0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:40 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) [ 679.503099][T19473] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:40 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000019c0)={0x14, 0x0, &(0x7f0000001800)=[@acquire_done], 0x0, 0x0, 0x0}) [ 679.712316][T19473] device bond16 entered promiscuous mode [ 679.729862][T19478] device bridge26 entered promiscuous mode 06:05:40 executing program 1: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={0x0}}, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/nvme-fabrics\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000004040)='nl80211\x00', r0) [ 679.878308][T19515] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:40 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan1\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:41 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:41 executing program 2: getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000880), 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000004c0)}, 0x9010, 0x0, 0x0, 0x0, 0x81, 0x80, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) r1 = syz_io_uring_complete(0x0) recvmsg$can_j1939(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)=""/171, 0xab}, {&(0x7f00000003c0)=""/182, 0xb6}, {&(0x7f0000000500)=""/136, 0x88}, {&(0x7f00000005c0)=""/184, 0xb8}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {0xfffffffffffffffe}, {&(0x7f0000000180)=""/55, 0x37}, {&(0x7f0000000680)=""/243, 0xf3}, {&(0x7f0000000780)=""/87, 0x57}, {&(0x7f0000000800)=""/67, 0x43}], 0xa, &(0x7f0000001b80)=""/86, 0x56}, 0x0) write$binfmt_misc(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="5300000044a6aeabc81e150600000000000000100015f74017db9820000000000000d403ffff633b27e59aa19338ac231515ef7cae8c705b6156d23571eacb8df1d2c1249045b8682634dd9d37590a384849910fc9aa660802287275fd9a819f6c390244c62c3d77807e1b8f86746697f682e4075e000000000000de2b33768e76f3a227d6d4f23632530929cdd3601115f74b3012a081e4af9a1d22a991ebdcdfa06f6b4ee99c182cebc355eecfcefaf004dc20b91268c5b989f630ba60526d3db3ce7e9c1a7ca52cdffed2b762bb7c69c34d2775c7a7ef382112f5e9a3c4cdcbbe7eddeb5fc13a3551d1e27c14501ffaee1d397a3632f1d29ae8b50c3baf7f5347d6792d841d0618afb896c4f07b350fb2ad7baf2d14969c39b6e701a1f743e74a1448844dddd7cec053fbd3f65d93bcd65fb5b6683ae02a26eefc9e0e91d5f952aace597a7ab0e34c42b92303b1cf831c839a7c2b454933dffe66a0340681d2c87812d0b02d31b217b233c0c19d7475f5cab3293396edc17101e7eb8e99ef15c87d095e2ba252ad0e8dc99dd599a5788d022bfc691e98d139bf49cfc22f03a38bc640e552be8fcf9e160d0c33986985f7ca2ddc906dce40286dfaddbe8b61910857c7ac7d4f36f105fcde9b9a06acfe2c3b10efcb0ea757674172c033db2c32ca186565153ad95608ab42daa600"/510], 0x58) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xffff) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x7e) dup3(r3, r4, 0x0) 06:05:41 executing program 1: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x96441) [ 680.638927][T19532] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 680.710881][T19532] device bond17 entered promiscuous mode [ 680.745234][T19559] device bridge27 entered promiscuous mode 06:05:41 executing program 4: r0 = socket$inet(0x2, 0xa, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) [ 680.854371][T19571] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan1\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:42 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, &(0x7f0000000080)={0x0, [0x1, 0x5]}) 06:05:42 executing program 2: socket$inet(0x2, 0x0, 0x1000) 06:05:42 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) [ 681.624515][T19593] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:42 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x5460, 0x0) [ 681.716244][T19593] device bond18 entered promiscuous mode [ 681.724532][T19597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 681.757938][T19599] device bridge28 entered promiscuous mode 06:05:42 executing program 2: r0 = socket(0x18, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={0x0}}, 0x0) 06:05:43 executing program 1: bind$phonet(0xffffffffffffffff, 0x0, 0x0) 06:05:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan1\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:43 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:43 executing program 4: openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000540)='/dev/dlm-monitor\x00', 0xc40c0, 0x0) [ 682.634039][T19652] device bond19 entered promiscuous mode [ 682.721702][T19691] device bridge29 entered promiscuous mode 06:05:43 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, 0x0) 06:05:43 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000019c0)={0x14, 0x0, &(0x7f0000001800)=[@acquire_done={0x40486311}], 0x0, 0x0, 0x0}) 06:05:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:44 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)="e3", 0x1}]) 06:05:44 executing program 4: syz_io_uring_setup(0x7c66, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) 06:05:44 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 683.395274][T19705] __nla_validate_parse: 2 callbacks suppressed [ 683.395334][T19705] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:44 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000740)={'ip_vti0\x00', &(0x7f0000000700)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @rand_addr, @private=0xa010100}}}}) [ 683.547762][T19705] device bond20 entered promiscuous mode [ 683.562392][T19707] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 683.603165][T19710] device bridge30 entered promiscuous mode 06:05:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:44 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)="e3", 0x1}]) 06:05:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:45 executing program 4: msgctl$IPC_STAT(0x0, 0x2, &(0x7f00000017c0)=""/160) 06:05:45 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001800), 0x0, 0x0, 0x0}) 06:05:45 executing program 1: sendmsg$netlink(0xffffffffffffffff, 0x0, 0x641d29c0dd1df0a8) [ 684.317752][T19766] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 684.468746][T19772] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:45 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)="e3", 0x1}]) [ 684.724391][T19772] device bond21 entered promiscuous mode [ 684.741107][T19777] device bridge31 entered promiscuous mode 06:05:45 executing program 4: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/4096, 0x1000}], 0x2}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000007bc0)=""/31, 0x30}], 0x1}}], 0x2, 0x0, &(0x7f00000011c0)={0x0, 0x989680}) 06:05:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001e40)={0x0, 0x0, &(0x7f0000001dc0)=[{0x0}, {&(0x7f00000019c0)={0x10}, 0x10}], 0x2}, 0x0) 06:05:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:46 executing program 2: recvfrom$phonet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 06:05:46 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) [ 685.423093][T19824] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 685.452708][T19828] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:46 executing program 4: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000540)='/dev/dlm-monitor\x00', 0x0, 0x0) bind$rxrpc(r0, 0x0, 0x0) [ 685.490386][T19828] bond22 (uninitialized): Released all slaves [ 685.603863][T19836] device bridge32 entered promiscuous mode 06:05:46 executing program 1: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x1, "17dccc3c1dbcd13449d68ab537c319223930af1dab3866b673550553113a4c7a2ab29b92108cd561246ee62ba6ead641d12cb1294f2c506a76be86614057ee25cd64b94465734c8c6f3484e98e0506826d0187434f8db20908d92611c95d76fd0f4e86f48f1b103c788cddb58870898bb691dbbafc063140a740b67fedf6e04f44a112d3045479f9bddc10cb50966a6c0f3ec415c1c55d48b2459e3a76859dce9dfd15ddd40df4f8dc5d6abd2490a2e31d1889c42ca26fe18aadc5447d50fffa931672086628825202fd8963fadd17ff38f681da40f0364eee83e30650c4dcde12cc4264552c5ed935e0a43acd81eb72eafef008e4a1f7b63779f6e07d0e82aa5c0d2c32bab4dce75ea83b32a27f18da43c474fb3a794952efff5e12577ceed2a89e0e77276236a1e919308e94a7332e6e6fbfd89e4a3759d0e930ef1d9d2b1f9676c97e016d5c686c6f86991f760eea0be2e35f0da556b8313102ad50fd880d3b22ab539fa6f814b7dca187852e9cc4ca44ad2560acba5c00b754b402367bb519e3a6b1503e426d1afb0aaf83131e59250f194c6f73455e0242de2bec603dd347b8143e58bba7691d69fc85c05b869889c04c5f6267452766bfa7b88be25a985b065fbeb238f04b573f5eb8b1ca0e572c9115c87358127af4fc1d904e8780b92ba15b1280b3958f07ce50df0d3d9460e9525d6a2b5f2ad3b0a541115bffd1bf29e48a09243e4fc860b3d049ce9f96a07cd58959fc47b58baaf8fceb14caf82f170012bcf463d2546f7694f274035771020aa05540807433fa16dc22efcfc3e67e46cd2c7ca563c5c5afdf04dddfa7302b74a45477d8c33c2ec34ba89eb95825c7d81e011cded9a08ebbe739706920c13eea40578c055d6b69bc2fb3c2d1a9c77666d6bdb2350edecae6e3fb9fd9774ce2cb0cf6dda1a8b82ca05d4b077239ebbdde537fbfbbffb592872b6c30f2e3abd4cefc63cb0ac5af42447ac6e2365895e610b5db7b72a3beb343743029156d102a36c05bc4e379978c0ebe4bae911a53f83e651a1dec51cf5705c76d26b8f38ff8efb61dd7defb48d4a609c664aa0b325efe303177205807311a6366a1fde2eed7b2a9b7ab931fd97626f74d99cd992ab7eedef0827f99b889335bf6c92bc9312699da52ad2bb1c0d8537ce5b751e2693e446ff6829e5aaa149e51a9a3da42ade56f4eb1cd745b9a3ebc905d125f89043e57a75f0953c021e569f6ed27b7949ce93bd3597a6631c89fedcd3eb65f3cc85f4c6267b9c3a747859a4bc45bf5001736363f7508ea8edec8fad50098caf90dc3ac490e643a091527b3397cc2155c45cea13e6024167331e694347c6ab9001fce80229b09c41e7c8be4cbfff47efa23da9336168836cfa47608f87766a4ca87f3d0e7109a0650939297be425fcceb4062128ad48d624a54123531b3ce648b3a480c2d0fd87e4718b2d02bc921eb4295f3aa5e9299bd47bec6d9d3ee48fc963df436715bef9cdf7718d5dea817a825c6bbccb7514894fa8eb4a6c4a97e4ae5f4d282ab5b0543bab98f28328a224cb1cbbc9bae9b55ac710a4f55afada975996b926f7872f01c3cbb4e0e055efda90006dac7b0a4a6bfde6b19e1550ab820e7ab9cfcf8c8bd4cbaa03f33df42420dd03ed200a2a2e72ef6a15d61bc3a931fdc7f5d0362bb1a6baf548ea7ffb3df40fb24826701c0e7277638d9735bd8361b3b231deda25a3ffeb602edcecea4e68a7b3f090ed8afa167308839bb978dd19e45718ab051e94b9614998a59049751ddf1ac5200c7c5b243bf7d33efe2c5b499b8a81eb6924a908d18dddb3ea261a6b21060094570f9199d2e895d2d960d007a8128a5a986d9053d7bfb023b09fc03b50cc074b492353e68336c85d7218d3a32fb1d0421e6d53e9a6451947c13ea6271dadde3899f8339018b8e5f98ee97352e7e0fc9edcd26bbaeb4a324b2bc51ab8b63701e3b2624060ff6b3e2455c9f2c97d3b7f5b8b733234077679f75d71f3681510d44774fa5f36f0d92f4bc19969325770f8341f6244041d90a40ae0b6014d5cdc1eeacb52f2f7606ee101e05111269453a7b29c60b14a7485ba2cf60838fcab7245ff0471cc070c755efbb0d84042252da8c6b75927248aeb5238480f383d2b57ca7ca2559d3da74dc94605a9d624aebb4589b0f2b00bc58e6306c6ca5da11de87495d16b76003bffe7210ba0c1ba7d1dee12ce179bd381aba6d282c8b8bfb9e5bbcdcbf0e0fd4e1f204fbb370a1ce3d00915cc52c3c8ffcc603441a805a25725e308ff5743888ef7787c530e24feeac22ea10987702811a3e5f8b620f8278c371b9278066e3026c7a7cf8a1054d41c958a78f9616c1e6870f88c0ee7447515d8f84ac0900c71ecf2c0e631f566a1b76238ff0d255e8ae289cba26473be244f033ab32dc4cd1b24b2860ef5bb4d5ae415f31671ea54c6c3154fd157c02ba136f1f022ccd6dcaf213623df7d918a37676532157b904697b110789cefd4f92d46124db2e0e5dc169ea0b16dfbf13125f51137f0a8640c5832e0284931339de5e6f6d1c5a5cf65277f4315a8b45a2c01535fb75ebb856b51605accd41b4a19696e6dbecb9dc82e1edc1537505b6fe29d16d290c0ec50aa5246e6b4b0892044e937b8f0158217770fc0c2fb6e609cf1a12ce9114c3d985015066cab52a27d794604eb6685a0ab215300a776bf698638a04a0691a400185a35ffe6fb586f4a5bb5a023d0d3ac5d57ff5520de6a94d28a6436f62b06b82479a2c7063a8224e81c744f959ad2f740c56743c8835a9be7c6a6153ba21785897fa855570db1d410740391f5f9b588c25b54220149a59b5a89a8eca64d7ba60f1ad425ab2d71417109af484baca70fdac73760d05c4a265907509e4e465d2524e9e9a742aba2140d4e9df203fbf353ab6b6cb723e218aa426a32398eb97e365709e9bd39601ba0fd56d773a94ecbc0878c77d6cf467dac6b9c3e8717247624c4ecb8fa2e4d8f5f839d0df4d15f3326799e5190102cca5a6f54f3948d42b10832233c9e33d9c228be4e0f89a17ee2b7a3989c04fd9da7036427e663e30e349d4c7ea2feb77a09882245e285f5d45d94f11598451026a68f69674f85b939ad26602647bbb5551012aa84e18a19ff1a6dfbad089a3f729d9049d6f7467e46a45a6778d70b29c1397b941f42dd30de2a1de3c9a67ffd2687d228f480991c6ef316e4d0c3c51a9d488cefcf9f71d4f11e1ba270f7c6e6815f66a812c101814ab9dc5e65b9c13c82c0bde48d4653d8f16421e2401eac3d51a16d615822a3e51a7deda8622e81f6f549d8d5f3912429b1764512f63b1fd108edad3b24be3ca5ceca6c071f4d884f5c3642a588d240c4ca155bf0db8b69bb8c497090a9822f3cd1f79722c1c131c8695dfdf8454bea7642e8706d59928fa3dc9e1c54bfa15f40f03a7822f508f6d1c1a8f11cdd865412beabfccb6b4ac83617d5696acf5cc516c6b0be4f436c8f09d0bfd6d4529ef875cebbb4ad7fe71aa723b5bd044ba1caab662cb2ce10a3754582250b099fdbe2bcf3f74f8bca898e71e93acfa43459596ee4de426829b99d7b5585d23dde94b479f00b407ed425e4a385222b1743f6959ceba932954547fe0178a637832c5266ac54320aa1c5a97254971ea8748aa28205e086eda19a9565b9ef25c1d164fa18adaa933048fc943fcb9c9094627ed04771a557855fe71be63d525a6eb6ea6d09e95cdea5334e801de489829f49f617208721ef3a45da72ce056da046bf3eab962b302592f29f88f523d113a0682a7edaa3e4893f8a5716dbffcf8d8b632c235aae1cb0b2049acbc84d4f7e048d5b549d8888d360e974557915b577590678c42e1459ed3a4ca0d38cabc43b1f2bc7e71c3b26c6fde7ea0e1ae4795c640b03d553499e2dc05b5a25a102fc958932fff3cef0e18143ce2ec931088b615d1596ca5f3dcc89df68006ed9c411e4ff497d544dee17267b66c69feb49b397dcaff8de1084b749a4ef9def7770af08f01e8a72d0ad40bea97388c0d3439e02b2c7c767d3503ffe7ab7581a928c41c14eb661fe168790b188110cc1aecd1429706401f0b5489fc0f9f657bdf2679cb9027177fbfe4493393d0aed1fcca0a537672c9059e021fb53d18a5486a01fb6db01aee1e290b0992dce0521118fea7db9f9a3f95ea88c2a399c25c566e7d4dd6cc8a02158d9297888c7d142231b247382238d6f9c29679dd4c44c64de11055f2608029897f0f01bf1100c1dd2abf609c2336467b26d6f23a734577a79b1e78295b113bc632643740640c56440f762abfda266b954067d9cee4caf18f6ff48dde4cc2c726be125ee7ac912c48f78ba83f8b941e865da1ca9dbc3fb5dd1371f0f70ac2851c37976b17a17c59313350995ba128ffa6d2fc4a4903a63fd0742cc7e6db6e71110c6b83e72669470e585e81223ff1d5b16780682e1306c46f16533ff3f30c46a979da0e1d2564f4e55cf7b1dd44c2ed3de985276addaf2b46f7453cf5dbbf1cf126fd0a8e8f57c1fba309f3578bc6698fa803b53d966ca9950dd1c8b021c687440d05dd3af998341aba43a2f4c23a31d3b4235f81dbc1651600794a712dc19a490235b56d81aaebf32e37ea5a5e546ae2eb33125aee3bf8513067d09ba3a5dd3326651f853318b6e466971650e08dd4717114304260adb912c8e46e0b08afdcb56dc8f510dc7c104820cb4b026fb44e0a0703b1328c769f6513b4ce5a3148138f4a0f0d397b3bdf968c5b06b637ba00da51d17a481c561eb3416219f2eed0273b95e1155e85e693d2e0fce2ddb735db1704e93321dea77034aa9a7cd116d6c61a9048f2d0e57f6fc323b28cbcbef39927b2c44ea96b1e43eb5c66e741de2c6a1b48bd911101153c387a302667215735992729fcf13905d96a2468260842f1e64af7220fcdbfa739c382de1460b761e693989601edda5e131441340f321bd9b9f0b7fd56f251899361e00bcdc0e3f7c7394b22eaf28526f356f529a59b744c7293edf5c6ef3a414c1050d7426f35e33bc8bce808b8488f6f2562b36ee2dae3a36103089cbdbf74d0ebc5101d9044dfa99f4be6a64254a3caf15875bdac82983dce1a08c2c2324e54c9247350f19078c43a663c4a817ef3e27ab5048461c87381333f8811de55739b2e2a6c21f4195a6567a36faff929767502c76edb2f9f7e5b992963d1e0b20aef68bf52d90865345d23bb5ae6af0f9a5d833413a9967f4410d1bf1ddbf025c450763cf6c18869ddd23c17930694b840e6b065421602d693694204ab11235b801331c9a68a65f918a34dcb605022d383165016c1d2076dfd0b5f6da7b42652ce43700bf31154f50917a276df6734a27cd08aa71d00a980ffe9ed3655b07a4a46229760e9803062dedc1a96a2325d5ce4d65ae218886436bd2748cd992201507caa296904a8301d0bb65785628a777f258ad1650f814b52de28abd4015328ec4097f82943cf1c00ec7b29022c63b1fe2a9f8530f40ef3976eacea9f85c17d9a35d74912cc5564ef9de4f34770cb718c0e856412987729a3f510d230987f8c7539be96cd12714ae3ee89639dda955d575170031c8eac0b5079c4a733c99461ebef30eade3bcae1517f1f61a33966f846437891d855e9b0599019681d2cf28c7b4b13c7ad4720ce37b1ab6e2b38ccefcaccb5becb4677a03cc0323396bd3135a142473a02a37e91"}, 0xfd1, 0x800) 06:05:46 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1400000028edb3"], 0x14}}, 0x0) 06:05:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:46 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:46 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:05:47 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 686.371472][T19852] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:47 executing program 1: msgctl$IPC_STAT(0x0, 0x2, &(0x7f00000017c0)=""/160) socketpair(0x29, 0x2, 0x22bd, &(0x7f0000001000)) [ 686.446235][T19852] bond22 (uninitialized): Released all slaves 06:05:47 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa010, r0, 0x0) [ 686.525126][T19855] device bridge33 entered promiscuous mode [ 686.534320][T19856] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 686.586905][T19862] bridge12: port 1(syz_tun) entered blocking state [ 686.594218][T19862] bridge12: port 1(syz_tun) entered disabled state [ 686.643201][T19856] bridge12: port 1(syz_tun) entered disabled state 06:05:47 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:47 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:05:47 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 687.229677][T19875] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:05:48 executing program 1: openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/nvme-fabrics\x00', 0x0, 0x0) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000000)) 06:05:48 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, 0x0) 06:05:48 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 687.421683][T19875] bond22 (uninitialized): Released all slaves [ 687.675222][T19882] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 687.697280][T19885] binder: 19883:19885 ioctl c018620b 0 returned -14 06:05:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) [ 687.738230][T19889] bridge12: port 1(syz_tun) entered blocking state [ 687.745140][T19889] bridge12: port 1(syz_tun) entered disabled state [ 687.797488][T19890] bridge12: port 1(syz_tun) entered disabled state 06:05:48 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:49 executing program 1: syz_open_dev$sndpcmc(0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x84241) 06:05:49 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={0x0, @rc, @l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp={0x2c, 0x0, 0x0, 0xd}}) 06:05:49 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:49 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 688.327254][T19898] bond22 (uninitialized): Released all slaves [ 688.366060][T19898] device bridge34 entered promiscuous mode 06:05:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) [ 688.636680][T19909] __nla_validate_parse: 1 callbacks suppressed [ 688.636744][T19909] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:49 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:49 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) 06:05:49 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:49 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:49 executing program 2: r0 = socket(0x1e, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00'}) [ 689.181952][T19919] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 689.257762][T19919] bond22 (uninitialized): Released all slaves [ 689.304534][T19923] device bridge35 entered promiscuous mode 06:05:50 executing program 1: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/nvme-fabrics\x00', 0x0, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, 0x0, 0x0) [ 689.536205][T19932] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 06:05:50 executing program 4: ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:50 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f7e00a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0xaaaaaaaaaaaacb7, 0x0, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000680)={0x1, 0x0, @pic={0x0, 0x0, 0x0, 0x41}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000080)='/dev/hwrng\x00'}, 0x30) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000180)={0xc, 0x8001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:05:50 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:50 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 690.111277][T19944] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 690.190368][T19944] bond22 (uninitialized): Released all slaves [ 690.270479][T19951] device bridge36 entered promiscuous mode [ 690.308442][T19957] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:51 executing program 4: ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:51 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:51 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:51 executing program 2: openat$audio1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x60042, 0x0) 06:05:51 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:51 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) [ 691.050645][T19976] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 691.087904][T19976] bond22 (uninitialized): Released all slaves 06:05:52 executing program 4: ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 691.141776][T19976] device bridge37 entered promiscuous mode [ 691.149285][T19982] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:52 executing program 3: rseq(0x0, 0x0, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:52 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:52 executing program 1: openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/nvme-fabrics\x00', 0x0, 0x0) fork() 06:05:52 executing program 4: r0 = syz_open_dev$vim2m(0x0, 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 691.916815][T19999] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 692.043904][T19999] bond22 (uninitialized): Released all slaves [ 692.089024][T20002] device bridge38 entered promiscuous mode [ 692.113208][T20003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:53 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) 06:05:53 executing program 3: rseq(0x0, 0x0, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:53 executing program 1: io_setup(0x0, &(0x7f0000000000)) io_setup(0xe2f3, &(0x7f0000000080)) 06:05:53 executing program 4: r0 = syz_open_dev$vim2m(0x0, 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:53 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:53 executing program 2: syz_genetlink_get_family_id$fou(&(0x7f00000001c0)='fou\x00', 0xffffffffffffffff) [ 692.788893][T20022] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 692.842110][T20022] bond22 (uninitialized): Released all slaves [ 692.920910][T20024] device bridge39 entered promiscuous mode 06:05:53 executing program 3: rseq(0x0, 0x0, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:54 executing program 5: socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0) 06:05:54 executing program 4: r0 = syz_open_dev$vim2m(0x0, 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:54 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f00000019c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) 06:05:54 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:54 executing program 1: syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x84241) [ 693.662919][T20043] device bridge40 entered promiscuous mode 06:05:54 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x0, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:55 executing program 5: socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0) [ 694.018643][T20056] __nla_validate_parse: 1 callbacks suppressed [ 694.018705][T20056] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:55 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@empty, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x2f, 0x1000}) 06:05:55 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 694.168572][ T3161] ieee802154 phy0 wpan0: encryption failed: -22 [ 694.175163][ T3161] ieee802154 phy1 wpan1: encryption failed: -22 06:05:55 executing program 1: io_setup(0xe2f3, &(0x7f0000000080)) 06:05:55 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) [ 694.531918][T20068] device bridge40 entered promiscuous mode 06:05:55 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x0, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:55 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 694.914468][T20078] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:55 executing program 2: r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETFMTS(r0, 0x8004500b, &(0x7f00000000c0)) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) 06:05:55 executing program 5: socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0) 06:05:56 executing program 1: setitimer(0x2, &(0x7f0000000000), &(0x7f0000000040)) 06:05:56 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:56 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x0, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) [ 695.380565][T20091] device bridge40 entered promiscuous mode 06:05:56 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 695.746534][T20102] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:56 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={&(0x7f0000004180)={0x24, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) 06:05:56 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r0, &(0x7f0000000700)={&(0x7f0000000140)=@sco={0x1f, @none}, 