+0x136/0x240 [ 1018.258946] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.258946] __msan_memcpy+0x6f/0x80 [ 1018.258946] pskb_expand_head+0x43b/0x1d20 [ 1018.258946] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.258946] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.258946] ___sys_sendmsg+0xe68/0x1250 [ 1018.258946] __sys_sendmmsg+0x56b/0xa90 [ 1018.258946] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.258946] __x64_sys_sendmmsg+0x56/0x70 [ 1018.258946] do_syscall_64+0xcf/0x110 [ 1018.258946] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.258946] [ 1018.258946] Uninit was stored to memory at: [ 1018.258946] kmsan_internal_chain_origin+0x136/0x240 [ 1018.258946] __msan_chain_origin+0x6d/0xd0 [ 1018.258946] __save_stack_trace+0x8be/0xc60 [ 1018.258946] save_stack_trace+0xc6/0x110 [ 1018.258946] kmsan_internal_chain_origin+0x136/0x240 [ 1018.258946] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.258946] __msan_memcpy+0x6f/0x80 [ 1018.258946] pskb_expand_head+0x43b/0x1d20 [ 1018.258946] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.258946] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.258946] ___sys_sendmsg+0xe68/0x1250 [ 1018.258946] __sys_sendmmsg+0x56b/0xa90 [ 1018.258946] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.258946] __x64_sys_sendmmsg+0x56/0x70 [ 1018.258946] do_syscall_64+0xcf/0x110 [ 1018.258946] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.258946] [ 1018.258946] Uninit was stored to memory at: [ 1018.455921] kmsan_internal_chain_origin+0x136/0x240 [ 1018.456402] __msan_chain_origin+0x6d/0xd0 06:06:33 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0x200000200, &(0x7f0000000100)="d27a709198234dbc76a6f5f8fd809dfcad31c7afc099f3e38228c1dd68887036f9a9f0d40347f79c29ce35123607db839a4db26cd8dd59ac36aed9aa24ada023c1ef7e721de5e0ff59687d3a94eff5741947715767e516128a64569fc05647000000008cffa868d79ffbcd7a909a6c7fbda8f40808dc4b1469b15e2204320bc3f3f997b69d9123899be4ccd57b239ba9df101c9095b633b48e21da2f9201585f9972fb2d118d69aba190836cc10000000000000000000034bc143d1ecc8baae103d8e2cdb09c355a5dba9acdf1f409f9bb6487126f6a456a18f12a81b21cf944c783a5531b12214e8940a03a9da8a7ce580c5b481bd7dd6bbc048b6727888b7793b49b34e1a4c45e7b71ab0f9b52") 06:06:33 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="55dfff00000000000000", 0xa) r1 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0xffffffffffffffff, 0xa00) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000001380)={0x373, 0x9, 0x3, 0x7f, 0x10001, 0xca1, 0x9, 0xfffffffffffffffa, 0x5, 0xffff, 0xfff000000000, 0x4}) utimensat(r1, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={{r2, r3/1000+30000}}, 0x100) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000240)=""/4096) sendto(r0, &(0x7f0000001240)="ff41a3afa0e5967fe42a4a1852f049abd0d0f2270c616bacf09f9c8247acec7bdeacea8a098932d220faa7a63885ade41a99ad80d669d9e219be8b368c462556b3d9989b9d2a7c91de73ada8f779324cd240fd6c9f6a568c6d4aa1dabbaee03801b9f6281beb7421a97c60b1c016a52c82c567394ffc825e217f6f02fb38d0741122a49f34a2f0676d26d3a09e4bf477ba0426b3fb62", 0x96, 0x0, &(0x7f0000001300)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @loopback}, 0x2, 0x1, 0x4, 0x3}}, 0x80) accept4$inet(r0, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x800) 06:06:33 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) write$P9_RSTAT(r1, &(0x7f0000000600)={0x52, 0x7d, 0x1, {0x0, 0x4b, 0x3, 0x3, {0x8b, 0x2, 0x7}, 0x2000000, 0x7f, 0x9, 0x0, 0x8, 'syz_tun\x00', 0x8, 'syz_tun\x00', 0x8, 'syz_tun\x00'}}, 0x52) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4000000000004e20, 0x2, @ipv4, 0x7}, 0x1c) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000005c0)) ioctl$BLKRRPART(r1, 0x125f, 0x0) sendto$inet6(r0, &(0x7f0000000580)="f89508cd7af227188e78b9b3e486bc569d55313816155f6695e8e60e3ee213a2b5a0", 0x22, 0x20000009, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) vmsplice(r0, &(0x7f0000000500)=[{&(0x7f00000000c0)="e8f02cb7a5d81c8ad34fc34b6543ea403b914e3471b06b9eef5a864bd6bc8ea3b19047224af42675ba782a25e801748ce344a4a010161cce6dbff7aa6164dd68d3c69b35ea815cee4d06ab66e6647317b7f60dd822e25b352194fef83a8d9f5b73b9c27a0cfd6d9612f026ed46b4aeaef0094b49ba541608eadd16559c3e82ce1cf77b306896b341c20693913c0b5d872302c2407f076f6c22457fbc6596bd0bcffde7bc708024ec18ac61f299", 0xad}, {&(0x7f0000000000)="467f3bdd3cad084ce465bdc0241d00a1101c97e5f187bc9b30c9bb", 0x1b}, {&(0x7f00000001c0)="9d1d1378d36b93db5a739469dea78bc707dd57ea9a8e94554311a09afb9ff41795e8e23c9054f1127718203a676f7311b6761022b6d2910c0a13d465637a06dd9ff85a567ac533f2e7f67c5085bfc4454565d59e7148f6c4caaff4d9fcbc85d6871ae0b37e9f95513415d0d709b31ed784d62f8810ad86b1b49ad1be18bef307858580382c1a971fe60959e1143baba5bd5fb98abcd1aa74e8b5365840f0e6bfeddb0f5c56c5d696e266cbcc8df8d55788fd29de1d48db7b88c36696dbb277c79221a0c557d06c074f5898d6e230b34c4b46d7ac221b8aaeb1589901e6537e00c01d155c59", 0xe5}, {&(0x7f00000002c0)="58d26576f733ca2e19fab6117d688f5722250d2749b259d4b6967beb271646421055b336", 0x24}, {&(0x7f0000000300)="dcd05afc12942b332e5f17fcb991f2c3dfd9f998dc6a5d965a6816bc1731393e6c47980bcb86ba1b0a51f82592b2b72240f2b0d03b214aeec1f79e72d65fcbf29757a7b6a73145b947c0a4a441ece6f9890e21cb12cd5f746c9ccd4d23ddb0deba73f0fb49cc15", 0x67}, {&(0x7f00000013c0)="fb873669cc48f4d68c4364010e72cb8a498e64ff37fd4cb56e76adefd1f3b4aaba591d2d7a7e95e6f9f108be2e821512d70fbca416ad74639f6c567fa1b9fc0b9cdff5f176f949e46c42cd7e2e5ef84af6825d413d17553065e73cfa4151c8f59c5e433cc8942663033ce48445fee6e4d2ed98f921e11d5b34d6d8d766101abb6bc28b643de779dd0904025a37bda6600c03237de5f1dba3d38df61b90adfa83d35b46c7ac06c563f45dbf531433a29a815c7b75f68881eba9f68099dadebb4680c21d0aca96cb878d1847a8c3672357355de252d7d422e102cd682012d2aa5c28672ec7c1b190b46b208a13c42113bb550e83e878ae0167650b66a162b5b77e3c6848c3d2c773a2562c8c9ebe285b0bf535efa6dcddff6ae6affa36921b7cde5eaef1de05149c450fc4f07322c4daab260adfdcf1c0c4fbbc976351b4f34cc507b10c792aed348f4452ebf615f3ed11dc73e9a9104d7e2014f5537a05df13931cb49b1b35449cdab19d1356926138d24f7e737ee86d52861d8df9b62fb9e69b1a2b2e89e0e1cef86a902d9dadfdf28186384f833994707706e8214b36b34669c6a3ded6f5ad83fc4399e5c78897fc521ca93d777af8520c3aa17fdbdec3e4fb348243cff3f6499f0005509445ff378dabf7b951d5f9afc63e9e96b0381b8a49645da795acab8bb85ceef47e6754e3ff0f5ed7292f9d82eab17db4b646f2802ab70e9f75ac5787fa004275c437bc1dcd3a549981023e0e0cae21b347b9c979533088e8a6c81ccfaf3b22d0452453131b51350ebdd19d6c44fcb6f6362c6a857f4f68f7c5d67bcfe5c7cf65c3c521901a132a8ebc57e460258b8d1e01da08c8e99913ddb5f104230b6478f662edd1695c2180b3d21981f90b505e8ce549470bf22b6cabeefd7d544c77264c283845ccbdabd7cf453655446d65c110ce57aa098f617b29c67d8379ddbad4664fa92efe3cec24e51ced4adee8e47f942718508c98b060e6060ca15c56481f26c4d9c4a7b7e8cc7c64b010527d75d8dcb6a460baa250375bf6384fd6b9ca41f9cd6dde7b974c88da8d86884e5e46530a852b61d8b75b5625832ff501764771d0c8e9e98d0287338395fe2e4330f181db50a2f3029e8f585e6418cdc69b24f6ca77aedc20afb113dabf7bebfed27da343e317cfaf3b837ffdd06f6152d76486caba583f25da8dd3506f74d7e235f02e70c7787ca0cd825cee6183ca87b652182bdc293614be1e89b9b992f06f0abb5faf887e6ab0c80b135fb9e7b5c708cf41d1afa924f232fd0a499dafc17910e3db77001b850bd46eb750f9326be588bf51b825c144bce5034a243913fba48dd20d4f6c2fbcc11af088401b6089259086f8d626885023db1624decf745f277ae442d6557dbf5fc1e217565d457f09bd0ea3768ab397e140daa0bb958ba9c6dda1ec8c2f81b348413b2b5ecf3b098492f72c1a931c27b3f56198cea07c82013c17c64caf8bcee4c185ca02778c47cd43364115214fd980ae9549a9345dc794053abaa602923926840c58a8876a06a45bc17121aa37facebf995aa82d6ef14b0455183d10add96adce92c48fdc7fcd2e37766f2a8839649da211bddf09f92d736d8055fe5a5a38a4546063082d662a0aa2d8ba4d4dc918501fe19d0305753f9c3bfc677fe192ea3429af4d01f187ea740df499e3c22ab9f1efffd73a8de92907116de52922e8a2e56f8e000163e37070806c86f3c3d9819e29ba45b599c5a9475ee13dd1f6e94434e48c212dc4cc8ab9fa0306a0e9b4a7d0a98b15c8cb28aec6f7e1e72cd35bc2742bc04663818048681b1083b365e7ff0346621474b1919f269128b5333e4a9c06455479eda41d9d94a5b3d8a25733285cd8e022fb387dec5431c13f8b9810a7cd0e5f140e28334805e47338813e10dd1720ce7e52f0fb965ebafccf64d0c10b12916bfded8226f67927526e126fa3bdbf10f6dc2472b0a2cc36453b6959b8634d933807ff6bd662efb2ca27d0ec2c5533b5821c6ab6ed5351d4d706ebba38ccc0980fbea4091a92b5d4a8a80d03e3e093115eb6344f7fbb4976e501016b8c278217aed5ef7736649e28942ba7cc943494ddfb29a9207ad42c268b551eda7ed6124f5fa5e420e646364b7c0c2864460c64058915fc19ec5d88f7a17318694a61eecc1e9ab8ff79713acc036443412f1a22a8de13e7934bc92588e01746af3209ae1bda63ca8d53eaa7961e8b2db840785d7893416133a6953bd8c319308e5d2f467e5e45f7432919cd3e7939dac51634b5770a086cb8c4a11224ad4630ac7294f0d9e6bb62039944b5c17ca5f1375c00512c2e45f5a5b24ab7f59c1d56cf5dffc60bc12e44f8ef94e63047975066f1c34ca22ddb4ddbd516b68b6d2a40f48e84a609401a830b21230f68f6f1ba6b6714b666429285831ddae8176879b2ea9a81af25d5ee82a40c9de2bfd61f894ac019d9a3d58ddfe894a9d21e8e9276020538890530f3570f5a757704e0c892d7f2cef5f3ec62bb5960827222a2fbfdcb5e7a3603429b177404506b8d81953533233c51eea35918a228808298a12c973be40479b0b8df87cb13bc59821fe3db1030d03368618ffd9026ab4998c3e072170c755cd999b1063dbe508f3edf7402e5362dd8c19417111ff1e001bf15960d26878a5085bd6d99ed012cbc32a860ac28ab85eb52ee5b6d03a2bfd5ee86afd43bc35245a5a61bea134346e07bde3e7489f7bac8a62ebc56c2e543c6b76fd33f610ebed1abb62c037113eb0b29b3ee6851d1a5b57477930b8ea17fedfc286bc28b7689b612542024ac8997023a857ae956a84992a5f20a514356d8c427fb3f6941ae0dad01abc4e9b65b745c9c365f8e926738fe1b11abba3452ac5a5e0bdc82dba4b36705a2806bd5fc16671adabfffd1abe18b94b986ea972f4dd7408e82f0b15ab55400b492c04f16b6b926c458f93b6088d274ea520ff2af4fe2d4e72ece49f6432f931e45a0e3d65cf6b594fc54b813608ae5ff85daf29b474830a1e7ed4d5724f9e75c4d168a912cbc052368d73c40ba233e99a500d5b626b59c49ef1fee224991b5c6b8e8c0fe4a55e469b46824a420cae8e7174f90a87f2fb3950eccc1b93e2916fc260f7fdca2723fe13a9855a5b425dbb412e4c812360fb87ff48aeaf6c27f9c2fe9a694c367315a9229a31e8bd7a5e46859d5d6f7418c9e57dc4a37466e5563c436f340d83d091bcf4b965b04eabfdaecf9a0cedd11ffc9c687540d271d323e25a4a6db676215514fc647e9f06b19a998381389a0d42ddf948daa8a535b0761734c3af725120dad5017cdc0db3459298e847b54e8e8c547c93a5afe63e98e137831615a781644c39d8a06b118ec470bf5c9af0176488fa9b182c7a3325973dd811709ef52f6c4d9c5e72b1089a9039d4064ff3f1b23c55d31ba94cb40ca6aec0e117024920fa8d580250f40ce55a1f345b4490f6c47d329d4ebcb649a00fa5499fd44fde137adff3797f3f2ef820fcd3e0d35f16fee5197d5ee612fd00639e3494e0fe5f4de68a8192c1d2660d2255df79cfd59549945c80a76557670d18d5bf0527d192dd7bd5adccc6641e21f1484101af9d884aee478ff0ebca519e6966606e07ab4a9d83bb3b83ee925a2dc81b9d13123584b455e4dcd1241be63a68d7dc9bce49d10b31ea34a7dd442d3f600f96bd48f81dff939f8ecc9597bde884604fe783ad6d945850ba747dcc22751f49fbf2265c406c27450901055ab748fe1f99c61af9b27ed635a59a1546384cdee2d646bae292d2a47536cc6a885c5edb9b82000b405e5c44a89b63ae5f544233f454e0e141f6474d49ff45e7ef593ede8b048e6a81f5c630d782629a3eed524f6f9da74ffe04539785fe714e55b17e9796c1a4497c71e1bf374f0ad2aa1da0334d3885a23b60caa7ab297290a4f700287ec06d05deba3ba7daf7c729b09973bba74633fe325884d9b4269998e2f701b3600aa1f9ad68b06dec5b3875452594fc24a88ebb88ceab990bbb83319dfe81268a19387c5e6bf8c9ff0676020dd96198ae5d7af93dbdead41768f94b52ab13959d5306f2557ced915094483246e668e5322fe9f3717e8d90f5b92fb54f3df69802a44660dcd261c23b416e80a46069e298a21bfeb507f55bcf7e8043bb7ce8c2f61799f52d34b2ac7a76b3a8773ba2f17384cab659ceebb0c03c4112959eec236a776af688c35b938721a0b0f97e1dae9ee89e7f81e67ec0cbf0aedccd63848f27810e45442d70a134e4702257ef42b76b9c10983a2fad379253f85786b6c44ef32f5088eb5c5b57ffad79679c8a52205dda05fdfca2386d4529b37e7351a91905461b83dc46d363cc2da6d8c7da18fd8741de000fab4dc9eb4b414b7245893230b9888c1ad6b5361b9d7d5698ab21d70503e90d12a700554aa76ccd691af13658b3844b8b1a39c081e32f5d6a739c5bd69e02a47a9f6a3520407f1283e44fce45a136953e0e0249cb78a8c10f7c05113615b67ce49028459e0c668966dfc840bf347064d0c039e090775bc570faddf859b45f91122dc7523b460c4a6660bf02415a087724ed263c6a35b90d350abd361f5d9ec736f5eaa09d8926fa67417c3c486502973200bdb3666506f5141a4267656e3cf1d816d1e6d7014ef87fb5cbdd3a6ca850f6977356d2f50258abc8eab9a2d410917f32a9a457449468c0db68de24eb4586f3c2d20fefa7c3f16bc5a018b7ac961a8730dd59623e7cfb8a4572aebf2b8a5b72f06a8518f51eec691378d76bb65bc4ede57d605f8e2d214e99d49f987309c7c84d4fdb4c11d01d66ddd6987d8bb1b6a40ff3ede61b7c11556b26fd667897af0c2a0d579059b6c43817e07476d45cbf63eaa80d044faa46c091a3902b6e9215e8dd5a284b150f7463c778769d392dad22ba94504989c2ae70848f7a4b60a6b50e00bf18e683785330ce46f2322a4e79f6b17e1cf69aea094b2ba3c0da66bd7a9998b726e20b09cb5bd02315de6364b79f285b8c32e6a9c172fddd387eff6369258ac34b5c8aaac63321a73e620422011fe2473492140897f698ec54310dcb9855dac531c6f8f58ee6dd8a07c6c36bc76d71839d009e839155ef55c899c5f2da47f8d1123ed261d3ebcdfdde4bcfc4c48a2028fdd9114ca4a32d626c06bb3f4620483d7c0dd8f5caaba0b9317a9d70056a00ba94040090446e10f6dbdf990f8efc7873c01b8cf444ec6d69ad3e4478a75b5af4f8a3d2a5290ac24a112dff6077951820c3aa81a643f1e169a993147ba4bde832a4cfb8e2798e54fdd02a2185b9c85c7a163478e72c210de066194d0421557835e0596696fc37809d8b9369c08d88f8fa4a949e5bfa85513ddad591e2a20bc2dd563349956faa2411e3494fc83478d808eb038dab19bc4ff537edde917697edddfe9269d41026f324e8996a7c46ef461fb26a4c223da2b4ce0cb2cfd4028e407a63baecf35dcf631ad26cc95a9ec72a25e903069398ab9757bb36d6b6caf119dea8138ccae089b6aa374af320ba5bfe76fbf3db6af86d8ee70441174dbe78caed95c1a241b6a6147ede1dbf2464c83c10aa3cc7f2fb0a0f28ad8875b397bfd9d2d5fe97877e8a5f1b29d9c9a0eb98c5e00deec1be0e3c8399b5c888c34d5d12798051d8a2f4dcc681021c9cdc44f10cc37eb6a0d5495665ec7b5cdbd72ac9bc496031b08a3c98480b46deb1fd114c62d0c6390f2bcf1318f4135ff02923773005fe993fe51c8b29e1694868a6ca7f65eb296b42bdf836239baf1c77fdebee0d285175c63b1c9e4cc94097", 0x1000}, {&(0x7f0000000380)="775605c3820bbc05de6ce55712e8e472f86d62154d54556d694674a9736f4a6e9a45665c6ec3b84e2ef378f936d180f9c622b757cfacc8059688d0d5ba9a3fdb55b4653b33bd53fe0230f40d3c6cf4409da333090ffb7360905ae318120cb0a2983efbb38db6302893301b45a1898692d64bda1048bf5847eb60d7c2727b50fb9091ec10a8606b724b873d66f89d8d2a0bc0c2b91e3b66623c9eefa07107cf", 0x9f}, {&(0x7f0000000440)="8f865847a34e9596f7fca08da24644aca1c87f46e544594d40cb146c6ad4a23c7d65ed25f576a902f5498b5758586c405b7398de3835915e2a2113c067bf3c97f3af804082d6fdf5d2757ec40c63b3b10abbe14ebc4c4c34f3c5d0a230c54769235cca5cf35d297eb2e28e9cb5e817ad375e2a1807f4857bf879c1d2756c6bf2b7f7b3a84edbbea6204a3a56115531779b99a6043262733fd6c1", 0x9a}], 0x8, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) accept$inet6(r0, 0x0, &(0x7f0000000680)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1018.456402] __save_stack_trace+0x8be/0xc60 [ 1018.456402] save_stack_trace+0xc6/0x110 [ 1018.456402] kmsan_internal_chain_origin+0x136/0x240 [ 1018.456402] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.456402] __msan_memcpy+0x6f/0x80 [ 1018.456402] pskb_expand_head+0x43b/0x1d20 [ 1018.456402] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.456402] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.456402] ___sys_sendmsg+0xe68/0x1250 [ 1018.456402] __sys_sendmmsg+0x56b/0xa90 [ 1018.456402] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.456402] __x64_sys_sendmmsg+0x56/0x70 [ 1018.456402] do_syscall_64+0xcf/0x110 [ 1018.456402] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.456402] [ 1018.456402] Uninit was stored to memory at: [ 1018.456402] kmsan_internal_chain_origin+0x136/0x240 [ 1018.532979] __msan_chain_origin+0x6d/0xd0 [ 1018.532979] __save_stack_trace+0x8be/0xc60 [ 1018.532979] save_stack_trace+0xc6/0x110 [ 1018.549225] kmsan_internal_chain_origin+0x136/0x240 [ 1018.549225] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.549225] __msan_memcpy+0x6f/0x80 [ 1018.549225] pskb_expand_head+0x43b/0x1d20 [ 1018.549225] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.549225] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.549225] ___sys_sendmsg+0xe68/0x1250 [ 1018.549225] __sys_sendmmsg+0x56b/0xa90 [ 1018.549225] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.549225] __x64_sys_sendmmsg+0x56/0x70 [ 1018.549225] do_syscall_64+0xcf/0x110 [ 1018.549225] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.549225] [ 1018.549225] Uninit was stored to memory at: [ 1018.549225] kmsan_internal_chain_origin+0x136/0x240 [ 1018.549225] __msan_chain_origin+0x6d/0xd0 [ 1018.549225] __save_stack_trace+0x8be/0xc60 [ 1018.549225] save_stack_trace+0xc6/0x110 [ 1018.549225] kmsan_internal_chain_origin+0x136/0x240 [ 1018.549225] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.549225] __msan_memcpy+0x6f/0x80 [ 1018.549225] pskb_expand_head+0x43b/0x1d20 [ 1018.549225] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.549225] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.549225] ___sys_sendmsg+0xe68/0x1250 [ 1018.549225] __sys_sendmmsg+0x56b/0xa90 [ 1018.658029] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.658029] __x64_sys_sendmmsg+0x56/0x70 [ 1018.658029] do_syscall_64+0xcf/0x110 [ 1018.658029] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.658029] [ 1018.658029] Uninit was stored to memory at: [ 1018.658029] kmsan_internal_chain_origin+0x136/0x240 [ 1018.658029] __msan_chain_origin+0x6d/0xd0 [ 1018.658029] __save_stack_trace+0x8be/0xc60 [ 1018.658029] save_stack_trace+0xc6/0x110 [ 1018.658029] kmsan_internal_chain_origin+0x136/0x240 [ 1018.658029] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.658029] __msan_memcpy+0x6f/0x80 [ 1018.658029] pskb_expand_head+0x43b/0x1d20 [ 1018.658029] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.658029] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.658029] ___sys_sendmsg+0xe68/0x1250 [ 1018.658029] __sys_sendmmsg+0x56b/0xa90 [ 1018.658029] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.658029] __x64_sys_sendmmsg+0x56/0x70 [ 1018.658029] do_syscall_64+0xcf/0x110 [ 1018.658029] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.658029] [ 1018.658029] Uninit was stored to memory at: [ 1018.658029] kmsan_internal_chain_origin+0x136/0x240 [ 1018.658029] __msan_chain_origin+0x6d/0xd0 [ 1018.658029] __save_stack_trace+0x8be/0xc60 [ 1018.658029] save_stack_trace+0xc6/0x110 [ 1018.658029] kmsan_internal_chain_origin+0x136/0x240 [ 1018.658029] kmsan_memcpy_origins+0x13d/0x1b0 [ 1018.658029] __msan_memcpy+0x6f/0x80 [ 1018.658029] pskb_expand_head+0x43b/0x1d20 [ 1018.658029] l2tp_xmit_skb+0x5a7/0x24b0 [ 1018.658029] pppol2tp_sendmsg+0x7a6/0xba0 [ 1018.658029] ___sys_sendmsg+0xe68/0x1250 [ 1018.658029] __sys_sendmmsg+0x56b/0xa90 [ 1018.658029] __se_sys_sendmmsg+0xbd/0xe0 [ 1018.658029] __x64_sys_sendmmsg+0x56/0x70 06:06:33 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:33 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1018.658029] do_syscall_64+0xcf/0x110 [ 1018.658029] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1018.658029] [ 1018.658029] Local variable description: ----iph@ip_vs_out [ 1018.658029] Variable was created at: [ 1018.658029] ip_vs_out+0x1bf/0x4570 [ 1018.658029] ip_vs_local_reply6+0xec/0x130 [ 1018.846060] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:33 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8003, &(0x7f0000000000)) 06:06:34 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) ioperm(0x6, 0x1400000, 0x9) setsockopt$inet_tcp_int(r1, 0x6, 0x6, &(0x7f0000000100)=0x8, 0x0) [ 1019.215856] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1019.298434] not chained 2130000 origins [ 1019.301805] CPU: 1 PID: 26406 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1019.301805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1019.311913] Call Trace: [ 1019.320454] dump_stack+0x32d/0x480 [ 1019.321634] kmsan_internal_chain_origin+0x222/0x240 [ 1019.328324] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.328324] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.328324] ? save_stack_trace+0xc6/0x110 [ 1019.328324] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1019.328324] ? kmsan_internal_chain_origin+0x90/0x240 [ 1019.328324] ? get_stack_info+0x863/0x9d0 [ 1019.328324] __msan_chain_origin+0x6d/0xd0 [ 1019.328324] ? __sys_sendmmsg+0x56b/0xa90 [ 1019.328324] __save_stack_trace+0x8be/0xc60 [ 1019.328324] ? __sys_sendmmsg+0x56b/0xa90 [ 1019.374576] save_stack_trace+0xc6/0x110 [ 1019.374576] kmsan_internal_chain_origin+0x136/0x240 [ 1019.382343] ? kmsan_internal_chain_origin+0x136/0x240 [ 1019.382343] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.382343] ? __msan_memcpy+0x6f/0x80 [ 1019.382343] ? pskb_expand_head+0x43b/0x1d20 [ 1019.382343] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.382343] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.382343] ? ___sys_sendmsg+0xe68/0x1250 [ 1019.382343] ? __sys_sendmmsg+0x56b/0xa90 [ 1019.382343] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1019.382343] ? __x64_sys_sendmmsg+0x56/0x70 [ 1019.427217] ? do_syscall_64+0xcf/0x110 [ 1019.427217] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.434789] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1019.441062] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1019.446194] ? memcg_kmem_put_cache+0x8e/0x460 [ 1019.446194] ? __msan_get_context_state+0x9/0x30 [ 1019.446194] ? INIT_INT+0xc/0x30 [ 1019.446194] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1019.446194] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.446194] __msan_memcpy+0x6f/0x80 [ 1019.446194] pskb_expand_head+0x43b/0x1d20 [ 1019.446194] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.446194] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1019.485070] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1019.485070] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1019.485070] ? rcu_all_qs+0x3b/0x310 [ 1019.485070] ? _cond_resched+0x59/0x120 [ 1019.485070] ? rcu_all_qs+0x53/0x310 [ 1019.485070] ? _cond_resched+0x37/0x120 [ 1019.485070] ? __sys_sendmmsg+0x7c9/0xa90 [ 1019.485070] ? _cond_resched+0x59/0x120 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] ? syscall_return_slowpath+0x123/0x8c0 [ 1019.485070] ? put_timespec64+0x162/0x220 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] RIP: 0033:0x457569 [ 1019.485070] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1019.485070] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1019.485070] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1019.485070] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1019.485070] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1019.485070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1019.485070] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Uninit was stored to memory at: [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] __msan_chain_origin+0x6d/0xd0 [ 1019.485070] __save_stack_trace+0x8be/0xc60 [ 1019.485070] save_stack_trace+0xc6/0x110 [ 1019.485070] kmsan_internal_chain_origin+0x136/0x240 [ 1019.485070] kmsan_memcpy_origins+0x13d/0x1b0 [ 1019.485070] __msan_memcpy+0x6f/0x80 [ 1019.485070] pskb_expand_head+0x43b/0x1d20 [ 1019.485070] l2tp_xmit_skb+0x5a7/0x24b0 [ 1019.485070] pppol2tp_sendmsg+0x7a6/0xba0 [ 1019.485070] ___sys_sendmsg+0xe68/0x1250 [ 1019.485070] __sys_sendmmsg+0x56b/0xa90 [ 1019.485070] __se_sys_sendmmsg+0xbd/0xe0 [ 1019.485070] __x64_sys_sendmmsg+0x56/0x70 [ 1019.485070] do_syscall_64+0xcf/0x110 [ 1019.485070] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1019.485070] [ 1019.485070] Local variable description: ----iph@ip_vs_out [ 1019.485070] Variable was created at: [ 1019.485070] ip_vs_out+0x1bf/0x4570 [ 1019.485070] ip_vs_local_reply6+0xec/0x130 [ 1020.192361] not chained 2140000 origins [ 1020.196342] CPU: 1 PID: 26406 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1020.201809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.201809] Call Trace: [ 1020.201809] dump_stack+0x32d/0x480 [ 1020.201809] kmsan_internal_chain_origin+0x222/0x240 [ 1020.201809] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] ? save_stack_trace+0xc6/0x110 [ 1020.201809] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1020.201809] ? kmsan_internal_chain_origin+0x90/0x240 [ 1020.201809] ? get_stack_info+0x863/0x9d0 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] ? __msan_memcpy+0x6f/0x80 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] ? __msan_memcpy+0x6f/0x80 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] ? kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] ? __msan_memcpy+0x6f/0x80 [ 1020.201809] ? pskb_expand_head+0x43b/0x1d20 [ 1020.201809] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ? ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] ? __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] ? __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] ? do_syscall_64+0xcf/0x110 [ 1020.201809] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1020.201809] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1020.201809] ? memcg_kmem_put_cache+0x8e/0x460 [ 1020.201809] ? __msan_get_context_state+0x9/0x30 [ 1020.201809] ? INIT_INT+0xc/0x30 [ 1020.201809] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] ? kmsan_set_origin+0x83/0x130 [ 1020.201809] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1020.201809] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1020.201809] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1020.201809] ? rcu_all_qs+0x3b/0x310 [ 1020.201809] ? _cond_resched+0x59/0x120 [ 1020.201809] ? rcu_all_qs+0x53/0x310 [ 1020.201809] ? _cond_resched+0x37/0x120 [ 1020.201809] ? __sys_sendmmsg+0x7c9/0xa90 [ 1020.201809] ? _cond_resched+0x59/0x120 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] ? syscall_return_slowpath+0x123/0x8c0 [ 1020.201809] ? put_timespec64+0x162/0x220 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] RIP: 0033:0x457569 [ 1020.201809] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1020.201809] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1020.201809] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1020.201809] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1020.201809] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1020.201809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1020.201809] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Uninit was stored to memory at: [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] __msan_chain_origin+0x6d/0xd0 [ 1020.201809] __save_stack_trace+0x8be/0xc60 [ 1020.201809] save_stack_trace+0xc6/0x110 [ 1020.201809] kmsan_internal_chain_origin+0x136/0x240 [ 1020.201809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1020.201809] __msan_memcpy+0x6f/0x80 [ 1020.201809] pskb_expand_head+0x43b/0x1d20 [ 1020.201809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1020.201809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1020.201809] ___sys_sendmsg+0xe68/0x1250 [ 1020.201809] __sys_sendmmsg+0x56b/0xa90 [ 1020.201809] __se_sys_sendmmsg+0xbd/0xe0 [ 1020.201809] __x64_sys_sendmmsg+0x56/0x70 [ 1020.201809] do_syscall_64+0xcf/0x110 [ 1020.201809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1020.201809] [ 1020.201809] Local variable description: ----iph@ip_vs_out [ 1020.201809] Variable was created at: [ 1020.201809] ip_vs_out+0x1bf/0x4570 [ 1020.201809] ip_vs_local_reply6+0xec/0x130 [ 1021.063801] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:36 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r2 = memfd_create(&(0x7f0000000040)='lo-}\x00', 0x5) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e22, 0x8, @mcast2, 0x5}}, 0x1ff, 0x800}, &(0x7f0000000180)=0x90) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000001c0)={0xffffffffffffffc1, 0x8009, 0xffff, 0x2, r3}, &(0x7f0000000200)=0x10) 06:06:36 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:36 executing program 5: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$alg(r0, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:36 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x94b5, 0x0) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000040)={0x6, 0x3}) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0xfffffffffffffffd) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) dup(r1) 06:06:36 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x10000, 0x0) ioctl$VIDIOC_S_AUDOUT(r2, 0x40345632, &(0x7f0000000040)={0x2, "21fad112afd935432e67c33656d048bffdbba0bace1a4d0a0a704fb9c79832fc", 0x3}) 06:06:36 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) accept$inet(r1, &(0x7f0000000000)={0x2, 0x0, @rand_addr}, &(0x7f00000000c0)=0x10) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1021.329669] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1021.361193] not chained 2150000 origins [ 1021.361913] CPU: 0 PID: 26451 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1021.361913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1021.361913] Call Trace: [ 1021.361913] dump_stack+0x32d/0x480 [ 1021.361913] kmsan_internal_chain_origin+0x222/0x240 [ 1021.361913] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.361913] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.361913] ? save_stack_trace+0xc6/0x110 [ 1021.361913] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1021.361913] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1021.361913] ? __module_address+0x6a/0x610 [ 1021.361913] ? __msan_metadata_ptr_for_load_4+0x10/0x20 06:06:36 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:36 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1021.361913] ? is_bpf_text_address+0x49e/0x4d0 [ 1021.361913] ? INIT_INT+0xc/0x30 [ 1021.361913] __msan_chain_origin+0x6d/0xd0 [ 1021.361913] __save_stack_trace+0xaff/0xc60 [ 1021.361913] save_stack_trace+0xc6/0x110 [ 1021.361913] kmsan_internal_chain_origin+0x136/0x240 [ 1021.361913] ? kmsan_internal_chain_origin+0x136/0x240 [ 1021.361913] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.460396] ? __msan_memcpy+0x6f/0x80 [ 1021.464118] ? pskb_expand_head+0x43b/0x1d20 [ 1021.464118] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.464118] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.464118] ? ___sys_sendmsg+0xe68/0x1250 [ 1021.464118] ? __sys_sendmmsg+0x56b/0xa90 [ 1021.464118] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1021.464118] ? __x64_sys_sendmmsg+0x56/0x70 [ 1021.464118] ? do_syscall_64+0xcf/0x110 [ 1021.464118] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.464118] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1021.464118] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1021.464118] ? memcg_kmem_put_cache+0x8e/0x460 [ 1021.464118] ? __msan_get_context_state+0x9/0x30 [ 1021.464118] ? INIT_INT+0xc/0x30 [ 1021.464118] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1021.464118] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.464118] __msan_memcpy+0x6f/0x80 [ 1021.464118] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1021.544991] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1021.544991] ? kmsan_set_origin+0x83/0x130 [ 1021.544991] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1021.544991] ? _cond_resched+0xc7/0x120 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] ? syscall_return_slowpath+0x123/0x8c0 [ 1021.544991] ? put_timespec64+0x162/0x220 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] RIP: 0033:0x457569 06:06:36 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) open(&(0x7f0000000000)='./file0\x00', 0x22000, 0x1) [ 1021.544991] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1021.544991] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1021.544991] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1021.544991] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1021.544991] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1021.544991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1021.544991] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 06:06:36 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 06:06:37 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 06:06:37 executing program 1: mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Uninit was stored to memory at: [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] __msan_chain_origin+0x6d/0xd0 [ 1021.544991] __save_stack_trace+0x8be/0xc60 [ 1021.544991] save_stack_trace+0xc6/0x110 [ 1021.544991] kmsan_internal_chain_origin+0x136/0x240 [ 1021.544991] kmsan_memcpy_origins+0x13d/0x1b0 [ 1021.544991] __msan_memcpy+0x6f/0x80 [ 1021.544991] pskb_expand_head+0x43b/0x1d20 [ 1021.544991] l2tp_xmit_skb+0x5a7/0x24b0 [ 1021.544991] pppol2tp_sendmsg+0x7a6/0xba0 [ 1021.544991] ___sys_sendmsg+0xe68/0x1250 [ 1021.544991] __sys_sendmmsg+0x56b/0xa90 [ 1021.544991] __se_sys_sendmmsg+0xbd/0xe0 [ 1021.544991] __x64_sys_sendmmsg+0x56/0x70 [ 1021.544991] do_syscall_64+0xcf/0x110 [ 1021.544991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1021.544991] [ 1021.544991] Local variable description: ----iph@ip_vs_out [ 1021.544991] Variable was created at: [ 1021.544991] ip_vs_out+0x1bf/0x4570 [ 1021.544991] ip_vs_local_reply6+0xec/0x130 [ 1022.225191] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1022.697318] not chained 2160000 origins [ 1022.701344] CPU: 0 PID: 26451 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1022.702343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.702343] Call Trace: [ 1022.702343] dump_stack+0x32d/0x480 [ 1022.702343] ? save_stack_trace+0xc6/0x110 [ 1022.702343] kmsan_internal_chain_origin+0x222/0x240 [ 1022.730361] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.735609] ? kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] ? __msan_chain_origin+0x6d/0xd0 [ 1022.738203] ? __save_stack_trace+0x833/0xc60 [ 1022.738203] ? save_stack_trace+0xc6/0x110 [ 1022.738203] ? kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] ? __msan_memcpy+0x6f/0x80 [ 1022.738203] ? pskb_expand_head+0x43b/0x1d20 [ 1022.738203] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ? ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] ? __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] ? __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] ? do_syscall_64+0xcf/0x110 [ 1022.738203] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] ? save_stack_trace+0xc6/0x110 [ 1022.738203] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1022.738203] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 1022.738203] ? get_stack_info+0x863/0x9d0 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] ? kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] ? __msan_memcpy+0x6f/0x80 [ 1022.738203] ? pskb_expand_head+0x43b/0x1d20 [ 1022.738203] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ? ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] ? __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] ? __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] ? do_syscall_64+0xcf/0x110 [ 1022.738203] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1022.738203] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1022.738203] ? memcg_kmem_put_cache+0x8e/0x460 [ 1022.738203] ? __msan_get_context_state+0x9/0x30 [ 1022.738203] ? INIT_INT+0xc/0x30 [ 1022.738203] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1022.738203] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1022.738203] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1022.738203] ? rcu_all_qs+0x3b/0x310 [ 1022.738203] ? _cond_resched+0x59/0x120 [ 1022.738203] ? rcu_all_qs+0x53/0x310 [ 1022.738203] ? _cond_resched+0x37/0x120 [ 1022.738203] ? __sys_sendmmsg+0x7c9/0xa90 [ 1022.738203] ? _cond_resched+0x59/0x120 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] ? syscall_return_slowpath+0x123/0x8c0 [ 1022.738203] ? put_timespec64+0x162/0x220 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] RIP: 0033:0x457569 [ 1022.738203] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1022.738203] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1022.738203] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1022.738203] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1022.738203] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1022.738203] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1022.738203] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Uninit was stored to memory at: [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] __msan_chain_origin+0x6d/0xd0 [ 1022.738203] __save_stack_trace+0x8be/0xc60 [ 1022.738203] save_stack_trace+0xc6/0x110 [ 1022.738203] kmsan_internal_chain_origin+0x136/0x240 [ 1022.738203] kmsan_memcpy_origins+0x13d/0x1b0 [ 1022.738203] __msan_memcpy+0x6f/0x80 [ 1022.738203] pskb_expand_head+0x43b/0x1d20 [ 1022.738203] l2tp_xmit_skb+0x5a7/0x24b0 [ 1022.738203] pppol2tp_sendmsg+0x7a6/0xba0 [ 1022.738203] ___sys_sendmsg+0xe68/0x1250 [ 1022.738203] __sys_sendmmsg+0x56b/0xa90 [ 1022.738203] __se_sys_sendmmsg+0xbd/0xe0 [ 1022.738203] __x64_sys_sendmmsg+0x56/0x70 [ 1022.738203] do_syscall_64+0xcf/0x110 [ 1022.738203] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1022.738203] [ 1022.738203] Local variable description: ----iph@ip_vs_out [ 1022.738203] Variable was created at: [ 1022.738203] ip_vs_out+0x1bf/0x4570 [ 1022.738203] ip_vs_local_reply6+0xec/0x130 [ 1023.636486] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1023.664466] not chained 2170000 origins [ 1023.668448] CPU: 0 PID: 26451 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1023.671834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1023.671834] Call Trace: [ 1023.671834] dump_stack+0x32d/0x480 [ 1023.671834] kmsan_internal_chain_origin+0x222/0x240 [ 1023.671834] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] ? save_stack_trace+0xc6/0x110 [ 1023.671834] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1023.671834] ? kmsan_internal_chain_origin+0x90/0x240 [ 1023.671834] ? get_stack_info+0x863/0x9d0 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] ? kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] ? __msan_memcpy+0x6f/0x80 [ 1023.671834] ? pskb_expand_head+0x43b/0x1d20 [ 1023.671834] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ? ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] ? __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] ? __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] ? do_syscall_64+0xcf/0x110 [ 1023.671834] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1023.671834] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1023.671834] ? memcg_kmem_put_cache+0x8e/0x460 [ 1023.671834] ? __msan_get_context_state+0x9/0x30 [ 1023.671834] ? INIT_INT+0xc/0x30 [ 1023.671834] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] ? kmsan_set_origin+0x83/0x130 [ 1023.671834] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1023.671834] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1023.671834] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1023.671834] ? rcu_all_qs+0x3b/0x310 [ 1023.671834] ? _cond_resched+0x59/0x120 [ 1023.671834] ? rcu_all_qs+0x53/0x310 [ 1023.671834] ? _cond_resched+0x37/0x120 [ 1023.671834] ? __sys_sendmmsg+0x7c9/0xa90 [ 1023.671834] ? _cond_resched+0x59/0x120 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] ? syscall_return_slowpath+0x123/0x8c0 [ 1023.671834] ? put_timespec64+0x162/0x220 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] RIP: 0033:0x457569 [ 1023.671834] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1023.671834] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1023.671834] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1023.671834] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1023.671834] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1023.671834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1023.671834] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Uninit was stored to memory at: [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] __msan_chain_origin+0x6d/0xd0 [ 1023.671834] __save_stack_trace+0x8be/0xc60 [ 1023.671834] save_stack_trace+0xc6/0x110 [ 1023.671834] kmsan_internal_chain_origin+0x136/0x240 [ 1023.671834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1023.671834] __msan_memcpy+0x6f/0x80 [ 1023.671834] pskb_expand_head+0x43b/0x1d20 [ 1023.671834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1023.671834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1023.671834] ___sys_sendmsg+0xe68/0x1250 [ 1023.671834] __sys_sendmmsg+0x56b/0xa90 [ 1023.671834] __se_sys_sendmmsg+0xbd/0xe0 [ 1023.671834] __x64_sys_sendmmsg+0x56/0x70 [ 1023.671834] do_syscall_64+0xcf/0x110 [ 1023.671834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1023.671834] [ 1023.671834] Local variable description: ----iph@ip_vs_out [ 1023.671834] Variable was created at: [ 1023.671834] ip_vs_out+0x1bf/0x4570 [ 1023.671834] ip_vs_local_reply6+0xec/0x130 [ 1024.537602] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:39 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x6, 0x226001) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000080)={0x0, 0x2, {0xffffffffffffffff, 0x1, 0xb05, 0x3, 0x7fff}}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:39 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:39 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000), &(0x7f00000000c0)=0x4) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="d6a9d8049bf57aab6dbdf07243251d04fbf44e59f58d5b8bcbb007e9c42dd33cb63d68615e86a938bd075ac291797e59169e4257c8b65e649f9de9b92d4f2b456d4391c294ba9a85bbdc68e8f006132b246da0554db1e0056c859aba2914a8cb84fa79baa45f623c708c2b71caf5947b977cb4a14caa123faf0640fbf15ff105c4bc0c7d6f36fff6b77b02ca428d9b7f50e8ece41a42a65b0c4fa68a7979379ba218d2aa338390b96fc2cfd6158e2dbf44d442c5b446fc99b0489d79d4bf95690b315d2956eae0747fc1e283015bf4072f0336652c204e0b559228df5140feebc9"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:39 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x2788b1eb, 0x20000000) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x101000, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000040), 0x4) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:39 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x800, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x1, 0x1, {0x16, 0x22, 0x2, 0x5, 0xa, 0x5, 0x4, 0xdd, 0x1}}) 06:06:39 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1024.814987] not chained 2180000 origins [ 1024.819015] CPU: 0 PID: 26491 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1024.822169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.822169] Call Trace: [ 1024.822169] dump_stack+0x32d/0x480 [ 1024.822169] kmsan_internal_chain_origin+0x222/0x240 [ 1024.822169] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1024.822169] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1024.822169] ? save_stack_trace+0xc6/0x110 06:06:39 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01ab", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1024.822169] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1024.822169] ? kmsan_internal_chain_origin+0x90/0x240 [ 1024.822169] ? get_stack_info+0x863/0x9d0 [ 1024.822169] __msan_chain_origin+0x6d/0xd0 [ 1024.822169] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1024.883944] __save_stack_trace+0x8be/0xc60 [ 1024.883944] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1024.883944] save_stack_trace+0xc6/0x110 [ 1024.883944] kmsan_internal_chain_origin+0x136/0x240 [ 1024.883944] ? kmsan_internal_chain_origin+0x136/0x240 [ 1024.883944] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1024.883944] ? __msan_memcpy+0x6f/0x80 [ 1024.883944] ? pskb_expand_head+0x43b/0x1d20 [ 1024.883944] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1024.883944] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1024.883944] ? ___sys_sendmsg+0xe68/0x1250 [ 1024.883944] ? __sys_sendmmsg+0x56b/0xa90 [ 1024.883944] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1024.883944] ? __x64_sys_sendmmsg+0x56/0x70 [ 1024.883944] ? do_syscall_64+0xcf/0x110 [ 1024.883944] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1024.883944] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1024.883944] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1024.883944] ? memcg_kmem_put_cache+0x8e/0x460 [ 1024.883944] ? __msan_get_context_state+0x9/0x30 [ 1024.883944] ? INIT_INT+0xc/0x30 [ 1024.883944] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1024.883944] kmsan_memcpy_origins+0x13d/0x1b0 [ 1024.883944] __msan_memcpy+0x6f/0x80 [ 1024.883944] pskb_expand_head+0x43b/0x1d20 [ 1024.883944] l2tp_xmit_skb+0x5a7/0x24b0 [ 1024.883944] pppol2tp_sendmsg+0x7a6/0xba0 [ 1024.883944] ___sys_sendmsg+0xe68/0x1250 [ 1024.883944] ? pppol2tp_getsockopt+0x1060/0x1060 06:06:40 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f", 0x1c) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1024.883944] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1024.883944] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1024.883944] ? rcu_all_qs+0x3b/0x310 [ 1024.883944] ? _cond_resched+0x59/0x120 [ 1024.883944] ? rcu_all_qs+0x53/0x310 [ 1024.883944] ? _cond_resched+0x37/0x120 [ 1024.883944] ? __sys_sendmmsg+0x7c9/0xa90 [ 1024.883944] ? _cond_resched+0x59/0x120 [ 1024.883944] __sys_sendmmsg+0x56b/0xa90 [ 1024.883944] ? syscall_return_slowpath+0x123/0x8c0 [ 1024.883944] ? put_timespec64+0x162/0x220 [ 1024.883944] __se_sys_sendmmsg+0xbd/0xe0 [ 1024.883944] __x64_sys_sendmmsg+0x56/0x70 [ 1024.883944] do_syscall_64+0xcf/0x110 [ 1024.883944] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1024.883944] RIP: 0033:0x457569 [ 1024.883944] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1024.883944] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1024.883944] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1024.883944] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000005 [ 1024.883944] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1024.883944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1024.883944] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1024.883944] Uninit was stored to memory at: [ 1024.883944] kmsan_internal_chain_origin+0x136/0x240 [ 1025.155387] __msan_chain_origin+0x6d/0xd0 [ 1025.155387] __save_stack_trace+0x8be/0xc60 06:06:40 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a90", 0x1e) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1025.155387] save_stack_trace+0xc6/0x110 [ 1025.155387] kmsan_internal_chain_origin+0x136/0x240 [ 1025.155387] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.155387] __msan_memcpy+0x6f/0x80 [ 1025.155387] pskb_expand_head+0x43b/0x1d20 [ 1025.155387] l2tp_xmit_skb+0x5a7/0x24b0 [ 1025.155387] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.155387] ___sys_sendmsg+0xe68/0x1250 [ 1025.155387] __sys_sendmmsg+0x56b/0xa90 [ 1025.155387] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.155387] __x64_sys_sendmmsg+0x56/0x70 [ 1025.155387] do_syscall_64+0xcf/0x110 [ 1025.155387] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.155387] [ 1025.155387] Uninit was stored to memory at: [ 1025.155387] kmsan_internal_chain_origin+0x136/0x240 [ 1025.155387] __msan_chain_origin+0x6d/0xd0 [ 1025.155387] __save_stack_trace+0x8be/0xc60 [ 1025.155387] save_stack_trace+0xc6/0x110 [ 1025.155387] kmsan_internal_chain_origin+0x136/0x240 [ 1025.155387] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.155387] __msan_memcpy+0x6f/0x80 [ 1025.155387] pskb_expand_head+0x43b/0x1d20 [ 1025.155387] l2tp_xmit_skb+0x5a7/0x24b0 06:06:40 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0xfffffffffffffffc, 0x501000) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 1025.264969] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.264969] ___sys_sendmsg+0xe68/0x1250 [ 1025.264969] __sys_sendmmsg+0x56b/0xa90 [ 1025.264969] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.264969] __x64_sys_sendmmsg+0x56/0x70 [ 1025.264969] do_syscall_64+0xcf/0x110 [ 1025.264969] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.264969] [ 1025.264969] Uninit was stored to memory at: [ 1025.264969] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] __msan_chain_origin+0x6d/0xd0 [ 1025.305807] __save_stack_trace+0x8be/0xc60 [ 1025.305807] save_stack_trace+0xc6/0x110 [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.305807] __msan_memcpy+0x6f/0x80 [ 1025.305807] pskb_expand_head+0x43b/0x1d20 [ 1025.305807] l2tp_xmit_skb+0x5a7/0x24b0 [ 1025.305807] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.305807] ___sys_sendmsg+0xe68/0x1250 [ 1025.305807] __sys_sendmmsg+0x56b/0xa90 [ 1025.305807] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.305807] __x64_sys_sendmmsg+0x56/0x70 [ 1025.305807] do_syscall_64+0xcf/0x110 [ 1025.305807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.305807] [ 1025.305807] Uninit was stored to memory at: [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] __msan_chain_origin+0x6d/0xd0 [ 1025.305807] __save_stack_trace+0x8be/0xc60 [ 1025.305807] save_stack_trace+0xc6/0x110 [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.305807] __msan_memcpy+0x6f/0x80 [ 1025.305807] pskb_expand_head+0x43b/0x1d20 [ 1025.305807] l2tp_xmit_skb+0x5a7/0x24b0 [ 1025.305807] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.305807] ___sys_sendmsg+0xe68/0x1250 [ 1025.305807] __sys_sendmmsg+0x56b/0xa90 [ 1025.305807] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.305807] __x64_sys_sendmmsg+0x56/0x70 [ 1025.305807] do_syscall_64+0xcf/0x110 [ 1025.305807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.305807] [ 1025.305807] Uninit was stored to memory at: [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] __msan_chain_origin+0x6d/0xd0 [ 1025.305807] __save_stack_trace+0x8be/0xc60 [ 1025.305807] save_stack_trace+0xc6/0x110 [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.305807] __msan_memcpy+0x6f/0x80 [ 1025.305807] pskb_expand_head+0x43b/0x1d20 [ 1025.305807] l2tp_xmit_skb+0x5a7/0x24b0 [ 1025.305807] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.305807] ___sys_sendmsg+0xe68/0x1250 [ 1025.305807] __sys_sendmmsg+0x56b/0xa90 [ 1025.305807] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.305807] __x64_sys_sendmmsg+0x56/0x70 [ 1025.305807] do_syscall_64+0xcf/0x110 [ 1025.305807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.305807] [ 1025.305807] Uninit was stored to memory at: [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] __msan_chain_origin+0x6d/0xd0 [ 1025.305807] __save_stack_trace+0x8be/0xc60 [ 1025.305807] save_stack_trace+0xc6/0x110 [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.305807] __msan_memcpy+0x6f/0x80 [ 1025.305807] pskb_expand_head+0x43b/0x1d20 [ 1025.305807] l2tp_xmit_skb+0x5a7/0x24b0 [ 1025.305807] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.305807] ___sys_sendmsg+0xe68/0x1250 [ 1025.305807] __sys_sendmmsg+0x56b/0xa90 [ 1025.305807] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.305807] __x64_sys_sendmmsg+0x56/0x70 [ 1025.305807] do_syscall_64+0xcf/0x110 [ 1025.305807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.305807] [ 1025.305807] Uninit was stored to memory at: [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] __msan_chain_origin+0x6d/0xd0 [ 1025.305807] __save_stack_trace+0x8be/0xc60 [ 1025.305807] save_stack_trace+0xc6/0x110 [ 1025.305807] kmsan_internal_chain_origin+0x136/0x240 [ 1025.305807] kmsan_memcpy_origins+0x13d/0x1b0 [ 1025.305807] __msan_memcpy+0x6f/0x80 [ 1025.305807] pskb_expand_head+0x43b/0x1d20 [ 1025.305807] l2tp_xmit_skb+0x5a7/0x24b0 [ 1025.305807] pppol2tp_sendmsg+0x7a6/0xba0 [ 1025.305807] ___sys_sendmsg+0xe68/0x1250 [ 1025.305807] __sys_sendmmsg+0x56b/0xa90 [ 1025.305807] __se_sys_sendmmsg+0xbd/0xe0 [ 1025.305807] __x64_sys_sendmmsg+0x56/0x70 [ 1025.305807] do_syscall_64+0xcf/0x110 [ 1025.305807] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1025.305807] [ 1025.305807] Local variable description: ----iph@ip_vs_out [ 1025.305807] Variable was created at: [ 1025.305807] ip_vs_out+0x1bf/0x4570 [ 1025.305807] ip_vs_local_reply6+0xec/0x130 [ 1025.690536] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:40 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfd8e, &(0x7f00000002c0), 0x0, &(0x7f0000000400), 0xfffffffffffffe9e, &(0x7f0000000440)=""/144}) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:06:40 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x0, 0x20000007, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0xffffffffffffffe1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB='?|\x00l'], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1026.217519] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1026.250114] not chained 2190000 origins [ 1026.251841] CPU: 0 PID: 26491 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1026.251841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.267765] Call Trace: [ 1026.267765] dump_stack+0x32d/0x480 [ 1026.267765] kmsan_internal_chain_origin+0x222/0x240 [ 1026.280019] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] ? save_stack_trace+0xc6/0x110 [ 1026.280019] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1026.280019] ? kmsan_internal_chain_origin+0x90/0x240 [ 1026.280019] ? get_stack_info+0x863/0x9d0 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] ? ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] ? ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] ? kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] ? __msan_memcpy+0x6f/0x80 [ 1026.280019] ? pskb_expand_head+0x43b/0x1d20 [ 1026.280019] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ? ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] ? __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] ? __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] ? do_syscall_64+0xcf/0x110 [ 1026.280019] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1026.280019] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1026.280019] ? memcg_kmem_put_cache+0x8e/0x460 [ 1026.280019] ? __msan_get_context_state+0x9/0x30 [ 1026.280019] ? INIT_INT+0xc/0x30 [ 1026.280019] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] ? kmsan_set_origin+0x83/0x130 [ 1026.280019] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1026.280019] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1026.280019] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1026.280019] ? rcu_all_qs+0x3b/0x310 [ 1026.280019] ? _cond_resched+0x59/0x120 [ 1026.280019] ? rcu_all_qs+0x53/0x310 [ 1026.280019] ? _cond_resched+0x37/0x120 [ 1026.280019] ? __sys_sendmmsg+0x7c9/0xa90 [ 1026.280019] ? _cond_resched+0x59/0x120 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] ? syscall_return_slowpath+0x123/0x8c0 [ 1026.280019] ? put_timespec64+0x162/0x220 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] RIP: 0033:0x457569 [ 1026.280019] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1026.280019] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1026.280019] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1026.280019] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000005 [ 1026.280019] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1026.280019] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1026.280019] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Uninit was stored to memory at: [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] __msan_chain_origin+0x6d/0xd0 [ 1026.280019] __save_stack_trace+0x8be/0xc60 [ 1026.280019] save_stack_trace+0xc6/0x110 [ 1026.280019] kmsan_internal_chain_origin+0x136/0x240 [ 1026.280019] kmsan_memcpy_origins+0x13d/0x1b0 [ 1026.280019] __msan_memcpy+0x6f/0x80 [ 1026.280019] pskb_expand_head+0x43b/0x1d20 [ 1026.280019] l2tp_xmit_skb+0x5a7/0x24b0 [ 1026.280019] pppol2tp_sendmsg+0x7a6/0xba0 [ 1026.280019] ___sys_sendmsg+0xe68/0x1250 [ 1026.280019] __sys_sendmmsg+0x56b/0xa90 [ 1026.280019] __se_sys_sendmmsg+0xbd/0xe0 [ 1026.280019] __x64_sys_sendmmsg+0x56/0x70 [ 1026.280019] do_syscall_64+0xcf/0x110 [ 1026.280019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1026.280019] [ 1026.280019] Local variable description: ----iph@ip_vs_out [ 1026.280019] Variable was created at: [ 1026.280019] ip_vs_out+0x1bf/0x4570 [ 1026.280019] ip_vs_local_reply6+0xec/0x130 [ 1027.147997] not chained 2200000 origins [ 1027.151834] CPU: 0 PID: 26491 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1027.151834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.151834] Call Trace: [ 1027.151834] dump_stack+0x32d/0x480 [ 1027.151834] kmsan_internal_chain_origin+0x222/0x240 [ 1027.151834] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] ? save_stack_trace+0xc6/0x110 [ 1027.151834] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1027.151834] ? kmsan_internal_chain_origin+0x90/0x240 [ 1027.151834] ? get_stack_info+0x863/0x9d0 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] ? kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] ? __msan_memcpy+0x6f/0x80 [ 1027.151834] ? pskb_expand_head+0x43b/0x1d20 [ 1027.151834] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ? ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] ? __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] ? __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] ? do_syscall_64+0xcf/0x110 [ 1027.151834] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1027.151834] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1027.151834] ? memcg_kmem_put_cache+0x8e/0x460 [ 1027.151834] ? __msan_get_context_state+0x9/0x30 [ 1027.151834] ? INIT_INT+0xc/0x30 [ 1027.151834] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] ? kmsan_set_origin+0x83/0x130 [ 1027.151834] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1027.151834] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1027.151834] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1027.151834] ? rcu_all_qs+0x3b/0x310 [ 1027.151834] ? _cond_resched+0x59/0x120 [ 1027.151834] ? rcu_all_qs+0x53/0x310 [ 1027.151834] ? _cond_resched+0x37/0x120 [ 1027.151834] ? __sys_sendmmsg+0x7c9/0xa90 [ 1027.151834] ? _cond_resched+0x59/0x120 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] ? syscall_return_slowpath+0x123/0x8c0 [ 1027.151834] ? put_timespec64+0x162/0x220 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] RIP: 0033:0x457569 [ 1027.151834] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1027.151834] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1027.151834] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1027.151834] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000005 [ 1027.151834] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1027.151834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1027.151834] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Uninit was stored to memory at: [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] __msan_chain_origin+0x6d/0xd0 [ 1027.151834] __save_stack_trace+0x8be/0xc60 [ 1027.151834] save_stack_trace+0xc6/0x110 [ 1027.151834] kmsan_internal_chain_origin+0x136/0x240 [ 1027.151834] kmsan_memcpy_origins+0x13d/0x1b0 [ 1027.151834] __msan_memcpy+0x6f/0x80 [ 1027.151834] pskb_expand_head+0x43b/0x1d20 [ 1027.151834] l2tp_xmit_skb+0x5a7/0x24b0 [ 1027.151834] pppol2tp_sendmsg+0x7a6/0xba0 [ 1027.151834] ___sys_sendmsg+0xe68/0x1250 [ 1027.151834] __sys_sendmmsg+0x56b/0xa90 [ 1027.151834] __se_sys_sendmmsg+0xbd/0xe0 [ 1027.151834] __x64_sys_sendmmsg+0x56/0x70 [ 1027.151834] do_syscall_64+0xcf/0x110 [ 1027.151834] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1027.151834] [ 1027.151834] Local variable description: ----iph@ip_vs_out [ 1027.151834] Variable was created at: [ 1027.151834] ip_vs_out+0x1bf/0x4570 [ 1027.151834] ip_vs_local_reply6+0xec/0x130 [ 1028.020932] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:43 executing program 0: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000040)={0x2a, 0x6, 0x0, {0x2, 0x6, 0x1, 0x0, ')'}}, 0x2a) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:43 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000100)="cec7c567552ab0ccbac134b005998270e70e32f2d14538ddee28759a3fc01b811221c2b2bbf961ab1b628fe4c98673f93c1a890dfb607a083a362d0a8d34c7f34be149a5b33484018b9f65353325119148fddf78c0240dd62037dc897c011d6331505a9e552b9f88eca3fc") ioctl$FICLONE(r0, 0x40049409, r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) 06:06:43 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:43 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000000)=0x1, 0x4) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f00000000c0), &(0x7f0000000100)=0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:43 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x800, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000040), &(0x7f0000000080)=0x14) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) [ 1028.286969] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1028.372613] not chained 2210000 origins [ 1028.376625] CPU: 1 PID: 26533 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1028.381800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1028.381800] Call Trace: [ 1028.381800] dump_stack+0x32d/0x480 [ 1028.381800] kmsan_internal_chain_origin+0x222/0x240 [ 1028.381800] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.381800] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.381800] ? save_stack_trace+0xc6/0x110 [ 1028.381800] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1028.423244] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 1028.425899] ? get_stack_info+0x863/0x9d0 [ 1028.425899] __msan_chain_origin+0x6d/0xd0 [ 1028.425899] ? do_syscall_64+0xcf/0x110 [ 1028.425899] __save_stack_trace+0x8be/0xc60 [ 1028.425899] ? do_syscall_64+0xcf/0x110 [ 1028.425899] save_stack_trace+0xc6/0x110 [ 1028.425899] kmsan_internal_chain_origin+0x136/0x240 [ 1028.425899] ? kmsan_internal_chain_origin+0x136/0x240 [ 1028.425899] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.425899] ? __msan_memcpy+0x6f/0x80 [ 1028.425899] ? pskb_expand_head+0x43b/0x1d20 [ 1028.425899] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.425899] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.482113] ? ___sys_sendmsg+0xe68/0x1250 [ 1028.482113] ? __sys_sendmmsg+0x56b/0xa90 [ 1028.482113] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1028.482113] ? __x64_sys_sendmmsg+0x56/0x70 [ 1028.482113] ? do_syscall_64+0xcf/0x110 [ 1028.482113] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.482113] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1028.482113] ? __msan_metadata_ptr_for_load_8+0x10/0x20 06:06:43 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) fdatasync(r0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)={0x0, @speck128, 0x1, "554f9469624f3a82"}) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) [ 1028.482113] ? memcg_kmem_put_cache+0x8e/0x460 [ 1028.482113] ? __msan_get_context_state+0x9/0x30 [ 1028.482113] ? INIT_INT+0xc/0x30 [ 1028.482113] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1028.482113] kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.482113] __msan_memcpy+0x6f/0x80 [ 1028.482113] pskb_expand_head+0x43b/0x1d20 [ 1028.552047] l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.555487] pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.555487] ___sys_sendmsg+0xe68/0x1250 [ 1028.555487] ? pppol2tp_getsockopt+0x1060/0x1060 06:06:43 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x100) r2 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x2354, 0x101000) renameat2(r1, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000200)='./file0\x00', 0x1) r3 = dup(r0) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x7, @remote}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x31, @ipv4={[], [], @local}, 0x7}, @in={0x2, 0x4e24, @rand_addr=0x6}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={r4, 0x38, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0x6, @loopback, 0x256}, @in6={0xa, 0x4e21, 0x6, @empty, 0x6}]}, &(0x7f0000000380)=0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r3, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d4df69aa375d6e1f24a001efcf2148304f745aba468bc0352be4497cf32d1f81a008b96b927b2adc026790f0b5633c1c43a48d2a097827977de99bd5a894c600000000c527e835be004b7285333aecde9bc4de76b18237513cda6923d9e1ab628ec2d6f39c6a79ffe7a2097aebaad69a763626610cb738bbd12ed866"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1028.555487] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1028.570702] ? kmsan_set_origin+0x83/0x130 [ 1028.570702] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1028.570702] ? _cond_resched+0xc7/0x120 [ 1028.570702] __sys_sendmmsg+0x56b/0xa90 [ 1028.570702] ? syscall_return_slowpath+0x123/0x8c0 [ 1028.570702] ? put_timespec64+0x162/0x220 [ 1028.570702] __se_sys_sendmmsg+0xbd/0xe0 [ 1028.570702] __x64_sys_sendmmsg+0x56/0x70 [ 1028.570702] do_syscall_64+0xcf/0x110 [ 1028.570702] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.570702] RIP: 0033:0x457569 [ 1028.570702] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1028.624264] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1028.624264] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1028.624264] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1028.624264] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1028.624264] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1028.624264] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1028.624264] Uninit was stored to memory at: [ 1028.624264] kmsan_internal_chain_origin+0x136/0x240 [ 1028.624264] __msan_chain_origin+0x6d/0xd0 [ 1028.624264] __save_stack_trace+0x8be/0xc60 [ 1028.624264] save_stack_trace+0xc6/0x110 [ 1028.624264] kmsan_internal_chain_origin+0x136/0x240 [ 1028.624264] kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.624264] __msan_memcpy+0x6f/0x80 06:06:43 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1028.624264] pskb_expand_head+0x43b/0x1d20 [ 1028.624264] l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.624264] pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.624264] ___sys_sendmsg+0xe68/0x1250 [ 1028.624264] __sys_sendmmsg+0x56b/0xa90 [ 1028.624264] __se_sys_sendmmsg+0xbd/0xe0 [ 1028.624264] __x64_sys_sendmmsg+0x56/0x70 [ 1028.624264] do_syscall_64+0xcf/0x110 [ 1028.751973] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.751973] [ 1028.751973] Uninit was stored to memory at: [ 1028.751973] kmsan_internal_chain_origin+0x136/0x240 06:06:43 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1028.751973] __msan_chain_origin+0x6d/0xd0 [ 1028.751973] __save_stack_trace+0x8be/0xc60 [ 1028.751973] save_stack_trace+0xc6/0x110 [ 1028.751973] kmsan_internal_chain_origin+0x136/0x240 [ 1028.751973] kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.751973] __msan_memcpy+0x6f/0x80 [ 1028.751973] pskb_expand_head+0x43b/0x1d20 [ 1028.751973] l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.751973] pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.751973] ___sys_sendmsg+0xe68/0x1250 [ 1028.751973] __sys_sendmmsg+0x56b/0xa90 [ 1028.751973] __se_sys_sendmmsg+0xbd/0xe0 [ 1028.751973] __x64_sys_sendmmsg+0x56/0x70 [ 1028.751973] do_syscall_64+0xcf/0x110 [ 1028.751973] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.751973] [ 1028.751973] Uninit was stored to memory at: [ 1028.751973] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] __msan_chain_origin+0x6d/0xd0 [ 1028.846852] __save_stack_trace+0x8be/0xc60 [ 1028.846852] save_stack_trace+0xc6/0x110 [ 1028.846852] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.846852] __msan_memcpy+0x6f/0x80 06:06:43 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r2 = gettid() kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000080)={r0, r0, 0x8}) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 1028.846852] pskb_expand_head+0x43b/0x1d20 [ 1028.846852] l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.846852] pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.846852] ___sys_sendmsg+0xe68/0x1250 [ 1028.846852] __sys_sendmmsg+0x56b/0xa90 [ 1028.846852] __se_sys_sendmmsg+0xbd/0xe0 [ 1028.846852] __x64_sys_sendmmsg+0x56/0x70 [ 1028.846852] do_syscall_64+0xcf/0x110 [ 1028.846852] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.846852] [ 1028.846852] Uninit was stored to memory at: [ 1028.846852] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] __msan_chain_origin+0x6d/0xd0 [ 1028.846852] __save_stack_trace+0x8be/0xc60 [ 1028.846852] save_stack_trace+0xc6/0x110 [ 1028.846852] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.846852] __msan_memcpy+0x6f/0x80 [ 1028.846852] pskb_expand_head+0x43b/0x1d20 [ 1028.846852] l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.846852] pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.846852] ___sys_sendmsg+0xe68/0x1250 [ 1028.846852] __sys_sendmmsg+0x56b/0xa90 [ 1028.846852] __se_sys_sendmmsg+0xbd/0xe0 [ 1028.846852] __x64_sys_sendmmsg+0x56/0x70 [ 1028.846852] do_syscall_64+0xcf/0x110 [ 1028.846852] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.846852] [ 1028.846852] Uninit was stored to memory at: [ 1028.846852] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] __msan_chain_origin+0x6d/0xd0 [ 1028.846852] __save_stack_trace+0x8be/0xc60 [ 1028.846852] save_stack_trace+0xc6/0x110 [ 1028.846852] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] kmsan_memcpy_origins+0x13d/0x1b0 [ 1028.846852] __msan_memcpy+0x6f/0x80 [ 1028.846852] pskb_expand_head+0x43b/0x1d20 [ 1028.846852] l2tp_xmit_skb+0x5a7/0x24b0 [ 1028.846852] pppol2tp_sendmsg+0x7a6/0xba0 [ 1028.846852] ___sys_sendmsg+0xe68/0x1250 [ 1028.846852] __sys_sendmmsg+0x56b/0xa90 [ 1028.846852] __se_sys_sendmmsg+0xbd/0xe0 [ 1028.846852] __x64_sys_sendmmsg+0x56/0x70 [ 1028.846852] do_syscall_64+0xcf/0x110 [ 1028.846852] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1028.846852] [ 1028.846852] Uninit was stored to memory at: [ 1028.846852] kmsan_internal_chain_origin+0x136/0x240 [ 1028.846852] __msan_chain_origin+0x6d/0xd0 [ 1028.846852] __save_stack_trace+0x8be/0xc60 [ 1028.846852] save_stack_trace+0xc6/0x110 [ 1029.081956] kmsan_internal_chain_origin+0x136/0x240 [ 1029.081956] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.081956] __msan_memcpy+0x6f/0x80 [ 1029.081956] pskb_expand_head+0x43b/0x1d20 [ 1029.099950] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.099950] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.108965] ___sys_sendmsg+0xe68/0x1250 [ 1029.108965] __sys_sendmmsg+0x56b/0xa90 [ 1029.108965] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.108965] __x64_sys_sendmmsg+0x56/0x70 [ 1029.108965] do_syscall_64+0xcf/0x110 [ 1029.108965] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.134351] [ 1029.134351] Uninit was stored to memory at: [ 1029.134351] kmsan_internal_chain_origin+0x136/0x240 [ 1029.134351] __msan_chain_origin+0x6d/0xd0 [ 1029.134351] __save_stack_trace+0x8be/0xc60 [ 1029.151968] save_stack_trace+0xc6/0x110 [ 1029.151968] kmsan_internal_chain_origin+0x136/0x240 [ 1029.151968] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.151968] __msan_memcpy+0x6f/0x80 [ 1029.169981] pskb_expand_head+0x43b/0x1d20 [ 1029.169981] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.169981] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.169981] ___sys_sendmsg+0xe68/0x1250 [ 1029.169981] __sys_sendmmsg+0x56b/0xa90 [ 1029.169981] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.169981] __x64_sys_sendmmsg+0x56/0x70 [ 1029.169981] do_syscall_64+0xcf/0x110 [ 1029.169981] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.169981] [ 1029.169981] Local variable description: ----iph@ip_vs_out [ 1029.169981] Variable was created at: [ 1029.169981] ip_vs_out+0x1bf/0x4570 [ 1029.169981] ip_vs_local_reply6+0xec/0x130 [ 1029.231512] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1029.391552] not chained 2220000 origins [ 1029.391811] CPU: 1 PID: 26533 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1029.391811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1029.391811] Call Trace: [ 1029.391811] dump_stack+0x32d/0x480 [ 1029.391811] kmsan_internal_chain_origin+0x222/0x240 [ 1029.391811] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.391811] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.391811] ? save_stack_trace+0xc6/0x110 [ 1029.391811] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1029.391811] ? kmsan_internal_chain_origin+0x90/0x240 [ 1029.391811] ? get_stack_info+0x863/0x9d0 [ 1029.391811] __msan_chain_origin+0x6d/0xd0 [ 1029.391811] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.391811] __save_stack_trace+0x8be/0xc60 [ 1029.391811] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.391811] save_stack_trace+0xc6/0x110 [ 1029.391811] kmsan_internal_chain_origin+0x136/0x240 [ 1029.391811] ? kmsan_internal_chain_origin+0x136/0x240 [ 1029.391811] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.391811] ? __msan_memcpy+0x6f/0x80 [ 1029.391811] ? pskb_expand_head+0x43b/0x1d20 [ 1029.391811] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.391811] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.391811] ? ___sys_sendmsg+0xe68/0x1250 [ 1029.391811] ? __sys_sendmmsg+0x56b/0xa90 [ 1029.391811] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1029.391811] ? __x64_sys_sendmmsg+0x56/0x70 [ 1029.391811] ? do_syscall_64+0xcf/0x110 [ 1029.391811] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.391811] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1029.391811] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1029.391811] ? memcg_kmem_put_cache+0x8e/0x460 [ 1029.391811] ? __msan_get_context_state+0x9/0x30 [ 1029.391811] ? INIT_INT+0xc/0x30 [ 1029.391811] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1029.391811] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.391811] __msan_memcpy+0x6f/0x80 [ 1029.391811] pskb_expand_head+0x43b/0x1d20 [ 1029.391811] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.391811] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.391811] ___sys_sendmsg+0xe68/0x1250 [ 1029.582028] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1029.582028] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1029.582028] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1029.582028] ? rcu_all_qs+0x3b/0x310 [ 1029.582028] ? _cond_resched+0x59/0x120 [ 1029.582028] ? rcu_all_qs+0x53/0x310 [ 1029.582028] ? _cond_resched+0x37/0x120 [ 1029.615676] ? __sys_sendmmsg+0x7c9/0xa90 [ 1029.615676] ? _cond_resched+0x59/0x120 [ 1029.615676] __sys_sendmmsg+0x56b/0xa90 [ 1029.615676] ? syscall_return_slowpath+0x123/0x8c0 [ 1029.615676] ? put_timespec64+0x162/0x220 [ 1029.615676] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.615676] __x64_sys_sendmmsg+0x56/0x70 [ 1029.615676] do_syscall_64+0xcf/0x110 [ 1029.615676] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.651954] RIP: 0033:0x457569 [ 1029.651954] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1029.651954] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1029.679506] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1029.691397] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1029.697436] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1029.697436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1029.710634] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1029.710634] Uninit was stored to memory at: [ 1029.710634] kmsan_internal_chain_origin+0x136/0x240 [ 1029.710634] __msan_chain_origin+0x6d/0xd0 [ 1029.710634] __save_stack_trace+0x8be/0xc60 [ 1029.710634] save_stack_trace+0xc6/0x110 [ 1029.710634] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Uninit was stored to memory at: [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] __msan_chain_origin+0x6d/0xd0 [ 1029.745339] __save_stack_trace+0x8be/0xc60 [ 1029.745339] save_stack_trace+0xc6/0x110 [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Uninit was stored to memory at: [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] __msan_chain_origin+0x6d/0xd0 [ 1029.745339] __save_stack_trace+0x8be/0xc60 [ 1029.745339] save_stack_trace+0xc6/0x110 [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Uninit was stored to memory at: [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] __msan_chain_origin+0x6d/0xd0 [ 1029.745339] __save_stack_trace+0x8be/0xc60 [ 1029.745339] save_stack_trace+0xc6/0x110 [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Uninit was stored to memory at: [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] __msan_chain_origin+0x6d/0xd0 [ 1029.745339] __save_stack_trace+0x8be/0xc60 [ 1029.745339] save_stack_trace+0xc6/0x110 [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Uninit was stored to memory at: [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] __msan_chain_origin+0x6d/0xd0 [ 1029.745339] __save_stack_trace+0x8be/0xc60 [ 1029.745339] save_stack_trace+0xc6/0x110 [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Uninit was stored to memory at: [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] __msan_chain_origin+0x6d/0xd0 [ 1029.745339] __save_stack_trace+0x8be/0xc60 [ 1029.745339] save_stack_trace+0xc6/0x110 [ 1029.745339] kmsan_internal_chain_origin+0x136/0x240 [ 1029.745339] kmsan_memcpy_origins+0x13d/0x1b0 [ 1029.745339] __msan_memcpy+0x6f/0x80 [ 1029.745339] pskb_expand_head+0x43b/0x1d20 [ 1029.745339] l2tp_xmit_skb+0x5a7/0x24b0 [ 1029.745339] pppol2tp_sendmsg+0x7a6/0xba0 [ 1029.745339] ___sys_sendmsg+0xe68/0x1250 [ 1029.745339] __sys_sendmmsg+0x56b/0xa90 [ 1029.745339] __se_sys_sendmmsg+0xbd/0xe0 [ 1029.745339] __x64_sys_sendmmsg+0x56/0x70 [ 1029.745339] do_syscall_64+0xcf/0x110 [ 1029.745339] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1029.745339] [ 1029.745339] Local variable description: ----iph@ip_vs_out [ 1029.745339] Variable was created at: [ 1029.745339] ip_vs_out+0x1bf/0x4570 [ 1029.745339] ip_vs_local_reply6+0xec/0x130 [ 1030.262534] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1030.293092] not chained 2230000 origins [ 1030.297074] CPU: 1 PID: 26533 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1030.301809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1030.301809] Call Trace: [ 1030.301809] dump_stack+0x32d/0x480 [ 1030.301809] kmsan_internal_chain_origin+0x222/0x240 [ 1030.301809] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] ? save_stack_trace+0xc6/0x110 [ 1030.301809] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1030.301809] ? kmsan_internal_chain_origin+0x90/0x240 [ 1030.301809] ? get_stack_info+0x863/0x9d0 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] ? kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] ? kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] ? kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] ? __msan_memcpy+0x6f/0x80 [ 1030.301809] ? pskb_expand_head+0x43b/0x1d20 [ 1030.301809] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ? ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] ? __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] ? __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] ? do_syscall_64+0xcf/0x110 [ 1030.301809] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1030.301809] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1030.301809] ? memcg_kmem_put_cache+0x8e/0x460 [ 1030.301809] ? __msan_get_context_state+0x9/0x30 [ 1030.301809] ? INIT_INT+0xc/0x30 [ 1030.301809] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] ? kmsan_set_origin+0x83/0x130 [ 1030.301809] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1030.301809] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1030.301809] ? kmsan_set_origin+0x83/0x130 [ 1030.301809] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1030.301809] ? _cond_resched+0xc7/0x120 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] ? syscall_return_slowpath+0x123/0x8c0 [ 1030.301809] ? put_timespec64+0x162/0x220 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] RIP: 0033:0x457569 [ 1030.301809] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1030.301809] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1030.301809] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1030.301809] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1030.301809] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1030.301809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1030.301809] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Uninit was stored to memory at: [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] __msan_chain_origin+0x6d/0xd0 [ 1030.301809] __save_stack_trace+0x8be/0xc60 [ 1030.301809] save_stack_trace+0xc6/0x110 [ 1030.301809] kmsan_internal_chain_origin+0x136/0x240 [ 1030.301809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1030.301809] __msan_memcpy+0x6f/0x80 [ 1030.301809] pskb_expand_head+0x43b/0x1d20 [ 1030.301809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1030.301809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1030.301809] ___sys_sendmsg+0xe68/0x1250 [ 1030.301809] __sys_sendmmsg+0x56b/0xa90 [ 1030.301809] __se_sys_sendmmsg+0xbd/0xe0 [ 1030.301809] __x64_sys_sendmmsg+0x56/0x70 [ 1030.301809] do_syscall_64+0xcf/0x110 [ 1030.301809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1030.301809] [ 1030.301809] Local variable description: ----iph@ip_vs_out [ 1030.301809] Variable was created at: [ 1030.301809] ip_vs_out+0x1bf/0x4570 [ 1030.301809] ip_vs_local_reply6+0xec/0x130 06:06:46 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4000, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000080)={{0x6, 0x9}, 0x1, 0x6, 0x3, {0x4dc, 0x9}, 0x800}) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) write$P9_RVERSION(r1, &(0x7f0000000100)={0x15, 0x65, 0xffff, 0xfffffffffffffff9, 0x8, '9P2000.u'}, 0x15) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) socket$key(0xf, 0x3, 0x2) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:46 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400), 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:46 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x8000, 0x0) openat$cgroup_ro(r0, &(0x7f0000000100)='memory.current\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffff9, 0x101000) setsockopt$inet_tcp_int(r1, 0x6, 0x3c, &(0x7f0000000040)=0x8, 0x4) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x10000000000, 0x0) ioctl(r2, 0xffffffffffff8000, &(0x7f0000000000)) write$binfmt_elf32(r0, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x4f, 0x81, 0x5c58, 0x6, 0x3, 0x3e, 0x8, 0x1e9, 0x38, 0x38, 0x63, 0x7, 0x20, 0x2, 0x5, 0x2, 0x3}, [{0x7, 0x8001, 0x101, 0x40, 0x80000000, 0x1, 0x9, 0x8}], "0516be88e85f223851866824eeea5a10b8ee00ad6d15d3a463c8f94cfd9da666cf9fb4fa9c561242e1f5e19331877e2f4a9da04e698556fe1c54a656028786d44d74f90c236651e15209596a2c335c72890ff8f73c5ab270c91997397f25240bafaab35749106456960302b8d53feff4e91a10547091ebf5b6dc8255521ac263c7a858d80c6d842eed5111d787d3e1201e2f2b80720d935c34a085a6126c933dbc74ea8b87010f68c4c734593ed1"}, 0x106) 06:06:46 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:46 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) socket$can_raw(0x1d, 0x3, 0x1) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = socket(0x0, 0x7, 0x80000000) connect$unix(r1, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) [ 1031.399702] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1031.456429] not chained 2240000 origins [ 1031.460447] CPU: 0 PID: 26573 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1031.461832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.461832] Call Trace: [ 1031.461832] dump_stack+0x32d/0x480 [ 1031.461832] kmsan_internal_chain_origin+0x222/0x240 [ 1031.461832] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.461832] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.461832] ? save_stack_trace+0xc6/0x110 [ 1031.461832] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1031.503682] ? kmsan_internal_chain_origin+0x90/0x240 [ 1031.503682] ? get_stack_info+0x863/0x9d0 [ 1031.503682] __msan_chain_origin+0x6d/0xd0 [ 1031.503682] ? do_syscall_64+0xcf/0x110 [ 1031.503682] __save_stack_trace+0x8be/0xc60 [ 1031.503682] ? do_syscall_64+0xcf/0x110 [ 1031.503682] save_stack_trace+0xc6/0x110 [ 1031.503682] kmsan_internal_chain_origin+0x136/0x240 [ 1031.503682] ? kmsan_internal_chain_origin+0x136/0x240 [ 1031.503682] ? kmsan_memcpy_origins+0x13d/0x1b0 06:06:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:46 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400), 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1031.552875] ? __msan_memcpy+0x6f/0x80 [ 1031.552875] ? pskb_expand_head+0x43b/0x1d20 [ 1031.552875] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.552875] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.552875] ? ___sys_sendmsg+0xe68/0x1250 [ 1031.552875] ? __sys_sendmmsg+0x56b/0xa90 [ 1031.577545] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1031.582199] ? __x64_sys_sendmmsg+0x56/0x70 [ 1031.582199] ? do_syscall_64+0xcf/0x110 [ 1031.582199] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.582199] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1031.582199] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1031.582199] ? memcg_kmem_put_cache+0x8e/0x460 [ 1031.582199] ? __msan_get_context_state+0x9/0x30 [ 1031.582199] ? INIT_INT+0xc/0x30 [ 1031.582199] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1031.582199] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.582199] __msan_memcpy+0x6f/0x80 [ 1031.582199] pskb_expand_head+0x43b/0x1d20 [ 1031.582199] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.582199] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.582199] ___sys_sendmsg+0xe68/0x1250 [ 1031.582199] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1031.582199] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1031.582199] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1031.582199] ? rcu_all_qs+0x3b/0x310 [ 1031.582199] ? _cond_resched+0x59/0x120 [ 1031.582199] ? rcu_all_qs+0x53/0x310 [ 1031.582199] ? _cond_resched+0x37/0x120 [ 1031.582199] ? __sys_sendmmsg+0x7c9/0xa90 [ 1031.682767] ? _cond_resched+0x59/0x120 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] ? syscall_return_slowpath+0x123/0x8c0 [ 1031.682767] ? put_timespec64+0x162/0x220 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 06:06:46 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x1, 0x6) getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f0000000180)={'nat\x00', 0x0, 0x4, 0x42, [], 0x5, &(0x7f0000000000)=[{}, {}, {}, {}, {}], &(0x7f0000000100)=""/66}, &(0x7f0000000080)=0x78) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] RIP: 0033:0x457569 [ 1031.682767] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1031.682767] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1031.682767] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1031.682767] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1031.682767] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1031.682767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1031.682767] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 06:06:46 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400), 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 06:06:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x200002, 0x0) mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0xfffffffffffffffe, 0x30, r0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 06:06:47 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Uninit was stored to memory at: [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] __msan_chain_origin+0x6d/0xd0 [ 1031.682767] __save_stack_trace+0x8be/0xc60 [ 1031.682767] save_stack_trace+0xc6/0x110 [ 1031.682767] kmsan_internal_chain_origin+0x136/0x240 [ 1031.682767] kmsan_memcpy_origins+0x13d/0x1b0 [ 1031.682767] __msan_memcpy+0x6f/0x80 [ 1031.682767] pskb_expand_head+0x43b/0x1d20 [ 1031.682767] l2tp_xmit_skb+0x5a7/0x24b0 [ 1031.682767] pppol2tp_sendmsg+0x7a6/0xba0 [ 1031.682767] ___sys_sendmsg+0xe68/0x1250 [ 1031.682767] __sys_sendmmsg+0x56b/0xa90 [ 1031.682767] __se_sys_sendmmsg+0xbd/0xe0 [ 1031.682767] __x64_sys_sendmmsg+0x56/0x70 [ 1031.682767] do_syscall_64+0xcf/0x110 [ 1031.682767] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1031.682767] [ 1031.682767] Local variable description: ----iph@ip_vs_out [ 1031.682767] Variable was created at: [ 1031.682767] ip_vs_out+0x1bf/0x4570 [ 1031.682767] ip_vs_local_reply6+0xec/0x130 [ 1032.330570] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1032.573273] not chained 2250000 origins [ 1032.577296] CPU: 1 PID: 26573 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1032.581822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1032.581822] Call Trace: [ 1032.581822] dump_stack+0x32d/0x480 [ 1032.581822] kmsan_internal_chain_origin+0x222/0x240 [ 1032.601954] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1032.601954] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1032.601954] ? save_stack_trace+0xc6/0x110 [ 1032.601954] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1032.601954] ? kmsan_internal_chain_origin+0x90/0x240 [ 1032.625430] ? get_stack_info+0x863/0x9d0 [ 1032.625430] __msan_chain_origin+0x6d/0xd0 [ 1032.635570] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1032.635570] __save_stack_trace+0x8be/0xc60 [ 1032.635570] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1032.635570] save_stack_trace+0xc6/0x110 [ 1032.635570] kmsan_internal_chain_origin+0x136/0x240 [ 1032.635570] ? kmsan_internal_chain_origin+0x136/0x240 [ 1032.635570] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1032.635570] ? __msan_memcpy+0x6f/0x80 [ 1032.672068] ? pskb_expand_head+0x43b/0x1d20 [ 1032.672068] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1032.672068] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1032.672068] ? ___sys_sendmsg+0xe68/0x1250 [ 1032.672068] ? __sys_sendmmsg+0x56b/0xa90 [ 1032.672068] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1032.672068] ? __x64_sys_sendmmsg+0x56/0x70 [ 1032.672068] ? do_syscall_64+0xcf/0x110 [ 1032.672068] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1032.672068] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1032.672068] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1032.672068] ? memcg_kmem_put_cache+0x8e/0x460 [ 1032.672068] ? __msan_get_context_state+0x9/0x30 [ 1032.672068] ? INIT_INT+0xc/0x30 [ 1032.672068] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1032.672068] kmsan_memcpy_origins+0x13d/0x1b0 [ 1032.672068] __msan_memcpy+0x6f/0x80 [ 1032.672068] pskb_expand_head+0x43b/0x1d20 [ 1032.672068] l2tp_xmit_skb+0x5a7/0x24b0 [ 1032.672068] pppol2tp_sendmsg+0x7a6/0xba0 [ 