0x80, &(0x7f0000000640)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x2001) 06:05:56 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:05:57 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:57 executing program 4: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 696.234274][T20114] device bridge40 entered promiscuous mode 06:05:57 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000019c0)={0x4, 0x0, &(0x7f0000001800)=[@register_looper], 0x1, 0x0, &(0x7f00000018c0)='^'}) 06:05:57 executing program 1: sendmsg$can_j1939(0xffffffffffffffff, 0x0, 0x0) 06:05:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:57 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) [ 696.659232][T20126] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:57 executing program 4: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 697.009433][T20139] device bridge40 entered promiscuous mode 06:05:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:58 executing program 1: msgctl$IPC_STAT(0x0, 0x3, &(0x7f00000017c0)=""/160) 06:05:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x1c, 0x0, &(0x7f0000000380)=[@increfs_done, @acquire={0x40046305, 0x3}], 0x0, 0x0, 0x0}) 06:05:58 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:05:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 697.515723][T20151] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:58 executing program 4: syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x1, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:05:58 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000080)={@loopback}, 0x14) 06:05:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:05:58 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x0, 0x705}, 0x10) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x1}}, 0x80, 0x0}}], 0x2, 0x0) [ 697.942762][T20163] device bridge40 entered promiscuous mode 06:05:59 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:05:59 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0) 06:05:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:05:59 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x0, 0x0) read$usbfs(r0, 0x0, 0x0) [ 698.386524][T20175] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:05:59 executing program 2: syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) 06:05:59 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x0, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:05:59 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) [ 698.818420][T20189] device bridge40 entered promiscuous mode 06:05:59 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0) 06:06:00 executing program 1: msgctl$IPC_STAT(0x0, 0x4, 0x0) 06:06:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 699.407119][T20204] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:00 executing program 2: openat$uinput(0xffffffffffffff9c, &(0x7f0000000e80)='/dev/uinput\x00', 0x802, 0x0) 06:06:00 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x0, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:00 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="e3", 0x1}]) 06:06:00 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0) 06:06:00 executing program 1: openat$drirender128(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/dri/renderD128\x00', 0x0, 0x0) [ 699.907358][T20213] device bridge40 entered promiscuous mode 06:06:01 executing program 2: openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x111000, 0x0) 06:06:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 700.354265][T20226] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:01 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:06:01 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x0, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:06:01 executing program 1: ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4605, &(0x7f0000000100)={0xe41, 0x4, &(0x7f0000000000)=[0x4, 0x4, 0x0, 0x2], &(0x7f0000000040)=[0x3ff, 0x23f8, 0x2, 0xade], &(0x7f0000000080)=[0x7, 0x0, 0x91], &(0x7f00000000c0)=[0x3, 0x800, 0x3f, 0x5, 0x8]}) r0 = msgget(0x2, 0x400) msgctl$IPC_RMID(r0, 0x0) msgctl$IPC_STAT(r0, 0x2, &(0x7f00000017c0)=""/160) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x200, 0x0) mmap$fb(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0xa010, r1, 0x31000) r2 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fb1\x00', 0x0, 0x0) ioctl$FBIO_WAITFORVSYNC(r2, 0x40044620, 0x0) 06:06:01 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x0, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 700.770240][T20232] device bridge40 entered promiscuous mode 06:06:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 06:06:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:02 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x0, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 701.268437][T20248] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:02 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:06:02 executing program 1: r0 = socket(0x1e, 0x4, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) 06:06:02 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:02 executing program 2: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x0, 0x0) recvfrom$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 701.645302][T20255] device bridge40 entered promiscuous mode [ 701.952401][T20269] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:03 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000100)="e3", 0x1}]) 06:06:03 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x0, 0x1, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:06:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:03 executing program 1: syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) 06:06:03 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:03 executing program 2: getresuid(&(0x7f0000000000), &(0x7f00000000c0), 0x0) [ 702.598657][T20279] device bridge40 entered promiscuous mode [ 702.702414][T20285] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:06:03 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x0, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) 06:06:03 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:03 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x0, 0x0) 06:06:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) 06:06:04 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0xd}, 0x1c) clock_gettime(0x0, &(0x7f0000000040)) recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000040), 0x2, 0x0, 0xfffffffffffffd99}}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/34, 0x1f}], 0x1}}], 0x2, 0x0, &(0x7f00000011c0)) [ 703.430884][T20306] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:04 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x0, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 703.558529][T20308] device bridge40 entered promiscuous mode 06:06:04 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x0, 0x0) 06:06:04 executing program 2: mmap$usbfs(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x180031, 0xffffffffffffffff, 0x0) 06:06:04 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:05 executing program 1: r0 = fork() syz_open_procfs$namespace(r0, &(0x7f0000000080)='ns/net\x00') fork() 06:06:05 executing program 4: r0 = syz_open_dev$vim2m(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1, 0x0, 0x0, "4cd23c10ec722fe910c395f1ca225b7a8e41c47243e6dc72edcee323a6c19e9c"}) [ 704.307176][T20334] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 704.384043][T20334] device bridge40 entered promiscuous mode 06:06:05 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x0, 0x0) 06:06:05 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x40) [ 704.500042][T20340] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:05 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:05 executing program 4: fork() fork() syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') fork() 06:06:06 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) [ 705.188394][T20362] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 705.228797][T20363] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:06 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x0, &(0x7f00000003c0)) [ 705.277917][T20367] device bridge40 entered promiscuous mode 06:06:06 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:06 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) 06:06:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:06 executing program 2: syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2589, 0x410002) 06:06:07 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={0x0}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000003fc0)={&(0x7f0000003f00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000003f80)={0x0}}, 0x0) 06:06:07 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x0, &(0x7f00000003c0)) [ 706.200650][T20393] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 706.233758][T20394] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 06:06:07 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x1a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x40) [ 706.312578][T20394] device bridge40 entered promiscuous mode 06:06:07 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, 0x0, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001e40)={0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000040)={0xeb4, 0x0, 0x0, 0x0, 0x0, "", [@nested={0x2bd, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @generic="368300bed05c63ba8f740c805d5d5c70a3e3b2ced2a9959736678a621c534b5590f4df0aa0cd422ddd0d90c7c1b4336053b83c9fd4c94ab31cd20e4193c57cd9cd01959941b39eee7c0aab8259c232bbbe7542c2d7cfa59e100566779903cfad8907837eef2c0a56e7c73266d9eceef33bf3d74aee417e55194c6ee95a47429d53027098b89ba5ff636b157ff2e3a8399e733d23ef278cfc59ce59d485a8a151ff31069c5d01e119188b2a9286ac3f252a9438cf64d6f7de80ffdec87b248a557a8726a191e67c5ca1001ff79fdbeff6719b8f31541483f83e8eb45a8e7ed06ea1da23ebf6d69a0fabe9f6e771abd7", @generic="9905c5e8a8f31544e457144af9d1d2f253b6a400a08c7408683c0feda3b8dcd036c8fed5d5f203558172fd4a8a5f37ab5b01016ffe9d8bfbf733a576da4c22b4288df04253136ab40a11cdf392dd", @generic="f252f7e2fb5afa5fb3e0f08bb158d69afc9c4a1c0f5a34859749eb4d2d0305cd7d454e3619405f861dd4b75b164df31aa88332713848f8a7ddc6cb945d1719dec6cc20e939c873376f8cdf27bd4756f88e26403f0eb6a45a740665f8935d50df9b2fc37e9cd741139fe9964dd031178e32a9016011477adf0349a3fad922160daed0e36a1835dcacc3abff9ab8dadedb29bffd9ce656fdc358c3c06af66cd66424a5075584268c8a08525eff0a3ca0919d37340d6731843e5ed237ba05a0fa0af751e2", @typed={0x8, 0x0, 0x0, 0x0, @u32}, @generic="9e64940eb63fe2aae056d498873f3d3ec1bd7f599de9ee2d66d88989a80f5ec41f4498e069c772e4afe48833788b2be95047ff8c1c5246ec54c1b78dab323d14f43118c4c190dfc13458956a590004ac8467b4e3f5a55bf010b6d3a026dae56c80cbc1a371200cec0b2cfebb75c65f4f46d8c06892f9", @generic="54b9b28f16d3060cd6b5cb3509b8f4bfdcf03942c4", @generic="6226b4373920b6089f13b76bd5628ea13db8aca2b844", @typed={0x8, 0x0, 0x0, 0x0, @str=':#%\x00'}]}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @generic="544c3204ae52806110b1f3afff3c423def9e194e26f25c17c40a115de499d8c96fce48c138bf44c019cb74d9fe24732f1a754b9d4176be5c33e9a53653456f8828ac0b387bcd76170ed86e578f088ac48060431e0aad162b098b412d0b3349ea4d1c217e402d359f13d7152318dea8785b8e4bbfb21c5d6e28b16549bc926a2193402ff2080105dab12d7f04939c6cb7d50f2577716878fe671a4b6d2fa033b9eefdc9d9ca0351ea8d5c24d7857bd8470baa72122d006b8995bbc1ba10cb59d98d835ed489f09ffa6f9f846624bcd61d5806a1eea3ed275a8d63fece91caf35d18b1d1ec9f407f58a7848495af4faabf2d1cd98801f89b1452", @generic="e445b3d89dd40373b3a4ace0831b34fe575949452818cacedbef65204aa7ffc4e016cb75e6f0ff2a96a0d25f616805ea7ffba78799523960f6146c086b19652db3dd009cee181131f33e39161ff3549ca229aa942d30028f5e08577f6a6cd87994309927fcb56daa508feb74fe414546cd063e413b30d4e1e538ccdc89965ab270a76736479c2ec25e16b06b2467940f29136603a9d27d6db4c5815f789b1cad6a6c25f660e46ee9", @nested={0xa35, 0x0, 0x0, 0x1, [@typed={0x35, 0x0, 0x0, 0x0, @binary="65f23ee786065f192f4b269b83ef6960c4328d880a59f1a482ef15fb7577da90764433eb0e6f6eafcbccad70ebdabdc9ae"}, @generic="e8", @generic="6caa04095c4f44efdf94d8ad67495b9e276bc035ed1b6203bf8d16cb6117bd3ceb07f76c01b1fd7a597019a712c303ebd69d95ac49d49a48470311808a4f99ff3bb6785da477e98bbdc59ada731359b753e8fd549461531511835fbcef528aee5c064c23fee05f34b1e1df6968305d1cd7b6d66d89c61503939daca6b07f0f9e2ae0a6cfad0f84f10ca029f8e5a7fd7059d7e4d782ab92396f391c73e355ca9de755999b8fb0b40af93a2bdd8f37e6f2ab", @typed={0x8, 0x0, 0x0, 0x0, @pid}, @generic="53f86ae05fb116b41c03bcefd4bf8ef43efd9aa363cd41e1b06f5715598af3046180900c5fcc55b06f198f11e39265856aaa5d76e86d16e5171b9f8c0d77b7ac9cb9db2483628e440e7837e7834b1407c1561de0006243220b15aff2c599c37179378cb02c103b009c2360a7dd14c50752ec1e4798743475c2d17ca191f3c4fba686e8888369280fd42faf8b61388ac150718cb561ae2c5945059b999bd6f26965c6c9b530403f0b868845b650914b16ab2e0fa047ffb40f3022fcee814c5479c5409a346f0c071884fa1e26882d690049e5e7210c3264ff0d2b2336d781c59abcc42cae733292d7a9664011002ec9bfb244690192aa47fc0f6087db4f1c2d5bc34f52078323df4b29f1299ea1a939a75734dda2ac3b3aad0ecf7463560a062a22005bb054cff1a876c0996a7c5d33c681ce34568dbe44f1cc1d84fb37d9f34af45342137740d644724738b3b574a931d54fe3ed2760686ee71fa47e1ae93d53ef485d7cf930ae69be8e05185289cc51f984907e54afff50fc119a3b375359f8f3615c8cf66340e2e6adab3a6a3fc6a40cc6b860896b53c9c140dab394be87ceb030066463c8f888f86c705ccf88f1546c2553df819157fc47718f3d2252434991059e294859c3b7fb06c0929acb21eec20d43abb5fa5ba117c0b197832ca5528b06aa82fb7f45beb76113218a6be219afcd478c6a62851cc5066c8c34ff0f29f46326486bfbdba518e7165e49d8e3435f57ecffae33a2efea54d1d06e4eb9bd9864d5079b92e3381d67a6583ad9b69864923977243824bc465d1632060b0de8d07a0960331df62be477d3792cde2f974c6cebf0f4812480a00aaaa0b12cf7fd2a3f30439e3d158572a40e783da8dd7b5089ebc1493a125ed915a45fa3468d2ed28a90ef4aa95f6f6a8b237ecd9cd9c3a351d744fa0d4857fe863ab9b122ec625de7eb3bc218b06241f8285dfea9c54925cd1006c7a7eb049ea85e36f692f96b8bf9d580efbc92f320a8186d52e8599535af4c379d7dcf858977a851855fc6c774aa96c614dd0a2fd0c74b12cf0eedf6c417bc0c3128d98ac453faaff77cd547e0788378ccaa6e0ba50bbcbd1e8015ba5804046d481f0a0bc715d697aa9d52a883f98b5c0bb54b27e9087b5afed74e02a28085e1390092f163409e7dda0074735c9140acaab60fcd22866f1661d0cbc02d397c9b0a7a19068b6b5322965939f3e69f736e13d3cd4e71caa84c49ebd34f3208e2dd7fd8ea2454e707658243d3ff7cab3a3f903be2881f728020bcd70c0ffd06e01eae8e9b2c8cee865a58c1e6cd17e6644e85d051ba9f3739f02d5b54c2b240d5129c2b869881e67642463bfcb491824a09377510a993a3c1b1bfc2e4f3ef1c77292fef0d8f05bbe34fc1abe04df7913c439add60b53335b213914b04d28e2c0b203268a7cb70ab7ae0d057dd9e26ca7c20d42ab0d1f635afc937e8d1416d3457050923a7b57c3548df0f61c9a7bff62d4dc60cd7051288a87163cb8b14b6c7a44056665763e79a9fff87a32ada084d0281617ebf4952776229e9bc1a2340a41dab0f2fd3d5d48f13a31570f9bf235382e797e61f32eea2c99cfb799c994bd39e21a2b6c2b8a3439a179a02a96cb3080f7e6f6210078cfa40423e39dc3792b6235e77b5f829e636a5862ccac0dd8a0666143ba4ba7fa45f67b3388858333a02d658d0aa50f2c54ad7eb1c25597e02e384734fb1b0f93c905eb3eb24b74c3d7d43944349d4e9bf370264f84df1b67e800bc1d38f5e771a2839b1ec9b6e849eced63650e3355e3b6eee64367dae61ba7968ce38e2cae9c49808798995a0026c36d144c7c02f4e7a556ba55c31535d3a42b447c19c17c75e95a29ac769f7ff560c2ecaca9591607dbbda2ed12993ffbf4c8db91e6096282b33ac6f0e7599eef2c55934a93a09839c4d2659a6be04fa9cc41ce9557e3b78e1904d32232b2b51c328c0cb07a2f2e747c439733a4e222092d72fa9d7eedeacc11f9e98efe9044cec39e9497e025374482a781a43b3ac39c8d363ce1487821ab0554c0656f78aed1606a2718e55aa45eaf882fd0d727c3fd2ae71ea2c9ef8c2bc6e9620d7f0748c86e4c0034c39d504e043f5e0f7bf2433f877bdd3cf26d1f35c3f58be3c055deebd5e9eba506ebceb65a1839272d369866a021d5b06a29ed495755e1bbf8a4061a28f8b05f9bf7a4ccf3ada4fb585493285b64009b9d86ac2f13b062b6840254379b16be436cf2b1d8241e56446a8b6ee90924fc8a72b4bc5952fcf6b7ad5fc212cca6cbf21c52c06d3a5137dc6eb14bfb96fe52e5f5a0cffb84c165e427700712ef4c9260dfd34b7ae296f5c94edd2eb48f07587d7dea8046ff0369d3fc563d8e7371886102f51c646601e253b19c30d99efbb4bc83d4ba6ebaa5361d75dd6eddde67e73fee85d56aac4f8627750b7ae4099ee3958ad8799e8b3957e77aa0bc71271cf13a1ef569c0657853123805c2894966230655d4061ff2086341ad3f6b6ea1cd63588c750b72a01c68488fce2e7f42472da5e0aed604bcd55bb1aca07a388415bee055794631e6d617b40190942442603dab6aab8b6dc2deec6736cd287b0c84a84528dc22afaf49fff7959f6a3c385733f7495464645bcf3d2ffb52d54bd67c8a0abdd8a8733839405e92837b69a9598a5a2ecaef09edc1e9d1267ee80f68bb3adef8ea9865424f2739096d53ab4e33c8bc325c5924d51c437c58bec29f776bb401d683f25c0491e08c6d2c5222575f136e7a6577cf9f3d02d9ad508b5d2f3246585d1c1e8f31104f920db5773b1facfd4f139603ee7f7f61c8ea2a17ad60164f6db4a95cf5d2127cfcc99ca9e9f411aa7017f9b17bba4ef741a27cc49627de0e132b9d1898b773ac9e7c60cbf894debeabd0be2010c77081d7c12e9f9ee9795012f0950d758cecb622e970ada51f92b878cfe1a51d1b48e386cb5a5902705294f148caf99fad10ee58597a0cbff6d9c1aab23811e6a52b2dc04d647b402623fc3ad3080ace8c84f65a5683b9757dbc2cf434ab11ffc919f5490298ada45269a92651c387d2b792bd3235c9a733737946c855a509ac15b4f5ab3b5da4eec20c7725bef4248d432b50ae07b7a7dbc473f636c692ed4558fb598dec2f4f2ed923512fb13ad2b220d719618af94c124b82283bf92d179340a6f4770204d85687b21ddd125f10f6857538b0a618eea6b4c893bd5834f04bf94bf66953071b2d6b7c82ad65345e278dac92b8dde3466391dc9a81e7d5fbc33dfd91126beb3eaa508c0e9d21a628dc505d97f6d33c12a92ddd0eeafb7a2388bee4d420c395f1c4b210dcc77e39a20a856e5b1b8c9de"]}]}, 0xeb4}, {0x0}, {&(0x7f00000019c0)={0x10}, 0x10}], 0x3}, 0x0) 06:06:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:07 executing program 1: io_setup(0x5, &(0x7f00000000c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}, 0x0) [ 706.928959][T20414] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:07 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x0, &(0x7f00000003c0)) 06:06:07 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x80000) [ 707.186986][T20422] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 06:06:08 executing program 2: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000540)='/dev/dlm-monitor\x00', 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00', r0) [ 707.274887][T20422] device bridge40 entered promiscuous mode 06:06:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, 0x0, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:08 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00'}) 06:06:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:08 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[0x0]) [ 707.731318][T20438] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:08 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4020940d, 0x0) 06:06:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000019c0)={0x4, 0x0, &(0x7f0000001800)=[@register_looper={0x40046307}], 0x0, 0x0, 0x0}) 06:06:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, 0x0, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 708.072649][T20444] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 708.141617][T20448] device bridge40 entered promiscuous mode 06:06:09 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440)='/dev/zero\x00', 0x0, 0x0) recvmsg$can_j1939(r0, 0x0, 0x0) 06:06:09 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[0x0]) 06:06:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001800), 0x0, 0x0, 0x0}) 06:06:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 708.650829][T20459] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:09 executing program 2: openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/nvme-fabrics\x00', 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) fork() 06:06:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:10 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0) [ 709.101895][T20469] binder: 20467:20469 ioctl c018620c 200019c0 returned -22 [ 709.162913][T20470] device bridge40 entered promiscuous mode 06:06:10 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[0x0]) 06:06:10 executing program 4: syz_io_uring_setup(0x0, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) [ 709.547433][T20482] __nla_validate_parse: 1 callbacks suppressed [ 709.547583][T20482] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 709.561837][T20484] binder: 20481:20484 ioctl 81f8943c 0 returned -22 06:06:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c00"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:10 executing program 2: openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x1, 0x0) 06:06:10 executing program 1: openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xc0801, 0x0) 06:06:10 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:10 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)="e3", 0x1}]) [ 710.047687][T20493] device bridge40 entered promiscuous mode 06:06:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, 0x0) 06:06:11 executing program 2: io_setup(0x5, &(0x7f00000000c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 06:06:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c00"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 710.477549][T20504] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:11 executing program 1: openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x20cc80, 0x0) [ 710.667289][T20511] binder: 20510:20511 ioctl c0046209 0 returned -22 06:06:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:11 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)="e3", 0x1}]) [ 710.928077][T20516] device bridge40 entered promiscuous mode 06:06:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 06:06:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$TIOCSISO7816(r0, 0xc0285443, 0x0) 06:06:12 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000000c0), 0x4) [ 711.516832][T20527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c00"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:12 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)="e3", 0x1}]) 06:06:12 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x13, 0xa, 0x3, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) [ 712.113463][T20540] device bridge40 entered promiscuous mode 06:06:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup3(r2, r1, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) 06:06:13 executing program 2: msgctl$MSG_STAT(0x0, 0xb, 0x0) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000100)=""/235) 06:06:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c0001"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 712.609661][T20548] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:13 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 06:06:13 executing program 4: bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) 06:06:13 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000700)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 713.171427][T20566] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:06:14 executing program 2: syz_open_procfs$namespace(0x0, &(0x7f0000002a80)='ns/net\x00') syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 713.263149][T20566] device bridge40 entered promiscuous mode [ 713.429083][T20572] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 713.619354][T20582] binder: 20579:20582 ioctl c018620c 200019c0 returned -1 06:06:14 executing program 4: r0 = socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$sock(r0, &(0x7f0000001940)={&(0x7f0000001100)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80, 0x0, 0x0, &(0x7f0000001880)=[@mark={{0x14}}, @timestamping={{0x14}}], 0x30}, 0x0) 06:06:14 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 06:06:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c0001"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:15 executing program 2: syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0) 06:06:15 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000)=@gcm_256={{}, "a3ea190268da15ab", "80dc56b5ad912f94bc0f49a4bd724d375d856cb2cbb4707ffee7120342e982ce", "9501e9b4", "0d080129a25854ee"}, 0x38) [ 714.321257][T20590] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 714.393906][T20590] device bridge40 entered promiscuous mode [ 714.508249][T20597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:15 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket(0x800000002b, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x41, 0x0, 0x0) 06:06:15 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 06:06:15 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000080)={@loopback}, 0x14) 06:06:15 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:06:15 executing program 1: r0 = socket$inet(0x2, 0x3, 0x3) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_retopts={{0x18, 0x0, 0x7, {[@generic={0x86, 0x8, "69cc3eb10900"}]}}}], 0x18}, 0x0) 06:06:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c0001"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x2}]}]}, 0x20}}, 0x0) [ 715.435416][T20618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:06:16 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)}]) [ 715.493948][T20617] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 715.613443][T20619] device bridge40 entered promiscuous mode 06:06:16 executing program 2: write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) 06:06:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={0x0}}, 0x0) 06:06:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:16 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:06:17 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000002c0)={'ip6tnl0\x00', 0x0}) 06:06:17 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)}]) 06:06:17 executing program 2: setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) [ 716.449861][T20638] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 716.530191][T20640] device bridge40 entered promiscuous mode 06:06:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0xb1b}, 0x14}}, 0x0) [ 716.733127][T20641] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:18 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:06:18 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x3) sendmsg(r0, &(0x7f00000013c0)={&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}, 0x0) 06:06:18 executing program 3: rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) io_setup(0x222, &(0x7f0000000140)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)}]) 06:06:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x28}}, 0x0) 06:06:18 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2121) [ 717.618420][T20662] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 717.628555][T20665] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 717.732394][T20667] device bridge40 entered promiscuous mode 06:06:18 executing program 4: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000003bc0)=[{{&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10, 0x0}}, {{&(0x7f0000001580)={0x2, 0x0, @broadcast}, 0x10, 0x0, 0x0, 0x0, 0x60}}], 0x2, 0x0) 06:06:19 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x2, 0x4, 0x9, 0x9a}, 0x40) 06:06:19 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:19 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg$inet(r0, &(0x7f0000000700)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)="cce09408193e6407d9bb8df46abea812ce048c6a27646a9564cc51d26a7fb92d2f94f40202c0a15eb99e14d2e2bd2a7b99e11422da29e81d6c1d8e3dd6eccb899cbe3073bccb5d7e48322abc61d9819f73b66fbaeb9f6676d28ee5c360f73899f944ef1858f4f9c2aa6d79631eb216165f7b090e1c8ec12d3924a21e2fe6ac9a242b432671684d06917753f4feeaee89aedbf8f0bd3c9efab5a28c4f7d565fe636df3a260fa7aaea"}, {&(0x7f0000000100)="fd47703cbb0547c12c43b2d15c42c6325be4b2e0dbe8c43945a385c566e62ecb524ebe6a0973bb725255714f8dc0ce920de15f96352eaf6669c5f4c2eef5fd4e43", 0xfffffffffffffe80}, {&(0x7f0000000180)="62f02993452ca7c3c980d093f82efed03d4889b9b5693d10b6eaedf4c87bf302c3985e9051afba717d7a7ca5e51f19b1f859e9ff31c1bc6f6915400356f6c71ee39b885cf6d28b954ff5d64c49ea79f5ccc0558e9bcd0bddbdc0d24eb959e2c36506046a6ac7d4aa05f89223b1e2348f42fd6e2835f08947d0d15d6691de6fb2379940a264649574852ae203ae2d17da5e13e147014341c2ea6a68015db4beb1f0481cca96da69a4b890a27e5edf07f0c76f30ed660b2318"}, {&(0x7f0000000240)="aed6611f83eeba2cb54b57ea5707fab0e36bed439276cfdb93b827b89f4ffc8218c7b2d56c4f502250e75bdb4bd67e807bdfd14ade60531f5c6e18a6c9f861143afdf3d5d1dba0cb82f52922f6f75fd7127e94e8e6d4eb3d2f4d4e679dbcda4555ddf9dfabee84186887b4051c00a362a8f044185abf3aa54e3e71926dff7974c29754b893acebaba35f11732896ef49c8189480d28c979973cae4049cb99cb54d23b971f8bb710193845d6eeb0583de42f8b9cc8b90469b0d83a92cdb83c085868d6f8b465d468ad84f995a1fac9c2230d110979ce1cb8e43a42405f42e233eb5e56b5792733f2703222b2b5e2e07f9a6d7497f474eaf798f876238e8eceb"}, {&(0x7f0000000340)="3861a7637ddfead9067299eb305ec30ece9ab97c33aa450d3f51ad01747313011e0359f2f2d8e9b047e9e5d8739fa148ae5f70917b9449c250a8e2dd4ed2757ac9c0d38d3c4c0f19abb7a07e9aed64b75452bc08bbdaf1929cd30c969ba0d55aeed0a4eb1bad6a73ff1fc3df830da13a8fd9bb94b2bd5e0b0c796b032e6eb4f7aeaf21cd7badf8a3afc0202dce0c81a4f7ebedc15c52156953d4611e943e8cbe004de3c2b62adfa071a8cd1d8a30ad7b2189ae41442ab6fcc16d24d5f378a7bdecbb9024efd6ecbc3e1aaa55ff666ba6a62083a04645bb9a0c09c334eca07926"}, {&(0x7f0000000440)="386a28841630ba55e90570889f5e602453c9cec3d02e08e91e0155b2ffba0de54e5319e4565b0c3de07e0e6c4114c7a3a5d1a614da634e436b4897efa17d81d152bdd50ea9a2b4d7d8e478214118f9626cd43ada2cf10ad34f4175fc55076050b9ad462a232cf4617280cd305582b98743bd2ab31b3dc359187e49"}, {&(0x7f00000004c0)="d74176347026497df3db06477e0cc39d814773c6af66922b9e6ebf629cd5530ffc290cb603a5b9e75850ea83aa4e86418c1075edd71b104a79b88142080a7479c8c68e8ddf473e8b4accc1f6a6bd21a6e621cf00e6782d070f64a863df0da75bcd773359adb16b01de6ec8379c69ebd5467acbc93d155d4fab1a23c9c1fdbf5e3acd6f4ceaa5cd0d34a0b37db4b90da76bbb12d2ddf3691acd74f29f52934110571b96545c52203e190d6dfd434e6bcb469e2be9619d8e83378ffe66059cdccc5b24ea2faaf5ae3482fadf8d796900381a639de1007a"}], 0x0, &(0x7f0000000640)=[@ip_pktinfo={{0x0, 0x0, 0x8, {0x0, @dev, @local}}}, @ip_retopts={{0x0, 0x0, 0x7, {[@timestamp={0x44, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0]}]}}}, @ip_tos_int, @ip_tos_u8, @ip_tos_int, @ip_ttl, @ip_tos_int]}}], 0x2c9, 0x0) 06:06:19 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000140)=@framed, &(0x7f0000000500)='GPL\x00', 0x4, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 718.717449][T20691] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 718.740432][T20690] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:06:19 executing program 4: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000003bc0)=[{{&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10, 0x0}}, {{&(0x7f0000001580)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x2, 0x0) [ 718.828567][T20693] device bridge40 entered promiscuous mode 06:06:19 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x100) 06:06:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) 06:06:20 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:20 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x5) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f00000001c0)=0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001b00)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xc}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FD={0x8}]}}]}, 0x44}}, 0x0) 06:06:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00', 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000004c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x0, 0x0, {0x2}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 06:06:20 executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x9, 0x3, &(0x7f0000000140)=@framed, &(0x7f0000000500)='GPL\x00', 0x5, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$PROG_LOAD(0x5, &(0x7f0000007e00)={0x0, 0x3, &(0x7f0000007b40)=@framed, &(0x7f0000007c00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x78) [ 719.718466][T20710] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 719.731363][T20709] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 719.825678][T20712] device bridge40 entered promiscuous mode 06:06:21 executing program 2: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000004c40)=[{{&(0x7f0000000600)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000a40)=[@ip_retopts={{0x1c, 0x0, 0x8, {[@rr={0x7, 0xb, 0x0, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0x20}}], 0x1, 0x0) 06:06:21 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f00000005c0), 0x4) 06:06:21 executing program 1: r0 = socket$inet(0x2, 0x3, 0x3) sendmsg$sock(r0, &(0x7f0000000240)={&(0x7f0000000040)=@un=@abs, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="c6", 0x1}], 0x1}, 0x0) 06:06:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000800)=[{{&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x24008014) [ 720.637691][T20734] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:06:21 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r1, @ANYBLOB="01002abd7000ffdbdf250d000000a0000180140002", @ANYRES32=0x0, @ANYBLOB="140002006700", @ANYRES32=0x0, @ANYBLOB="1400020073797a5f7475"], 0xb4}}, 0x0) [ 720.681885][T20732] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 720.772837][T20737] device bridge40 entered promiscuous mode 06:06:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f00000005c0), 0x4) 06:06:22 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) [ 721.092167][T20749] netlink: 136 bytes leftover after parsing attributes in process `syz-executor.2'. 06:06:22 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x5, 0xfffffffd, 0x80e3, 0x3, 0x0, 0x1}, 0x40) 06:06:22 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000140)=@framed, &(0x7f0000000500)='GPL\x00', 0x5, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0xe, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:06:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 721.189666][T20751] netlink: 136 bytes leftover after parsing attributes in process `syz-executor.2'. 06:06:22 executing program 2: r0 = socket$inet(0x2, 0x3, 0x3) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmmsg$inet(r0, &(0x7f0000003c80)=[{{&(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x20}}], 0x1, 0x0) 06:06:22 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xde) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) [ 721.660999][T20761] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 721.735033][T20763] device bridge40 entered promiscuous mode 06:06:22 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5}, 0x40) 06:06:22 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:06:22 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000003000/0x1000)=nil, 0x1004, 0x0, 0x13, r0, 0x0) 06:06:23 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x1c, 0x0, &(0x7f00000010c0)) 06:06:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:23 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) 06:06:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x20}}, 0x0) 06:06:23 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:06:23 executing program 1: mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1fffff, 0x0, 0x8a131, 0xffffffffffffffff, 0x0) [ 722.581125][T20783] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 722.621150][T20783] device bridge40 entered promiscuous mode 06:06:23 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000140)=@framed, &(0x7f00000004c0)='syzkaller\x00', 0x5, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:06:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000280)={&(0x7f0000000000), 0xb, &(0x7f0000000240)={&(0x7f0000000200)={0x40, 0x0, 0x0, 0x0, 0x0, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vcan0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0x0) 06:06:24 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x2c, 0xb, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0) 06:06:24 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0)='batadv\x00', 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf2512"], 0x54}}, 0x0) 06:06:24 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:24 executing program 2: r0 = socket$inet(0x2, 0x3, 0x3) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={0x0, @generic={0x2, "b8a76b16f8471f3f6ae03c31e942"}, @isdn, @xdp}) [ 723.472295][T20807] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 723.549642][T20807] device bridge40 entered promiscuous mode 06:06:24 executing program 4: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000003bc0)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0}}, {{&(0x7f0000001580)={0x2, 0x0, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="1400000000f2"], 0x18}}], 0x2, 0x0) [ 723.689388][T20813] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 723.749869][T20817] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. 06:06:24 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x12, 0x4, 0x0, 0x9a}, 0x40) 06:06:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:25 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000140)=@framed, &(0x7f0000000500)='GPL\x00', 0x4, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:06:25 executing program 1: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00', 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB='\a\a\x00\x00\x00\x00\x00\x00-#\f'], 0x1c}}, 0x0) 06:06:25 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00', 0xffffffffffffffff) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0) [ 724.467675][T20828] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 06:06:25 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f0000000000)=@raw=[@func, @func, @func, @jmp], &(0x7f0000000500)='GPL\x00', 0x5, 0xff6, &(0x7f0000001900)=""/4086, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 724.554987][T20830] device bridge40 entered promiscuous mode 06:06:25 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) recvmsg(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x14123) 06:06:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:25 executing program 1: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00', 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB='\a\a\x00\x00\x00\x00\x00\x00-#\a'], 0x1c}}, 0x0) 06:06:26 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:26 executing program 4: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, &(0x7f0000000100)={0x67446698, 0x0, 0x0, 0x0, 0x0, "3f6b923c2bf1c9879012f88b6cb0fbed9aeebcfed761aa4b0322d9004679ee96984bf42620e4b31008ffc13e745031b7f5cc14a100e1ae4a7b719cbd1af3fd0dc9acb36b19aa66ff5a89a5c47e86dff348dfba9f9a604d80029240d227e5b7c1330a5ced6b63d125dc27050411631d69e10255f57880d47e6f717c80a65999c345b60fdc5ba48e005bb86eee0acecf7b91af7f7445e4e8f2053d7ce6fabbc920c6cca9a152f10170e19985f566a040805d06c5c4e616ad4c92ef74381182fe68df111c18b44d6c94acd8b52363fdfffb3b6b47a7f1126bb6a4dfc1d0384de06b63dd2a3637bbc26d74ce3344d64fb4e05d36c40b9aff35fdb89895ac910d90454d48c26656093e150ef831d261865d1b094af32740b6fe6bec60342c640c3d959a00ca4a1c0901b8c6698e48b7999b6f838762e91c112e410a19a423e584b23cc951606095319c388156134c735c3186bff7a4b27aa0ab3828cb902548dbc2e8e0f355f178b37376d3b9f01d7920e318b652e5497696d4476b0c3ba3e946bd3aa53a867935b2f4efef64810470d8096249880da8e96e92bc5601fea12a98ac79300ce3eed9d5512159c5839a42eb7be777ac923fab571674deb3cf1021ba79f772ee1aa70ba2492857c220311cc98fd86b25fb28337a5fbe06ac8141d3cef4c0b2c864c6568992d038806d1fe7afb56f0c14a5878660434612cf600da08656bcb645cd04ff5dd5b6f38a02b95e3edb66abf4f8d92f377e52cddb9542aa98245919a755103a9c73edd882beb0bdcf32b3f5bb811fb20fca08ee94e6ef3fbf743fa4eb7147604fba52e6aa61574e86ae9a5d7ca3f233c227d6c769d3e8bdbd3070f25234d0a344273b4b2057fdd544c85cd79df22d5323fe7798acba369767b77c63ab78052d29a6dd462d4ab0f41bfdb207badc875ae4fd6f608c229cf76ee6d20ffdf427534f6ded45fcc67d280a8cf558ebac7d4e265554b49998aa7ff9adaef2d49afea27d7df29ce4b7e1733e235af9c8e49228e021b89ad342c68bb58cd48f7b0256cdc17bbb76759a8b10a2498570313daaaa3e7c970eb56668dab1d07c3cb5b6f77988d025df98c4c7ade006b3c27c09b31aada968a668c2143c5da6bb77c80cad279bcc2a2a83fff93fa99360c5614f4722a55217cc9a53f6fd9e3b95901ff2b8da757d3fd722d8bd3ff39fd27568f60c46964d72ea7c57f264deccfbe31fe3f9fb71d835cff83b346e1bd93abae57a7486a1b0149b804dbc0a13da635ca1e70e3655dbc5e027f572cf32d73b03c69495175c6bb0f7eb503034a657c604681b72b8f71d7ec674d996f829f4a5cab3af6fc7fe8896b9d5210e58eaf26ce9aedd2431c19c290da4b711cb63126301d71e109477c4e9ffd887a0273179c99580411a451cd0111c1bd7b39f9417d65d9c24ebc55f7dd1bd7517c523bd1b7a92531f167ffc60d55d914fa85456994828cff4614f8ffcafd9afa8e68227d879a2dc23155663d6002ac699dfddcb3511e172f140278659d2d6acc5d2c7346a46282927a5d0b4758b983ab93ba6b30e48aa36a679191ebb900e3830784395b05518426cf6691c4d40fded36b531404478f0dcf9123179c4a611643be6cd9374f2e110f5b411fa8f89965a300b8b3cc6cf1fddc19a1e015dca59c617353144717b26740ef5e5d1ae525a59429eb7e240b543a75a4f35e0cee5e8995c96542899e7f8fe8452b3ef3ad4b610d3f7532147ca09dbdb3148303835d6c8da4e7883df760f7add4c3a3b540b164a887bbc25e3808472079cff428b319d3fb8cf21856627d351c3773b334dc3ce83f23fcfb0b274663ed16e3cd550146ff53ccfa101058c1dc2cd97decd82999390901c24a682d241876f4cf6771b70d46d8d24956aa0c48de3c9be01a242d0487137d67511b9da7766d3d1e44c4c8440fea394ec762f4afd602d1f01ea439b29d3ffdd594a4972d221f686a31385f4a8c0017313d7fcbb40fc8920aefda4ef29105e7b9060f339533157185963115c23ea512da9c7d157ee12969c0f9c4135ed31835629d017e6e41d81548b324499cfb14ba77d83de23d527a055c10d159dde24cecbb22d6354cd72720af46403d65403ccdd0a2d84a46cf0ea128623f5195dcc3aaa8150bee23ca30ff4a8a6eb4cf7677abc2214ece7e89fe4bf941cc151a576d5b0f8152b31db82c08b76c3c90698ef914b2ac21c9b2243620230d9ff5eb827060732b36506633bd3620ea3b681711b31b84d9d6f185283a1b469c688388cac202cb9ac40fd61b1cf8e1e7f74ff455f365b93918c4b2e977c53ce4422a91590a6f7eb85be5819f2c27daffe991d4ad1ba810531c4eb4ff5374dea7a14afba429fdf3e49e9dd2e313cb1a708cf7a9befe326affba61c637bd627cccfefaa97dd25f7e1b70f7b8d948bb0bacb2d506d1daac7ecd9262f295013ea71d973418705677de8c1fbceffce39d1cf85b32702190a9b5e26204464c326830484ed9a30840e5819d1fca3822d8b0913e3ee4edf74016beff2cbe4574a98f5c557f946a53906319f63c9308f42ee1a9f6202a9eb020d29d992fd232f5fd5747ab09780176ce6e56c728c2676fe74ab33690fd62693767e8a122a748041870e9d63afccccf997eddd311ef48a5920a1f6f4f72677447b41b120d4144f25280ac16b424282389f060b4505f28aff05b9281e59919e516048f9f011db1be789a14a31972daddbeede2787030573be422dc405eae91c47673449df0e76c1f7f03e54e9d818ecd2c5593869d51e82374dba7318532fa83a72126d10020ddcbbb48c9afe6656246dfb0312354cf85020d7b7fef6cd1c0188787a54e47d3ccb89eee8ce7374dd3860959bfc51607376bcdb80e716e0118582b2b820eb28ebb519c99aa55519db8063cb2a3b06d9b001d89f242809f1c8f8f0e183b57e879e572f98b027b5ffe0cdbacdbf563ce7ca95a26ac9d97e87ec83e349f112f016f8176010face28826da2603ef7cf48f5661790352fb589afa63346b6ba02ca1906946f19b4bdb8469d9c4cf47457dc51af9610b09fce8b72db321483cac927e02836ed023693287d11b9a45993fc5ef77516ee49984400b30849df943b7c97a056891572abf44d3d77953d7421e18add6f2791850ebec8e91e77232e58eac5b504b5ff8b1bff95c269c04f325d982c691cff9e39638a341bb127deef0035d6219bee886dc13113a6885fa167b7c43dc2ab6e083a96f09eee10cd1b874596a36dc4ee4ce3a84fd7c077efaa7994703067b68040c98366d2a686f92b2bb7046235030015c310fd9b4b78ce606dc944b04d876c90016735dbdd01fad8552be677814c8dbc266f4dc718b870923c62c20f949826a26a24debd7762e1a4cb2dea9b2d4cb0af85fa87aecf54e03978561dcbfaa8498389b917c061329faa76cd065400810e6b842a50660b894719f9f03c554e5726aa98369fa3fea3a53023e3a526d277b79dfde7fbf3cd7f01e0cd726c9a8c2ab0aab669a0eb73b5bb107e2541b59e2c95509b477a010b6b561729399defb84004bbb9b43a582761ba20982b4daa088403893f83952161c98d15bd178838dc945a30b532c71cfcc2d0c6d6b196d2b484a25e478e80c9b6dae29374bfaf6cc1f0fc3c0756c1a30769b261bce7a4733d437134cd6382cc28caf4f42e3ded505a8623d8ccc207cbb74d0046dac2aec2ec19105b79d0daaab915628f73527d47eaf708683c0e852ed99d3a234b5c4eebfb4ab1ef3c0f79f799f8c6adcf0734c34b2f254fd3ad047876c845c1bd2dd4a46951d8e133b16f17a02fec6c6acd0aee1f962378355ea8d7528f6d900a0ce0534e65b837a5675e2110a103e428f32c9a8dea08eccdb270ab9900c6b79acf3c85a12099c95f7422e6881002b085d6029365353c45f06ad3ecdd3d80dae1f2617e18ee2d07f14cdcb76ae10614b3958944201e724d2284844829aba8215139af288e65a9cddba97f059391ff44e7b83c7342db15286d065769e72efd11eb5f85657077f0875707ec830cc7b9e4bf54130d8f3de2aa9857979d7e50a9e3f463130eec480e9199fdd5ad5316ef68fe9f00706d5b224af2696fc9ba8731e9d50af5eb0bd943eb118ce546a5c848b3b7bb8db5a17b8b7b73a2e2207e9223f164d46969c64b44e860d14950f04428b38b01de222bd6e2d948688c4c189a08429850448b3aad524ae78325c190c322a9f3cc1c75ec7507225b8424d684f246cf11128e5ae73d9a8ee7546140ff793a3f0db89a362eeaa423837634841927bb787e8c2b031473a1c17040d0de75255679ca1d48afd53e99c53d91f0da5a10112af859bb5cbcd7bc70351e7751c82b8c7594bed43b523e0f5f377b95f3ba4fa27e6a296edba0d72cb170e70762d43e45274a894f3da57533a93b915f13e4c7e8510f0dfe1b9293c7212e2d79f9670b6666fa7c9cefa34678c4c36119d17024ddc51a9571b4f410b969d9723226a49d1aa6a98477b7db08154b42d230ecb0582a059a5c2fcaf913b058def66f0bea7286522e5124c3efea2410aa679c019df08b037539c4cb3b3c325baa231246627b2a7b9515982f8243168f586db1fe5fcae66d0641b717bf9e654431d57bbdce4a9f16d746d6d9890c8d6d3cecccd709443bf86de25c048806cbd7d4f28dd4b306942545887a4a9938ecd71f1918226ee2b66186ab7197148d753f2c9bb2007c5ef43a1d24f34947c5c38a22a5c911528fe22745d044755cec086ed359621e04bc0027546dbcd310dc1c1c1b44d4e5a05518261aab08672bd27c24f61749caf4eadb9be699521e3a04e1e9a6b276a2a40f2db8a0a9a42b554d14546d4366ad637068c57d5609b3900a39277030db1a54a1ae06052ee9e72fcb8f6d522e553cb3693cea5aae6abe08dbbd48af7694ee5c93557bb64160110cfe7bbd0e8015f0188c5989a276aa31265d8624c519edcdcd9364ff868a00a309c52e271c3db457c7a77e9e2993f759924a19d8e714f5f950f13b03ea40af9c25cdf5ee3f853cbc1c31f8c6fa4c0488db6ae01440613fa66fbb482c768a13b5f7ec82d45a44dba8e6908ca92ea2205d0c1bb0d1c3507237f3c22e064dab7edb87e153aade83e6c88b8dcff0dfe007725f00108be508dd7b46bf357eb37f71d147b29e8d5cec224a0af7cee344625adea5c597b9b5e6f2a4db0614d3f5a2f60ef6f77516071d033fce3085c17674e5f76a64ad4bd0033620fc06eed3efeb32a98bbdbbaa0f7793b0589ac9f88f546b8e5c6275cbffb2413a039bba4cf759c9fc51d0fdec762970fbf9c2fa50f85231035885c23e1f28528514f652741f132b9f41e0c76097f740916ae83a0e83fd42dcab1f1171f94c2964aff2ac19fa585ef06c43a3f7cf571fe06cd7436a550f049f8649dea056db87daada8346e00be1740c40dc68b3853a8a1219937dd410eb996f80d7cda420c433a72ccfd92ebe5b9e0fb7160e2a63e0e408292d8054c238408e7144f8f96ab5bef0dc7853cd23ce48f792bd7e47e72dc9081dae57a072eca0a093389bda7750f902dc058558eb6fa6e6c1b04c45568e76f02cf4032f8e9eb3ed3b98198bcd12f56ceb157cb92bae941e472d381a432213bddfd2e4341abbe4386a8d9d6eee35d340570c1e3a498bb9761d9876be3487d3625df37a1e64977040133b9a39eeccb140a277a9af99c7e86516cd9308185d5b6f57dbbd0cb28c7bba97b0737907211943318ee3f3d6ce571a73b8c639f4f88ddceecdc06c7641667cb2a8b"}, 0x1001) 06:06:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0) [ 725.276396][T20849] bond22 (uninitialized): Released all slaves [ 725.304853][T20849] device bridge40 entered promiscuous mode 06:06:26 executing program 1: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x5) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYRES16], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newqdisc={0xa8, 0x24, 0x67e0317e552b57d7, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@TCA_STAB={0x5c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x0, 0x8, 0xe9, 0x1, 0x0, 0x7ff, 0x2}}, {0x8, 0x2, [0x3, 0x32a]}}, {{0x1c, 0x1, {0xd5, 0x0, 0xfff, 0x3, 0x0, 0x0, 0xaa, 0xa}}, {0x18, 0x2, [0x9, 0x0, 0x8, 0x8, 0x5, 0x4, 0x7fff, 0xb8, 0x80, 0x1]}}]}, @qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x1c}}]}, 0xa8}}, 0x40) 06:06:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:26 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x2, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80) getsockname$packet(r1, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@delchain={0x24, 0x28, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfff3}}}, 0x24}}, 0x0) 06:06:26 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:26 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000140)=@framed={{}, [], {0x95, 0x0, 0x0, 0x48000000}}, &(0x7f0000000500)='GPL\x00', 0x5, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:06:26 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00', 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0xa}]}, 0x1c}}, 0x0) 06:06:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8931, &(0x7f00000003c0)={'vlan1\x00', @ifru_flags}) [ 726.242963][T20871] __nla_validate_parse: 1 callbacks suppressed [ 726.243027][T20871] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 726.341378][T20871] bond22 (uninitialized): Released all slaves [ 726.387912][T20875] device bridge40 entered promiscuous mode [ 726.466989][T20885] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 726.486845][T20886] netlink: 'syz-executor.1': attribute type 10 has an invalid length. 