1032.672068] ___sys_sendmsg+0xe68/0x1250 [ 1032.672068] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1032.672068] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1032.672068] ? kmsan_set_origin+0x83/0x130 [ 1032.779659] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1032.779659] ? _cond_resched+0xc7/0x120 [ 1032.779659] __sys_sendmmsg+0x56b/0xa90 [ 1032.779659] ? syscall_return_slowpath+0x123/0x8c0 [ 1032.779659] ? put_timespec64+0x162/0x220 [ 1032.779659] __se_sys_sendmmsg+0xbd/0xe0 [ 1032.779659] __x64_sys_sendmmsg+0x56/0x70 [ 1032.779659] do_syscall_64+0xcf/0x110 [ 1032.779659] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1032.779659] RIP: 0033:0x457569 [ 1032.779659] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1032.779659] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1032.779659] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1032.779659] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1032.779659] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1032.872022] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1032.872022] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1032.872022] Uninit was stored to memory at: [ 1032.872022] kmsan_internal_chain_origin+0x136/0x240 [ 1032.872022] __msan_chain_origin+0x6d/0xd0 [ 1032.872022] __save_stack_trace+0x8be/0xc60 [ 1032.872022] save_stack_trace+0xc6/0x110 [ 1032.872022] kmsan_internal_chain_origin+0x136/0x240 [ 1032.872022] kmsan_memcpy_origins+0x13d/0x1b0 [ 1032.917623] __msan_memcpy+0x6f/0x80 [ 1032.917623] pskb_expand_head+0x43b/0x1d20 [ 1032.917623] l2tp_xmit_skb+0x5a7/0x24b0 [ 1032.917623] pppol2tp_sendmsg+0x7a6/0xba0 [ 1032.917623] ___sys_sendmsg+0xe68/0x1250 [ 1032.917623] __sys_sendmmsg+0x56b/0xa90 [ 1032.917623] __se_sys_sendmmsg+0xbd/0xe0 [ 1032.917623] __x64_sys_sendmmsg+0x56/0x70 [ 1032.917623] do_syscall_64+0xcf/0x110 [ 1032.955332] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1032.955332] [ 1032.955332] Uninit was stored to memory at: [ 1032.955332] kmsan_internal_chain_origin+0x136/0x240 [ 1032.955332] __msan_chain_origin+0x6d/0xd0 [ 1032.973518] __save_stack_trace+0x8be/0xc60 [ 1032.973518] save_stack_trace+0xc6/0x110 [ 1032.973518] kmsan_internal_chain_origin+0x136/0x240 [ 1032.973518] kmsan_memcpy_origins+0x13d/0x1b0 [ 1032.973518] __msan_memcpy+0x6f/0x80 [ 1032.973518] pskb_expand_head+0x43b/0x1d20 [ 1032.973518] l2tp_xmit_skb+0x5a7/0x24b0 [ 1032.973518] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.007772] ___sys_sendmsg+0xe68/0x1250 [ 1033.007772] __sys_sendmmsg+0x56b/0xa90 [ 1033.007772] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.007772] __x64_sys_sendmmsg+0x56/0x70 [ 1033.007772] do_syscall_64+0xcf/0x110 [ 1033.007772] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.007772] [ 1033.007772] Uninit was stored to memory at: [ 1033.007772] kmsan_internal_chain_origin+0x136/0x240 [ 1033.007772] __msan_chain_origin+0x6d/0xd0 [ 1033.007772] __save_stack_trace+0x8be/0xc60 [ 1033.055757] save_stack_trace+0xc6/0x110 [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.055757] __msan_memcpy+0x6f/0x80 [ 1033.055757] pskb_expand_head+0x43b/0x1d20 [ 1033.055757] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.055757] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.055757] ___sys_sendmsg+0xe68/0x1250 [ 1033.055757] __sys_sendmmsg+0x56b/0xa90 [ 1033.055757] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.055757] __x64_sys_sendmmsg+0x56/0x70 [ 1033.055757] do_syscall_64+0xcf/0x110 [ 1033.055757] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.055757] [ 1033.055757] Uninit was stored to memory at: [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] __msan_chain_origin+0x6d/0xd0 [ 1033.055757] __save_stack_trace+0x8be/0xc60 [ 1033.055757] save_stack_trace+0xc6/0x110 [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.055757] __msan_memcpy+0x6f/0x80 [ 1033.055757] pskb_expand_head+0x43b/0x1d20 [ 1033.055757] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.055757] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.055757] ___sys_sendmsg+0xe68/0x1250 [ 1033.055757] __sys_sendmmsg+0x56b/0xa90 [ 1033.055757] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.055757] __x64_sys_sendmmsg+0x56/0x70 [ 1033.055757] do_syscall_64+0xcf/0x110 [ 1033.055757] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.055757] [ 1033.055757] Uninit was stored to memory at: [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] __msan_chain_origin+0x6d/0xd0 [ 1033.055757] __save_stack_trace+0x8be/0xc60 [ 1033.055757] save_stack_trace+0xc6/0x110 [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.055757] __msan_memcpy+0x6f/0x80 [ 1033.055757] pskb_expand_head+0x43b/0x1d20 [ 1033.055757] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.055757] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.055757] ___sys_sendmsg+0xe68/0x1250 [ 1033.055757] __sys_sendmmsg+0x56b/0xa90 [ 1033.055757] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.055757] __x64_sys_sendmmsg+0x56/0x70 [ 1033.055757] do_syscall_64+0xcf/0x110 [ 1033.055757] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.055757] [ 1033.055757] Uninit was stored to memory at: [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] __msan_chain_origin+0x6d/0xd0 [ 1033.055757] __save_stack_trace+0x8be/0xc60 [ 1033.055757] save_stack_trace+0xc6/0x110 [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.055757] __msan_memcpy+0x6f/0x80 [ 1033.055757] pskb_expand_head+0x43b/0x1d20 [ 1033.055757] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.055757] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.055757] ___sys_sendmsg+0xe68/0x1250 [ 1033.055757] __sys_sendmmsg+0x56b/0xa90 [ 1033.055757] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.055757] __x64_sys_sendmmsg+0x56/0x70 [ 1033.055757] do_syscall_64+0xcf/0x110 [ 1033.055757] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.055757] [ 1033.055757] Uninit was stored to memory at: [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] __msan_chain_origin+0x6d/0xd0 [ 1033.055757] __save_stack_trace+0x8be/0xc60 [ 1033.055757] save_stack_trace+0xc6/0x110 [ 1033.055757] kmsan_internal_chain_origin+0x136/0x240 [ 1033.055757] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.055757] __msan_memcpy+0x6f/0x80 [ 1033.055757] pskb_expand_head+0x43b/0x1d20 [ 1033.055757] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.055757] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.055757] ___sys_sendmsg+0xe68/0x1250 [ 1033.055757] __sys_sendmmsg+0x56b/0xa90 [ 1033.055757] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.055757] __x64_sys_sendmmsg+0x56/0x70 [ 1033.055757] do_syscall_64+0xcf/0x110 [ 1033.055757] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.055757] [ 1033.055757] Local variable description: ----iph@ip_vs_out [ 1033.055757] Variable was created at: [ 1033.055757] ip_vs_out+0x1bf/0x4570 [ 1033.055757] ip_vs_local_reply6+0xec/0x130 [ 1033.430198] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1033.460886] not chained 2260000 origins [ 1033.461809] CPU: 0 PID: 26573 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1033.461809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.461809] Call Trace: [ 1033.461809] dump_stack+0x32d/0x480 [ 1033.461809] kmsan_internal_chain_origin+0x222/0x240 [ 1033.461809] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] ? save_stack_trace+0xc6/0x110 [ 1033.461809] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1033.461809] ? kmsan_internal_chain_origin+0x90/0x240 [ 1033.461809] ? get_stack_info+0x863/0x9d0 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] __save_stack_trace+0x833/0xc60 [ 1033.461809] ? save_stack_trace+0xc6/0x110 [ 1033.461809] save_stack_trace+0xc6/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] ? kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] ? __msan_memcpy+0x6f/0x80 [ 1033.461809] ? pskb_expand_head+0x43b/0x1d20 [ 1033.461809] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ? ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] ? __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] ? __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] ? do_syscall_64+0xcf/0x110 [ 1033.461809] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1033.461809] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1033.461809] ? memcg_kmem_put_cache+0x8e/0x460 [ 1033.461809] ? __msan_get_context_state+0x9/0x30 [ 1033.461809] ? INIT_INT+0xc/0x30 [ 1033.461809] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1033.461809] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1033.461809] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1033.461809] ? rcu_all_qs+0x3b/0x310 [ 1033.461809] ? _cond_resched+0x59/0x120 [ 1033.461809] ? rcu_all_qs+0x53/0x310 [ 1033.461809] ? _cond_resched+0x37/0x120 [ 1033.461809] ? __sys_sendmmsg+0x7c9/0xa90 [ 1033.461809] ? _cond_resched+0x59/0x120 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] ? syscall_return_slowpath+0x123/0x8c0 [ 1033.461809] ? put_timespec64+0x162/0x220 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] RIP: 0033:0x457569 [ 1033.461809] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1033.461809] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1033.461809] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1033.461809] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1033.461809] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1033.461809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1033.461809] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] save_stack_trace+0xfa/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] __save_stack_trace+0x833/0xc60 [ 1033.461809] save_stack_trace+0xc6/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] save_stack_trace+0xfa/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] __save_stack_trace+0x833/0xc60 [ 1033.461809] save_stack_trace+0xc6/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] save_stack_trace+0xfa/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] __save_stack_trace+0x833/0xc60 [ 1033.461809] save_stack_trace+0xc6/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Uninit was stored to memory at: [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] __msan_chain_origin+0x6d/0xd0 [ 1033.461809] save_stack_trace+0xfa/0x110 [ 1033.461809] kmsan_internal_chain_origin+0x136/0x240 [ 1033.461809] kmsan_memcpy_origins+0x13d/0x1b0 [ 1033.461809] __msan_memcpy+0x6f/0x80 [ 1033.461809] pskb_expand_head+0x43b/0x1d20 [ 1033.461809] l2tp_xmit_skb+0x5a7/0x24b0 [ 1033.461809] pppol2tp_sendmsg+0x7a6/0xba0 [ 1033.461809] ___sys_sendmsg+0xe68/0x1250 [ 1033.461809] __sys_sendmmsg+0x56b/0xa90 [ 1033.461809] __se_sys_sendmmsg+0xbd/0xe0 [ 1033.461809] __x64_sys_sendmmsg+0x56/0x70 [ 1033.461809] do_syscall_64+0xcf/0x110 [ 1033.461809] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1033.461809] [ 1033.461809] Local variable description: ----iph@ip_vs_out [ 1033.461809] Variable was created at: [ 1033.461809] ip_vs_out+0x1bf/0x4570 [ 1033.461809] ip_vs_local_reply6+0xec/0x130 [ 1034.307752] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:49 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) prctl$setfpexc(0xc, 0x2) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x12, 0x210802) setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000180)={@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x4, 0x3, 0x4, 0x2, {0xa, 0x4e21, 0xa00000000000, @mcast1, 0x200000000000000}}}, {&(0x7f0000000080)=""/120, 0x78}, &(0x7f0000000100), 0x8}, 0xa0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:06:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:49 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="9d4b374c68c5065e9ec39c359ee3a0c256cda3fc1ab2", 0x16) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288a9119040000000000009c84bc38f7723764008b55", 0xffffffffffffffbe) r1 = getpgid(0xffffffffffffffff) sched_setparam(r1, &(0x7f0000000040)=0x400) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x46100, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 06:06:49 executing program 3: socketpair$inet(0x2, 0x1, 0x78, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000000)={0x0, 0x2a, "13fbd3f85e6f9e84e178154970f74f83ed4ede1919d6eebf7fd0717fb7536f18c2955fc7b954659e6768"}, &(0x7f00000000c0)=0x32) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={r3, 0x81}, &(0x7f0000000140)=0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000002c0)=0x1c) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1a1c596b58a0920e08c8fbbfbf821e84a674ebb5985e87aa2659e5608d3275b926f84e4cb81b9ebd4f09000000f353a1c8b3e9c5f355e6829bf585928b17eb48da70774cf4bcaffbaf226ab75b43d5a48553660dcd9e46b710b6e20aac0c1ae8aac4472b0873275ecf25dd11d719625e44542dc3eed306fd58bb7572ac496c9633696f402178265312f7cdd196b3e9d041b729fe4258898b42f29b17b0283ccf49061e705c8fad8067038bdc00849a97b6cacf16d9377d065d2400d140cfec893bd1bcfc241a625b62a86722166949575de7098180eac228e7449ffa2cdfe694"], 0x1}}, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:49 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000380)='/dev/dri/card#\x00', 0x0, 0x40) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mixer\x00', 0x101000, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000580)="f6326e0b4523d4c2823f05d9e250a97af17ad2bf55c73202774e985b9f7cdef9cdf8293e8542070e087372ebc648b1d104579c9b2b0006ae8f9c39cd0cb14f6642365b402f608ac6ef65c0c6dd494d34d312e60e766ac56b3ed30d62c124de83ef4ac648f3c789e893cb9d9cd72353f51ef073df273a099fb0388ea989fb0d04e9ffe4e7c19b8966e0cb1321fafcec0d752ca66d21bce34f9b37c14896fd3d9e58b2de033dfcee08e547991ccbdf6890f067576fc95b8c0ef57cc5ea98a1e11124dd874ecea118e02d0b64ff66d3ee8cf227212a46da62a8f23f3f26e7b3a03b6ebe143c7fb6684cbd954a47e40c18fcb149a45a4617fec77fa2ffe9199bdaadb02b799d45db9f83e048ad0ec706e84b1470af4ab9a428699e300973981ca07450c459d781fa5cadf059a9fe1ca811b4aa82062f52382b6e0a0cb6923d0000000000000000000000") ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x7f, 0x0, 0x10003, 0x8}) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f0000000040)={0x101, r2}) r3 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r4 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0x3f, 0x2) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000340)={'veth1_to_bond\x00', 0x20}) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f00000002c0), &(0x7f0000000300)=0x4) keyctl$describe(0x6, r3, &(0x7f0000000140)=""/224, 0xe0) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f00000000c0)=0x5, 0x4) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000003c0)) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0205647, &(0x7f00000004c0)={0x9b0000, 0x8001, 0x6, [], &(0x7f0000000480)={0x98092a, 0x81, [], @p_u32=&(0x7f0000000440)=0x8}}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000240)={0x1ff, r2, 0x2, 0x9}) [ 1034.453865] not chained 2270000 origins [ 1034.457887] CPU: 1 PID: 26607 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1034.461967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.468627] Call Trace: [ 1034.476404] dump_stack+0x32d/0x480 [ 1034.476404] kmsan_internal_chain_origin+0x222/0x240 [ 1034.476404] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1034.476404] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1034.476404] ? save_stack_trace+0xc6/0x110 [ 1034.476404] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1034.476404] ? kmsan_internal_chain_origin+0x90/0x240 [ 1034.476404] ? get_stack_info+0x863/0x9d0 [ 1034.476404] __msan_chain_origin+0x6d/0xd0 [ 1034.476404] ? __x64_sys_sendmmsg+0x56/0x70 [ 1034.476404] __save_stack_trace+0x8be/0xc60 [ 1034.476404] ? __x64_sys_sendmmsg+0x56/0x70 [ 1034.476404] save_stack_trace+0xc6/0x110 [ 1034.476404] kmsan_internal_chain_origin+0x136/0x240 [ 1034.476404] ? kmsan_internal_chain_origin+0x136/0x240 [ 1034.476404] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1034.476404] ? __msan_memcpy+0x6f/0x80 [ 1034.476404] ? pskb_expand_head+0x43b/0x1d20 [ 1034.476404] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1034.476404] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1034.476404] ? ___sys_sendmsg+0xe68/0x1250 [ 1034.476404] ? __sys_sendmmsg+0x56b/0xa90 [ 1034.572330] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1034.572330] ? __x64_sys_sendmmsg+0x56/0x70 [ 1034.572330] ? do_syscall_64+0xcf/0x110 [ 1034.572330] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1034.572330] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1034.572330] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1034.572330] ? memcg_kmem_put_cache+0x8e/0x460 [ 1034.572330] ? __msan_get_context_state+0x9/0x30 [ 1034.572330] ? INIT_INT+0xc/0x30 [ 1034.572330] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1034.572330] kmsan_memcpy_origins+0x13d/0x1b0 [ 1034.572330] __msan_memcpy+0x6f/0x80 [ 1034.572330] pskb_expand_head+0x43b/0x1d20 [ 1034.572330] l2tp_xmit_skb+0x5a7/0x24b0 [ 1034.572330] pppol2tp_sendmsg+0x7a6/0xba0 [ 1034.572330] ___sys_sendmsg+0xe68/0x1250 [ 1034.572330] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1034.572330] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1034.572330] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1034.659221] ? rcu_all_qs+0x3b/0x310 [ 1034.659221] ? _cond_resched+0x59/0x120 [ 1034.659221] ? rcu_all_qs+0x53/0x310 [ 1034.659221] ? _cond_resched+0x37/0x120 [ 1034.659221] ? __sys_sendmmsg+0x7c9/0xa90 [ 1034.659221] ? _cond_resched+0x59/0x120 [ 1034.659221] __sys_sendmmsg+0x56b/0xa90 [ 1034.659221] ? syscall_return_slowpath+0x123/0x8c0 [ 1034.659221] ? put_timespec64+0x162/0x220 [ 1034.659221] __se_sys_sendmmsg+0xbd/0xe0 [ 1034.659221] __x64_sys_sendmmsg+0x56/0x70 [ 1034.659221] do_syscall_64+0xcf/0x110 [ 1034.659221] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1034.659221] RIP: 0033:0x457569 [ 1034.659221] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1034.659221] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1034.741559] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1034.741559] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1034.741559] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1034.741559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1034.772056] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1034.772056] Uninit was stored to memory at: [ 1034.772056] kmsan_internal_chain_origin+0x136/0x240 [ 1034.772056] __msan_chain_origin+0x6d/0xd0 [ 1034.772056] __save_stack_trace+0x8be/0xc60 06:06:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:49 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1034.772056] save_stack_trace+0xc6/0x110 [ 1034.772056] kmsan_internal_chain_origin+0x136/0x240 [ 1034.772056] kmsan_memcpy_origins+0x13d/0x1b0 [ 1034.811314] __msan_memcpy+0x6f/0x80 [ 1034.811314] pskb_expand_head+0x43b/0x1d20 [ 1034.811314] l2tp_xmit_skb+0x5a7/0x24b0 [ 1034.811314] pppol2tp_sendmsg+0x7a6/0xba0 [ 1034.811314] ___sys_sendmsg+0xe68/0x1250 [ 1034.811314] __sys_sendmmsg+0x56b/0xa90 [ 1034.811314] __se_sys_sendmmsg+0xbd/0xe0 [ 1034.841988] __x64_sys_sendmmsg+0x56/0x70 [ 1034.841988] do_syscall_64+0xcf/0x110 [ 1034.841988] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1034.841988] [ 1034.857408] Uninit was stored to memory at: [ 1034.857408] kmsan_internal_chain_origin+0x136/0x240 [ 1034.857408] __msan_chain_origin+0x6d/0xd0 [ 1034.857408] __save_stack_trace+0x8be/0xc60 [ 1034.857408] save_stack_trace+0xc6/0x110 [ 1034.857408] kmsan_internal_chain_origin+0x136/0x240 [ 1034.883804] kmsan_memcpy_origins+0x13d/0x1b0 [ 1034.883804] __msan_memcpy+0x6f/0x80 [ 1034.883804] pskb_expand_head+0x43b/0x1d20 [ 1034.883804] l2tp_xmit_skb+0x5a7/0x24b0 [ 1034.883804] pppol2tp_sendmsg+0x7a6/0xba0 [ 1034.883804] ___sys_sendmsg+0xe68/0x1250 [ 1034.909158] __sys_sendmmsg+0x56b/0xa90 [ 1034.913234] __se_sys_sendmmsg+0xbd/0xe0 [ 1034.913234] __x64_sys_sendmmsg+0x56/0x70 [ 1034.921258] do_syscall_64+0xcf/0x110 [ 1034.925465] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1034.925465] [ 1034.925465] Uninit was stored to memory at: [ 1034.925465] kmsan_internal_chain_origin+0x136/0x240 [ 1034.925465] __msan_chain_origin+0x6d/0xd0 [ 1034.925465] __save_stack_trace+0x8be/0xc60 [ 1034.925465] save_stack_trace+0xc6/0x110 [ 1034.925465] kmsan_internal_chain_origin+0x136/0x240 [ 1034.925465] kmsan_memcpy_origins+0x13d/0x1b0 [ 1034.925465] __msan_memcpy+0x6f/0x80 [ 1034.925465] pskb_expand_head+0x43b/0x1d20 [ 1034.925465] l2tp_xmit_skb+0x5a7/0x24b0 [ 1034.925465] pppol2tp_sendmsg+0x7a6/0xba0 [ 1034.925465] ___sys_sendmsg+0xe68/0x1250 [ 1034.925465] __sys_sendmmsg+0x56b/0xa90 [ 1034.925465] __se_sys_sendmmsg+0xbd/0xe0 [ 1034.925465] __x64_sys_sendmmsg+0x56/0x70 [ 1034.925465] do_syscall_64+0xcf/0x110 [ 1034.925465] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1034.925465] [ 1034.925465] Uninit was stored to memory at: [ 1034.925465] kmsan_internal_chain_origin+0x136/0x240 [ 1034.925465] __msan_chain_origin+0x6d/0xd0 [ 1034.925465] __save_stack_trace+0x8be/0xc60 [ 1034.925465] save_stack_trace+0xc6/0x110 [ 1034.925465] kmsan_internal_chain_origin+0x136/0x240 [ 1034.925465] kmsan_memcpy_origins+0x13d/0x1b0 [ 1034.925465] __msan_memcpy+0x6f/0x80 [ 1035.042270] pskb_expand_head+0x43b/0x1d20 [ 1035.042270] l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.042270] pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.042270] ___sys_sendmsg+0xe68/0x1250 [ 1035.042270] __sys_sendmmsg+0x56b/0xa90 [ 1035.042270] __se_sys_sendmmsg+0xbd/0xe0 [ 1035.042270] __x64_sys_sendmmsg+0x56/0x70 [ 1035.042270] do_syscall_64+0xcf/0x110 [ 1035.042270] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1035.042270] [ 1035.042270] Uninit was stored to memory at: [ 1035.042270] kmsan_internal_chain_origin+0x136/0x240 [ 1035.042270] __msan_chain_origin+0x6d/0xd0 [ 1035.042270] __save_stack_trace+0x8be/0xc60 [ 1035.042270] save_stack_trace+0xc6/0x110 [ 1035.042270] kmsan_internal_chain_origin+0x136/0x240 [ 1035.042270] kmsan_memcpy_origins+0x13d/0x1b0 [ 1035.112000] __msan_memcpy+0x6f/0x80 [ 1035.112000] pskb_expand_head+0x43b/0x1d20 [ 1035.112000] l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.112000] pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.112000] ___sys_sendmsg+0xe68/0x1250 [ 1035.112000] __sys_sendmmsg+0x56b/0xa90 [ 1035.112000] __se_sys_sendmmsg+0xbd/0xe0 [ 1035.112000] __x64_sys_sendmmsg+0x56/0x70 [ 1035.112000] do_syscall_64+0xcf/0x110 [ 1035.112000] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1035.112000] [ 1035.112000] Uninit was stored to memory at: [ 1035.112000] kmsan_internal_chain_origin+0x136/0x240 [ 1035.112000] __msan_chain_origin+0x6d/0xd0 [ 1035.112000] __save_stack_trace+0x8be/0xc60 [ 1035.112000] save_stack_trace+0xc6/0x110 [ 1035.112000] kmsan_internal_chain_origin+0x136/0x240 [ 1035.182190] kmsan_memcpy_origins+0x13d/0x1b0 [ 1035.182190] __msan_memcpy+0x6f/0x80 [ 1035.182190] pskb_expand_head+0x43b/0x1d20 [ 1035.182190] l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.182190] pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.182190] ___sys_sendmsg+0xe68/0x1250 [ 1035.182190] __sys_sendmmsg+0x56b/0xa90 [ 1035.182190] __se_sys_sendmmsg+0xbd/0xe0 [ 1035.182190] __x64_sys_sendmmsg+0x56/0x70 [ 1035.182190] do_syscall_64+0xcf/0x110 [ 1035.182190] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1035.182190] [ 1035.182190] Uninit was stored to memory at: [ 1035.182190] kmsan_internal_chain_origin+0x136/0x240 [ 1035.182190] __msan_chain_origin+0x6d/0xd0 [ 1035.182190] __save_stack_trace+0x8be/0xc60 [ 1035.182190] save_stack_trace+0xc6/0x110 [ 1035.182190] kmsan_internal_chain_origin+0x136/0x240 [ 1035.182190] kmsan_memcpy_origins+0x13d/0x1b0 [ 1035.182190] __msan_memcpy+0x6f/0x80 [ 1035.182190] pskb_expand_head+0x43b/0x1d20 [ 1035.182190] l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.182190] pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.182190] ___sys_sendmsg+0xe68/0x1250 [ 1035.182190] __sys_sendmmsg+0x56b/0xa90 [ 1035.182190] __se_sys_sendmmsg+0xbd/0xe0 [ 1035.182190] __x64_sys_sendmmsg+0x56/0x70 [ 1035.182190] do_syscall_64+0xcf/0x110 06:06:50 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0e12f32efd14152f951dea889bbb4beac37e2b7f4d64c3c7ab16668c8a6268b343480442a9845c89cc9e7cbcb6707801cfe2900de5d17a1aedfc5ae6ddcc9034c63f3cdae7756e05e66afbcc59e412838817"], 0x1}}, 0x0) ioctl$RTC_WIE_OFF(r1, 0x7010) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f00000000c0)=[@in6={0xa, 0x4e22, 0x800, @mcast2, 0x8}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e24, 0x0, @mcast2}, @in={0x2, 0x4e23, @broadcast}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x4e20, 0x5a, @mcast1, 0x6}, @in={0x2, 0x4e22, @remote}], 0xa4) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000080), 0x4) [ 1035.182190] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1035.182190] [ 1035.182190] Local variable description: ----iph@ip_vs_out [ 1035.182190] Variable was created at: [ 1035.182190] ip_vs_out+0x1bf/0x4570 [ 1035.182190] ip_vs_local_reply6+0xec/0x130 [ 1035.328164] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:50 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="888bba26eed3ad4cb4dc53192673071bd3b82343947039982739eae3eb0ca86c18c0221abd98be1891e162b10f17a43876e7e7bfa0c8cf62279a64ba6be3c7872c2af94a97909ab8f4704e630cd2dbab9b6fda8b7b98a7c6e1a2b218dad592444de5d71cff603e78cc732288b4185d4b2c6b05ef788e856d7087748f1b0dc0dfed56666609bef88d21711be41f718ef37f16228eb581427d83bff82e36a6", 0x9e) 06:06:50 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:50 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01ab", 0x18) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1035.674402] not chained 2280000 origins [ 1035.678429] CPU: 1 PID: 26607 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1035.681835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.681835] Call Trace: [ 1035.681835] dump_stack+0x32d/0x480 [ 1035.681835] ? save_stack_trace+0xc6/0x110 [ 1035.703472] kmsan_internal_chain_origin+0x222/0x240 [ 1035.703472] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1035.703472] ? is_bpf_text_address+0x49e/0x4d0 [ 1035.703472] ? INIT_INT+0xc/0x30 [ 1035.703472] ? __msan_warning+0x74/0xd0 [ 1035.703472] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 1035.703472] ? __save_stack_trace+0x9f2/0xc60 [ 1035.703472] __msan_chain_origin+0x6d/0xd0 [ 1035.703472] save_stack_trace+0xfa/0x110 [ 1035.703472] kmsan_internal_chain_origin+0x136/0x240 [ 1035.703472] ? kmsan_internal_chain_origin+0x136/0x240 [ 1035.703472] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1035.703472] ? __msan_memcpy+0x6f/0x80 [ 1035.703472] ? pskb_expand_head+0x43b/0x1d20 [ 1035.703472] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.703472] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.703472] ? ___sys_sendmsg+0xe68/0x1250 [ 1035.703472] ? __sys_sendmmsg+0x56b/0xa90 [ 1035.703472] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1035.703472] ? __x64_sys_sendmmsg+0x56/0x70 [ 1035.703472] ? do_syscall_64+0xcf/0x110 [ 1035.703472] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1035.703472] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1035.703472] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1035.703472] ? memcg_kmem_put_cache+0x8e/0x460 [ 1035.703472] ? __msan_get_context_state+0x9/0x30 [ 1035.703472] ? INIT_INT+0xc/0x30 [ 1035.703472] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1035.703472] kmsan_memcpy_origins+0x13d/0x1b0 [ 1035.835322] __msan_memcpy+0x6f/0x80 [ 1035.835322] pskb_expand_head+0x43b/0x1d20 [ 1035.835322] l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.835322] pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.835322] ___sys_sendmsg+0xe68/0x1250 [ 1035.835322] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1035.835322] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1035.835322] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1035.835322] ? rcu_all_qs+0x3b/0x310 [ 1035.835322] ? _cond_resched+0x59/0x120 [ 1035.835322] ? rcu_all_qs+0x53/0x310 [ 1035.835322] ? _cond_resched+0x37/0x120 [ 1035.835322] ? __sys_sendmmsg+0x7c9/0xa90 [ 1035.835322] ? _cond_resched+0x59/0x120 [ 1035.835322] __sys_sendmmsg+0x56b/0xa90 [ 1035.835322] ? syscall_return_slowpath+0x123/0x8c0 [ 1035.902315] ? put_timespec64+0x162/0x220 [ 1035.909747] __se_sys_sendmmsg+0xbd/0xe0 [ 1035.909747] __x64_sys_sendmmsg+0x56/0x70 [ 1035.909747] do_syscall_64+0xcf/0x110 [ 1035.909747] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1035.909747] RIP: 0033:0x457569 [ 1035.927884] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.927884] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1035.927884] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1035.927884] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1035.927884] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1035.972067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1035.980933] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1035.980933] Uninit was stored to memory at: [ 1035.980933] kmsan_internal_chain_origin+0x136/0x240 [ 1035.980933] __msan_chain_origin+0x6d/0xd0 [ 1035.980933] save_stack_trace+0xfa/0x110 [ 1035.980933] kmsan_internal_chain_origin+0x136/0x240 [ 1035.980933] kmsan_memcpy_origins+0x13d/0x1b0 [ 1035.980933] __msan_memcpy+0x6f/0x80 [ 1035.980933] pskb_expand_head+0x43b/0x1d20 [ 1035.980933] l2tp_xmit_skb+0x5a7/0x24b0 [ 1035.980933] pppol2tp_sendmsg+0x7a6/0xba0 [ 1035.980933] ___sys_sendmsg+0xe68/0x1250 [ 1035.980933] __sys_sendmmsg+0x56b/0xa90 [ 1036.042053] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.042053] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Uninit was stored to memory at: [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] __msan_chain_origin+0x6d/0xd0 [ 1036.050004] __save_stack_trace+0x833/0xc60 [ 1036.050004] save_stack_trace+0xc6/0x110 [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.050004] __msan_memcpy+0x6f/0x80 [ 1036.050004] pskb_expand_head+0x43b/0x1d20 [ 1036.050004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.050004] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.050004] ___sys_sendmsg+0xe68/0x1250 [ 1036.050004] __sys_sendmmsg+0x56b/0xa90 [ 1036.050004] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.050004] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Uninit was stored to memory at: [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] __msan_chain_origin+0x6d/0xd0 [ 1036.050004] save_stack_trace+0xfa/0x110 [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.050004] __msan_memcpy+0x6f/0x80 [ 1036.050004] pskb_expand_head+0x43b/0x1d20 [ 1036.050004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.050004] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.050004] ___sys_sendmsg+0xe68/0x1250 [ 1036.050004] __sys_sendmmsg+0x56b/0xa90 [ 1036.050004] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.050004] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Uninit was stored to memory at: [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] __msan_chain_origin+0x6d/0xd0 [ 1036.050004] __save_stack_trace+0x833/0xc60 [ 1036.050004] save_stack_trace+0xc6/0x110 [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.050004] __msan_memcpy+0x6f/0x80 [ 1036.050004] pskb_expand_head+0x43b/0x1d20 [ 1036.050004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.050004] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.050004] ___sys_sendmsg+0xe68/0x1250 [ 1036.050004] __sys_sendmmsg+0x56b/0xa90 [ 1036.050004] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.050004] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Uninit was stored to memory at: [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] __msan_chain_origin+0x6d/0xd0 [ 1036.050004] save_stack_trace+0xfa/0x110 [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.050004] __msan_memcpy+0x6f/0x80 [ 1036.050004] pskb_expand_head+0x43b/0x1d20 [ 1036.050004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.050004] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.050004] ___sys_sendmsg+0xe68/0x1250 [ 1036.050004] __sys_sendmmsg+0x56b/0xa90 [ 1036.050004] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.050004] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Uninit was stored to memory at: [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] __msan_chain_origin+0x6d/0xd0 [ 1036.050004] __save_stack_trace+0x833/0xc60 [ 1036.050004] save_stack_trace+0xc6/0x110 [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.050004] __msan_memcpy+0x6f/0x80 [ 1036.050004] pskb_expand_head+0x43b/0x1d20 [ 1036.050004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.050004] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.050004] ___sys_sendmsg+0xe68/0x1250 [ 1036.050004] __sys_sendmmsg+0x56b/0xa90 [ 1036.050004] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.050004] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Uninit was stored to memory at: [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] __msan_chain_origin+0x6d/0xd0 [ 1036.050004] save_stack_trace+0xfa/0x110 [ 1036.050004] kmsan_internal_chain_origin+0x136/0x240 [ 1036.050004] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.050004] __msan_memcpy+0x6f/0x80 [ 1036.050004] pskb_expand_head+0x43b/0x1d20 [ 1036.050004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.050004] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.050004] ___sys_sendmsg+0xe68/0x1250 [ 1036.050004] __sys_sendmmsg+0x56b/0xa90 [ 1036.050004] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.050004] __x64_sys_sendmmsg+0x56/0x70 [ 1036.050004] do_syscall_64+0xcf/0x110 [ 1036.050004] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.050004] [ 1036.050004] Local variable description: ----iph@ip_vs_out [ 1036.050004] Variable was created at: [ 1036.050004] ip_vs_out+0x1bf/0x4570 [ 1036.050004] ip_vs_local_reply6+0xec/0x130 [ 1036.519338] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1036.718728] not chained 2290000 origins [ 1036.721826] CPU: 1 PID: 26607 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1036.721826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.721826] Call Trace: [ 1036.721826] dump_stack+0x32d/0x480 [ 1036.721826] kmsan_internal_chain_origin+0x222/0x240 [ 1036.721826] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.721826] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.756173] ? save_stack_trace+0xc6/0x110 [ 1036.756173] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1036.756173] ? kmsan_internal_chain_origin+0x90/0x240 [ 1036.774743] ? get_stack_info+0x863/0x9d0 [ 1036.774743] __msan_chain_origin+0x6d/0xd0 [ 1036.774743] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1036.774743] __save_stack_trace+0x8be/0xc60 [ 1036.774743] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1036.774743] save_stack_trace+0xc6/0x110 [ 1036.799147] kmsan_internal_chain_origin+0x136/0x240 [ 1036.799147] ? kmsan_internal_chain_origin+0x136/0x240 [ 1036.808299] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.808299] ? __msan_memcpy+0x6f/0x80 [ 1036.816654] ? pskb_expand_head+0x43b/0x1d20 [ 1036.816654] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.816654] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.831937] ? ___sys_sendmsg+0xe68/0x1250 [ 1036.831937] ? __sys_sendmmsg+0x56b/0xa90 [ 1036.831937] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1036.831937] ? __x64_sys_sendmmsg+0x56/0x70 [ 1036.831937] ? do_syscall_64+0xcf/0x110 [ 1036.831937] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.831937] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1036.831937] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1036.831937] ? memcg_kmem_put_cache+0x8e/0x460 [ 1036.831937] ? __msan_get_context_state+0x9/0x30 [ 1036.831937] ? INIT_INT+0xc/0x30 [ 1036.878463] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1036.878463] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1036.878463] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1036.878463] ? rcu_all_qs+0x3b/0x310 [ 1036.878463] ? _cond_resched+0x59/0x120 [ 1036.878463] ? rcu_all_qs+0x53/0x310 [ 1036.878463] ? _cond_resched+0x37/0x120 [ 1036.878463] ? __sys_sendmmsg+0x7c9/0xa90 [ 1036.878463] ? _cond_resched+0x59/0x120 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] ? syscall_return_slowpath+0x123/0x8c0 [ 1036.878463] ? put_timespec64+0x162/0x220 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] RIP: 0033:0x457569 [ 1036.878463] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1036.878463] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1036.878463] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1036.878463] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1036.878463] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1036.878463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1036.878463] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Uninit was stored to memory at: [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] __msan_chain_origin+0x6d/0xd0 [ 1036.878463] __save_stack_trace+0x8be/0xc60 [ 1036.878463] save_stack_trace+0xc6/0x110 [ 1036.878463] kmsan_internal_chain_origin+0x136/0x240 [ 1036.878463] kmsan_memcpy_origins+0x13d/0x1b0 [ 1036.878463] __msan_memcpy+0x6f/0x80 [ 1036.878463] pskb_expand_head+0x43b/0x1d20 [ 1036.878463] l2tp_xmit_skb+0x5a7/0x24b0 [ 1036.878463] pppol2tp_sendmsg+0x7a6/0xba0 [ 1036.878463] ___sys_sendmsg+0xe68/0x1250 [ 1036.878463] __sys_sendmmsg+0x56b/0xa90 [ 1036.878463] __se_sys_sendmmsg+0xbd/0xe0 [ 1036.878463] __x64_sys_sendmmsg+0x56/0x70 [ 1036.878463] do_syscall_64+0xcf/0x110 [ 1036.878463] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1036.878463] [ 1036.878463] Local variable description: ----iph@ip_vs_out [ 1036.878463] Variable was created at: [ 1036.878463] ip_vs_out+0x1bf/0x4570 [ 1036.878463] ip_vs_local_reply6+0xec/0x130 [ 1037.588082] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:52 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00') setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000080)=0x3, 0x4) 06:06:52 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000140)="ae4ddd2c08d29459397e0afb0355e433d92430019a20c724a5000043864a81cd8296e9b344cc7dbe15a09dc1c83ec391241020b71ab02b9759f78d0fb20b341dedada7") setxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000100)=@v1={0x1000000, [{0x480, 0x8001}]}, 0xc, 0x2) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000000)={0x100000001, 0x3, 0x4}) 06:06:52 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r2 = dup2(r1, r0) shutdown(r1, 0x0) connect$can_bcm(r2, &(0x7f0000000140), 0x10) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000cc0)={&(0x7f0000000b80), 0xc, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x3, &(0x7f0000000080), 0x4) 06:06:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:52 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) socketpair(0x1b, 0x5, 0xfffffffffffffff9, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSBRK(r1, 0x5427) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000240)="b7f22816c14789f0265df5cf1cdd8b55eb14d0b51082287b31b880528abca3122ca4dd00c9c289a229566fa72fbc90dab48a970f2cf401c8fa2a6d9f65d1864cb0c3e481d576c40eb2d2e065472d01bd88597eee11576dd24b11a7a7af368411b62d4c8ae4122f57a6e1e6d7e69f21980b41036de0663f0a525c9b40368b9c50076c3b0367d00f74833e74ac441ea6d659010688bb0b9473ec358e", 0x11b) 06:06:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01ab", 0x18) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:53 executing program 4: r0 = creat(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[@ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRES64=r0]], 0x8) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'ip6tnl0\x00', 0x8}) close(r0) execve(&(0x7f0000000180)='./file0\x00', &(0x7f0000000140), &(0x7f0000000140)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) [ 1038.031545] not chained 2300000 origins [ 1038.031881] CPU: 1 PID: 26667 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1038.031881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.031881] Call Trace: [ 1038.031881] dump_stack+0x32d/0x480 [ 1038.031881] ? save_stack_trace+0xc6/0x110 [ 1038.031881] kmsan_internal_chain_origin+0x222/0x240 [ 1038.031881] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.031881] ? kmsan_internal_chain_origin+0x136/0x240 [ 1038.031881] ? __msan_chain_origin+0x6d/0xd0 [ 1038.031881] ? __save_stack_trace+0x8be/0xc60 [ 1038.031881] ? save_stack_trace+0xc6/0x110 [ 1038.031881] ? kmsan_internal_chain_origin+0x136/0x240 [ 1038.031881] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.031881] ? __msan_memcpy+0x6f/0x80 [ 1038.031881] ? pskb_expand_head+0x43b/0x1d20 [ 1038.031881] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.031881] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.031881] ? ___sys_sendmsg+0xe68/0x1250 [ 1038.031881] ? __sys_sendmmsg+0x56b/0xa90 [ 1038.124067] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1038.124067] ? __x64_sys_sendmmsg+0x56/0x70 [ 1038.124067] ? do_syscall_64+0xcf/0x110 [ 1038.124067] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.124067] ? save_stack_trace+0xc6/0x110 [ 1038.124067] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1038.124067] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1038.124067] ? __module_address+0x6a/0x610 [ 1038.162128] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1038.162128] ? is_bpf_text_address+0x49e/0x4d0 [ 1038.162128] ? INIT_INT+0xc/0x30 [ 1038.162128] __msan_chain_origin+0x6d/0xd0 06:06:53 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x400) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x8, @mcast2, 0x8}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1c}}, @in6={0xa, 0x4e23, 0x6, @remote, 0x8001}, @in={0x2, 0x4e20}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1a}}], 0x78) mmap(&(0x7f0000012000/0x2000)=nil, 0x2000, 0x0, 0x810, r0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000240)="d49e2baf9e2ea4044faedafac5eda704eff145b4077de979d7b15c25d9c4e8d4f2b338f58c1f8c5bc88bf0ba2396eceb54aae61c53eb87012142cb1840415dcddfaed531bbd7efc9c83d0698e00a6d22b292848a8df5809bc24c4199e9597cb27e11be6326bd5cf99e7319f0763fb0592ff1683a9f9fd0e8341ffd16314222040863fa36648baf53ed2a3aebaa29313e24de17a7dfb0dc8d52a23725b70fdec383d48b143cf49c63af84cd9e240cb98ff96bae1318bfc0c16ea3a4a9cee33f5f04288d5bd4cfc869a28bc9bf1ec87e8d51907f37bbe14c5b1c0baa9d1a189e41f2c4cdf0f8cb68555b756125a3cd17199426b6ded438390d463f2bdf57d5b2e8d0e92eae9e7c10bc6664e5fab1901298ca766c080171430f58a6487bc66aba13f884fb85cc4ec59d") [ 1038.162128] __save_stack_trace+0xaff/0xc60 [ 1038.162128] save_stack_trace+0xc6/0x110 [ 1038.162128] kmsan_internal_chain_origin+0x136/0x240 [ 1038.162128] ? kmsan_internal_chain_origin+0x136/0x240 [ 1038.162128] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.201635] ? __msan_memcpy+0x6f/0x80 [ 1038.201635] ? pskb_expand_head+0x43b/0x1d20 [ 1038.201635] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.201635] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.201635] ? ___sys_sendmsg+0xe68/0x1250 [ 1038.201635] ? __sys_sendmmsg+0x56b/0xa90 [ 1038.201635] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1038.201635] ? __x64_sys_sendmmsg+0x56/0x70 [ 1038.235284] ? do_syscall_64+0xcf/0x110 [ 1038.235284] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.235284] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1038.235284] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1038.235284] ? memcg_kmem_put_cache+0x8e/0x460 [ 1038.235284] ? __msan_get_context_state+0x9/0x30 [ 1038.235284] ? INIT_INT+0xc/0x30 [ 1038.235284] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1038.235284] kmsan_memcpy_origins+0x13d/0x1b0 06:06:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) 06:06:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01ab", 0x18) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1038.235284] __msan_memcpy+0x6f/0x80 [ 1038.235284] pskb_expand_head+0x43b/0x1d20 [ 1038.235284] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.235284] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.235284] ___sys_sendmsg+0xe68/0x1250 [ 1038.235284] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1038.235284] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1038.235284] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1038.235284] ? rcu_all_qs+0x3b/0x310 [ 1038.235284] ? _cond_resched+0x59/0x120 [ 1038.235284] ? rcu_all_qs+0x53/0x310 [ 1038.327425] ? _cond_resched+0x37/0x120 [ 1038.327425] ? __sys_sendmmsg+0x7c9/0xa90 [ 1038.327425] ? _cond_resched+0x59/0x120 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] ? syscall_return_slowpath+0x123/0x8c0 06:06:53 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000400)=""/217, 0xd9}], 0x1, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1038.327425] ? put_timespec64+0x162/0x220 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] RIP: 0033:0x457569 [ 1038.327425] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1038.327425] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1038.327425] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1038.327425] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1038.327425] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1038.327425] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1038.327425] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Uninit was stored to memory at: [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] __msan_chain_origin+0x6d/0xd0 [ 1038.327425] __save_stack_trace+0x8be/0xc60 [ 1038.327425] save_stack_trace+0xc6/0x110 [ 1038.327425] kmsan_internal_chain_origin+0x136/0x240 [ 1038.327425] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.327425] __msan_memcpy+0x6f/0x80 [ 1038.327425] pskb_expand_head+0x43b/0x1d20 [ 1038.327425] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.327425] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.327425] ___sys_sendmsg+0xe68/0x1250 [ 1038.327425] __sys_sendmmsg+0x56b/0xa90 [ 1038.327425] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.327425] __x64_sys_sendmmsg+0x56/0x70 [ 1038.327425] do_syscall_64+0xcf/0x110 [ 1038.327425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.327425] [ 1038.327425] Local variable description: ----iph@ip_vs_out [ 1038.327425] Variable was created at: [ 1038.327425] ip_vs_out+0x1bf/0x4570 [ 1038.327425] ip_vs_local_reply6+0xec/0x130 [ 1038.332053] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1038.645395] not chained 2310000 origins [ 1038.645423] CPU: 0 PID: 26667 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1038.645436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.645446] Call Trace: [ 1038.645477] dump_stack+0x32d/0x480 [ 1038.645523] kmsan_internal_chain_origin+0x222/0x240 [ 1038.645546] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.645578] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.645626] ? save_stack_trace+0xc6/0x110 [ 1038.645654] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1038.645690] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1038.645717] ? __module_address+0x6a/0x610 [ 1038.645752] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1038.645782] ? is_bpf_text_address+0x49e/0x4d0 [ 1038.645815] ? INIT_INT+0xc/0x30 [ 1038.645856] __msan_chain_origin+0x6d/0xd0 [ 1038.645887] __save_stack_trace+0xaff/0xc60 [ 1038.645953] save_stack_trace+0xc6/0x110 [ 1038.645987] kmsan_internal_chain_origin+0x136/0x240 [ 1038.646026] ? kmsan_internal_chain_origin+0x136/0x240 [ 1038.646050] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.646073] ? __msan_memcpy+0x6f/0x80 [ 1038.646094] ? pskb_expand_head+0x43b/0x1d20 [ 1038.646116] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.646138] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.646160] ? ___sys_sendmsg+0xe68/0x1250 [ 1038.646189] ? __sys_sendmmsg+0x56b/0xa90 [ 1038.646216] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1038.646237] ? __x64_sys_sendmmsg+0x56/0x70 [ 1038.646259] ? do_syscall_64+0xcf/0x110 [ 1038.646282] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.646310] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1038.646355] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1038.646379] ? memcg_kmem_put_cache+0x8e/0x460 [ 1038.646415] ? __msan_get_context_state+0x9/0x30 [ 1038.646437] ? INIT_INT+0xc/0x30 [ 1038.646461] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1038.646504] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.646542] __msan_memcpy+0x6f/0x80 [ 1038.646567] pskb_expand_head+0x43b/0x1d20 [ 1038.646625] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.646689] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.646762] ___sys_sendmsg+0xe68/0x1250 [ 1038.646787] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1038.646855] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1038.646886] ? kmsan_set_origin+0x83/0x130 [ 1038.646917] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1038.646957] ? _cond_resched+0xc7/0x120 [ 1038.646984] __sys_sendmmsg+0x56b/0xa90 [ 1038.647043] ? syscall_return_slowpath+0x123/0x8c0 [ 1038.647065] ? put_timespec64+0x162/0x220 [ 1038.647104] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.647137] __x64_sys_sendmmsg+0x56/0x70 [ 1038.647162] do_syscall_64+0xcf/0x110 [ 1038.647204] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.647224] RIP: 0033:0x457569 [ 1038.647246] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1038.647260] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1038.647285] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1038.647301] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1038.647315] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1038.647330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1038.647345] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1038.647377] Uninit was stored to memory at: [ 1038.647401] kmsan_internal_chain_origin+0x136/0x240 [ 1038.647424] __msan_chain_origin+0x6d/0xd0 [ 1038.647444] __save_stack_trace+0x8be/0xc60 [ 1038.647464] save_stack_trace+0xc6/0x110 [ 1038.647486] kmsan_internal_chain_origin+0x136/0x240 [ 1038.647507] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.647529] __msan_memcpy+0x6f/0x80 [ 1038.647547] pskb_expand_head+0x43b/0x1d20 [ 1038.647567] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.647587] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.647606] ___sys_sendmsg+0xe68/0x1250 [ 1038.647624] __sys_sendmmsg+0x56b/0xa90 [ 1038.647643] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.647662] __x64_sys_sendmmsg+0x56/0x70 [ 1038.647681] do_syscall_64+0xcf/0x110 [ 1038.647701] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.647709] [ 1038.647717] Uninit was stored to memory at: [ 1038.647740] kmsan_internal_chain_origin+0x136/0x240 [ 1038.647762] __msan_chain_origin+0x6d/0xd0 [ 1038.647782] __save_stack_trace+0x8be/0xc60 [ 1038.647802] save_stack_trace+0xc6/0x110 [ 1038.647824] kmsan_internal_chain_origin+0x136/0x240 [ 1038.647846] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.647867] __msan_memcpy+0x6f/0x80 [ 1038.647885] pskb_expand_head+0x43b/0x1d20 [ 1038.647905] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.647925] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.647944] ___sys_sendmsg+0xe68/0x1250 [ 1038.647962] __sys_sendmmsg+0x56b/0xa90 [ 1038.647981] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.648000] __x64_sys_sendmmsg+0x56/0x70 [ 1038.648019] do_syscall_64+0xcf/0x110 [ 1038.648040] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.648047] [ 1038.648056] Uninit was stored to memory at: [ 1038.648078] kmsan_internal_chain_origin+0x136/0x240 [ 1038.648100] __msan_chain_origin+0x6d/0xd0 [ 1038.648120] __save_stack_trace+0x8be/0xc60 [ 1038.648140] save_stack_trace+0xc6/0x110 [ 1038.648163] kmsan_internal_chain_origin+0x136/0x240 [ 1038.648194] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.648221] __msan_memcpy+0x6f/0x80 [ 1038.648239] pskb_expand_head+0x43b/0x1d20 [ 1038.648259] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.648279] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.648298] ___sys_sendmsg+0xe68/0x1250 [ 1038.648316] __sys_sendmmsg+0x56b/0xa90 [ 1038.648335] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.648354] __x64_sys_sendmmsg+0x56/0x70 [ 1038.648373] do_syscall_64+0xcf/0x110 [ 1038.648393] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.648401] [ 1038.648409] Uninit was stored to memory at: [ 1038.648432] kmsan_internal_chain_origin+0x136/0x240 [ 1038.648454] __msan_chain_origin+0x6d/0xd0 [ 1038.648474] __save_stack_trace+0x8be/0xc60 [ 1038.648494] save_stack_trace+0xc6/0x110 [ 1038.648516] kmsan_internal_chain_origin+0x136/0x240 [ 1038.648538] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.648559] __msan_memcpy+0x6f/0x80 [ 1038.648577] pskb_expand_head+0x43b/0x1d20 [ 1038.648596] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.648617] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.648635] ___sys_sendmsg+0xe68/0x1250 [ 1038.648654] __sys_sendmmsg+0x56b/0xa90 [ 1038.648673] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.648693] __x64_sys_sendmmsg+0x56/0x70 [ 1038.648712] do_syscall_64+0xcf/0x110 [ 1038.648732] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.648740] [ 1038.648748] Uninit was stored to memory at: [ 1038.648771] kmsan_internal_chain_origin+0x136/0x240 [ 1038.648793] __msan_chain_origin+0x6d/0xd0 [ 1038.648813] __save_stack_trace+0x8be/0xc60 [ 1038.648833] save_stack_trace+0xc6/0x110 [ 1038.648855] kmsan_internal_chain_origin+0x136/0x240 [ 1038.648876] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.648897] __msan_memcpy+0x6f/0x80 [ 1038.648915] pskb_expand_head+0x43b/0x1d20 [ 1038.648935] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.648955] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.648974] ___sys_sendmsg+0xe68/0x1250 [ 1038.648992] __sys_sendmmsg+0x56b/0xa90 [ 1038.649011] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.649030] __x64_sys_sendmmsg+0x56/0x70 [ 1038.649048] do_syscall_64+0xcf/0x110 [ 1038.649069] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.649077] [ 1038.649085] Uninit was stored to memory at: [ 1038.649107] kmsan_internal_chain_origin+0x136/0x240 [ 1038.649129] __msan_chain_origin+0x6d/0xd0 [ 1038.649149] __save_stack_trace+0x8be/0xc60 [ 1038.649169] save_stack_trace+0xc6/0x110 [ 1038.649205] kmsan_internal_chain_origin+0x136/0x240 [ 1038.649227] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.649248] __msan_memcpy+0x6f/0x80 [ 1038.649267] pskb_expand_head+0x43b/0x1d20 [ 1038.649286] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.649307] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.649325] ___sys_sendmsg+0xe68/0x1250 [ 1038.649344] __sys_sendmmsg+0x56b/0xa90 [ 1038.649362] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.649381] __x64_sys_sendmmsg+0x56/0x70 [ 1038.649400] do_syscall_64+0xcf/0x110 [ 1038.649421] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.649428] [ 1038.649437] Uninit was stored to memory at: [ 1038.649459] kmsan_internal_chain_origin+0x136/0x240 [ 1038.649481] __msan_chain_origin+0x6d/0xd0 [ 1038.649501] __save_stack_trace+0x8be/0xc60 [ 1038.649521] save_stack_trace+0xc6/0x110 [ 1038.649543] kmsan_internal_chain_origin+0x136/0x240 [ 1038.649565] kmsan_memcpy_origins+0x13d/0x1b0 [ 1038.649586] __msan_memcpy+0x6f/0x80 [ 1038.649604] pskb_expand_head+0x43b/0x1d20 [ 1038.649624] l2tp_xmit_skb+0x5a7/0x24b0 [ 1038.649644] pppol2tp_sendmsg+0x7a6/0xba0 [ 1038.649662] ___sys_sendmsg+0xe68/0x1250 [ 1038.649681] __sys_sendmmsg+0x56b/0xa90 [ 1038.649699] __se_sys_sendmmsg+0xbd/0xe0 [ 1038.649719] __x64_sys_sendmmsg+0x56/0x70 [ 1038.649738] do_syscall_64+0xcf/0x110 [ 1038.649759] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1038.649766] [ 1038.649777] Local variable description: ----iph@ip_vs_out [ 1038.649785] Variable was created at: [ 1038.649805] ip_vs_out+0x1bf/0x4570 [ 1038.649825] ip_vs_local_reply6+0xec/0x130 [ 1038.879674] not chained 2320000 origins [ 1040.316584] CPU: 0 PID: 26667 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1040.316584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1040.316584] Call Trace: [ 1040.316584] dump_stack+0x32d/0x480 [ 1040.316584] kmsan_internal_chain_origin+0x222/0x240 [ 1040.316584] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.316584] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.316584] ? save_stack_trace+0xc6/0x110 [ 1040.316584] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1040.316584] ? kmsan_internal_chain_origin+0x90/0x240 [ 1040.316584] ? get_stack_info+0x863/0x9d0 [ 1040.316584] __msan_chain_origin+0x6d/0xd0 [ 1040.316584] ? __sys_sendmmsg+0x56b/0xa90 [ 1040.316584] __save_stack_trace+0x8be/0xc60 [ 1040.316584] ? __sys_sendmmsg+0x56b/0xa90 [ 1040.316584] save_stack_trace+0xc6/0x110 [ 1040.316584] kmsan_internal_chain_origin+0x136/0x240 [ 1040.398466] ? kmsan_internal_chain_origin+0x136/0x240 [ 1040.398466] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.405591] ? __msan_memcpy+0x6f/0x80 [ 1040.405591] ? pskb_expand_head+0x43b/0x1d20 [ 1040.413429] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.413429] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.413429] ? ___sys_sendmsg+0xe68/0x1250 [ 1040.413429] ? __sys_sendmmsg+0x56b/0xa90 [ 1040.413429] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1040.413429] ? __x64_sys_sendmmsg+0x56/0x70 [ 1040.413429] ? do_syscall_64+0xcf/0x110 [ 1040.413429] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.413429] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1040.413429] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1040.413429] ? memcg_kmem_put_cache+0x8e/0x460 [ 1040.467070] ? __msan_get_context_state+0x9/0x30 [ 1040.471000] ? INIT_INT+0xc/0x30 [ 1040.474903] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1040.480080] kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.485243] __msan_memcpy+0x6f/0x80 [ 1040.489131] pskb_expand_head+0x43b/0x1d20 [ 1040.493004] l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.496884] pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.500763] ___sys_sendmsg+0xe68/0x1250 [ 1040.504692] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1040.509864] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1040.515028] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1040.520224] ? rcu_all_qs+0x3b/0x310 [ 1040.524080] ? _cond_resched+0x59/0x120 [ 1040.527954] ? rcu_all_qs+0x53/0x310 [ 1040.531920] ? _cond_resched+0x37/0x120 [ 1040.535719] ? __sys_sendmmsg+0x7c9/0xa90 [ 1040.539586] ? _cond_resched+0x59/0x120 [ 1040.543424] __sys_sendmmsg+0x56b/0xa90 [ 1040.547304] ? syscall_return_slowpath+0x123/0x8c0 [ 1040.552464] ? put_timespec64+0x162/0x220 [ 1040.556334] __se_sys_sendmmsg+0xbd/0xe0 [ 1040.560206] __x64_sys_sendmmsg+0x56/0x70 [ 1040.564195] do_syscall_64+0xcf/0x110 [ 1040.568052] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.573367] RIP: 0033:0x457569 [ 1040.577308] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1040.595548] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1040.603352] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1040.611071] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1040.618839] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1040.625296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1040.633056] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1040.639507] Uninit was stored to memory at: [ 1040.644690] kmsan_internal_chain_origin+0x136/0x240 [ 1040.649861] __msan_chain_origin+0x6d/0xd0 [ 1040.653736] __save_stack_trace+0x8be/0xc60 [ 1040.658244] save_stack_trace+0xc6/0x110 [ 1040.662158] kmsan_internal_chain_origin+0x136/0x240 [ 1040.667359] kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.672511] __msan_memcpy+0x6f/0x80 [ 1040.675094] pskb_expand_head+0x43b/0x1d20 [ 1040.680271] l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.684228] pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.688154] ___sys_sendmsg+0xe68/0x1250 [ 1040.692095] __sys_sendmmsg+0x56b/0xa90 [ 1040.695968] __se_sys_sendmmsg+0xbd/0xe0 [ 1040.699838] __x64_sys_sendmmsg+0x56/0x70 [ 1040.703711] do_syscall_64+0xcf/0x110 [ 1040.707578] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.712756] [ 1040.715334] Uninit was stored to memory at: [ 1040.719316] kmsan_internal_chain_origin+0x136/0x240 [ 1040.724572] __msan_chain_origin+0x6d/0xd0 [ 1040.728447] __save_stack_trace+0x8be/0xc60 [ 1040.732341] save_stack_trace+0xc6/0x110 [ 1040.737563] kmsan_internal_chain_origin+0x136/0x240 [ 1040.742768] kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.746640] __msan_memcpy+0x6f/0x80 [ 1040.750507] pskb_expand_head+0x43b/0x1d20 [ 1040.754457] l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.758337] pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.762229] ___sys_sendmsg+0xe68/0x1250 [ 1040.767442] __sys_sendmmsg+0x56b/0xa90 [ 1040.771302] __se_sys_sendmmsg+0xbd/0xe0 [ 1040.775186] __x64_sys_sendmmsg+0x56/0x70 [ 1040.779091] do_syscall_64+0xcf/0x110 [ 1040.783050] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.788247] [ 1040.789557] Uninit was stored to memory at: [ 1040.793515] kmsan_internal_chain_origin+0x136/0x240 [ 1040.798689] __msan_chain_origin+0x6d/0xd0 [ 1040.803862] __save_stack_trace+0x8be/0xc60 [ 1040.807735] save_stack_trace+0xc6/0x110 [ 1040.811656] kmsan_internal_chain_origin+0x136/0x240 [ 1040.816918] kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.820767] __msan_memcpy+0x6f/0x80 [ 1040.824691] pskb_expand_head+0x43b/0x1d20 [ 1040.828569] l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.833787] pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.837654] ___sys_sendmsg+0xe68/0x1250 [ 1040.841533] __sys_sendmmsg+0x56b/0xa90 [ 1040.845626] __se_sys_sendmmsg+0xbd/0xe0 [ 1040.845626] __x64_sys_sendmmsg+0x56/0x70 [ 1040.845626] do_syscall_64+0xcf/0x110 [ 1040.845626] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.863193] [ 1040.864498] Uninit was stored to memory at: [ 1040.868378] kmsan_internal_chain_origin+0x136/0x240 [ 1040.873536] __msan_chain_origin+0x6d/0xd0 [ 1040.877419] __save_stack_trace+0x8be/0xc60 [ 1040.882605] save_stack_trace+0xc6/0x110 [ 1040.886487] kmsan_internal_chain_origin+0x136/0x240 [ 1040.891750] kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.895582] __msan_memcpy+0x6f/0x80 [ 1040.899423] pskb_expand_head+0x43b/0x1d20 [ 1040.904608] l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.908442] pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.912289] ___sys_sendmsg+0xe68/0x1250 [ 1040.916115] __sys_sendmmsg+0x56b/0xa90 [ 1040.919954] __se_sys_sendmmsg+0xbd/0xe0 [ 1040.923790] __x64_sys_sendmmsg+0x56/0x70 [ 1040.928964] do_syscall_64+0xcf/0x110 [ 1040.932788] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1040.937899] [ 1040.939196] Uninit was stored to memory at: [ 1040.943018] kmsan_internal_chain_origin+0x136/0x240 [ 1040.948129] __msan_chain_origin+0x6d/0xd0 [ 1040.953330] __save_stack_trace+0x8be/0xc60 [ 1040.957194] save_stack_trace+0xc6/0x110 [ 1040.961002] kmsan_internal_chain_origin+0x136/0x240 [ 1040.966190] kmsan_memcpy_origins+0x13d/0x1b0 [ 1040.971284] __msan_memcpy+0x6f/0x80 [ 1040.973891] pskb_expand_head+0x43b/0x1d20 [ 1040.978997] l2tp_xmit_skb+0x5a7/0x24b0 [ 1040.982837] pppol2tp_sendmsg+0x7a6/0xba0 [ 1040.986756] ___sys_sendmsg+0xe68/0x1250 [ 1040.990636] __sys_sendmmsg+0x56b/0xa90 [ 1040.994625] __se_sys_sendmmsg+0xbd/0xe0 [ 1040.998471] __x64_sys_sendmmsg+0x56/0x70 [ 1041.003646] do_syscall_64+0xcf/0x110 [ 1041.007479] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.012619] [ 1041.013928] Uninit was stored to memory at: [ 1041.017767] kmsan_internal_chain_origin+0x136/0x240 [ 1041.019748] __msan_chain_origin+0x6d/0xd0 [ 1041.019748] __save_stack_trace+0x8be/0xc60 [ 1041.019748] save_stack_trace+0xc6/0x110 [ 1041.019748] kmsan_internal_chain_origin+0x136/0x240 [ 1041.019748] kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.019748] __msan_memcpy+0x6f/0x80 [ 1041.019748] pskb_expand_head+0x43b/0x1d20 [ 1041.019748] l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.019748] pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.019748] ___sys_sendmsg+0xe68/0x1250 [ 1041.019748] __sys_sendmmsg+0x56b/0xa90 [ 1041.019748] __se_sys_sendmmsg+0xbd/0xe0 [ 1041.019748] __x64_sys_sendmmsg+0x56/0x70 [ 1041.019748] do_syscall_64+0xcf/0x110 [ 1041.019748] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.019748] [ 1041.019748] Uninit was stored to memory at: [ 1041.019748] kmsan_internal_chain_origin+0x136/0x240 [ 1041.019748] __msan_chain_origin+0x6d/0xd0 [ 1041.019748] __save_stack_trace+0x8be/0xc60 [ 1041.019748] save_stack_trace+0xc6/0x110 [ 1041.019748] kmsan_internal_chain_origin+0x136/0x240 [ 1041.019748] kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.019748] __msan_memcpy+0x6f/0x80 [ 1041.019748] pskb_expand_head+0x43b/0x1d20 [ 1041.019748] l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.019748] pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.019748] ___sys_sendmsg+0xe68/0x1250 [ 1041.019748] __sys_sendmmsg+0x56b/0xa90 [ 1041.019748] __se_sys_sendmmsg+0xbd/0xe0 [ 1041.019748] __x64_sys_sendmmsg+0x56/0x70 [ 1041.019748] do_syscall_64+0xcf/0x110 [ 1041.019748] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.019748] [ 1041.019748] Local variable description: ----iph@ip_vs_out [ 1041.019748] Variable was created at: [ 1041.019748] ip_vs_out+0x1bf/0x4570 [ 1041.019748] ip_vs_local_reply6+0xec/0x130 [ 1041.181633] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1041.193379] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:56 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x2, 0x8000) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e24, 0x8, @remote, 0xc6b1}}, 0x9, 0x0, 0x1, 0x2}, &(0x7f0000000280)=0x98) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={r2}, &(0x7f0000000300)=0x8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) socket$bt_hidp(0x1f, 0x3, 0x6) sendmmsg(r3, &(0x7f0000005fc0), 0x800000000000059, 0x0) r4 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x1, 0x200) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0}, &(0x7f00000000c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', r5}) 06:06:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f", 0x1c) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1041.221029] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, &(0x7f00000001c0)}) dup(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0xfffffdfd, &(0x7f0000000540)='K'}) 06:06:56 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000240)="b7f2b1600048ac000000000e2ecd57922d852bd598a739b6bbe164687b51e1ae4d1091958f5a3a8fb6bee3428e6b33e7c4decdef913923d74ef21eab6856b519a9e2a410a9df42c0a011e15a2bfdbf773afd312e3dccef09a305afb24d7820046b5dd0edb2a708ccdabe3e5b61c0a03a068e77f7f442559d388e59196604881975d6f2cdddf9c802278bf08de1c20d7d786c10aa0d1434e1b2ab0a724631a53b78542c21fe7cb1324395c9f8b2c2879e16325027b7cab59c40e589c7c240fae4d678f48a867f2ee8872d7711facdbcdd8a0d4f7dcf783f8b4f66a44d0000000000000000000000", 0xd) 06:06:56 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0), 0x0, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:56 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) mq_getsetattr(r0, &(0x7f0000000080)={0x0, 0x7, 0x5, 0x0, 0x5dcbf290, 0xff, 0xffffffffffffffff}, &(0x7f00000000c0)) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x80000) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) [ 1041.400954] binder: 26707:26710 ERROR: BC_REGISTER_LOOPER called without request [ 1041.451301] binder: 26710 RLIMIT_NICE not set [ 1041.531541] not chained 2330000 origins [ 1041.531818] CPU: 1 PID: 26709 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1041.540574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1041.540574] Call Trace: [ 1041.540574] dump_stack+0x32d/0x480 [ 1041.540574] kmsan_internal_chain_origin+0x222/0x240 [ 1041.540574] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.540574] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.540574] ? save_stack_trace+0xc6/0x110 [ 1041.540574] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1041.540574] ? kmsan_internal_chain_origin+0x90/0x240 [ 1041.540574] ? get_stack_info+0x863/0x9d0 [ 1041.540574] __msan_chain_origin+0x6d/0xd0 [ 1041.591994] ? __msan_memcpy+0x6f/0x80 [ 1041.591994] __save_stack_trace+0x8be/0xc60 [ 1041.600472] ? __msan_memcpy+0x6f/0x80 [ 1041.600472] save_stack_trace+0xc6/0x110 [ 1041.600472] kmsan_internal_chain_origin+0x136/0x240 [ 1041.600472] ? kmsan_internal_chain_origin+0x136/0x240 [ 1041.600472] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.600472] ? __msan_memcpy+0x6f/0x80 [ 1041.629574] ? pskb_expand_head+0x43b/0x1d20 [ 1041.629574] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.629574] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.629574] ? ___sys_sendmsg+0xe68/0x1250 [ 1041.629574] ? __sys_sendmmsg+0x56b/0xa90 [ 1041.629574] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1041.629574] ? __x64_sys_sendmmsg+0x56/0x70 [ 1041.629574] ? do_syscall_64+0xcf/0x110 [ 1041.629574] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.629574] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1041.629574] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1041.629574] ? memcg_kmem_put_cache+0x8e/0x460 [ 1041.629574] ? __msan_get_context_state+0x9/0x30 [ 1041.629574] ? INIT_INT+0xc/0x30 [ 1041.629574] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1041.629574] kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.629574] __msan_memcpy+0x6f/0x80 [ 1041.629574] pskb_expand_head+0x43b/0x1d20 [ 1041.629574] l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.629574] pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.629574] ___sys_sendmsg+0xe68/0x1250 [ 1041.629574] ? pppol2tp_getsockopt+0x1060/0x1060 06:06:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f", 0x1c) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:06:56 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xf8, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) 06:06:56 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0xe0) [ 1041.629574] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1041.629574] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1041.629574] ? rcu_all_qs+0x3b/0x310 [ 1041.629574] ? _cond_resched+0x59/0x120 [ 1041.744791] ? rcu_all_qs+0x53/0x310 [ 1041.749233] ? _cond_resched+0x37/0x120 [ 1041.749233] ? __sys_sendmmsg+0x7c9/0xa90 [ 1041.757036] ? _cond_resched+0x59/0x120 [ 1041.757036] __sys_sendmmsg+0x56b/0xa90 [ 1041.757036] ? syscall_return_slowpath+0x123/0x8c0 [ 1041.757036] ? put_timespec64+0x162/0x220 [ 1041.757036] __se_sys_sendmmsg+0xbd/0xe0 06:06:56 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0), 0x0, 0x0, &(0x7f0000001380)={0x77359400}) [ 1041.780140] __x64_sys_sendmmsg+0x56/0x70 [ 1041.780140] do_syscall_64+0xcf/0x110 [ 1041.780140] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.780140] RIP: 0033:0x457569 [ 1041.780140] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1041.801202] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1041.817036] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1041.830664] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1041.830664] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1041.830664] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1041.830664] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1041.830664] Uninit was stored to memory at: [ 1041.830664] kmsan_internal_chain_origin+0x136/0x240 [ 1041.830664] __msan_chain_origin+0x6d/0xd0 [ 1041.830664] __save_stack_trace+0x8be/0xc60 [ 1041.830664] save_stack_trace+0xc6/0x110 [ 1041.881954] kmsan_internal_chain_origin+0x136/0x240 [ 1041.881954] kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.889391] __msan_memcpy+0x6f/0x80 [ 1041.894590] pskb_expand_head+0x43b/0x1d20 [ 1041.894590] l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.894590] pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.894590] ___sys_sendmsg+0xe68/0x1250 [ 1041.894590] __sys_sendmmsg+0x56b/0xa90 [ 1041.894590] __se_sys_sendmmsg+0xbd/0xe0 [ 1041.894590] __x64_sys_sendmmsg+0x56/0x70 [ 1041.894590] do_syscall_64+0xcf/0x110 [ 1041.894590] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.894590] [ 1041.894590] Uninit was stored to memory at: [ 1041.894590] kmsan_internal_chain_origin+0x136/0x240 [ 1041.894590] __msan_chain_origin+0x6d/0xd0 [ 1041.894590] __save_stack_trace+0x8be/0xc60 [ 1041.894590] save_stack_trace+0xc6/0x110 [ 1041.894590] kmsan_internal_chain_origin+0x136/0x240 [ 1041.894590] kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.894590] __msan_memcpy+0x6f/0x80 [ 1041.894590] pskb_expand_head+0x43b/0x1d20 [ 1041.894590] l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.894590] pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.894590] ___sys_sendmsg+0xe68/0x1250 [ 1041.894590] __sys_sendmmsg+0x56b/0xa90 [ 1041.894590] __se_sys_sendmmsg+0xbd/0xe0 [ 1041.894590] __x64_sys_sendmmsg+0x56/0x70 [ 1041.894590] do_syscall_64+0xcf/0x110 [ 1041.894590] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1041.894590] [ 1041.894590] Uninit was stored to memory at: [ 1041.894590] kmsan_internal_chain_origin+0x136/0x240 [ 1041.894590] __msan_chain_origin+0x6d/0xd0 [ 1041.894590] __save_stack_trace+0x8be/0xc60 [ 1041.894590] save_stack_trace+0xc6/0x110 [ 1041.894590] kmsan_internal_chain_origin+0x136/0x240 [ 1041.894590] kmsan_memcpy_origins+0x13d/0x1b0 [ 1041.894590] __msan_memcpy+0x6f/0x80 [ 1041.894590] pskb_expand_head+0x43b/0x1d20 [ 1041.894590] l2tp_xmit_skb+0x5a7/0x24b0 [ 1041.894590] pppol2tp_sendmsg+0x7a6/0xba0 [ 1041.894590] ___sys_sendmsg+0xe68/0x1250 [ 1041.894590] __sys_sendmmsg+0x56b/0xa90 [ 1041.894590] __se_sys_sendmmsg+0xbd/0xe0 [ 1041.894590] __x64_sys_sendmmsg+0x56/0x70 [ 1041.894590] do_syscall_64+0xcf/0x110 [ 1041.894590] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.082005] [ 1042.082005] Uninit was stored to memory at: [ 1042.087712] kmsan_internal_chain_origin+0x136/0x240 [ 1042.087712] __msan_chain_origin+0x6d/0xd0 [ 1042.098461] __save_stack_trace+0x8be/0xc60 [ 1042.098461] save_stack_trace+0xc6/0x110 [ 1042.098461] kmsan_internal_chain_origin+0x136/0x240 [ 1042.098461] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.098461] __msan_memcpy+0x6f/0x80 [ 1042.098461] pskb_expand_head+0x43b/0x1d20 [ 1042.098461] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.098461] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.098461] ___sys_sendmsg+0xe68/0x1250 [ 1042.098461] __sys_sendmmsg+0x56b/0xa90 [ 1042.098461] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.098461] __x64_sys_sendmmsg+0x56/0x70 [ 1042.098461] do_syscall_64+0xcf/0x110 [ 1042.152094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.152094] [ 1042.152094] Uninit was stored to memory at: [ 1042.152094] kmsan_internal_chain_origin+0x136/0x240 [ 1042.152094] __msan_chain_origin+0x6d/0xd0 [ 1042.152094] __save_stack_trace+0x8be/0xc60 [ 1042.152094] save_stack_trace+0xc6/0x110 [ 1042.152094] kmsan_internal_chain_origin+0x136/0x240 [ 1042.152094] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.152094] __msan_memcpy+0x6f/0x80 [ 1042.152094] pskb_expand_head+0x43b/0x1d20 [ 1042.198048] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.204170] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.204170] ___sys_sendmsg+0xe68/0x1250 [ 1042.204170] __sys_sendmmsg+0x56b/0xa90 [ 1042.204170] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.204170] __x64_sys_sendmmsg+0x56/0x70 [ 1042.204170] do_syscall_64+0xcf/0x110 [ 1042.204170] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.204170] [ 1042.204170] Uninit was stored to memory at: [ 1042.204170] kmsan_internal_chain_origin+0x136/0x240 [ 1042.204170] __msan_chain_origin+0x6d/0xd0 [ 1042.204170] __save_stack_trace+0x8be/0xc60 [ 1042.204170] save_stack_trace+0xc6/0x110 [ 1042.204170] kmsan_internal_chain_origin+0x136/0x240 [ 1042.204170] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.204170] __msan_memcpy+0x6f/0x80 [ 1042.271316] pskb_expand_head+0x43b/0x1d20 [ 1042.271316] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.271316] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.271316] ___sys_sendmsg+0xe68/0x1250 [ 1042.271316] __sys_sendmmsg+0x56b/0xa90 [ 1042.271316] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.271316] __x64_sys_sendmmsg+0x56/0x70 [ 1042.271316] do_syscall_64+0xcf/0x110 [ 1042.271316] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.271316] [ 1042.271316] Uninit was stored to memory at: [ 1042.271316] kmsan_internal_chain_origin+0x136/0x240 [ 1042.271316] __msan_chain_origin+0x6d/0xd0 [ 1042.271316] __save_stack_trace+0x8be/0xc60 [ 1042.325923] save_stack_trace+0xc6/0x110 [ 1042.325923] kmsan_internal_chain_origin+0x136/0x240 [ 1042.334582] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.334582] __msan_memcpy+0x6f/0x80 [ 1042.334582] pskb_expand_head+0x43b/0x1d20 [ 1042.334582] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.334582] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.334582] ___sys_sendmsg+0xe68/0x1250 [ 1042.334582] __sys_sendmmsg+0x56b/0xa90 [ 1042.334582] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.334582] __x64_sys_sendmmsg+0x56/0x70 [ 1042.334582] do_syscall_64+0xcf/0x110 [ 1042.334582] entry_SYSCALL_64_after_hwframe+0x63/0xe7 06:06:57 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x40001, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4040, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000040)={0xbf, &(0x7f0000000100)="c33ac01dbfa327274643c5218eb8b1996f4c327dba19f267e9af2a603f64842d0317e0041c94de16a144590301a96af9e0f425174cedd48cbad74c43fda2a4666277edec2997063f0d66a1c4246d2d3683e20afd1484962b84e8037da2916be8520f578b6aad5c43af9d9bcae7ac6bfc994225b6ed0946b8fc48388bff994ed6d79475fdb3ce48207c679bb7771e740e627f0209ebe2efe516664d814ed7224667b36889b8f14f83a5dffedbee29b74e9bef9febda31e5fe81e7b266a502ba"}) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r2, 0xffffffffffff8000, &(0x7f0000000000)) [ 1042.380350] [ 1042.380350] Local variable description: ----iph@ip_vs_out [ 1042.380350] Variable was created at: [ 1042.380350] ip_vs_out+0x1bf/0x4570 [ 1042.380350] ip_vs_local_reply6+0xec/0x130 [ 1042.404304] Dead loop on virtual device ip6_vti0, fix it urgently! 06:06:57 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8000, 0x0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0x100000000) [ 1042.579260] not chained 2340000 origins [ 1042.581827] CPU: 1 PID: 26709 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1042.581827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.595958] Call Trace: [ 1042.595958] dump_stack+0x32d/0x480 [ 1042.595958] kmsan_internal_chain_origin+0x222/0x240 [ 1042.595958] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.611972] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.611972] ? save_stack_trace+0xc6/0x110 [ 1042.611972] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1042.611972] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1042.611972] ? __module_address+0x6a/0x610 [ 1042.611972] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1042.611972] ? is_bpf_text_address+0x49e/0x4d0 [ 1042.611972] ? INIT_INT+0xc/0x30 [ 1042.611972] __msan_chain_origin+0x6d/0xd0 [ 1042.611972] __save_stack_trace+0xaff/0xc60 [ 1042.611972] save_stack_trace+0xc6/0x110 [ 1042.611972] kmsan_internal_chain_origin+0x136/0x240 [ 1042.611972] ? kmsan_internal_chain_origin+0x136/0x240 [ 1042.611972] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.681969] ? __msan_memcpy+0x6f/0x80 [ 1042.681969] ? pskb_expand_head+0x43b/0x1d20 [ 1042.681969] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.681969] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.681969] ? ___sys_sendmsg+0xe68/0x1250 [ 1042.681969] ? __sys_sendmmsg+0x56b/0xa90 [ 1042.681969] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1042.681969] ? __x64_sys_sendmmsg+0x56/0x70 [ 1042.681969] ? do_syscall_64+0xcf/0x110 [ 1042.681969] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.681969] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1042.681969] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1042.681969] ? memcg_kmem_put_cache+0x8e/0x460 [ 1042.681969] ? __msan_get_context_state+0x9/0x30 [ 1042.681969] ? INIT_INT+0xc/0x30 [ 1042.681969] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1042.752018] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.756420] __msan_memcpy+0x6f/0x80 [ 1042.756420] pskb_expand_head+0x43b/0x1d20 [ 1042.756420] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.756420] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.772599] ___sys_sendmsg+0xe68/0x1250 [ 1042.772599] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1042.772599] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1042.772599] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1042.772599] ? rcu_all_qs+0x3b/0x310 [ 1042.772599] ? _cond_resched+0x59/0x120 [ 1042.772599] ? rcu_all_qs+0x53/0x310 [ 1042.772599] ? _cond_resched+0x37/0x120 [ 1042.772599] ? __sys_sendmmsg+0x7c9/0xa90 [ 1042.772599] ? _cond_resched+0x59/0x120 [ 1042.772599] __sys_sendmmsg+0x56b/0xa90 [ 1042.772599] ? syscall_return_slowpath+0x123/0x8c0 [ 1042.821966] ? put_timespec64+0x162/0x220 [ 1042.821966] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.821966] __x64_sys_sendmmsg+0x56/0x70 [ 1042.821966] do_syscall_64+0xcf/0x110 [ 1042.821966] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.821966] RIP: 0033:0x457569 [ 1042.821966] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1042.821966] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1042.821966] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1042.821966] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1042.821966] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1042.821966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1042.821966] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1042.821966] Uninit was stored to memory at: [ 1042.821966] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.964047] not chained 2350000 origins [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.970534] CPU: 0 PID: 26715 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] Call Trace: [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] dump_stack+0x32d/0x480 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] kmsan_internal_chain_origin+0x222/0x240 [ 1042.918986] [ 1042.971823] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] Uninit was stored to memory at: [ 1042.971823] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] ? save_stack_trace+0xc6/0x110 [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.971823] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.971823] ? kmsan_internal_chain_origin+0x90/0x240 [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.971823] ? get_stack_info+0x863/0x9d0 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] __msan_chain_origin+0x6d/0xd0 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.971823] ? ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.971823] __save_stack_trace+0x8be/0xc60 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.971823] ? ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.971823] save_stack_trace+0xc6/0x110 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.971823] ? kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.971823] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] ? __msan_memcpy+0x6f/0x80 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] ? pskb_expand_head+0x43b/0x1d20 [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.918986] [ 1042.971823] ? ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] Uninit was stored to memory at: [ 1042.971823] ? __sys_sendmmsg+0x56b/0xa90 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.971823] ? __x64_sys_sendmmsg+0x56/0x70 [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.971823] ? do_syscall_64+0xcf/0x110 [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.971823] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.971823] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.971823] ? memcg_kmem_put_cache+0x8e/0x460 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.971823] ? __msan_get_context_state+0x9/0x30 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.971823] ? INIT_INT+0xc/0x30 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.971823] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.971823] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.971823] __msan_memcpy+0x6f/0x80 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] pskb_expand_head+0x43b/0x1d20 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] [ 1042.971823] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.971823] ? kmsan_set_origin+0x83/0x130 [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.971823] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.971823] ? _cond_resched+0xc7/0x120 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] __sys_sendmmsg+0x56b/0xa90 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.971823] ? syscall_return_slowpath+0x123/0x8c0 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.971823] ? put_timespec64+0x162/0x220 [ 1042.971823] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.971823] __x64_sys_sendmmsg+0x56/0x70 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.971823] do_syscall_64+0xcf/0x110 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.971823] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.971823] RIP: 0033:0x457569 [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.971823] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] RSP: 002b:00007f8c33cf3c78 EFLAGS: 00000246 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] ORIG_RAX: 0000000000000133 [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1042.918986] [ 1042.971823] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1042.918986] Uninit was stored to memory at: [ 1042.971823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf46d4 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.971823] Uninit was stored to memory at: [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.971823] __msan_chain_origin+0x6d/0xd0 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] __save_stack_trace+0x8be/0xc60 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.971823] save_stack_trace+0xc6/0x110 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.971823] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.971823] __msan_memcpy+0x6f/0x80 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.971823] pskb_expand_head+0x43b/0x1d20 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.971823] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.971823] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] __sys_sendmmsg+0x56b/0xa90 [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] __x64_sys_sendmmsg+0x56/0x70 [ 1042.918986] [ 1042.971823] do_syscall_64+0xcf/0x110 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.971823] [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.971823] __msan_chain_origin+0x6d/0xd0 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] __save_stack_trace+0x8be/0xc60 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.971823] save_stack_trace+0xc6/0x110 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.971823] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.971823] __msan_memcpy+0x6f/0x80 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.971823] pskb_expand_head+0x43b/0x1d20 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.971823] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.971823] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] __sys_sendmmsg+0x56b/0xa90 [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] __x64_sys_sendmmsg+0x56/0x70 [ 1042.918986] [ 1042.971823] do_syscall_64+0xcf/0x110 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.918986] __msan_chain_origin+0x6d/0xd0 [ 1042.971823] [ 1042.918986] __save_stack_trace+0x8be/0xc60 [ 1042.971823] Uninit was stored to memory at: [ 1042.918986] save_stack_trace+0xc6/0x110 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] kmsan_internal_chain_origin+0x136/0x240 [ 1042.971823] __msan_chain_origin+0x6d/0xd0 [ 1042.918986] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.971823] __save_stack_trace+0x8be/0xc60 [ 1042.918986] __msan_memcpy+0x6f/0x80 [ 1042.971823] save_stack_trace+0xc6/0x110 [ 1042.918986] pskb_expand_head+0x43b/0x1d20 [ 1042.971823] kmsan_internal_chain_origin+0x136/0x240 [ 1042.918986] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.971823] kmsan_memcpy_origins+0x13d/0x1b0 [ 1042.918986] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.971823] __msan_memcpy+0x6f/0x80 [ 1042.918986] ___sys_sendmsg+0xe68/0x1250 [ 1042.971823] pskb_expand_head+0x43b/0x1d20 [ 1042.918986] __sys_sendmmsg+0x56b/0xa90 [ 1042.971823] l2tp_xmit_skb+0x5a7/0x24b0 [ 1042.918986] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.971823] pppol2tp_sendmsg+0x7a6/0xba0 [ 1042.918986] __x64_sys_sendmmsg+0x56/0x70 [ 1042.971823] ___sys_sendmsg+0xe68/0x1250 [ 1042.918986] do_syscall_64+0xcf/0x110 [ 1042.971823] __sys_sendmmsg+0x56b/0xa90 [ 1042.918986] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1042.971823] __se_sys_sendmmsg+0xbd/0xe0 [ 1042.918986] [ 1042.971823] __x64_sys_sendmmsg+0x56/0x70 [ 1043.942445] do_syscall_64+0xcf/0x110 [ 1043.942445] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1043.942445] [ 1043.942445] Uninit was stored to memory at: [ 1043.942445] kmsan_internal_chain_origin+0x136/0x240 [ 1043.942445] __msan_chain_origin+0x6d/0xd0 [ 1043.942445] __save_stack_trace+0x8be/0xc60 [ 1043.942445] save_stack_trace+0xc6/0x110 [ 1043.942445] kmsan_internal_chain_origin+0x136/0x240 [ 1043.942445] kmsan_memcpy_origins+0x13d/0x1b0 [ 1043.942445] __msan_memcpy+0x6f/0x80 [ 1043.942445] pskb_expand_head+0x43b/0x1d20 [ 1043.942445] l2tp_xmit_skb+0x5a7/0x24b0 [ 1043.942445] pppol2tp_sendmsg+0x7a6/0xba0 [ 1043.942445] ___sys_sendmsg+0xe68/0x1250 [ 1044.007898] __sys_sendmmsg+0x56b/0xa90 [ 1044.007898] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.007898] __x64_sys_sendmmsg+0x56/0x70 [ 1044.007898] do_syscall_64+0xcf/0x110 [ 1044.007898] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.007898] [ 1044.007898] Uninit was stored to memory at: [ 1044.007898] kmsan_internal_chain_origin+0x136/0x240 [ 1044.007898] __msan_chain_origin+0x6d/0xd0 [ 1044.007898] __save_stack_trace+0x8be/0xc60 [ 1044.007898] save_stack_trace+0xc6/0x110 [ 1044.007898] kmsan_internal_chain_origin+0x136/0x240 [ 1044.007898] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.007898] __msan_memcpy+0x6f/0x80 [ 1044.007898] pskb_expand_head+0x43b/0x1d20 [ 1044.007898] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.007898] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.077662] not chained 2360000 origins [ 1044.007898] ___sys_sendmsg+0xe68/0x1250 [ 1044.007898] __sys_sendmmsg+0x56b/0xa90 [ 1044.081800] CPU: 1 PID: 26709 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1044.007898] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.081800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.007898] __x64_sys_sendmmsg+0x56/0x70 [ 1044.081800] Call Trace: [ 1044.007898] do_syscall_64+0xcf/0x110 [ 1044.081800] dump_stack+0x32d/0x480 [ 1044.007898] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.081800] ? save_stack_trace+0xc6/0x110 [ 1044.007898] [ 1044.081800] kmsan_internal_chain_origin+0x222/0x240 [ 1044.007898] Uninit was stored to memory at: [ 1044.081800] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.007898] kmsan_internal_chain_origin+0x136/0x240 [ 1044.081800] ? kmsan_internal_chain_origin+0x136/0x240 [ 1044.007898] __msan_chain_origin+0x6d/0xd0 [ 1044.081800] ? __msan_chain_origin+0x6d/0xd0 [ 1044.007898] __save_stack_trace+0x8be/0xc60 [ 1044.081800] ? __save_stack_trace+0x833/0xc60 [ 1044.007898] save_stack_trace+0xc6/0x110 [ 1044.081800] ? save_stack_trace+0xc6/0x110 [ 1044.081800] ? kmsan_internal_chain_origin+0x136/0x240 [ 1044.007898] kmsan_internal_chain_origin+0x136/0x240 [ 1044.081800] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.007898] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.081800] ? __msan_memcpy+0x6f/0x80 [ 1044.007898] __msan_memcpy+0x6f/0x80 [ 1044.081800] ? pskb_expand_head+0x43b/0x1d20 [ 1044.007898] pskb_expand_head+0x43b/0x1d20 [ 1044.081800] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.007898] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.081800] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.007898] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.081800] ? ___sys_sendmsg+0xe68/0x1250 [ 1044.007898] ___sys_sendmsg+0xe68/0x1250 [ 1044.081800] ? __sys_sendmmsg+0x56b/0xa90 [ 1044.007898] __sys_sendmmsg+0x56b/0xa90 [ 1044.081800] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1044.007898] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.081800] ? __x64_sys_sendmmsg+0x56/0x70 [ 1044.007898] __x64_sys_sendmmsg+0x56/0x70 [ 1044.081800] ? do_syscall_64+0xcf/0x110 [ 1044.007898] do_syscall_64+0xcf/0x110 [ 1044.081800] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.007898] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.081800] ? save_stack_trace+0xc6/0x110 [ 1044.007898] [ 1044.081800] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1044.007898] Uninit was stored to memory at: [ 1044.081800] ? kmsan_internal_chain_origin+0x1e3/0x240 [ 1044.007898] kmsan_internal_chain_origin+0x136/0x240 [ 1044.081800] ? get_stack_info+0x863/0x9d0 [ 1044.007898] __msan_chain_origin+0x6d/0xd0 [ 1044.081800] __msan_chain_origin+0x6d/0xd0 [ 1044.007898] __save_stack_trace+0x8be/0xc60 [ 1044.081800] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.007898] save_stack_trace+0xc6/0x110 [ 1044.081800] __save_stack_trace+0x8be/0xc60 [ 1044.007898] kmsan_internal_chain_origin+0x136/0x240 [ 1044.081800] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.007898] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.081800] save_stack_trace+0xc6/0x110 [ 1044.007898] __msan_memcpy+0x6f/0x80 [ 1044.081800] kmsan_internal_chain_origin+0x136/0x240 [ 1044.007898] pskb_expand_head+0x43b/0x1d20 [ 1044.081800] ? kmsan_internal_chain_origin+0x136/0x240 [ 1044.007898] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.081800] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.007898] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.081800] ? __msan_memcpy+0x6f/0x80 [ 1044.007898] ___sys_sendmsg+0xe68/0x1250 [ 1044.081800] ? pskb_expand_head+0x43b/0x1d20 [ 1044.007898] __sys_sendmmsg+0x56b/0xa90 [ 1044.081800] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.007898] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.081800] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.007898] __x64_sys_sendmmsg+0x56/0x70 [ 1044.081800] ? ___sys_sendmsg+0xe68/0x1250 [ 1044.007898] do_syscall_64+0xcf/0x110 [ 1044.081800] ? __sys_sendmmsg+0x56b/0xa90 [ 1044.007898] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.081800] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1044.007898] [ 1044.081800] ? __x64_sys_sendmmsg+0x56/0x70 [ 1044.007898] Local variable description: ----iph@ip_vs_out [ 1044.081800] ? do_syscall_64+0xcf/0x110 [ 1044.007898] Variable was created at: [ 1044.081800] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.007898] ip_vs_out+0x1bf/0x4570 [ 1044.081800] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1044.007898] ip_vs_local_reply6+0xec/0x130 [ 1044.081800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1044.479724] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1044.081800] ? memcg_kmem_put_cache+0x8e/0x460 [ 1044.081800] ? __msan_get_context_state+0x9/0x30 [ 1044.081800] ? INIT_INT+0xc/0x30 [ 1044.081800] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1044.081800] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.081800] __msan_memcpy+0x6f/0x80 [ 1044.499831] pskb_expand_head+0x43b/0x1d20 [ 1044.525380] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.525380] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.525380] ___sys_sendmsg+0xe68/0x1250 [ 1044.525380] ? kmsan_set_origin+0x83/0x130 [ 1044.525380] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1044.525380] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1044.551781] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1044.551781] ? rcu_all_qs+0x3b/0x310 [ 1044.551781] ? _cond_resched+0x59/0x120 [ 1044.551781] ? rcu_all_qs+0x53/0x310 [ 1044.551781] ? _cond_resched+0x37/0x120 [ 1044.551781] ? __sys_sendmmsg+0x7c9/0xa90 [ 1044.579876] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1044.551781] ? _cond_resched+0x59/0x120 [ 1044.551781] __sys_sendmmsg+0x56b/0xa90 [ 1044.551781] ? syscall_return_slowpath+0x123/0x8c0 [ 1044.551781] ? put_timespec64+0x162/0x220 [ 1044.551781] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.551781] __x64_sys_sendmmsg+0x56/0x70 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.614420] not chained 2370000 origins [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] RIP: 0033:0x457569 [ 1044.612670] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1044.612670] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1044.612670] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1044.612670] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1044.612670] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1044.612670] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1044.612670] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1044.612670] Uninit was stored to memory at: [ 1044.621826] CPU: 0 PID: 26715 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1044.621826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] Call Trace: [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] dump_stack+0x32d/0x480 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] kmsan_internal_chain_origin+0x222/0x240 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] ? save_stack_trace+0xc6/0x110 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] ? kmsan_internal_chain_origin+0x90/0x240 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] ? get_stack_info+0x863/0x9d0 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] __msan_chain_origin+0x6d/0xd0 [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] __save_stack_trace+0x8be/0xc60 [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.621826] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] save_stack_trace+0xc6/0x110 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] ? kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] [ 1044.621826] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] Uninit was stored to memory at: [ 1044.621826] ? __msan_memcpy+0x6f/0x80 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] ? pskb_expand_head+0x43b/0x1d20 [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] ? ___sys_sendmsg+0xe68/0x1250 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] ? __sys_sendmmsg+0x56b/0xa90 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] ? __x64_sys_sendmmsg+0x56/0x70 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] ? do_syscall_64+0xcf/0x110 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] ? memcg_kmem_put_cache+0x8e/0x460 [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.621826] ? __msan_get_context_state+0x9/0x30 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] ? INIT_INT+0xc/0x30 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] [ 1044.621826] __msan_memcpy+0x6f/0x80 [ 1044.612670] Uninit was stored to memory at: [ 1044.621826] pskb_expand_head+0x43b/0x1d20 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] ___sys_sendmsg+0xe68/0x1250 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] ? rcu_all_qs+0x3b/0x310 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] ? _cond_resched+0x59/0x120 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] ? rcu_all_qs+0x53/0x310 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] ? _cond_resched+0x37/0x120 [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] ? __sys_sendmmsg+0x7c9/0xa90 [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] ? _cond_resched+0x59/0x120 [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.621826] __sys_sendmmsg+0x56b/0xa90 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] ? syscall_return_slowpath+0x123/0x8c0 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] ? put_timespec64+0x162/0x220 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.612670] [ 1044.621826] __x64_sys_sendmmsg+0x56/0x70 [ 1044.612670] Uninit was stored to memory at: [ 1044.621826] do_syscall_64+0xcf/0x110 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] RIP: 0033:0x457569 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] RSP: 002b:00007f8c33cf3c78 EFLAGS: 00000246 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] ORIG_RAX: 0000000000000133 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf46d4 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] Uninit was stored to memory at: [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.621826] __msan_chain_origin+0x6d/0xd0 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] __save_stack_trace+0x8be/0xc60 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] save_stack_trace+0xc6/0x110 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] [ 1044.621826] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] __msan_memcpy+0x6f/0x80 [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] pskb_expand_head+0x43b/0x1d20 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] ___sys_sendmsg+0xe68/0x1250 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] __sys_sendmmsg+0x56b/0xa90 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] __x64_sys_sendmmsg+0x56/0x70 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] do_syscall_64+0xcf/0x110 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] Uninit was stored to memory at: [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] __msan_chain_origin+0x6d/0xd0 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] __save_stack_trace+0x8be/0xc60 [ 1044.612670] [ 1044.621826] save_stack_trace+0xc6/0x110 [ 1044.612670] Uninit was stored to memory at: [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] __msan_memcpy+0x6f/0x80 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] pskb_expand_head+0x43b/0x1d20 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] ___sys_sendmsg+0xe68/0x1250 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] __sys_sendmmsg+0x56b/0xa90 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] __x64_sys_sendmmsg+0x56/0x70 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] do_syscall_64+0xcf/0x110 [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] __msan_chain_origin+0x6d/0xd0 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] __save_stack_trace+0x8be/0xc60 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] save_stack_trace+0xc6/0x110 [ 1044.612670] [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.612670] __msan_chain_origin+0x6d/0xd0 [ 1044.621826] __msan_memcpy+0x6f/0x80 [ 1044.612670] __save_stack_trace+0x8be/0xc60 [ 1044.621826] pskb_expand_head+0x43b/0x1d20 [ 1044.612670] save_stack_trace+0xc6/0x110 [ 1044.621826] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.612670] kmsan_internal_chain_origin+0x136/0x240 [ 1044.621826] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.612670] kmsan_memcpy_origins+0x13d/0x1b0 [ 1044.621826] ___sys_sendmsg+0xe68/0x1250 [ 1044.612670] __msan_memcpy+0x6f/0x80 [ 1044.621826] __sys_sendmmsg+0x56b/0xa90 [ 1044.612670] pskb_expand_head+0x43b/0x1d20 [ 1044.621826] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.612670] l2tp_xmit_skb+0x5a7/0x24b0 [ 1044.621826] __x64_sys_sendmmsg+0x56/0x70 [ 1044.612670] pppol2tp_sendmsg+0x7a6/0xba0 [ 1044.621826] do_syscall_64+0xcf/0x110 [ 1044.612670] ___sys_sendmsg+0xe68/0x1250 [ 1044.621826] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.612670] __sys_sendmmsg+0x56b/0xa90 [ 1044.621826] [ 1044.612670] __se_sys_sendmmsg+0xbd/0xe0 [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1044.612670] __x64_sys_sendmmsg+0x56/0x70 [ 1044.621826] __msan_chain_origin+0x6d/0xd0 [ 1044.612670] do_syscall_64+0xcf/0x110 [ 1044.621826] __save_stack_trace+0x8be/0xc60 [ 1044.612670] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1044.621826] save_stack_trace+0xc6/0x110 [ 1044.612670] [ 1044.621826] kmsan_internal_chain_origin+0x136/0x240 [ 1045.772166] kmsan_memcpy_origins+0x13d/0x1b0 [ 1045.772166] __msan_memcpy+0x6f/0x80 [ 1045.772166] pskb_expand_head+0x43b/0x1d20 [ 1045.772166] l2tp_xmit_skb+0x5a7/0x24b0 [ 1045.772166] pppol2tp_sendmsg+0x7a6/0xba0 [ 1045.772166] ___sys_sendmsg+0xe68/0x1250 [ 1045.772166] __sys_sendmmsg+0x56b/0xa90 [ 1045.772166] __se_sys_sendmmsg+0xbd/0xe0 [ 1045.772166] __x64_sys_sendmmsg+0x56/0x70 [ 1045.772166] do_syscall_64+0xcf/0x110 [ 1045.772166] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1045.772166] [ 1045.772166] Uninit was stored to memory at: [ 1045.823689] kmsan_internal_chain_origin+0x136/0x240 [ 1045.823689] __msan_chain_origin+0x6d/0xd0 [ 1045.823689] __save_stack_trace+0x8be/0xc60 [ 1045.823689] save_stack_trace+0xc6/0x110 [ 1045.823689] kmsan_internal_chain_origin+0x136/0x240 [ 1045.823689] kmsan_memcpy_origins+0x13d/0x1b0 [ 1045.823689] __msan_memcpy+0x6f/0x80 [ 1045.823689] pskb_expand_head+0x43b/0x1d20 [ 1045.859424] l2tp_xmit_skb+0x5a7/0x24b0 [ 1045.860221] pppol2tp_sendmsg+0x7a6/0xba0 [ 1045.860221] ___sys_sendmsg+0xe68/0x1250 [ 1045.860221] __sys_sendmmsg+0x56b/0xa90 [ 1045.860221] __se_sys_sendmmsg+0xbd/0xe0 [ 1045.860221] __x64_sys_sendmmsg+0x56/0x70 [ 1045.860221] do_syscall_64+0xcf/0x110 [ 1045.860221] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1045.860221] [ 1045.860221] Uninit was stored to memory at: [ 1045.860221] kmsan_internal_chain_origin+0x136/0x240 [ 1045.860221] __msan_chain_origin+0x6d/0xd0 [ 1045.860221] __save_stack_trace+0x8be/0xc60 [ 1045.860221] save_stack_trace+0xc6/0x110 [ 1045.860221] kmsan_internal_chain_origin+0x136/0x240 [ 1045.860221] kmsan_memcpy_origins+0x13d/0x1b0 [ 1045.860221] __msan_memcpy+0x6f/0x80 [ 1045.860221] pskb_expand_head+0x43b/0x1d20 [ 1045.860221] l2tp_xmit_skb+0x5a7/0x24b0 [ 1045.860221] pppol2tp_sendmsg+0x7a6/0xba0 [ 1045.860221] ___sys_sendmsg+0xe68/0x1250 [ 1045.860221] __sys_sendmmsg+0x56b/0xa90 [ 1045.860221] __se_sys_sendmmsg+0xbd/0xe0 [ 1045.860221] __x64_sys_sendmmsg+0x56/0x70 [ 1045.860221] do_syscall_64+0xcf/0x110 [ 1045.860221] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1045.860221] [ 1045.860221] Uninit was stored to memory at: [ 1045.860221] kmsan_internal_chain_origin+0x136/0x240 [ 1045.860221] __msan_chain_origin+0x6d/0xd0 [ 1045.860221] __save_stack_trace+0x8be/0xc60 [ 1045.860221] save_stack_trace+0xc6/0x110 [ 1045.860221] kmsan_internal_chain_origin+0x136/0x240 [ 1045.860221] kmsan_memcpy_origins+0x13d/0x1b0 [ 1045.860221] __msan_memcpy+0x6f/0x80 [ 1045.860221] pskb_expand_head+0x43b/0x1d20 [ 1045.860221] l2tp_xmit_skb+0x5a7/0x24b0 [ 1045.860221] pppol2tp_sendmsg+0x7a6/0xba0 [ 1045.860221] ___sys_sendmsg+0xe68/0x1250 [ 1045.860221] __sys_sendmmsg+0x56b/0xa90 [ 1045.860221] __se_sys_sendmmsg+0xbd/0xe0 [ 1045.860221] __x64_sys_sendmmsg+0x56/0x70 [ 1045.860221] do_syscall_64+0xcf/0x110 [ 1045.860221] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1045.860221] [ 1045.860221] Local variable description: ----iph@ip_vs_out [ 1045.860221] Variable was created at: [ 1045.860221] ip_vs_out+0x1bf/0x4570 [ 1045.860221] ip_vs_local_reply6+0xec/0x130 [ 1046.062741] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1046.084783] not chained 2380000 origins [ 1046.088760] CPU: 1 PID: 26715 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1046.091806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1046.091806] Call Trace: [ 1046.091806] dump_stack+0x32d/0x480 [ 1046.091806] kmsan_internal_chain_origin+0x222/0x240 [ 1046.091806] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] ? save_stack_trace+0xc6/0x110 [ 1046.091806] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1046.091806] ? kmsan_internal_chain_origin+0x90/0x240 [ 1046.091806] ? get_stack_info+0x863/0x9d0 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] ? ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] ? ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] ? kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] ? __msan_memcpy+0x6f/0x80 [ 1046.091806] ? pskb_expand_head+0x43b/0x1d20 [ 1046.091806] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ? ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] ? __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] ? __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] ? do_syscall_64+0xcf/0x110 [ 1046.091806] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1046.091806] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1046.091806] ? memcg_kmem_put_cache+0x8e/0x460 [ 1046.091806] ? __msan_get_context_state+0x9/0x30 [ 1046.091806] ? INIT_INT+0xc/0x30 [ 1046.091806] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1046.091806] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1046.091806] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1046.091806] ? rcu_all_qs+0x3b/0x310 [ 1046.091806] ? _cond_resched+0x59/0x120 [ 1046.091806] ? rcu_all_qs+0x53/0x310 [ 1046.091806] ? _cond_resched+0x37/0x120 [ 1046.091806] ? __sys_sendmmsg+0x7c9/0xa90 [ 1046.091806] ? _cond_resched+0x59/0x120 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] ? syscall_return_slowpath+0x123/0x8c0 [ 1046.091806] ? put_timespec64+0x162/0x220 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] RIP: 0033:0x457569 [ 1046.091806] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1046.091806] RSP: 002b:00007f8c33cf3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1046.091806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1046.091806] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1046.091806] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1046.091806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33cf46d4 [ 1046.091806] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Uninit was stored to memory at: [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] __msan_chain_origin+0x6d/0xd0 [ 1046.091806] __save_stack_trace+0x8be/0xc60 [ 1046.091806] save_stack_trace+0xc6/0x110 [ 1046.091806] kmsan_internal_chain_origin+0x136/0x240 [ 1046.091806] kmsan_memcpy_origins+0x13d/0x1b0 [ 1046.091806] __msan_memcpy+0x6f/0x80 [ 1046.091806] pskb_expand_head+0x43b/0x1d20 [ 1046.091806] l2tp_xmit_skb+0x5a7/0x24b0 [ 1046.091806] pppol2tp_sendmsg+0x7a6/0xba0 [ 1046.091806] ___sys_sendmsg+0xe68/0x1250 [ 1046.091806] __sys_sendmmsg+0x56b/0xa90 [ 1046.091806] __se_sys_sendmmsg+0xbd/0xe0 [ 1046.091806] __x64_sys_sendmmsg+0x56/0x70 [ 1046.091806] do_syscall_64+0xcf/0x110 [ 1046.091806] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1046.091806] [ 1046.091806] Local variable description: ----iph@ip_vs_out [ 1046.091806] Variable was created at: [ 1046.091806] ip_vs_out+0x1bf/0x4570 [ 1046.091806] ip_vs_local_reply6+0xec/0x130 [ 1046.951770] Dead loop on virtual device ip6_vti0, fix it urgently! 06:07:02 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0xb) r1 = socket$l2tp(0x18, 0x1, 0x1) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0x20000) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000180)=""/223) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 06:07:02 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0), 0x0, 0x0, &(0x7f0000001380)={0x77359400}) 06:07:02 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score\x00') preadv(r0, &(0x7f00000017c0), 0x10000000000001c0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{}], 0x1, &(0x7f00000000c0)={r1, r2+30000000}, &(0x7f0000000100), 0x8) 06:07:02 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x40, 0x48040) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x100000000) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x3, 0x10000) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000040)={0x7ff, 0x2a5}) syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r1, 0xffffffffffff7fff, &(0x7f0000000100)) 06:07:02 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x6, 0xbe91cfba8deb25f6) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x9, 0x3, 0x0, 0x25}, {0x3, 0x80, 0x4, 0xb19}, {0x1ff, 0x3, 0x51, 0x4}]}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:07:02 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f", 0x1c) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1047.236034] Dead loop on virtual device ip6_vti0, fix it urgently! 06:07:02 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300), 0x0, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1047.376211] not chained 2390000 origins [ 1047.380257] CPU: 0 PID: 26765 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1047.381865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1047.396116] Call Trace: [ 1047.396116] dump_stack+0x32d/0x480 [ 1047.396116] kmsan_internal_chain_origin+0x222/0x240 [ 1047.402976] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.412028] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.412028] ? save_stack_trace+0xc6/0x110 [ 1047.412028] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1047.412028] ? kmsan_internal_chain_origin+0x90/0x240 [ 1047.412028] ? get_stack_info+0x863/0x9d0 [ 1047.412028] __msan_chain_origin+0x6d/0xd0 [ 1047.412028] ? __sys_sendmmsg+0x56b/0xa90 [ 1047.412028] __save_stack_trace+0x8be/0xc60 [ 1047.412028] ? __sys_sendmmsg+0x56b/0xa90 [ 1047.412028] save_stack_trace+0xc6/0x110 [ 1047.412028] kmsan_internal_chain_origin+0x136/0x240 [ 1047.412028] ? kmsan_internal_chain_origin+0x136/0x240 [ 1047.412028] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.412028] ? __msan_memcpy+0x6f/0x80 [ 1047.412028] ? pskb_expand_head+0x43b/0x1d20 [ 1047.477327] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.482150] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.482150] ? ___sys_sendmsg+0xe68/0x1250 [ 1047.482150] ? __sys_sendmmsg+0x56b/0xa90 [ 1047.482150] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1047.482150] ? __x64_sys_sendmmsg+0x56/0x70 [ 1047.482150] ? do_syscall_64+0xcf/0x110 [ 1047.482150] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.482150] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1047.482150] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1047.482150] ? memcg_kmem_put_cache+0x8e/0x460 [ 1047.482150] ? __msan_get_context_state+0x9/0x30 [ 1047.482150] ? INIT_INT+0xc/0x30 [ 1047.482150] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1047.482150] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.482150] __msan_memcpy+0x6f/0x80 [ 1047.551952] pskb_expand_head+0x43b/0x1d20 [ 1047.551952] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.558323] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.558323] ___sys_sendmsg+0xe68/0x1250 [ 1047.558323] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1047.571950] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1047.571950] ? kmsan_set_origin+0x83/0x130 [ 1047.581035] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 1047.581035] ? _cond_resched+0xc7/0x120 [ 1047.581035] __sys_sendmmsg+0x56b/0xa90 [ 1047.581035] ? syscall_return_slowpath+0x123/0x8c0 [ 1047.581035] ? put_timespec64+0x162/0x220 [ 1047.581035] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.581035] __x64_sys_sendmmsg+0x56/0x70 [ 1047.581035] do_syscall_64+0xcf/0x110 [ 1047.581035] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.581035] RIP: 0033:0x457569 [ 1047.581035] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1047.634430] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1047.634430] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1047.634430] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1047.634430] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1047.634430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1047.634430] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1047.634430] Uninit was stored to memory at: [ 1047.634430] kmsan_internal_chain_origin+0x136/0x240 [ 1047.634430] __msan_chain_origin+0x6d/0xd0 [ 1047.634430] __save_stack_trace+0x8be/0xc60 [ 1047.634430] save_stack_trace+0xc6/0x110 [ 1047.634430] kmsan_internal_chain_origin+0x136/0x240 [ 1047.634430] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.634430] __msan_memcpy+0x6f/0x80 [ 1047.634430] pskb_expand_head+0x43b/0x1d20 [ 1047.634430] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.634430] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.634430] ___sys_sendmsg+0xe68/0x1250 [ 1047.634430] __sys_sendmmsg+0x56b/0xa90 [ 1047.634430] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.634430] __x64_sys_sendmmsg+0x56/0x70 [ 1047.752041] do_syscall_64+0xcf/0x110 [ 1047.752041] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.752041] [ 1047.752041] Uninit was stored to memory at: [ 1047.752041] kmsan_internal_chain_origin+0x136/0x240 06:07:02 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000100)={0x7, 0x70, 0x80000000, 0x0, 0x30, 0x6, 0x0, 0x2, 0x8, 0x8, 0x433e, 0x80000001, 0xffffffffffffffd8, 0xa1, 0x4, 0xd6, 0x2, 0x4f7f78d4, 0x1, 0x2, 0x2c81d7d7, 0x8, 0x0, 0x8, 0x8, 0xffffffff7fffffff, 0x3, 0x100, 0x0, 0x80, 0x6, 0xffff, 0x8, 0x6, 0xfffffffffffffffb, 0x3, 0x9, 0x3, 0x0, 0x1000, 0x0, @perf_config_ext={0x8001, 0xfffffffffffffff7}, 0x2000, 0x1, 0xffffffffffffffff, 0x6, 0xc58355d, 0x7, 0x2}, 0xffffffffffffffff, 0x10, 0xffffffffffffff9c, 0xe) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x1, 0x10000) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000180)=0xcf9, 0x4) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000040)) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000080)={0x0, 0x101, 0x2, {0x101, 0xd47, 0x6, 0x1}}) ioctl(r1, 0xffffffffffff8000, &(0x7f0000000000)) 06:07:02 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a90", 0x1e) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:07:02 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000380)="b7f2288a91199306696291c398d2d526e5fd9068907a463d28528b64156c617e8fe0b6f7c06a4b7cee65f932dbda33c12930a6810d76ebde8542e94b483b6b92c58e0fede672f4b4522e4c4d86caad8a89593bbd33a7b65488a7dd59be5cb8d0b2488ab2026844ccaab913a99ecb0aeb2a48e3a9d2006036fc4ae260e5bee566d1dfb28ab65ecad3eafbf67de195ee6a8f6af69f9bd971cecb238263fca7250d64af16ca449819f7b50bfdbbdd164d8edab8a539d94e060f779ae65860800d59196272a3ec0f8177d3c0a11d6915a58f926f2608604ab47b0591c9c7f0730d25fb0b8ae9f6a13ecc18eacf7376ccbf10f0e90ed6dfb659f4bb6cb24116e1ad3bdea411860f72c2", 0x0) [ 1047.773346] __msan_chain_origin+0x6d/0xd0 [ 1047.773346] __save_stack_trace+0x8be/0xc60 [ 1047.773346] save_stack_trace+0xc6/0x110 [ 1047.773346] kmsan_internal_chain_origin+0x136/0x240 [ 1047.773346] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.773346] __msan_memcpy+0x6f/0x80 [ 1047.773346] pskb_expand_head+0x43b/0x1d20 [ 1047.773346] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.773346] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.773346] ___sys_sendmsg+0xe68/0x1250 [ 1047.773346] __sys_sendmmsg+0x56b/0xa90 [ 1047.821955] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.821955] __x64_sys_sendmmsg+0x56/0x70 [ 1047.821955] do_syscall_64+0xcf/0x110 [ 1047.832113] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.832113] [ 1047.832113] Uninit was stored to memory at: [ 1047.832113] kmsan_internal_chain_origin+0x136/0x240 [ 1047.832113] __msan_chain_origin+0x6d/0xd0 [ 1047.832113] __save_stack_trace+0x8be/0xc60 [ 1047.832113] save_stack_trace+0xc6/0x110 [ 1047.832113] kmsan_internal_chain_origin+0x136/0x240 [ 1047.832113] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.832113] __msan_memcpy+0x6f/0x80 [ 1047.832113] pskb_expand_head+0x43b/0x1d20 [ 1047.832113] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.832113] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.832113] ___sys_sendmsg+0xe68/0x1250 [ 1047.832113] __sys_sendmmsg+0x56b/0xa90 [ 1047.832113] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.832113] __x64_sys_sendmmsg+0x56/0x70 [ 1047.832113] do_syscall_64+0xcf/0x110 [ 1047.832113] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.913820] [ 1047.913820] Uninit was stored to memory at: [ 1047.913820] kmsan_internal_chain_origin+0x136/0x240 [ 1047.913820] __msan_chain_origin+0x6d/0xd0 [ 1047.913820] __save_stack_trace+0x8be/0xc60 [ 1047.913820] save_stack_trace+0xc6/0x110 [ 1047.913820] kmsan_internal_chain_origin+0x136/0x240 [ 1047.913820] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.913820] __msan_memcpy+0x6f/0x80 [ 1047.913820] pskb_expand_head+0x43b/0x1d20 [ 1047.913820] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.913820] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.964370] ___sys_sendmsg+0xe68/0x1250 [ 1047.964370] __sys_sendmmsg+0x56b/0xa90 [ 1047.964370] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.964370] __x64_sys_sendmmsg+0x56/0x70 [ 1047.964370] do_syscall_64+0xcf/0x110 [ 1047.964370] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.964370] [ 1047.964370] Uninit was stored to memory at: [ 1047.964370] kmsan_internal_chain_origin+0x136/0x240 [ 1047.964370] __msan_chain_origin+0x6d/0xd0 [ 1047.964370] __save_stack_trace+0x8be/0xc60 [ 1047.964370] save_stack_trace+0xc6/0x110 [ 1047.964370] kmsan_internal_chain_origin+0x136/0x240 [ 1047.964370] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.964370] __msan_memcpy+0x6f/0x80 [ 1047.964370] pskb_expand_head+0x43b/0x1d20 [ 1047.964370] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.964370] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.964370] ___sys_sendmsg+0xe68/0x1250 [ 1047.964370] __sys_sendmmsg+0x56b/0xa90 [ 1047.964370] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.964370] __x64_sys_sendmmsg+0x56/0x70 [ 1047.964370] do_syscall_64+0xcf/0x110 [ 1047.964370] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.964370] [ 1047.964370] Uninit was stored to memory at: [ 1047.964370] kmsan_internal_chain_origin+0x136/0x240 [ 1047.964370] __msan_chain_origin+0x6d/0xd0 [ 1047.964370] __save_stack_trace+0x8be/0xc60 [ 1047.964370] save_stack_trace+0xc6/0x110 [ 1047.964370] kmsan_internal_chain_origin+0x136/0x240 [ 1047.964370] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.964370] __msan_memcpy+0x6f/0x80 [ 1047.964370] pskb_expand_head+0x43b/0x1d20 [ 1047.964370] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.964370] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.964370] ___sys_sendmsg+0xe68/0x1250 [ 1047.964370] __sys_sendmmsg+0x56b/0xa90 [ 1047.964370] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.964370] __x64_sys_sendmmsg+0x56/0x70 [ 1047.964370] do_syscall_64+0xcf/0x110 [ 1047.964370] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.964370] [ 1047.964370] Uninit was stored to memory at: [ 1047.964370] kmsan_internal_chain_origin+0x136/0x240 [ 1047.964370] __msan_chain_origin+0x6d/0xd0 [ 1047.964370] __save_stack_trace+0x8be/0xc60 [ 1047.964370] save_stack_trace+0xc6/0x110 [ 1047.964370] kmsan_internal_chain_origin+0x136/0x240 [ 1047.964370] kmsan_memcpy_origins+0x13d/0x1b0 [ 1047.964370] __msan_memcpy+0x6f/0x80 [ 1047.964370] pskb_expand_head+0x43b/0x1d20 [ 1047.964370] l2tp_xmit_skb+0x5a7/0x24b0 [ 1047.964370] pppol2tp_sendmsg+0x7a6/0xba0 [ 1047.964370] ___sys_sendmsg+0xe68/0x1250 [ 1047.964370] __sys_sendmmsg+0x56b/0xa90 [ 1047.964370] __se_sys_sendmmsg+0xbd/0xe0 [ 1047.964370] __x64_sys_sendmmsg+0x56/0x70 [ 1047.964370] do_syscall_64+0xcf/0x110 [ 1047.964370] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1047.964370] [ 1047.964370] Local variable description: ----iph@ip_vs_out [ 1047.964370] Variable was created at: [ 1047.964370] ip_vs_out+0x1bf/0x4570 06:07:03 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300), 0x0, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1047.964370] ip_vs_local_reply6+0xec/0x130 [ 1048.235320] Dead loop on virtual device ip6_vti0, fix it urgently! 