06:06:27 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000140)=@framed, &(0x7f0000000500)='GPL\x00', 0x5, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0xf, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:06:27 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:27 executing program 4: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000004c40)=[{{&(0x7f0000000600)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000a40)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@rr={0x44, 0xb, 0x5, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0x20}}], 0x1, 0x0) 06:06:27 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080)='ethtool\x00', 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x0, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x34}}, 0x0) 06:06:28 executing program 2: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000002440)=[{{&(0x7f0000000000), 0x10, 0x0, 0x0, &(0x7f00000025c0)=ANY=[@ANYBLOB="6800000000000000000000000700000086280000000201106c272ec29d836e4012bd5a773a9c020346060f89289d7939446372ea011b52fdd40cfa72c22ea40672f9f02d4410f87000007fff00000004000000748614ffffffff070437dd020a4b09f5baa5c4a0c41400000000000000000000000100000002000000000000001c000000000000000000000008000000", @ANYRES32, @ANYBLOB="e0000001ffffffff00000000140000000000000000000000010000003f000000000000001c000000000000000000000008"], 0xd8}}], 0x1, 0x0) [ 727.314582][T20899] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 727.424011][T20899] bond22 (uninitialized): Released all slaves 06:06:28 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f9}}, &(0x7f0000000500)='GPL\x00', 0x5, 0x1000, &(0x7f0000000900)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 727.487225][T20904] device bridge40 entered promiscuous mode 06:06:28 executing program 4: r0 = socket$inet(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000002440)=[{{&(0x7f0000000000), 0x10, 0x0, 0x0, &(0x7f00000025c0)=ANY=[@ANYBLOB="68000000000000000000000007000000862800000002"], 0xd8}}], 0x1, 0x0) 06:06:28 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x10, 0x1, 0x1}], 0x10}, 0x0) 06:06:28 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:28 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20000050}, 0x0) 06:06:29 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x102, 0x0, 0x0, 0x0) 06:06:29 executing program 4: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, &(0x7f0000000080)=ANY=[], 0x20000f41) 06:06:29 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) write$FUSE_LK(r0, 0x0, 0x0) [ 728.522072][T20924] device bridge40 entered promiscuous mode 06:06:29 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:06:29 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000480)=""/123, 0x88}}], 0x400014c, 0x0, 0x0) 06:06:29 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000000)='D', 0x1, 0x20008864, 0x0, 0x0) 06:06:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:30 executing program 1: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) 06:06:30 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 729.314810][T20945] device bridge40 entered promiscuous mode 06:06:30 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 06:06:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:06:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000040), 0x0, 0x40c0, &(0x7f0000000100)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'authenc(sha1-generic,chacha20)\x00'}, 0x80) 06:06:30 executing program 4: syz_mount_image$fuse(0x0, &(0x7f0000001780)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000900)='./file0\x00', 0x8, 0x0) 06:06:31 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 730.238356][T20960] device bridge40 entered promiscuous mode [ 730.242314][T20946] not chained 20000 origins [ 730.246894][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 730.253470][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.253470][T20946] Call Trace: [ 730.253470][T20946] dump_stack+0x21c/0x280 [ 730.253470][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 730.253470][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 730.253470][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 730.253470][T20946] ? kmsan_get_metadata+0x116/0x180 [ 730.253470][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 730.253470][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 730.253470][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 730.253470][T20946] ? kmsan_get_metadata+0x116/0x180 [ 730.253470][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 730.253470][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 730.253470][T20946] ? kmsan_get_metadata+0x116/0x180 [ 730.253470][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 730.253470][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 730.253470][T20946] ? _copy_from_user+0x1fd/0x300 [ 730.253470][T20946] ? kmsan_get_metadata+0x116/0x180 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 730.253470][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 730.253470][T20946] ? kmsan_get_metadata+0x116/0x180 [ 730.253470][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 730.253470][T20946] ? kmsan_get_metadata+0x116/0x180 [ 730.253470][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 730.253470][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 730.253470][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] RIP: 0023:0xf7f1c549 [ 730.253470][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 730.253470][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 730.253470][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 730.253470][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 730.253470][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 730.253470][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 730.253470][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Uninit was stored to memory at: [ 730.253470][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 730.253470][T20946] __msan_chain_origin+0x57/0xa0 [ 730.253470][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 730.253470][T20946] get_compat_msghdr+0x108/0x2b0 [ 730.253470][T20946] do_recvmmsg+0xdc1/0x22d0 [ 730.253470][T20946] __sys_recvmmsg+0x519/0x6f0 [ 730.253470][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 730.253470][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 730.253470][T20946] __do_fast_syscall_32+0x102/0x160 [ 730.253470][T20946] do_fast_syscall_32+0x6a/0xc0 [ 730.253470][T20946] do_SYSENTER_32+0x73/0x90 [ 730.253470][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 730.253470][T20946] [ 730.253470][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 730.253470][T20946] do_recvmmsg+0xbf/0x22d0 [ 730.253470][T20946] do_recvmmsg+0xbf/0x22d0 06:06:32 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002480)='/dev/zero\x00', 0x0, 0x0) write$FUSE_LSEEK(r0, &(0x7f00000000c0)={0x18}, 0xfffffffffffffe29) 06:06:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 732.058214][T20974] device bridge40 entered promiscuous mode [ 732.599850][T20946] not chained 30000 origins [ 732.603531][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 732.603531][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.603531][T20946] Call Trace: [ 732.603531][T20946] dump_stack+0x21c/0x280 [ 732.603531][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 732.603531][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 732.603531][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 732.603531][T20946] ? kmsan_get_metadata+0x116/0x180 [ 732.603531][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 732.603531][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 732.603531][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 732.603531][T20946] ? kmsan_get_metadata+0x116/0x180 [ 732.603531][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 732.603531][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 732.603531][T20946] ? kmsan_get_metadata+0x116/0x180 [ 732.693603][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 732.693603][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 732.693603][T20946] ? _copy_from_user+0x1fd/0x300 [ 732.693603][T20946] ? kmsan_get_metadata+0x116/0x180 [ 732.693603][T20946] __msan_chain_origin+0x57/0xa0 [ 732.693603][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 732.693603][T20946] get_compat_msghdr+0x108/0x2b0 [ 732.729806][T20946] do_recvmmsg+0xdc1/0x22d0 [ 732.729806][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 732.729806][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 732.729806][T20946] ? kmsan_get_metadata+0x116/0x180 [ 732.729806][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 732.729806][T20946] ? kmsan_get_metadata+0x116/0x180 [ 732.729806][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 732.729806][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 732.729806][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 732.729806][T20946] __sys_recvmmsg+0x519/0x6f0 [ 732.783455][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 732.783455][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 732.783455][T20946] __do_fast_syscall_32+0x102/0x160 [ 732.783455][T20946] do_fast_syscall_32+0x6a/0xc0 [ 732.783455][T20946] do_SYSENTER_32+0x73/0x90 [ 732.783455][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 732.783455][T20946] RIP: 0023:0xf7f1c549 [ 732.783455][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 732.783455][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 732.783455][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 732.783455][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 732.783455][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 732.783455][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 732.783455][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 732.783455][T20946] Uninit was stored to memory at: [ 732.783455][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 732.783455][T20946] __msan_chain_origin+0x57/0xa0 [ 732.783455][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 732.783455][T20946] get_compat_msghdr+0x108/0x2b0 [ 732.783455][T20946] do_recvmmsg+0xdc1/0x22d0 [ 732.783455][T20946] __sys_recvmmsg+0x519/0x6f0 [ 732.783455][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 732.783455][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 732.783455][T20946] __do_fast_syscall_32+0x102/0x160 [ 732.783455][T20946] do_fast_syscall_32+0x6a/0xc0 [ 732.783455][T20946] do_SYSENTER_32+0x73/0x90 [ 732.783455][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 732.783455][T20946] [ 732.783455][T20946] Uninit was stored to memory at: [ 732.783455][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 732.783455][T20946] __msan_chain_origin+0x57/0xa0 [ 732.783455][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 732.783455][T20946] get_compat_msghdr+0x108/0x2b0 [ 732.993555][T20946] do_recvmmsg+0xdc1/0x22d0 [ 732.993555][T20946] __sys_recvmmsg+0x519/0x6f0 [ 732.993555][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.003900][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.003900][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.003900][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.003900][T20946] do_SYSENTER_32+0x73/0x90 [ 733.003900][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.003900][T20946] [ 733.003900][T20946] Uninit was stored to memory at: [ 733.003900][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.003900][T20946] __msan_chain_origin+0x57/0xa0 [ 733.003900][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.003900][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.003900][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.003900][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.003900][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.003900][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.003900][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.003900][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.003900][T20946] do_SYSENTER_32+0x73/0x90 [ 733.003900][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.003900][T20946] [ 733.003900][T20946] Uninit was stored to memory at: [ 733.003900][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.003900][T20946] __msan_chain_origin+0x57/0xa0 [ 733.003900][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.003900][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.003900][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.003900][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.003900][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.003900][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.003900][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.003900][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.003900][T20946] do_SYSENTER_32+0x73/0x90 [ 733.003900][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.003900][T20946] [ 733.003900][T20946] Uninit was stored to memory at: [ 733.003900][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.003900][T20946] __msan_chain_origin+0x57/0xa0 [ 733.003900][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.003900][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.203646][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.211778][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.213406][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.213406][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.226571][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.233574][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.233574][T20946] do_SYSENTER_32+0x73/0x90 [ 733.233574][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.246488][T20946] [ 733.246488][T20946] Uninit was stored to memory at: [ 733.253431][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.258413][T20946] __msan_chain_origin+0x57/0xa0 [ 733.266557][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.273444][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.273444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.273444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.273444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.293866][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.293866][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.293866][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.308511][T20946] do_SYSENTER_32+0x73/0x90 [ 733.308511][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.317375][T20946] [ 733.317375][T20946] Uninit was stored to memory at: [ 733.326729][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.333433][T20946] __msan_chain_origin+0x57/0xa0 [ 733.333433][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.333433][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.346671][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.353608][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.353608][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.360792][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.373417][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.373417][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.373417][T20946] do_SYSENTER_32+0x73/0x90 [ 733.386699][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.393444][T20946] [ 733.393444][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 733.393444][T20946] do_recvmmsg+0xbf/0x22d0 [ 733.406512][T20946] do_recvmmsg+0xbf/0x22d0 [ 733.714721][T20946] not chained 40000 origins [ 733.719718][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 733.723283][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.723283][T20946] Call Trace: [ 733.723283][T20946] dump_stack+0x21c/0x280 [ 733.723283][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 733.723283][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 733.723283][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 733.723283][T20946] ? kmsan_get_metadata+0x116/0x180 [ 733.723283][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 733.772343][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 733.772343][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 733.772343][T20946] ? kmsan_get_metadata+0x116/0x180 [ 733.772343][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 733.772343][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 733.772343][T20946] ? kmsan_get_metadata+0x116/0x180 [ 733.772343][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 733.772343][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 733.772343][T20946] ? _copy_from_user+0x1fd/0x300 [ 733.828615][T20946] ? kmsan_get_metadata+0x116/0x180 [ 733.833579][T20946] __msan_chain_origin+0x57/0xa0 [ 733.833579][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.833579][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.833579][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.833579][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 733.833579][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 733.833579][T20946] ? kmsan_get_metadata+0x116/0x180 [ 733.833579][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 733.833579][T20946] ? kmsan_get_metadata+0x116/0x180 [ 733.833579][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 733.833579][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 733.833579][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 733.833579][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.833579][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.833579][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.833579][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.833579][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.833579][T20946] do_SYSENTER_32+0x73/0x90 [ 733.833579][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.833579][T20946] RIP: 0023:0xf7f1c549 [ 733.833579][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 733.833579][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 733.833579][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 733.833579][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 733.833579][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 733.833579][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 733.833579][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 733.833579][T20946] Uninit was stored to memory at: [ 733.833579][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.833579][T20946] __msan_chain_origin+0x57/0xa0 [ 733.833579][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.833579][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.833579][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.833579][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.833579][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.833579][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.833579][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.833579][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.833579][T20946] do_SYSENTER_32+0x73/0x90 [ 733.833579][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.833579][T20946] [ 733.833579][T20946] Uninit was stored to memory at: [ 733.833579][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.833579][T20946] __msan_chain_origin+0x57/0xa0 [ 733.833579][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.833579][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.833579][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.833579][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.833579][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.833579][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.833579][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.833579][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.833579][T20946] do_SYSENTER_32+0x73/0x90 [ 733.833579][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.833579][T20946] [ 733.833579][T20946] Uninit was stored to memory at: [ 733.833579][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 733.833579][T20946] __msan_chain_origin+0x57/0xa0 [ 733.833579][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 733.833579][T20946] get_compat_msghdr+0x108/0x2b0 [ 733.833579][T20946] do_recvmmsg+0xdc1/0x22d0 [ 733.833579][T20946] __sys_recvmmsg+0x519/0x6f0 [ 733.833579][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 733.833579][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 733.833579][T20946] __do_fast_syscall_32+0x102/0x160 [ 733.833579][T20946] do_fast_syscall_32+0x6a/0xc0 [ 733.833579][T20946] do_SYSENTER_32+0x73/0x90 [ 733.833579][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 733.833579][T20946] [ 733.833579][T20946] Uninit was stored to memory at: [ 733.833579][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.243456][T20946] __msan_chain_origin+0x57/0xa0 [ 734.246957][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.253570][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.253570][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.253570][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.266489][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.273692][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.273692][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.286343][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.286343][T20946] do_SYSENTER_32+0x73/0x90 [ 734.295521][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.295521][T20946] [ 734.295521][T20946] Uninit was stored to memory at: [ 734.307202][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.307202][T20946] __msan_chain_origin+0x57/0xa0 [ 734.317375][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.317375][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.329204][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.333679][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.333679][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.346909][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.353650][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.353650][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.353650][T20946] do_SYSENTER_32+0x73/0x90 [ 734.366498][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.373599][T20946] [ 734.373599][T20946] Uninit was stored to memory at: [ 734.373599][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.387859][T20946] __msan_chain_origin+0x57/0xa0 [ 734.387859][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.393688][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.393688][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.393688][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.393688][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.413569][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.413569][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.413569][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.433582][T20946] do_SYSENTER_32+0x73/0x90 [ 734.433582][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.433582][T20946] [ 734.446488][T20946] Uninit was stored to memory at: [ 734.446488][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.453691][T20946] __msan_chain_origin+0x57/0xa0 [ 734.453691][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.466410][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.473936][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.473936][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.473936][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.473936][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.473936][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.497541][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.503406][T20946] do_SYSENTER_32+0x73/0x90 [ 734.503406][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.503406][T20946] [ 734.518463][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 734.523954][T20946] do_recvmmsg+0xbf/0x22d0 [ 734.523954][T20946] do_recvmmsg+0xbf/0x22d0 [ 734.827950][T20946] not chained 50000 origins [ 734.833217][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 734.833317][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 734.833317][T20946] Call Trace: [ 734.833317][T20946] dump_stack+0x21c/0x280 [ 734.833317][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 734.833317][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 734.833317][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 734.833317][T20946] ? kmsan_get_metadata+0x116/0x180 [ 734.833317][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 734.897324][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 734.897324][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 734.897324][T20946] ? kmsan_get_metadata+0x116/0x180 [ 734.897324][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 734.897324][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 734.897324][T20946] ? kmsan_get_metadata+0x116/0x180 [ 734.897324][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 734.897324][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 734.897324][T20946] ? _copy_from_user+0x1fd/0x300 [ 734.897324][T20946] ? kmsan_get_metadata+0x116/0x180 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 734.897324][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 734.897324][T20946] ? kmsan_get_metadata+0x116/0x180 [ 734.897324][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 734.897324][T20946] ? kmsan_get_metadata+0x116/0x180 [ 734.897324][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 734.897324][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 734.897324][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] RIP: 0023:0xf7f1c549 [ 734.897324][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 734.897324][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 734.897324][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 734.897324][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 734.897324][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 734.897324][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 734.897324][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Uninit was stored to memory at: [ 734.897324][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 734.897324][T20946] __msan_chain_origin+0x57/0xa0 [ 734.897324][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 734.897324][T20946] get_compat_msghdr+0x108/0x2b0 [ 734.897324][T20946] do_recvmmsg+0xdc1/0x22d0 [ 734.897324][T20946] __sys_recvmmsg+0x519/0x6f0 [ 734.897324][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 734.897324][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 734.897324][T20946] __do_fast_syscall_32+0x102/0x160 [ 734.897324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 734.897324][T20946] do_SYSENTER_32+0x73/0x90 [ 734.897324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 734.897324][T20946] [ 734.897324][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 734.897324][T20946] do_recvmmsg+0xbf/0x22d0 [ 734.897324][T20946] do_recvmmsg+0xbf/0x22d0 [ 735.978289][T20946] not chained 60000 origins [ 735.983305][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 735.983305][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.983305][T20946] Call Trace: [ 735.983305][T20946] dump_stack+0x21c/0x280 [ 735.983305][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 735.983305][T20946] ? __msan_get_context_state+0x9/0x20 [ 736.022454][T20946] ? irqentry_exit+0x12/0x50 [ 736.022454][T20946] ? __exc_page_fault+0xfb/0x340 [ 736.022454][T20946] ? exc_page_fault+0x45/0x50 [ 736.022454][T20946] ? kmsan_get_metadata+0x116/0x180 [ 736.022454][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 736.022454][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 736.022454][T20946] ? _copy_from_user+0x1fd/0x300 [ 736.022454][T20946] ? kmsan_get_metadata+0x116/0x180 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 736.022454][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 736.022454][T20946] ? kmsan_get_metadata+0x116/0x180 [ 736.022454][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 736.022454][T20946] ? kmsan_get_metadata+0x116/0x180 [ 736.022454][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 736.022454][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 736.022454][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.022454][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.022454][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.022454][T20946] do_SYSENTER_32+0x73/0x90 [ 736.022454][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.022454][T20946] RIP: 0023:0xf7f1c549 [ 736.022454][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 736.022454][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 736.022454][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 736.022454][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 736.022454][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 736.022454][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 736.022454][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 736.022454][T20946] Uninit was stored to memory at: [ 736.022454][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.022454][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.022454][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.022454][T20946] do_SYSENTER_32+0x73/0x90 [ 736.022454][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.022454][T20946] [ 736.022454][T20946] Uninit was stored to memory at: [ 736.022454][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.022454][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.022454][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.022454][T20946] do_SYSENTER_32+0x73/0x90 [ 736.022454][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.022454][T20946] [ 736.022454][T20946] Uninit was stored to memory at: [ 736.022454][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.022454][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.022454][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.022454][T20946] do_SYSENTER_32+0x73/0x90 [ 736.022454][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.022454][T20946] [ 736.022454][T20946] Uninit was stored to memory at: [ 736.022454][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.022454][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.022454][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.022454][T20946] do_SYSENTER_32+0x73/0x90 [ 736.022454][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.022454][T20946] [ 736.022454][T20946] Uninit was stored to memory at: [ 736.022454][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.022454][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.022454][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.022454][T20946] do_SYSENTER_32+0x73/0x90 [ 736.022454][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.022454][T20946] [ 736.022454][T20946] Uninit was stored to memory at: [ 736.022454][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.022454][T20946] __msan_chain_origin+0x57/0xa0 [ 736.022454][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.022454][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.022454][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.022454][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.022454][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.022454][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.726567][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.726567][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.726567][T20946] do_SYSENTER_32+0x73/0x90 [ 736.726567][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.743770][T20946] [ 736.743770][T20946] Uninit was stored to memory at: [ 736.743770][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 736.743770][T20946] __msan_chain_origin+0x57/0xa0 [ 736.743770][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 736.743770][T20946] get_compat_msghdr+0x108/0x2b0 [ 736.743770][T20946] do_recvmmsg+0xdc1/0x22d0 [ 736.743770][T20946] __sys_recvmmsg+0x519/0x6f0 [ 736.743770][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 736.743770][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 736.743770][T20946] __do_fast_syscall_32+0x102/0x160 [ 736.743770][T20946] do_fast_syscall_32+0x6a/0xc0 [ 736.743770][T20946] do_SYSENTER_32+0x73/0x90 [ 736.743770][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 736.743770][T20946] [ 736.743770][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 736.743770][T20946] do_recvmmsg+0xbf/0x22d0 [ 736.743770][T20946] do_recvmmsg+0xbf/0x22d0 [ 737.129803][T20946] not chained 70000 origins [ 737.133816][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 737.133816][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 737.148356][T20946] Call Trace: [ 737.148356][T20946] dump_stack+0x21c/0x280 [ 737.148356][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 737.148356][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 737.148356][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 737.148356][T20946] ? kmsan_get_metadata+0x116/0x180 [ 737.148356][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 737.148356][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 737.148356][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 737.148356][T20946] ? kmsan_get_metadata+0x116/0x180 [ 737.148356][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 737.148356][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 737.148356][T20946] ? kmsan_get_metadata+0x116/0x180 [ 737.148356][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 737.148356][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 737.148356][T20946] ? _copy_from_user+0x1fd/0x300 [ 737.148356][T20946] ? kmsan_get_metadata+0x116/0x180 [ 737.148356][T20946] __msan_chain_origin+0x57/0xa0 [ 737.148356][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.148356][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.148356][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.148356][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 737.148356][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 737.148356][T20946] ? kmsan_get_metadata+0x116/0x180 [ 737.148356][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 737.148356][T20946] ? kmsan_get_metadata+0x116/0x180 [ 737.148356][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 737.148356][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 737.148356][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 737.148356][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.148356][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.344515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.344515][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.344515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.344515][T20946] do_SYSENTER_32+0x73/0x90 [ 737.344515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.344515][T20946] RIP: 0023:0xf7f1c549 [ 737.344515][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 737.344515][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 737.344515][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 737.344515][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 737.344515][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 737.344515][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 737.344515][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 737.344515][T20946] Uninit was stored to memory at: [ 737.344515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.344515][T20946] __msan_chain_origin+0x57/0xa0 [ 737.344515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.344515][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.344515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.344515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.344515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.344515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.344515][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.344515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.344515][T20946] do_SYSENTER_32+0x73/0x90 [ 737.344515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.344515][T20946] [ 737.344515][T20946] Uninit was stored to memory at: [ 737.344515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.344515][T20946] __msan_chain_origin+0x57/0xa0 [ 737.344515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.344515][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.344515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.344515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.344515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.344515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.344515][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.344515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.344515][T20946] do_SYSENTER_32+0x73/0x90 [ 737.344515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.344515][T20946] [ 737.344515][T20946] Uninit was stored to memory at: [ 737.344515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.344515][T20946] __msan_chain_origin+0x57/0xa0 [ 737.344515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.344515][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.344515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.344515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.344515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.344515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.344515][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.344515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.344515][T20946] do_SYSENTER_32+0x73/0x90 [ 737.344515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.344515][T20946] [ 737.344515][T20946] Uninit was stored to memory at: [ 737.344515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.344515][T20946] __msan_chain_origin+0x57/0xa0 [ 737.344515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.344515][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.344515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.344515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.344515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.763533][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.763533][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.763533][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.763533][T20946] do_SYSENTER_32+0x73/0x90 [ 737.763533][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.763533][T20946] [ 737.763533][T20946] Uninit was stored to memory at: [ 737.763533][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.763533][T20946] __msan_chain_origin+0x57/0xa0 [ 737.763533][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.763533][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.763533][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.763533][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.763533][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.763533][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.763533][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.763533][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.763533][T20946] do_SYSENTER_32+0x73/0x90 [ 737.763533][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.763533][T20946] [ 737.763533][T20946] Uninit was stored to memory at: [ 737.763533][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.763533][T20946] __msan_chain_origin+0x57/0xa0 [ 737.763533][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.763533][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.763533][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.763533][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.763533][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.763533][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.763533][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.763533][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.763533][T20946] do_SYSENTER_32+0x73/0x90 [ 737.763533][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.763533][T20946] [ 737.763533][T20946] Uninit was stored to memory at: [ 737.763533][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 737.763533][T20946] __msan_chain_origin+0x57/0xa0 [ 737.763533][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 737.763533][T20946] get_compat_msghdr+0x108/0x2b0 [ 737.763533][T20946] do_recvmmsg+0xdc1/0x22d0 [ 737.763533][T20946] __sys_recvmmsg+0x519/0x6f0 [ 737.763533][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 737.763533][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 737.763533][T20946] __do_fast_syscall_32+0x102/0x160 [ 737.763533][T20946] do_fast_syscall_32+0x6a/0xc0 [ 737.763533][T20946] do_SYSENTER_32+0x73/0x90 [ 737.763533][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 737.763533][T20946] [ 737.763533][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 737.763533][T20946] do_recvmmsg+0xbf/0x22d0 [ 737.763533][T20946] do_recvmmsg+0xbf/0x22d0 [ 738.314810][T20946] not chained 80000 origins [ 738.319400][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 738.323298][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.323298][T20946] Call Trace: [ 738.323298][T20946] dump_stack+0x21c/0x280 [ 738.323298][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 738.323298][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 738.323298][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 738.323298][T20946] ? kmsan_get_metadata+0x116/0x180 [ 738.323298][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 738.323298][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 738.323298][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 738.323298][T20946] ? kmsan_get_metadata+0x116/0x180 [ 738.323298][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 738.323298][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 738.323298][T20946] ? kmsan_get_metadata+0x116/0x180 [ 738.323298][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 738.323298][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 738.323298][T20946] ? _copy_from_user+0x1fd/0x300 [ 738.323298][T20946] ? kmsan_get_metadata+0x116/0x180 [ 738.323298][T20946] __msan_chain_origin+0x57/0xa0 [ 738.323298][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.323298][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.323298][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.323298][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 738.323298][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 738.323298][T20946] ? kmsan_get_metadata+0x116/0x180 [ 738.323298][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 738.323298][T20946] ? kmsan_get_metadata+0x116/0x180 [ 738.323298][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 738.323298][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 738.323298][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 738.323298][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.323298][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 738.323298][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 738.323298][T20946] __do_fast_syscall_32+0x102/0x160 [ 738.323298][T20946] do_fast_syscall_32+0x6a/0xc0 [ 738.323298][T20946] do_SYSENTER_32+0x73/0x90 [ 738.323298][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 738.323298][T20946] RIP: 0023:0xf7f1c549 [ 738.323298][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 738.323298][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 738.323298][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 738.323298][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 738.323298][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 738.323298][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 738.323298][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 738.323298][T20946] Uninit was stored to memory at: [ 738.323298][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 738.323298][T20946] __msan_chain_origin+0x57/0xa0 [ 738.323298][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.323298][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.323298][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.323298][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.323298][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 738.323298][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 738.323298][T20946] __do_fast_syscall_32+0x102/0x160 [ 738.323298][T20946] do_fast_syscall_32+0x6a/0xc0 [ 738.323298][T20946] do_SYSENTER_32+0x73/0x90 [ 738.323298][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 738.323298][T20946] [ 738.323298][T20946] Uninit was stored to memory at: [ 738.323298][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 738.323298][T20946] __msan_chain_origin+0x57/0xa0 [ 738.323298][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.323298][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.323298][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.323298][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.323298][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 738.323298][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 738.323298][T20946] __do_fast_syscall_32+0x102/0x160 [ 738.323298][T20946] do_fast_syscall_32+0x6a/0xc0 [ 738.323298][T20946] do_SYSENTER_32+0x73/0x90 [ 738.323298][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 738.323298][T20946] [ 738.323298][T20946] Uninit was stored to memory at: [ 738.323298][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 738.323298][T20946] __msan_chain_origin+0x57/0xa0 [ 738.323298][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.323298][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.323298][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.323298][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.323298][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 738.323298][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 738.323298][T20946] __do_fast_syscall_32+0x102/0x160 [ 738.803455][T20946] do_fast_syscall_32+0x6a/0xc0 [ 738.807805][T20946] do_SYSENTER_32+0x73/0x90 [ 738.807805][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 738.814586][T20946] [ 738.814586][T20946] Uninit was stored to memory at: [ 738.825474][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 738.825474][T20946] __msan_chain_origin+0x57/0xa0 [ 738.834789][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.834789][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.845412][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.845412][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.855005][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 738.855005][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 738.865523][T20946] __do_fast_syscall_32+0x102/0x160 [ 738.865523][T20946] do_fast_syscall_32+0x6a/0xc0 [ 738.875006][T20946] do_SYSENTER_32+0x73/0x90 [ 738.875006][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 738.885589][T20946] [ 738.890361][T20946] Uninit was stored to memory at: [ 738.894676][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 738.894676][T20946] __msan_chain_origin+0x57/0xa0 [ 738.894676][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.911847][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.916620][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.916620][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.925505][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 738.925505][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 738.934606][T20946] __do_fast_syscall_32+0x102/0x160 [ 738.934606][T20946] do_fast_syscall_32+0x6a/0xc0 [ 738.945846][T20946] do_SYSENTER_32+0x73/0x90 [ 738.945846][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 738.954710][T20946] [ 738.954710][T20946] Uninit was stored to memory at: [ 738.954710][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 738.954710][T20946] __msan_chain_origin+0x57/0xa0 [ 738.954710][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 738.954710][T20946] get_compat_msghdr+0x108/0x2b0 [ 738.986402][T20946] do_recvmmsg+0xdc1/0x22d0 [ 738.992911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 738.996179][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.004098][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.004098][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.004098][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.019751][T20946] do_SYSENTER_32+0x73/0x90 [ 739.019751][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.026037][T20946] [ 739.026037][T20946] Uninit was stored to memory at: [ 739.035966][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.044264][T20946] __msan_chain_origin+0x57/0xa0 [ 739.044264][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.044264][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.056282][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.064151][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.064151][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.064151][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.076132][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.084234][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.084234][T20946] do_SYSENTER_32+0x73/0x90 [ 739.084234][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.098440][T20946] [ 739.104219][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 739.104219][T20946] do_recvmmsg+0xbf/0x22d0 [ 739.116012][T20946] do_recvmmsg+0xbf/0x22d0 [ 739.402773][T20946] not chained 90000 origins [ 739.403288][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 739.403288][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.403288][T20946] Call Trace: [ 739.403288][T20946] dump_stack+0x21c/0x280 [ 739.403288][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 739.403288][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 739.444760][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 739.444760][T20946] ? kmsan_get_metadata+0x116/0x180 [ 739.444760][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 739.444760][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 739.473776][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 739.473776][T20946] ? kmsan_get_metadata+0x116/0x180 [ 739.473776][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 739.473776][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 739.473776][T20946] ? kmsan_get_metadata+0x116/0x180 [ 739.505203][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 739.505203][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 739.505203][T20946] ? _copy_from_user+0x1fd/0x300 [ 739.505203][T20946] ? kmsan_get_metadata+0x116/0x180 [ 739.505203][T20946] __msan_chain_origin+0x57/0xa0 [ 739.505203][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.505203][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.505203][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.505203][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 