06:07:03 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a90", 0x1e) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1048.418517] not chained 2400000 origins [ 1048.421810] CPU: 0 PID: 26765 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1048.421810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.421810] Call Trace: [ 1048.421810] dump_stack+0x32d/0x480 [ 1048.421810] kmsan_internal_chain_origin+0x222/0x240 [ 1048.421810] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.421810] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1048.421810] ? save_stack_trace+0xc6/0x110 [ 1048.421810] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1048.421810] ? kmsan_internal_chain_origin+0x90/0x240 [ 1048.421810] ? get_stack_info+0x863/0x9d0 [ 1048.477694] __msan_chain_origin+0x6d/0xd0 [ 1048.477694] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.477694] __save_stack_trace+0x8be/0xc60 [ 1048.477694] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.477694] save_stack_trace+0xc6/0x110 [ 1048.477694] kmsan_internal_chain_origin+0x136/0x240 [ 1048.477694] ? kmsan_internal_chain_origin+0x136/0x240 [ 1048.477694] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1048.477694] ? __msan_memcpy+0x6f/0x80 [ 1048.477694] ? pskb_expand_head+0x43b/0x1d20 [ 1048.477694] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.477694] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1048.477694] ? ___sys_sendmsg+0xe68/0x1250 [ 1048.477694] ? __sys_sendmmsg+0x56b/0xa90 [ 1048.538715] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1048.538715] ? __x64_sys_sendmmsg+0x56/0x70 [ 1048.538715] ? do_syscall_64+0xcf/0x110 [ 1048.538715] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1048.538715] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1048.538715] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1048.538715] ? memcg_kmem_put_cache+0x8e/0x460 [ 1048.538715] ? __msan_get_context_state+0x9/0x30 [ 1048.538715] ? INIT_INT+0xc/0x30 [ 1048.538715] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1048.538715] kmsan_memcpy_origins+0x13d/0x1b0 [ 1048.588319] __msan_memcpy+0x6f/0x80 [ 1048.588319] pskb_expand_head+0x43b/0x1d20 [ 1048.588319] l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.588319] pppol2tp_sendmsg+0x7a6/0xba0 [ 1048.588319] ___sys_sendmsg+0xe68/0x1250 [ 1048.588319] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1048.588319] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1048.621975] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1048.622930] ? rcu_all_qs+0x3b/0x310 [ 1048.622930] ? _cond_resched+0x59/0x120 [ 1048.622930] ? rcu_all_qs+0x53/0x310 [ 1048.638272] ? _cond_resched+0x37/0x120 [ 1048.638272] ? __sys_sendmmsg+0x7c9/0xa90 [ 1048.638272] ? _cond_resched+0x59/0x120 [ 1048.638272] __sys_sendmmsg+0x56b/0xa90 [ 1048.638272] ? syscall_return_slowpath+0x123/0x8c0 [ 1048.638272] ? put_timespec64+0x162/0x220 [ 1048.662209] __se_sys_sendmmsg+0xbd/0xe0 [ 1048.662209] __x64_sys_sendmmsg+0x56/0x70 [ 1048.662209] do_syscall_64+0xcf/0x110 [ 1048.662209] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1048.662209] RIP: 0033:0x457569 [ 1048.662209] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1048.689044] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1048.689044] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1048.689044] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1048.689044] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1048.689044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1048.689044] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1048.689044] Uninit was stored to memory at: [ 1048.749585] kmsan_internal_chain_origin+0x136/0x240 [ 1048.749585] __msan_chain_origin+0x6d/0xd0 [ 1048.749585] __save_stack_trace+0x8be/0xc60 [ 1048.749585] save_stack_trace+0xc6/0x110 [ 1048.749585] kmsan_internal_chain_origin+0x136/0x240 [ 1048.771754] kmsan_memcpy_origins+0x13d/0x1b0 [ 1048.771754] __msan_memcpy+0x6f/0x80 [ 1048.771754] pskb_expand_head+0x43b/0x1d20 [ 1048.771754] l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.771754] pppol2tp_sendmsg+0x7a6/0xba0 [ 1048.771754] ___sys_sendmsg+0xe68/0x1250 [ 1048.800018] __sys_sendmmsg+0x56b/0xa90 [ 1048.800018] __se_sys_sendmmsg+0xbd/0xe0 [ 1048.800018] __x64_sys_sendmmsg+0x56/0x70 [ 1048.800018] do_syscall_64+0xcf/0x110 [ 1048.814108] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1048.814108] [ 1048.814108] Uninit was stored to memory at: [ 1048.814108] kmsan_internal_chain_origin+0x136/0x240 [ 1048.814108] __msan_chain_origin+0x6d/0xd0 [ 1048.814108] __save_stack_trace+0x8be/0xc60 [ 1048.814108] save_stack_trace+0xc6/0x110 [ 1048.814108] kmsan_internal_chain_origin+0x136/0x240 [ 1048.814108] kmsan_memcpy_origins+0x13d/0x1b0 [ 1048.814108] __msan_memcpy+0x6f/0x80 [ 1048.814108] pskb_expand_head+0x43b/0x1d20 [ 1048.814108] l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.814108] pppol2tp_sendmsg+0x7a6/0xba0 [ 1048.814108] ___sys_sendmsg+0xe68/0x1250 [ 1048.814108] __sys_sendmmsg+0x56b/0xa90 [ 1048.814108] __se_sys_sendmmsg+0xbd/0xe0 [ 1048.814108] __x64_sys_sendmmsg+0x56/0x70 [ 1048.885352] do_syscall_64+0xcf/0x110 [ 1048.891944] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1048.891944] [ 1048.891944] Uninit was stored to memory at: [ 1048.891944] kmsan_internal_chain_origin+0x136/0x240 [ 1048.891944] __msan_chain_origin+0x6d/0xd0 [ 1048.891944] __save_stack_trace+0x8be/0xc60 [ 1048.891944] save_stack_trace+0xc6/0x110 [ 1048.891944] kmsan_internal_chain_origin+0x136/0x240 [ 1048.891944] kmsan_memcpy_origins+0x13d/0x1b0 [ 1048.891944] __msan_memcpy+0x6f/0x80 [ 1048.891944] pskb_expand_head+0x43b/0x1d20 [ 1048.891944] l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.891944] pppol2tp_sendmsg+0x7a6/0xba0 [ 1048.944536] ___sys_sendmsg+0xe68/0x1250 [ 1048.950069] __sys_sendmmsg+0x56b/0xa90 [ 1048.950069] __se_sys_sendmmsg+0xbd/0xe0 [ 1048.950069] __x64_sys_sendmmsg+0x56/0x70 [ 1048.961958] do_syscall_64+0xcf/0x110 [ 1048.961958] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1048.961958] [ 1048.961958] Uninit was stored to memory at: [ 1048.976301] kmsan_internal_chain_origin+0x136/0x240 [ 1048.976301] __msan_chain_origin+0x6d/0xd0 [ 1048.976301] __save_stack_trace+0x8be/0xc60 [ 1048.976301] save_stack_trace+0xc6/0x110 [ 1048.976301] kmsan_internal_chain_origin+0x136/0x240 [ 1048.976301] kmsan_memcpy_origins+0x13d/0x1b0 [ 1048.976301] __msan_memcpy+0x6f/0x80 [ 1048.976301] pskb_expand_head+0x43b/0x1d20 [ 1048.976301] l2tp_xmit_skb+0x5a7/0x24b0 [ 1048.976301] pppol2tp_sendmsg+0x7a6/0xba0 [ 1048.976301] ___sys_sendmsg+0xe68/0x1250 [ 1048.976301] __sys_sendmmsg+0x56b/0xa90 [ 1048.976301] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.031979] __x64_sys_sendmmsg+0x56/0x70 [ 1049.031979] do_syscall_64+0xcf/0x110 [ 1049.031979] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.031979] [ 1049.031979] Uninit was stored to memory at: [ 1049.031979] kmsan_internal_chain_origin+0x136/0x240 [ 1049.031979] __msan_chain_origin+0x6d/0xd0 [ 1049.031979] __save_stack_trace+0x8be/0xc60 [ 1049.031979] save_stack_trace+0xc6/0x110 [ 1049.031979] kmsan_internal_chain_origin+0x136/0x240 [ 1049.031979] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.031979] __msan_memcpy+0x6f/0x80 [ 1049.082002] pskb_expand_head+0x43b/0x1d20 [ 1049.082002] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.082002] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.082002] ___sys_sendmsg+0xe68/0x1250 [ 1049.082002] __sys_sendmmsg+0x56b/0xa90 [ 1049.102069] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.102069] __x64_sys_sendmmsg+0x56/0x70 [ 1049.102069] do_syscall_64+0xcf/0x110 [ 1049.102069] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.102069] [ 1049.102069] Uninit was stored to memory at: [ 1049.102069] kmsan_internal_chain_origin+0x136/0x240 [ 1049.102069] __msan_chain_origin+0x6d/0xd0 [ 1049.102069] __save_stack_trace+0x8be/0xc60 [ 1049.139643] save_stack_trace+0xc6/0x110 [ 1049.139643] kmsan_internal_chain_origin+0x136/0x240 [ 1049.139643] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.139643] __msan_memcpy+0x6f/0x80 [ 1049.139643] pskb_expand_head+0x43b/0x1d20 [ 1049.139643] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.139643] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.139643] ___sys_sendmsg+0xe68/0x1250 [ 1049.139643] __sys_sendmmsg+0x56b/0xa90 [ 1049.139643] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.139643] __x64_sys_sendmmsg+0x56/0x70 [ 1049.139643] do_syscall_64+0xcf/0x110 [ 1049.139643] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.139643] [ 1049.139643] Uninit was stored to memory at: [ 1049.139643] kmsan_internal_chain_origin+0x136/0x240 [ 1049.139643] __msan_chain_origin+0x6d/0xd0 [ 1049.139643] __save_stack_trace+0x8be/0xc60 [ 1049.139643] save_stack_trace+0xc6/0x110 [ 1049.139643] kmsan_internal_chain_origin+0x136/0x240 [ 1049.139643] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.139643] __msan_memcpy+0x6f/0x80 [ 1049.139643] pskb_expand_head+0x43b/0x1d20 [ 1049.139643] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.139643] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.139643] ___sys_sendmsg+0xe68/0x1250 [ 1049.139643] __sys_sendmmsg+0x56b/0xa90 [ 1049.139643] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.139643] __x64_sys_sendmmsg+0x56/0x70 [ 1049.139643] do_syscall_64+0xcf/0x110 [ 1049.139643] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.139643] [ 1049.139643] Local variable description: ----iph@ip_vs_out [ 1049.139643] Variable was created at: [ 1049.139643] ip_vs_out+0x1bf/0x4570 [ 1049.139643] ip_vs_local_reply6+0xec/0x130 [ 1049.292387] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1049.318444] not chained 2410000 origins [ 1049.321825] CPU: 0 PID: 26765 Comm: syz-executor0 Not tainted 4.19.0+ #77 [ 1049.321825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.321825] Call Trace: [ 1049.321825] dump_stack+0x32d/0x480 [ 1049.321825] kmsan_internal_chain_origin+0x222/0x240 [ 1049.321825] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] ? save_stack_trace+0xc6/0x110 [ 1049.321825] ? __irqentry_text_end+0x1fa056/0x1fa056 [ 1049.321825] ? kmsan_internal_chain_origin+0x90/0x240 [ 1049.321825] ? get_stack_info+0x863/0x9d0 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] ? pskb_expand_head+0x43b/0x1d20 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] ? pskb_expand_head+0x43b/0x1d20 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] ? kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] ? __msan_memcpy+0x6f/0x80 [ 1049.321825] ? pskb_expand_head+0x43b/0x1d20 [ 1049.321825] ? l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] ? pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ? ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] ? __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] ? __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] ? __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] ? do_syscall_64+0xcf/0x110 [ 1049.321825] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1049.321825] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1049.321825] ? memcg_kmem_put_cache+0x8e/0x460 [ 1049.321825] ? __msan_get_context_state+0x9/0x30 [ 1049.321825] ? INIT_INT+0xc/0x30 [ 1049.321825] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] ? kmsan_set_origin+0x83/0x130 [ 1049.321825] ? pppol2tp_getsockopt+0x1060/0x1060 [ 1049.321825] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1049.321825] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1049.321825] ? rcu_all_qs+0x3b/0x310 [ 1049.321825] ? _cond_resched+0x59/0x120 [ 1049.321825] ? rcu_all_qs+0x53/0x310 [ 1049.321825] ? _cond_resched+0x37/0x120 [ 1049.321825] ? __sys_sendmmsg+0x7c9/0xa90 [ 1049.321825] ? _cond_resched+0x59/0x120 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] ? syscall_return_slowpath+0x123/0x8c0 [ 1049.321825] ? put_timespec64+0x162/0x220 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] RIP: 0033:0x457569 [ 1049.321825] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1049.321825] RSP: 002b:00007f8c33d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1049.321825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 1049.321825] RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 1049.321825] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1049.321825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c33d156d4 [ 1049.321825] R13: 00000000004c374a R14: 00000000004d57b8 R15: 00000000ffffffff [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Uninit was stored to memory at: [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] __msan_chain_origin+0x6d/0xd0 [ 1049.321825] __save_stack_trace+0x8be/0xc60 [ 1049.321825] save_stack_trace+0xc6/0x110 [ 1049.321825] kmsan_internal_chain_origin+0x136/0x240 [ 1049.321825] kmsan_memcpy_origins+0x13d/0x1b0 [ 1049.321825] __msan_memcpy+0x6f/0x80 [ 1049.321825] pskb_expand_head+0x43b/0x1d20 [ 1049.321825] l2tp_xmit_skb+0x5a7/0x24b0 [ 1049.321825] pppol2tp_sendmsg+0x7a6/0xba0 [ 1049.321825] ___sys_sendmsg+0xe68/0x1250 [ 1049.321825] __sys_sendmmsg+0x56b/0xa90 [ 1049.321825] __se_sys_sendmmsg+0xbd/0xe0 [ 1049.321825] __x64_sys_sendmmsg+0x56/0x70 [ 1049.321825] do_syscall_64+0xcf/0x110 [ 1049.321825] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1049.321825] [ 1049.321825] Local variable description: ----iph@ip_vs_out [ 1049.321825] Variable was created at: [ 1049.321825] ip_vs_out+0x1bf/0x4570 [ 1049.321825] ip_vs_local_reply6+0xec/0x130 06:07:05 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000f85000)=ANY=[@ANYBLOB="020100000c000000000000000000000005000600000000000a00000000000000000800000000000002000000e0000002000000000000000005000500000000000a0000000000000000000000000000000000ffffffffffff0000000000000000"], 0x60}}, 0x0) sendmsg$key(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 06:07:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x420200) mkdirat$cgroup(r1, &(0x7f0000000040)='syz1\x00', 0x1ff) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="20028b48869c76ef8326afdc0200003e7dc6acaab25dd488e2770f0c03a89d7212aa3e579cc2d10f725f40bb46e485ae2911e009d626461f617fe56fda4419abd342d5ba14c578edace9f017a0d2a0b49a3a374c9e924d7387cfd48772a612b4f9c9b809fd7acdd08aa2f92df47a273001f1e8ac2278adf1a30741736debcbddef66b7dcd7e5bb421841f9faa26462b40b4be5d297a3f80a637a830e9a8dfc10ce89ec3b7e634164f5862154a4d4873b90b52a6f3d735e026406f7b7495bbfe74aed96005bef771e737fdb4eb511518d3a4d9870302befb2a2138ffb5ad3a7", @ANYRES16=r2, @ANYBLOB="030025bd7000ffdbdf2501000000ff0700000000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0) 06:07:05 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000489004bddd9de91be10eebf000ee91e18f0c76fbb232a07424ae1e901d2da75af1f0200f5ab26d7e071fb35331ce39c5a0000") ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000000)={0x3, 0x9, 0x4, 0x401, 0x400}) getrlimit(0x0, &(0x7f00000000c0)) ioctl$FS_IOC_FSGETXATTR(r1, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0x5}) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) 06:07:05 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$kcm(0xa, 0x1, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8953, &(0x7f0000000000)=0x2) 06:07:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={"73797a5f74756e00000000000100", 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newaddr={0x2c, 0x14, 0x109, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_ADDRESS={0x14, 0x1, @local}]}, 0x2c}}, 0x0) 06:07:05 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a90", 0x1e) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:07:05 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:07:05 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000100)={0xffffffffffffffff}) getpeername$inet(r1, &(0x7f0000000140)={0x2, 0x0, @multicast1}, &(0x7f0000000180)=0x10) 06:07:05 executing program 3: clone(0x200000041fc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000280)={&(0x7f0000000140)=[0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1, 0x3, 0x8, 0x9}) ptrace(0x10, r0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x80000001}, 0x1c) ptrace$getsig(0x2, r0, 0xffffffffff600003, &(0x7f0000000040)) 06:07:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000000000)={0x0, 0x4, {0x9, 0x0, 0x201b, 0xd, 0xf, 0x3, 0x1, 0x5}}) ioctl$VIDIOC_QUERYMENU(r1, 0xc02c5625, &(0x7f0000000080)={0x7fff, 0xfffffffffffffffb, @value=0x1}) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x161) ioctl$NBD_CLEAR_QUE(r1, 0xab05) 06:07:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000002000290f0000000000000000020000000000000000000004000000000c0014005da0b1fb7bf34cb15f93b7e97c4abaa7e06f4d3946eb98f499ae147a46ee1e760300000000000000a04279e0b830e1d436ccd68d7e65c0a8e096ba196185daaff4c49154a085e8b8ff2562b4fc36565d6147dedf3db91d5ff34b501687772fc3c148cbb42bf1ab86db3144feb871c9ef3a6bdb13629b4984590515", @ANYRES32, @ANYRES32=0x0], 0x3}}, 0x0) 06:07:05 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:07:06 executing program 0: socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x8c) r1 = socket$inet6(0xa, 0x6, 0x0) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000240)=""/141, 0x8d, 0x0, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000001000)=ANY=[@ANYBLOB="7b1af8ff0000000069a2f8ff00000000bf2000000000000095"], &(0x7f0000000140)='GPL\x00'}, 0x48) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r2 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r2, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r2, 0x107, 0x5, &(0x7f0000001000), 0xc5) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[], &(0x7f0000000400)) r3 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0xc9}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) 06:07:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000080)={0x0, 0x0, 0x9}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) 06:07:06 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) accept$alg(r0, 0x0, 0x0) ioctl$RTC_WIE_ON(r0, 0x700f) 06:07:06 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000000)) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x3, 0x8000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xa2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x9c, r2, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfff}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x58}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x4}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x8004}, 0x4000000) 06:07:06 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 06:07:06 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x200000, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 06:07:06 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r1, &(0x7f0000000000)={'exec ', '&&\x00'}, 0x8) 06:07:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000080)={0x0, 0x0, 0x9}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) 06:07:06 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x48800, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x86000, 0x0) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000080)={r1, 0x16, 0x5, r2}) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x40, 0x0) ioctl(r3, 0xffffffffffff8000, &(0x7f0000000000)) [ 1051.948136] ================================================================== [ 1051.951801] BUG: KMSAN: uninit-value in aa_fqlookupn_profile+0x336/0x730 [ 1051.951801] CPU: 0 PID: 26865 Comm: syz-executor3 Not tainted 4.19.0+ #77 [ 1051.967953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.967953] Call Trace: [ 1051.967953] dump_stack+0x32d/0x480 [ 1051.967953] ? _raw_spin_lock_irqsave+0x237/0x340 [ 1051.967953] ? aa_fqlookupn_profile+0x336/0x730 [ 1051.967953] kmsan_report+0x1a2/0x2e0 [ 1051.967953] __msan_warning+0x74/0xd0 [ 1051.967953] aa_fqlookupn_profile+0x336/0x730 [ 1051.967953] ? __msan_unpoison_alloca+0xa1/0xc0 [ 1051.967953] aa_label_strn_parse+0x17bb/0x1e70 [ 1051.967953] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 1051.967953] ? refcount_inc_not_zero_checked+0x5d7/0x6f0 [ 1051.967953] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 1051.967953] aa_label_parse+0x11f/0x130 [ 1051.967953] aa_change_profile+0x959/0x3da0 [ 1051.967953] ? __se_sys_write+0xc0/0x370 [ 1051.967953] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1051.967953] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1052.055045] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1052.055045] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 1052.055045] ? strcmp+0x83/0x160 [ 1052.055045] apparmor_setprocattr+0x1306/0x13a0 [ 1052.055045] ? apparmor_getprocattr+0x660/0x660 [ 1052.055045] security_setprocattr+0x139/0x210 [ 1052.055045] proc_pid_attr_write+0x407/0x4f0 [ 1052.055045] ? proc_pid_attr_read+0x530/0x530 [ 1052.055045] __vfs_write+0x1f4/0xb80 [ 1052.055045] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1052.055045] ? __sb_start_write+0x119/0x240 [ 1052.055045] vfs_write+0x4a3/0x8f0 [ 1052.055045] __se_sys_write+0x17a/0x370 [ 1052.055045] __x64_sys_write+0x4a/0x70 [ 1052.055045] do_syscall_64+0xcf/0x110 [ 1052.055045] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1052.122038] RIP: 0033:0x457569 [ 1052.122038] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1052.146406] RSP: 002b:00007ffb705f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1052.146406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 1052.146406] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000005 [ 1052.146406] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1052.146406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb705f86d4 [ 1052.146406] R13: 00000000004c5772 R14: 00000000004d9328 R15: 00000000ffffffff [ 1052.146406] [ 1052.146406] Local variable description: ----ns_name@aa_fqlookupn_profile [ 1052.146406] Variable was created at: [ 1052.146406] aa_fqlookupn_profile+0x79/0x730 [ 1052.146406] aa_label_strn_parse+0x17bb/0x1e70 [ 1052.146406] ================================================================== [ 1052.146406] Disabling lock debugging due to kernel taint [ 1052.227213] Kernel panic - not syncing: panic_on_warn set ... [ 1052.227213] [ 1052.227213] CPU: 0 PID: 26865 Comm: syz-executor3 Tainted: G B 4.19.0+ #77 06:07:07 executing program 5: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@nfc, 0x80, &(0x7f0000000080), 0x0, &(0x7f00000001c0)=""/128, 0x80}, 0x0) clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000300), 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000002580), 0x132058) setsockopt$inet6_buf(r2, 0x29, 0x0, &(0x7f0000000500), 0x0) write(r0, &(0x7f0000000440), 0x0) [ 1052.227213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.227213] Call Trace: [ 1052.227213] dump_stack+0x32d/0x480 [ 1052.227213] panic+0x57e/0xb28 [ 1052.227213] kmsan_report+0x2d3/0x2e0 [ 1052.227213] __msan_warning+0x74/0xd0 [ 1052.227213] aa_fqlookupn_profile+0x336/0x730 [ 1052.227213] ? __msan_unpoison_alloca+0xa1/0xc0 [ 1052.227213] aa_label_strn_parse+0x17bb/0x1e70 [ 1052.279495] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 1052.279495] ? refcount_inc_not_zero_checked+0x5d7/0x6f0 [ 1052.279495] ? __msan_metadata_ptr_for_load_1+0x10/0x20 06:07:07 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)=ANY=[], 0x358) recvmmsg(r1, &(0x7f0000001bc0)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/11, 0xb}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, &(0x7f0000000500)=""/172, 0xac}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) [ 1052.279495] aa_label_parse+0x11f/0x130 [ 1052.279495] aa_change_profile+0x959/0x3da0 [ 1052.279495] ? __se_sys_write+0xc0/0x370 [ 1052.279495] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1052.279495] ? __msan_poison_alloca+0x1e0/0x2b0 [ 1052.279495] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 1052.279495] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 1052.279495] ? strcmp+0x83/0x160 [ 1052.279495] apparmor_setprocattr+0x1306/0x13a0 [ 1052.279495] ? apparmor_getprocattr+0x660/0x660 06:07:07 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f0000000500)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000540)='TRUE', 0x4, 0x1) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x1, 0x2400) recvmsg$kcm(r1, &(0x7f0000000580)={&(0x7f0000000040)=@rc, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000240)=""/168, 0xa8}, {&(0x7f0000000300)=""/248, 0xf8}, {&(0x7f0000000140)=""/96, 0x60}, {&(0x7f0000000400)=""/114, 0x72}], 0x4, &(0x7f0000000480)=""/34, 0x22, 0x401}, 0x100) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000006c0)="e900288a911993f0269c79ad23a7701cfd8b55a2fa8c72f1b3be1879e623960822db", 0xffffffffffffff3d) ioctl$KDSETMODE(r1, 0x4b3a, 0x5) [ 1052.279495] security_setprocattr+0x139/0x210 [ 1052.279495] proc_pid_attr_write+0x407/0x4f0 [ 1052.279495] ? proc_pid_attr_read+0x530/0x530 [ 1052.279495] __vfs_write+0x1f4/0xb80 [ 1052.279495] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1052.279495] ? __sb_start_write+0x119/0x240 [ 1052.279495] vfs_write+0x4a3/0x8f0 [ 1052.376770] __se_sys_write+0x17a/0x370 [ 1052.376770] __x64_sys_write+0x4a/0x70 [ 1052.376770] do_syscall_64+0xcf/0x110 [ 1052.376770] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1052.376770] RIP: 0033:0x457569 [ 1052.376770] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1052.376770] RSP: 002b:00007ffb705f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1052.376770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 1052.376770] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000005 [ 1052.376770] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1052.376770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb705f86d4 [ 1052.376770] R13: 00000000004c5772 R14: 00000000004d9328 R15: 00000000ffffffff [ 1052.376770] Kernel Offset: disabled [ 1052.376770] Rebooting in 86400 seconds..