739.505203][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 739.505203][T20946] ? kmsan_get_metadata+0x116/0x180 [ 739.505203][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 739.505203][T20946] ? kmsan_get_metadata+0x116/0x180 [ 739.505203][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 739.505203][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 739.505203][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 739.505203][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.505203][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.505203][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.505203][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.505203][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.505203][T20946] do_SYSENTER_32+0x73/0x90 [ 739.505203][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.505203][T20946] RIP: 0023:0xf7f1c549 [ 739.505203][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 739.505203][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 739.505203][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 739.505203][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 739.505203][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 739.505203][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 739.505203][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 739.505203][T20946] Uninit was stored to memory at: [ 739.505203][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.505203][T20946] __msan_chain_origin+0x57/0xa0 [ 739.505203][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.505203][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.505203][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.505203][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.505203][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.505203][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.505203][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.505203][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.505203][T20946] do_SYSENTER_32+0x73/0x90 [ 739.505203][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.505203][T20946] [ 739.505203][T20946] Uninit was stored to memory at: [ 739.505203][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.505203][T20946] __msan_chain_origin+0x57/0xa0 [ 739.830164][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.830164][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.830164][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.830164][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.830164][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.830164][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.830164][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.830164][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.830164][T20946] do_SYSENTER_32+0x73/0x90 [ 739.830164][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.830164][T20946] [ 739.830164][T20946] Uninit was stored to memory at: [ 739.830164][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.830164][T20946] __msan_chain_origin+0x57/0xa0 [ 739.830164][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.830164][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.830164][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.830164][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.830164][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.830164][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.830164][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.830164][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.830164][T20946] do_SYSENTER_32+0x73/0x90 [ 739.830164][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.830164][T20946] [ 739.830164][T20946] Uninit was stored to memory at: [ 739.830164][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.830164][T20946] __msan_chain_origin+0x57/0xa0 [ 739.830164][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.830164][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.830164][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.830164][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.830164][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.830164][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.830164][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.830164][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.830164][T20946] do_SYSENTER_32+0x73/0x90 [ 739.830164][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.830164][T20946] [ 739.830164][T20946] Uninit was stored to memory at: [ 739.830164][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.830164][T20946] __msan_chain_origin+0x57/0xa0 [ 739.830164][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 739.830164][T20946] get_compat_msghdr+0x108/0x2b0 [ 739.830164][T20946] do_recvmmsg+0xdc1/0x22d0 [ 739.830164][T20946] __sys_recvmmsg+0x519/0x6f0 [ 739.830164][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 739.830164][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 739.830164][T20946] __do_fast_syscall_32+0x102/0x160 [ 739.830164][T20946] do_fast_syscall_32+0x6a/0xc0 [ 739.830164][T20946] do_SYSENTER_32+0x73/0x90 [ 739.830164][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 739.830164][T20946] [ 739.830164][T20946] Uninit was stored to memory at: [ 739.830164][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 739.830164][T20946] __msan_chain_origin+0x57/0xa0 [ 739.830164][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 740.163500][T20946] get_compat_msghdr+0x108/0x2b0 [ 740.163500][T20946] do_recvmmsg+0xdc1/0x22d0 [ 740.163500][T20946] __sys_recvmmsg+0x519/0x6f0 [ 740.163500][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 740.163500][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 740.194126][T20946] __do_fast_syscall_32+0x102/0x160 [ 740.194126][T20946] do_fast_syscall_32+0x6a/0xc0 [ 740.194126][T20946] do_SYSENTER_32+0x73/0x90 [ 740.194126][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 740.194126][T20946] [ 740.194126][T20946] Uninit was stored to memory at: [ 740.194126][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 740.194126][T20946] __msan_chain_origin+0x57/0xa0 [ 740.194126][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 740.194126][T20946] get_compat_msghdr+0x108/0x2b0 [ 740.194126][T20946] do_recvmmsg+0xdc1/0x22d0 [ 740.194126][T20946] __sys_recvmmsg+0x519/0x6f0 [ 740.194126][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 740.194126][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 740.194126][T20946] __do_fast_syscall_32+0x102/0x160 [ 740.194126][T20946] do_fast_syscall_32+0x6a/0xc0 [ 740.194126][T20946] do_SYSENTER_32+0x73/0x90 [ 740.194126][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 740.194126][T20946] [ 740.194126][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 740.194126][T20946] do_recvmmsg+0xbf/0x22d0 [ 740.194126][T20946] do_recvmmsg+0xbf/0x22d0 [ 740.725599][T20946] not chained 100000 origins [ 740.731600][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 740.733307][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.733307][T20946] Call Trace: [ 740.733307][T20946] dump_stack+0x21c/0x280 [ 740.733307][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 740.733307][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 740.733307][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 740.733307][T20946] ? kmsan_get_metadata+0x116/0x180 [ 740.733307][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 740.733307][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 740.733307][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 740.733307][T20946] ? kmsan_get_metadata+0x116/0x180 [ 740.733307][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 740.733307][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 740.733307][T20946] ? kmsan_get_metadata+0x116/0x180 [ 740.733307][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 740.733307][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 740.733307][T20946] ? _copy_from_user+0x1fd/0x300 [ 740.733307][T20946] ? kmsan_get_metadata+0x116/0x180 [ 740.733307][T20946] __msan_chain_origin+0x57/0xa0 [ 740.733307][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 740.733307][T20946] get_compat_msghdr+0x108/0x2b0 [ 740.733307][T20946] do_recvmmsg+0xdc1/0x22d0 [ 740.733307][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 740.733307][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 740.733307][T20946] ? kmsan_get_metadata+0x116/0x180 [ 740.733307][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 740.733307][T20946] ? kmsan_get_metadata+0x116/0x180 [ 740.733307][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 740.733307][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 740.733307][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 740.733307][T20946] __sys_recvmmsg+0x519/0x6f0 [ 740.733307][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 740.733307][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 740.733307][T20946] __do_fast_syscall_32+0x102/0x160 [ 740.733307][T20946] do_fast_syscall_32+0x6a/0xc0 [ 740.733307][T20946] do_SYSENTER_32+0x73/0x90 [ 740.733307][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 740.733307][T20946] RIP: 0023:0xf7f1c549 [ 740.733307][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 740.733307][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 740.733307][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 740.733307][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 740.733307][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 740.733307][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 740.733307][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 740.733307][T20946] Uninit was stored to memory at: [ 740.733307][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 740.733307][T20946] __msan_chain_origin+0x57/0xa0 [ 740.733307][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 740.733307][T20946] get_compat_msghdr+0x108/0x2b0 [ 740.733307][T20946] do_recvmmsg+0xdc1/0x22d0 [ 740.733307][T20946] __sys_recvmmsg+0x519/0x6f0 [ 740.733307][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 740.733307][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 740.733307][T20946] __do_fast_syscall_32+0x102/0x160 [ 740.733307][T20946] do_fast_syscall_32+0x6a/0xc0 [ 740.733307][T20946] do_SYSENTER_32+0x73/0x90 [ 740.733307][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 740.733307][T20946] [ 740.733307][T20946] Uninit was stored to memory at: [ 740.733307][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 740.733307][T20946] __msan_chain_origin+0x57/0xa0 [ 740.733307][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 740.733307][T20946] get_compat_msghdr+0x108/0x2b0 [ 740.733307][T20946] do_recvmmsg+0xdc1/0x22d0 [ 740.733307][T20946] __sys_recvmmsg+0x519/0x6f0 [ 740.733307][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 740.733307][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 740.733307][T20946] __do_fast_syscall_32+0x102/0x160 [ 740.733307][T20946] do_fast_syscall_32+0x6a/0xc0 [ 740.733307][T20946] do_SYSENTER_32+0x73/0x90 [ 740.733307][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 741.213355][T20946] [ 741.213355][T20946] Uninit was stored to memory at: [ 741.213355][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 741.213355][T20946] __msan_chain_origin+0x57/0xa0 [ 741.213355][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 741.213355][T20946] get_compat_msghdr+0x108/0x2b0 [ 741.213355][T20946] do_recvmmsg+0xdc1/0x22d0 [ 741.213355][T20946] __sys_recvmmsg+0x519/0x6f0 [ 741.213355][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 741.213355][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 741.213355][T20946] __do_fast_syscall_32+0x102/0x160 [ 741.213355][T20946] do_fast_syscall_32+0x6a/0xc0 [ 741.213355][T20946] do_SYSENTER_32+0x73/0x90 [ 741.213355][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 741.213355][T20946] [ 741.213355][T20946] Uninit was stored to memory at: [ 741.213355][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 741.213355][T20946] __msan_chain_origin+0x57/0xa0 [ 741.213355][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 741.213355][T20946] get_compat_msghdr+0x108/0x2b0 [ 741.213355][T20946] do_recvmmsg+0xdc1/0x22d0 [ 741.213355][T20946] __sys_recvmmsg+0x519/0x6f0 [ 741.213355][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 741.213355][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 741.213355][T20946] __do_fast_syscall_32+0x102/0x160 [ 741.213355][T20946] do_fast_syscall_32+0x6a/0xc0 [ 741.213355][T20946] do_SYSENTER_32+0x73/0x90 [ 741.213355][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 741.213355][T20946] [ 741.213355][T20946] Uninit was stored to memory at: [ 741.213355][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 741.213355][T20946] __msan_chain_origin+0x57/0xa0 [ 741.213355][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 741.213355][T20946] get_compat_msghdr+0x108/0x2b0 [ 741.213355][T20946] do_recvmmsg+0xdc1/0x22d0 [ 741.213355][T20946] __sys_recvmmsg+0x519/0x6f0 [ 741.213355][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 741.213355][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 741.213355][T20946] __do_fast_syscall_32+0x102/0x160 [ 741.213355][T20946] do_fast_syscall_32+0x6a/0xc0 [ 741.213355][T20946] do_SYSENTER_32+0x73/0x90 [ 741.213355][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 741.213355][T20946] [ 741.213355][T20946] Uninit was stored to memory at: [ 741.213355][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 741.213355][T20946] __msan_chain_origin+0x57/0xa0 [ 741.213355][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 741.213355][T20946] get_compat_msghdr+0x108/0x2b0 [ 741.213355][T20946] do_recvmmsg+0xdc1/0x22d0 [ 741.213355][T20946] __sys_recvmmsg+0x519/0x6f0 [ 741.213355][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 741.213355][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 741.213355][T20946] __do_fast_syscall_32+0x102/0x160 [ 741.213355][T20946] do_fast_syscall_32+0x6a/0xc0 [ 741.213355][T20946] do_SYSENTER_32+0x73/0x90 [ 741.213355][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 741.213355][T20946] [ 741.213355][T20946] Uninit was stored to memory at: [ 741.213355][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 741.213355][T20946] __msan_chain_origin+0x57/0xa0 [ 741.213355][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 741.213355][T20946] get_compat_msghdr+0x108/0x2b0 [ 741.213355][T20946] do_recvmmsg+0xdc1/0x22d0 [ 741.213355][T20946] __sys_recvmmsg+0x519/0x6f0 [ 741.213355][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 741.213355][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 741.213355][T20946] __do_fast_syscall_32+0x102/0x160 [ 741.213355][T20946] do_fast_syscall_32+0x6a/0xc0 [ 741.213355][T20946] do_SYSENTER_32+0x73/0x90 [ 741.213355][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 741.213355][T20946] [ 741.213355][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 741.213355][T20946] do_recvmmsg+0xbf/0x22d0 [ 741.213355][T20946] do_recvmmsg+0xbf/0x22d0 [ 742.022995][T20946] not chained 110000 origins [ 742.023307][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 742.023307][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.023307][T20946] Call Trace: [ 742.023307][T20946] dump_stack+0x21c/0x280 [ 742.023307][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 742.065469][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 742.065469][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 742.065469][T20946] ? kmsan_get_metadata+0x116/0x180 [ 742.065469][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 742.065469][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 742.065469][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 742.065469][T20946] ? kmsan_get_metadata+0x116/0x180 [ 742.065469][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 742.065469][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 742.065469][T20946] ? kmsan_get_metadata+0x116/0x180 [ 742.065469][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 742.065469][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 742.065469][T20946] ? _copy_from_user+0x1fd/0x300 [ 742.065469][T20946] ? kmsan_get_metadata+0x116/0x180 [ 742.065469][T20946] __msan_chain_origin+0x57/0xa0 [ 742.065469][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.065469][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.065469][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.065469][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 742.065469][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 742.065469][T20946] ? kmsan_get_metadata+0x116/0x180 [ 742.065469][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 742.065469][T20946] ? kmsan_get_metadata+0x116/0x180 [ 742.065469][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 742.065469][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 742.065469][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 742.065469][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.065469][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.065469][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.065469][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.065469][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.065469][T20946] do_SYSENTER_32+0x73/0x90 [ 742.065469][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.065469][T20946] RIP: 0023:0xf7f1c549 [ 742.065469][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 742.293781][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 742.293781][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 742.293781][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 742.293781][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 742.293781][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 742.293781][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 742.293781][T20946] Uninit was stored to memory at: [ 742.293781][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.293781][T20946] __msan_chain_origin+0x57/0xa0 [ 742.293781][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.293781][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.293781][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.293781][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.293781][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.293781][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.293781][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.293781][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.293781][T20946] do_SYSENTER_32+0x73/0x90 [ 742.293781][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.293781][T20946] [ 742.293781][T20946] Uninit was stored to memory at: [ 742.293781][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.293781][T20946] __msan_chain_origin+0x57/0xa0 [ 742.293781][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.293781][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.293781][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.293781][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.293781][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.293781][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.293781][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.473523][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.474586][T20946] do_SYSENTER_32+0x73/0x90 [ 742.474586][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.474586][T20946] [ 742.474586][T20946] Uninit was stored to memory at: [ 742.474586][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.474586][T20946] __msan_chain_origin+0x57/0xa0 [ 742.474586][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.474586][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.474586][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.474586][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.474586][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.474586][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.474586][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.474586][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.474586][T20946] do_SYSENTER_32+0x73/0x90 [ 742.474586][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.474586][T20946] [ 742.474586][T20946] Uninit was stored to memory at: [ 742.474586][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.474586][T20946] __msan_chain_origin+0x57/0xa0 [ 742.474586][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.474586][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.474586][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.474586][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.474586][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.474586][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.474586][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.474586][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.474586][T20946] do_SYSENTER_32+0x73/0x90 [ 742.474586][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.474586][T20946] [ 742.474586][T20946] Uninit was stored to memory at: [ 742.474586][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.474586][T20946] __msan_chain_origin+0x57/0xa0 [ 742.474586][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.474586][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.474586][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.474586][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.474586][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.474586][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.474586][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.474586][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.474586][T20946] do_SYSENTER_32+0x73/0x90 [ 742.474586][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.474586][T20946] [ 742.474586][T20946] Uninit was stored to memory at: [ 742.474586][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.474586][T20946] __msan_chain_origin+0x57/0xa0 [ 742.474586][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.474586][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.474586][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.474586][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.474586][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.474586][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.474586][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.474586][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.474586][T20946] do_SYSENTER_32+0x73/0x90 [ 742.474586][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.474586][T20946] [ 742.474586][T20946] Uninit was stored to memory at: [ 742.474586][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 742.474586][T20946] __msan_chain_origin+0x57/0xa0 [ 742.474586][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 742.474586][T20946] get_compat_msghdr+0x108/0x2b0 [ 742.474586][T20946] do_recvmmsg+0xdc1/0x22d0 [ 742.474586][T20946] __sys_recvmmsg+0x519/0x6f0 [ 742.474586][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 742.474586][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 742.474586][T20946] __do_fast_syscall_32+0x102/0x160 [ 742.828468][T20946] do_fast_syscall_32+0x6a/0xc0 [ 742.828823][T20946] do_SYSENTER_32+0x73/0x90 [ 742.828823][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 742.828823][T20946] [ 742.828823][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 742.828823][T20946] do_recvmmsg+0xbf/0x22d0 [ 742.828823][T20946] do_recvmmsg+0xbf/0x22d0 [ 743.141476][T20946] not chained 120000 origins [ 743.143281][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 743.143281][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.143281][T20946] Call Trace: [ 743.143281][T20946] dump_stack+0x21c/0x280 [ 743.143281][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 743.143281][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 743.191434][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 743.191434][T20946] ? kmsan_get_metadata+0x116/0x180 [ 743.191434][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 743.191434][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 743.191434][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 743.191434][T20946] ? kmsan_get_metadata+0x116/0x180 [ 743.224075][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 743.224075][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 743.224075][T20946] ? kmsan_get_metadata+0x116/0x180 [ 743.224075][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 743.224075][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 743.224075][T20946] ? _copy_from_user+0x1fd/0x300 [ 743.224075][T20946] ? kmsan_get_metadata+0x116/0x180 [ 743.224075][T20946] __msan_chain_origin+0x57/0xa0 [ 743.224075][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.224075][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.224075][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.224075][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 743.224075][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 743.314026][T20946] ? kmsan_get_metadata+0x116/0x180 [ 743.314026][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 743.314026][T20946] ? kmsan_get_metadata+0x116/0x180 [ 743.314026][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 743.314026][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 743.343384][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 743.343384][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.343384][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.343384][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.374158][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.374158][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.374158][T20946] do_SYSENTER_32+0x73/0x90 [ 743.374158][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.374158][T20946] RIP: 0023:0xf7f1c549 [ 743.374158][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 743.374158][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 743.374158][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 743.374158][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 743.374158][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 743.374158][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 743.374158][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 743.374158][T20946] Uninit was stored to memory at: [ 743.374158][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.374158][T20946] __msan_chain_origin+0x57/0xa0 [ 743.374158][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.374158][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.374158][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.374158][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.374158][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.374158][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.374158][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.374158][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.374158][T20946] do_SYSENTER_32+0x73/0x90 [ 743.374158][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.374158][T20946] [ 743.374158][T20946] Uninit was stored to memory at: [ 743.374158][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.374158][T20946] __msan_chain_origin+0x57/0xa0 [ 743.374158][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.374158][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.374158][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.374158][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.374158][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.374158][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.374158][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.374158][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.374158][T20946] do_SYSENTER_32+0x73/0x90 [ 743.374158][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.374158][T20946] [ 743.374158][T20946] Uninit was stored to memory at: [ 743.374158][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.374158][T20946] __msan_chain_origin+0x57/0xa0 [ 743.374158][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.374158][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.374158][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.374158][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.374158][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.374158][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.374158][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.374158][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.374158][T20946] do_SYSENTER_32+0x73/0x90 [ 743.374158][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.374158][T20946] [ 743.374158][T20946] Uninit was stored to memory at: [ 743.374158][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.374158][T20946] __msan_chain_origin+0x57/0xa0 [ 743.374158][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.374158][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.374158][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.374158][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.374158][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.374158][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.374158][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.374158][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.374158][T20946] do_SYSENTER_32+0x73/0x90 [ 743.374158][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.374158][T20946] [ 743.374158][T20946] Uninit was stored to memory at: [ 743.374158][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.374158][T20946] __msan_chain_origin+0x57/0xa0 [ 743.374158][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.374158][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.374158][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.374158][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.374158][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.374158][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.374158][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.374158][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.923948][T20946] do_SYSENTER_32+0x73/0x90 [ 743.923948][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.923948][T20946] [ 743.923948][T20946] Uninit was stored to memory at: [ 743.944126][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.944126][T20946] __msan_chain_origin+0x57/0xa0 [ 743.944126][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.944126][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.944126][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.944126][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.944126][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.944126][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.944126][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.944126][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.944126][T20946] do_SYSENTER_32+0x73/0x90 [ 743.944126][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.944126][T20946] [ 743.944126][T20946] Uninit was stored to memory at: [ 743.944126][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 743.944126][T20946] __msan_chain_origin+0x57/0xa0 [ 743.944126][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 743.944126][T20946] get_compat_msghdr+0x108/0x2b0 [ 743.944126][T20946] do_recvmmsg+0xdc1/0x22d0 [ 743.944126][T20946] __sys_recvmmsg+0x519/0x6f0 [ 743.944126][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 743.944126][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 743.944126][T20946] __do_fast_syscall_32+0x102/0x160 [ 743.944126][T20946] do_fast_syscall_32+0x6a/0xc0 [ 743.944126][T20946] do_SYSENTER_32+0x73/0x90 [ 743.944126][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 743.944126][T20946] [ 743.944126][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 743.944126][T20946] do_recvmmsg+0xbf/0x22d0 [ 743.944126][T20946] do_recvmmsg+0xbf/0x22d0 [ 744.427448][T20946] not chained 130000 origins [ 744.433384][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 744.433384][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.433384][T20946] Call Trace: [ 744.433384][T20946] dump_stack+0x21c/0x280 [ 744.433384][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 744.433384][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 744.433384][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 744.433384][T20946] ? kmsan_get_metadata+0x116/0x180 [ 744.433384][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 744.433384][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 744.433384][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 744.433384][T20946] ? kmsan_get_metadata+0x116/0x180 [ 744.433384][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 744.433384][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 744.433384][T20946] ? kmsan_get_metadata+0x116/0x180 [ 744.433384][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 744.433384][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 744.433384][T20946] ? _copy_from_user+0x1fd/0x300 [ 744.433384][T20946] ? kmsan_get_metadata+0x116/0x180 [ 744.433384][T20946] __msan_chain_origin+0x57/0xa0 [ 744.433384][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 744.433384][T20946] get_compat_msghdr+0x108/0x2b0 [ 744.433384][T20946] do_recvmmsg+0xdc1/0x22d0 [ 744.433384][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 744.433384][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 744.433384][T20946] ? kmsan_get_metadata+0x116/0x180 [ 744.433384][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 744.433384][T20946] ? kmsan_get_metadata+0x116/0x180 [ 744.433384][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 744.433384][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 744.433384][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 744.433384][T20946] __sys_recvmmsg+0x519/0x6f0 [ 744.433384][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 744.433384][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 744.433384][T20946] __do_fast_syscall_32+0x102/0x160 [ 744.433384][T20946] do_fast_syscall_32+0x6a/0xc0 [ 744.433384][T20946] do_SYSENTER_32+0x73/0x90 [ 744.433384][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 744.433384][T20946] RIP: 0023:0xf7f1c549 [ 744.433384][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 744.433384][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 744.433384][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 744.433384][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 744.433384][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 744.433384][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 744.433384][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 744.433384][T20946] Uninit was stored to memory at: [ 744.433384][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 744.433384][T20946] __msan_chain_origin+0x57/0xa0 [ 744.433384][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 744.433384][T20946] get_compat_msghdr+0x108/0x2b0 [ 744.433384][T20946] do_recvmmsg+0xdc1/0x22d0 [ 744.433384][T20946] __sys_recvmmsg+0x519/0x6f0 [ 744.433384][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 744.433384][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 744.433384][T20946] __do_fast_syscall_32+0x102/0x160 [ 744.433384][T20946] do_fast_syscall_32+0x6a/0xc0 [ 744.433384][T20946] do_SYSENTER_32+0x73/0x90 [ 744.433384][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 744.433384][T20946] [ 744.433384][T20946] Uninit was stored to memory at: [ 744.433384][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 744.433384][T20946] __msan_chain_origin+0x57/0xa0 [ 744.433384][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 744.433384][T20946] get_compat_msghdr+0x108/0x2b0 [ 744.433384][T20946] do_recvmmsg+0xdc1/0x22d0 [ 744.433384][T20946] __sys_recvmmsg+0x519/0x6f0 [ 744.433384][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 744.433384][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 744.433384][T20946] __do_fast_syscall_32+0x102/0x160 [ 744.433384][T20946] do_fast_syscall_32+0x6a/0xc0 [ 744.433384][T20946] do_SYSENTER_32+0x73/0x90 [ 744.433384][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 744.433384][T20946] [ 744.433384][T20946] Uninit was stored to memory at: [ 744.433384][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 744.966868][T20946] __msan_chain_origin+0x57/0xa0 [ 744.966868][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 744.966868][T20946] get_compat_msghdr+0x108/0x2b0 [ 744.966868][T20946] do_recvmmsg+0xdc1/0x22d0 [ 744.966868][T20946] __sys_recvmmsg+0x519/0x6f0 [ 744.966868][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 744.966868][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 744.966868][T20946] __do_fast_syscall_32+0x102/0x160 [ 744.966868][T20946] do_fast_syscall_32+0x6a/0xc0 [ 744.966868][T20946] do_SYSENTER_32+0x73/0x90 [ 744.966868][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 744.966868][T20946] [ 744.966868][T20946] Uninit was stored to memory at: [ 744.966868][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 744.966868][T20946] __msan_chain_origin+0x57/0xa0 [ 744.966868][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 744.966868][T20946] get_compat_msghdr+0x108/0x2b0 [ 744.966868][T20946] do_recvmmsg+0xdc1/0x22d0 [ 744.966868][T20946] __sys_recvmmsg+0x519/0x6f0 [ 745.088945][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 745.088945][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 745.088945][T20946] __do_fast_syscall_32+0x102/0x160 [ 745.088945][T20946] do_fast_syscall_32+0x6a/0xc0 [ 745.113478][T20946] do_SYSENTER_32+0x73/0x90 [ 745.113478][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 745.113478][T20946] [ 745.113478][T20946] Uninit was stored to memory at: [ 745.113478][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 745.113478][T20946] __msan_chain_origin+0x57/0xa0 [ 745.113478][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 745.113478][T20946] get_compat_msghdr+0x108/0x2b0 [ 745.113478][T20946] do_recvmmsg+0xdc1/0x22d0 [ 745.113478][T20946] __sys_recvmmsg+0x519/0x6f0 [ 745.113478][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 745.113478][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 745.113478][T20946] __do_fast_syscall_32+0x102/0x160 [ 745.203590][T20946] do_fast_syscall_32+0x6a/0xc0 [ 745.203590][T20946] do_SYSENTER_32+0x73/0x90 [ 745.203590][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 745.203590][T20946] [ 745.203590][T20946] Uninit was stored to memory at: [ 745.234696][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 745.234696][T20946] __msan_chain_origin+0x57/0xa0 [ 745.234696][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 745.234696][T20946] get_compat_msghdr+0x108/0x2b0 [ 745.234696][T20946] do_recvmmsg+0xdc1/0x22d0 [ 745.264382][T20946] __sys_recvmmsg+0x519/0x6f0 [ 745.264382][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 745.264382][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 745.264382][T20946] __do_fast_syscall_32+0x102/0x160 [ 745.264382][T20946] do_fast_syscall_32+0x6a/0xc0 [ 745.264382][T20946] do_SYSENTER_32+0x73/0x90 [ 745.264382][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 745.264382][T20946] [ 745.264382][T20946] Uninit was stored to memory at: [ 745.264382][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 745.324834][T20946] __msan_chain_origin+0x57/0xa0 [ 745.324834][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 745.324834][T20946] get_compat_msghdr+0x108/0x2b0 [ 745.324834][T20946] do_recvmmsg+0xdc1/0x22d0 [ 745.324834][T20946] __sys_recvmmsg+0x519/0x6f0 [ 745.354487][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 745.354487][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 745.354487][T20946] __do_fast_syscall_32+0x102/0x160 [ 745.354487][T20946] do_fast_syscall_32+0x6a/0xc0 [ 745.354487][T20946] do_SYSENTER_32+0x73/0x90 [ 745.354487][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 745.354487][T20946] [ 745.354487][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 745.354487][T20946] do_recvmmsg+0xbf/0x22d0 [ 745.354487][T20946] do_recvmmsg+0xbf/0x22d0 [ 745.703219][T20946] not chained 140000 origins [ 745.705982][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 745.714045][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.714045][T20946] Call Trace: [ 745.714045][T20946] dump_stack+0x21c/0x280 [ 745.714045][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 745.749433][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 745.749433][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 745.749433][T20946] ? kmsan_get_metadata+0x116/0x180 [ 745.749433][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 745.749433][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 745.749433][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 745.749433][T20946] ? kmsan_get_metadata+0x116/0x180 [ 745.804484][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 745.804484][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 745.804484][T20946] ? kmsan_get_metadata+0x116/0x180 [ 745.804484][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 745.804484][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 745.804484][T20946] ? _copy_from_user+0x1fd/0x300 [ 745.804484][T20946] ? kmsan_get_metadata+0x116/0x180 [ 745.804484][T20946] __msan_chain_origin+0x57/0xa0 [ 745.804484][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 745.804484][T20946] get_compat_msghdr+0x108/0x2b0 [ 745.804484][T20946] do_recvmmsg+0xdc1/0x22d0 [ 745.804484][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 745.804484][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 745.804484][T20946] ? kmsan_get_metadata+0x116/0x180 [ 745.804484][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 745.804484][T20946] ? kmsan_get_metadata+0x116/0x180 [ 745.804484][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 745.804484][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 745.804484][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 745.804484][T20946] __sys_recvmmsg+0x519/0x6f0 [ 745.804484][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 745.804484][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 745.804484][T20946] __do_fast_syscall_32+0x102/0x160 [ 745.804484][T20946] do_fast_syscall_32+0x6a/0xc0 [ 745.804484][T20946] do_SYSENTER_32+0x73/0x90 [ 745.804484][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 745.804484][T20946] RIP: 0023:0xf7f1c549 [ 745.804484][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 746.013936][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 746.013936][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 746.013936][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 746.013936][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 746.013936][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 746.013936][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 746.013936][T20946] Uninit was stored to memory at: [ 746.013936][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.013936][T20946] __msan_chain_origin+0x57/0xa0 [ 746.013936][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.013936][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.013936][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.013936][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.013936][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.013936][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.013936][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.013936][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.013936][T20946] do_SYSENTER_32+0x73/0x90 [ 746.013936][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.013936][T20946] [ 746.013936][T20946] Uninit was stored to memory at: [ 746.013936][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.013936][T20946] __msan_chain_origin+0x57/0xa0 [ 746.013936][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.013936][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.013936][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.223807][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.223807][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.223807][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.223807][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.223807][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.223807][T20946] do_SYSENTER_32+0x73/0x90 [ 746.223807][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.223807][T20946] [ 746.223807][T20946] Uninit was stored to memory at: [ 746.223807][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.223807][T20946] __msan_chain_origin+0x57/0xa0 [ 746.223807][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.223807][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.223807][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.223807][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.223807][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.223807][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.223807][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.223807][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.223807][T20946] do_SYSENTER_32+0x73/0x90 [ 746.223807][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.223807][T20946] [ 746.223807][T20946] Uninit was stored to memory at: [ 746.223807][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.223807][T20946] __msan_chain_origin+0x57/0xa0 [ 746.223807][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.223807][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.223807][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.223807][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.223807][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.223807][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.223807][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.223807][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.223807][T20946] do_SYSENTER_32+0x73/0x90 [ 746.223807][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.223807][T20946] [ 746.223807][T20946] Uninit was stored to memory at: [ 746.223807][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.223807][T20946] __msan_chain_origin+0x57/0xa0 [ 746.223807][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.223807][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.223807][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.223807][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.223807][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.223807][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.223807][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.223807][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.223807][T20946] do_SYSENTER_32+0x73/0x90 [ 746.223807][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.223807][T20946] [ 746.223807][T20946] Uninit was stored to memory at: [ 746.223807][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.223807][T20946] __msan_chain_origin+0x57/0xa0 [ 746.223807][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.223807][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.223807][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.223807][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.223807][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.223807][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.223807][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.223807][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.223807][T20946] do_SYSENTER_32+0x73/0x90 [ 746.223807][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.223807][T20946] [ 746.223807][T20946] Uninit was stored to memory at: [ 746.223807][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 746.223807][T20946] __msan_chain_origin+0x57/0xa0 [ 746.223807][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 746.223807][T20946] get_compat_msghdr+0x108/0x2b0 [ 746.223807][T20946] do_recvmmsg+0xdc1/0x22d0 [ 746.223807][T20946] __sys_recvmmsg+0x519/0x6f0 [ 746.223807][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 746.223807][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 746.223807][T20946] __do_fast_syscall_32+0x102/0x160 [ 746.223807][T20946] do_fast_syscall_32+0x6a/0xc0 [ 746.223807][T20946] do_SYSENTER_32+0x73/0x90 [ 746.223807][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 746.223807][T20946] [ 746.223807][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 746.223807][T20946] do_recvmmsg+0xbf/0x22d0 [ 746.223807][T20946] do_recvmmsg+0xbf/0x22d0 [ 747.069772][T20946] not chained 150000 origins [ 747.073292][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 747.080898][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.080898][T20946] Call Trace: [ 747.080898][T20946] dump_stack+0x21c/0x280 [ 747.080898][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 747.080898][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 747.080898][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 747.080898][T20946] ? kmsan_get_metadata+0x116/0x180 [ 747.080898][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 747.080898][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 747.080898][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 747.080898][T20946] ? kmsan_get_metadata+0x116/0x180 [ 747.080898][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 747.080898][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 747.080898][T20946] ? kmsan_get_metadata+0x116/0x180 [ 747.080898][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 747.080898][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 747.080898][T20946] ? _copy_from_user+0x1fd/0x300 [ 747.080898][T20946] ? kmsan_get_metadata+0x116/0x180 [ 747.080898][T20946] __msan_chain_origin+0x57/0xa0 [ 747.080898][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.080898][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.080898][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.080898][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 747.080898][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 747.080898][T20946] ? kmsan_get_metadata+0x116/0x180 [ 747.080898][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 747.080898][T20946] ? kmsan_get_metadata+0x116/0x180 [ 747.080898][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 747.080898][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 747.080898][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 747.080898][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.080898][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.080898][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.080898][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.080898][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.080898][T20946] do_SYSENTER_32+0x73/0x90 [ 747.080898][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.080898][T20946] RIP: 0023:0xf7f1c549 [ 747.080898][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 747.080898][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 747.080898][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 747.080898][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 747.080898][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 747.080898][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 747.080898][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 747.080898][T20946] Uninit was stored to memory at: [ 747.080898][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.080898][T20946] __msan_chain_origin+0x57/0xa0 [ 747.080898][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.080898][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.080898][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.080898][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.080898][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.080898][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.080898][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.080898][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.080898][T20946] do_SYSENTER_32+0x73/0x90 [ 747.080898][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.080898][T20946] [ 747.080898][T20946] Uninit was stored to memory at: [ 747.080898][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.080898][T20946] __msan_chain_origin+0x57/0xa0 [ 747.080898][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.523570][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.523570][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.523570][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.544352][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.544352][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.544352][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.544352][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.544352][T20946] do_SYSENTER_32+0x73/0x90 [ 747.544352][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.544352][T20946] [ 747.544352][T20946] Uninit was stored to memory at: [ 747.544352][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.544352][T20946] __msan_chain_origin+0x57/0xa0 [ 747.544352][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.544352][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.544352][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.544352][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.544352][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.544352][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.544352][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.544352][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.544352][T20946] do_SYSENTER_32+0x73/0x90 [ 747.544352][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.544352][T20946] [ 747.544352][T20946] Uninit was stored to memory at: [ 747.544352][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.544352][T20946] __msan_chain_origin+0x57/0xa0 [ 747.544352][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.544352][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.544352][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.544352][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.544352][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.544352][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.544352][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.544352][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.544352][T20946] do_SYSENTER_32+0x73/0x90 [ 747.544352][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.544352][T20946] [ 747.544352][T20946] Uninit was stored to memory at: [ 747.544352][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.544352][T20946] __msan_chain_origin+0x57/0xa0 [ 747.798218][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.798218][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.798218][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.798218][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.816061][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.816061][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.816061][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.816061][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.846363][T20946] do_SYSENTER_32+0x73/0x90 [ 747.846363][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.846363][T20946] [ 747.846363][T20946] Uninit was stored to memory at: [ 747.875711][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.875711][T20946] __msan_chain_origin+0x57/0xa0 [ 747.875711][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.904206][T20946] get_compat_msghdr+0x108/0x2b0 [ 747.904206][T20946] do_recvmmsg+0xdc1/0x22d0 [ 747.904206][T20946] __sys_recvmmsg+0x519/0x6f0 [ 747.904206][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 747.904206][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 747.904206][T20946] __do_fast_syscall_32+0x102/0x160 [ 747.904206][T20946] do_fast_syscall_32+0x6a/0xc0 [ 747.965459][T20946] do_SYSENTER_32+0x73/0x90 [ 747.965459][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 747.965459][T20946] [ 747.965459][T20946] Uninit was stored to memory at: [ 747.995426][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 747.995426][T20946] __msan_chain_origin+0x57/0xa0 [ 747.995426][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 747.995426][T20946] get_compat_msghdr+0x108/0x2b0 [ 748.025322][T20946] do_recvmmsg+0xdc1/0x22d0 [ 748.025322][T20946] __sys_recvmmsg+0x519/0x6f0 [ 748.025322][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 748.025322][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 748.054198][T20946] __do_fast_syscall_32+0x102/0x160 [ 748.054198][T20946] do_fast_syscall_32+0x6a/0xc0 [ 748.054198][T20946] do_SYSENTER_32+0x73/0x90 [ 748.083605][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 748.083605][T20946] [ 748.083605][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 748.083605][T20946] do_recvmmsg+0xbf/0x22d0 [ 748.115601][T20946] do_recvmmsg+0xbf/0x22d0 [ 748.447088][T20946] not chained 160000 origins [ 748.453279][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 748.453279][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 748.453279][T20946] Call Trace: [ 748.453279][T20946] dump_stack+0x21c/0x280 [ 748.453279][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 748.453279][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 748.453279][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 748.453279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 748.515195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 748.515195][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 748.515195][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 748.515195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 748.515195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 748.515195][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 748.515195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 748.515195][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 748.515195][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 748.515195][T20946] ? _copy_from_user+0x1fd/0x300 [ 748.515195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 748.515195][T20946] __msan_chain_origin+0x57/0xa0 [ 748.515195][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 748.515195][T20946] get_compat_msghdr+0x108/0x2b0 [ 748.515195][T20946] do_recvmmsg+0xdc1/0x22d0 [ 748.515195][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 748.515195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 748.515195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 748.515195][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 748.515195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 748.515195][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 748.515195][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 748.515195][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 748.515195][T20946] __sys_recvmmsg+0x519/0x6f0 [ 748.515195][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 748.515195][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 748.515195][T20946] __do_fast_syscall_32+0x102/0x160 [ 748.515195][T20946] do_fast_syscall_32+0x6a/0xc0 [ 748.515195][T20946] do_SYSENTER_32+0x73/0x90 [ 748.515195][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 748.515195][T20946] RIP: 0023:0xf7f1c549 [ 748.515195][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 748.515195][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 748.515195][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 748.515195][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 748.828684][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 748.828684][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 748.828684][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 748.864730][T20946] Uninit was stored to memory at: [ 748.864730][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 748.864730][T20946] __msan_chain_origin+0x57/0xa0 [ 748.864730][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 748.864730][T20946] get_compat_msghdr+0x108/0x2b0 [ 748.864730][T20946] do_recvmmsg+0xdc1/0x22d0 [ 748.864730][T20946] __sys_recvmmsg+0x519/0x6f0 [ 748.864730][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 748.864730][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 748.864730][T20946] __do_fast_syscall_32+0x102/0x160 [ 748.864730][T20946] do_fast_syscall_32+0x6a/0xc0 [ 748.864730][T20946] do_SYSENTER_32+0x73/0x90 [ 748.963730][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 748.963730][T20946] [ 748.963730][T20946] Uninit was stored to memory at: [ 748.963730][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 748.963730][T20946] __msan_chain_origin+0x57/0xa0 [ 748.963730][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 749.013490][T20946] get_compat_msghdr+0x108/0x2b0 [ 749.013490][T20946] do_recvmmsg+0xdc1/0x22d0 [ 749.013490][T20946] __sys_recvmmsg+0x519/0x6f0 [ 749.013490][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 749.013490][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 749.013490][T20946] __do_fast_syscall_32+0x102/0x160 [ 749.013490][T20946] do_fast_syscall_32+0x6a/0xc0 [ 749.013490][T20946] do_SYSENTER_32+0x73/0x90 [ 749.013490][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 749.013490][T20946] [ 749.104514][T20946] Uninit was stored to memory at: [ 749.104514][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 749.104514][T20946] __msan_chain_origin+0x57/0xa0 [ 749.133460][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 749.133460][T20946] get_compat_msghdr+0x108/0x2b0 [ 749.133460][T20946] do_recvmmsg+0xdc1/0x22d0 [ 749.133460][T20946] __sys_recvmmsg+0x519/0x6f0 [ 749.133460][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 749.166885][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 749.166885][T20946] __do_fast_syscall_32+0x102/0x160 [ 749.166885][T20946] do_fast_syscall_32+0x6a/0xc0 [ 749.166885][T20946] do_SYSENTER_32+0x73/0x90 [ 749.166885][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 749.166885][T20946] [ 749.166885][T20946] Uninit was stored to memory at: [ 749.166885][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 749.231796][T20946] __msan_chain_origin+0x57/0xa0 [ 749.231796][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 749.231796][T20946] get_compat_msghdr+0x108/0x2b0 [ 749.231796][T20946] do_recvmmsg+0xdc1/0x22d0 [ 749.231796][T20946] __sys_recvmmsg+0x519/0x6f0 [ 749.231796][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 749.231796][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 749.231796][T20946] __do_fast_syscall_32+0x102/0x160 [ 749.231796][T20946] do_fast_syscall_32+0x6a/0xc0 [ 749.231796][T20946] do_SYSENTER_32+0x73/0x90 [ 749.231796][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 749.231796][T20946] [ 749.231796][T20946] Uninit was stored to memory at: [ 749.231796][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 749.346909][T20946] __msan_chain_origin+0x57/0xa0 [ 749.346909][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 749.346909][T20946] get_compat_msghdr+0x108/0x2b0 [ 749.377182][T20946] do_recvmmsg+0xdc1/0x22d0 [ 749.377182][T20946] __sys_recvmmsg+0x519/0x6f0 [ 749.377182][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 749.404260][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 749.404260][T20946] __do_fast_syscall_32+0x102/0x160 [ 749.404260][T20946] do_fast_syscall_32+0x6a/0xc0 [ 749.434372][T20946] do_SYSENTER_32+0x73/0x90 [ 749.434372][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 749.434372][T20946] [ 749.434372][T20946] Uninit was stored to memory at: [ 749.464249][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 749.464249][T20946] __msan_chain_origin+0x57/0xa0 [ 749.464249][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 749.464249][T20946] get_compat_msghdr+0x108/0x2b0 [ 749.497328][T20946] do_recvmmsg+0xdc1/0x22d0 [ 749.497328][T20946] __sys_recvmmsg+0x519/0x6f0 [ 749.497328][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 749.497328][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 749.525502][T20946] __do_fast_syscall_32+0x102/0x160 [ 749.525502][T20946] do_fast_syscall_32+0x6a/0xc0 [ 749.525502][T20946] do_SYSENTER_32+0x73/0x90 [ 749.525502][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 749.554858][T20946] [ 749.554858][T20946] Uninit was stored to memory at: [ 749.554858][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 749.583504][T20946] __msan_chain_origin+0x57/0xa0 [ 749.583504][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 749.583504][T20946] get_compat_msghdr+0x108/0x2b0 [ 749.583504][T20946] do_recvmmsg+0xdc1/0x22d0 [ 749.616210][T20946] __sys_recvmmsg+0x519/0x6f0 [ 749.616210][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 749.616210][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 749.643433][T20946] __do_fast_syscall_32+0x102/0x160 [ 749.643433][T20946] do_fast_syscall_32+0x6a/0xc0 [ 749.643433][T20946] do_SYSENTER_32+0x73/0x90 [ 749.674915][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 749.674915][T20946] [ 749.674915][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 749.707085][T20946] do_recvmmsg+0xbf/0x22d0 [ 749.707085][T20946] do_recvmmsg+0xbf/0x22d0 [ 750.052755][T20946] not chained 170000 origins [ 750.053432][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 750.053432][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.053432][T20946] Call Trace: [ 750.053432][T20946] dump_stack+0x21c/0x280 [ 750.053432][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 750.053432][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 750.053432][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 750.053432][T20946] ? kmsan_get_metadata+0x116/0x180 [ 750.053432][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 750.053432][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 750.053432][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 750.053432][T20946] ? kmsan_get_metadata+0x116/0x180 [ 750.053432][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 750.053432][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 750.053432][T20946] ? kmsan_get_metadata+0x116/0x180 [ 750.243576][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 750.243576][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 750.243576][T20946] ? _copy_from_user+0x1fd/0x300 [ 750.243576][T20946] ? kmsan_get_metadata+0x116/0x180 [ 750.243576][T20946] __msan_chain_origin+0x57/0xa0 [ 750.293548][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.293548][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.293548][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.293548][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 750.293548][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 750.293548][T20946] ? kmsan_get_metadata+0x116/0x180 [ 750.293548][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 750.293548][T20946] ? kmsan_get_metadata+0x116/0x180 [ 750.293548][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 750.293548][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 750.293548][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 750.293548][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.293548][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.293548][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.293548][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.293548][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.293548][T20946] do_SYSENTER_32+0x73/0x90 [ 750.293548][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 750.293548][T20946] RIP: 0023:0xf7f1c549 [ 750.293548][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 750.444680][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 750.474952][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 750.474952][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 750.474952][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 750.474952][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 750.474952][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 750.474952][T20946] Uninit was stored to memory at: [ 750.474952][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 750.474952][T20946] __msan_chain_origin+0x57/0xa0 [ 750.474952][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.474952][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.474952][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.474952][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.474952][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.474952][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.474952][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.474952][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.474952][T20946] do_SYSENTER_32+0x73/0x90 [ 750.474952][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 750.474952][T20946] [ 750.474952][T20946] Uninit was stored to memory at: [ 750.474952][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 750.474952][T20946] __msan_chain_origin+0x57/0xa0 [ 750.474952][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.474952][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.474952][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.474952][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.474952][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.474952][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.474952][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.474952][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.745548][T20946] do_SYSENTER_32+0x73/0x90 [ 750.745548][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 750.745548][T20946] [ 750.745548][T20946] Uninit was stored to memory at: [ 750.774687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 750.774687][T20946] __msan_chain_origin+0x57/0xa0 [ 750.774687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.774687][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.774687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.774687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.774687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.774687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.774687][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.774687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.774687][T20946] do_SYSENTER_32+0x73/0x90 [ 750.865220][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 750.865220][T20946] [ 750.865220][T20946] Uninit was stored to memory at: [ 750.865220][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 750.894578][T20946] __msan_chain_origin+0x57/0xa0 [ 750.894578][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.894578][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.894578][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.924570][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.924570][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.924570][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.924570][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.924570][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.924570][T20946] do_SYSENTER_32+0x73/0x90 [ 750.924570][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 750.924570][T20946] [ 750.924570][T20946] Uninit was stored to memory at: [ 750.924570][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 750.924570][T20946] __msan_chain_origin+0x57/0xa0 [ 750.924570][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.924570][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.924570][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.924570][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.924570][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.924570][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.924570][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.924570][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.924570][T20946] do_SYSENTER_32+0x73/0x90 [ 750.924570][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 750.924570][T20946] [ 750.924570][T20946] Uninit was stored to memory at: [ 750.924570][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 750.924570][T20946] __msan_chain_origin+0x57/0xa0 [ 750.924570][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 750.924570][T20946] get_compat_msghdr+0x108/0x2b0 [ 750.924570][T20946] do_recvmmsg+0xdc1/0x22d0 [ 750.924570][T20946] __sys_recvmmsg+0x519/0x6f0 [ 750.924570][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 750.924570][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 750.924570][T20946] __do_fast_syscall_32+0x102/0x160 [ 750.924570][T20946] do_fast_syscall_32+0x6a/0xc0 [ 750.924570][T20946] do_SYSENTER_32+0x73/0x90 [ 751.164625][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.164625][T20946] [ 751.164625][T20946] Uninit was stored to memory at: [ 751.164625][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.164625][T20946] __msan_chain_origin+0x57/0xa0 [ 751.164625][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.164625][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.164625][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.164625][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.164625][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.164625][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.255514][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.255514][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.255514][T20946] do_SYSENTER_32+0x73/0x90 [ 751.255514][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.255514][T20946] [ 751.255514][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 751.255514][T20946] do_recvmmsg+0xbf/0x22d0 [ 751.255514][T20946] do_recvmmsg+0xbf/0x22d0 [ 751.635768][T20946] not chained 180000 origins [ 751.640653][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 751.643327][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.643327][T20946] Call Trace: [ 751.643327][T20946] dump_stack+0x21c/0x280 [ 751.643327][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 751.643327][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 751.643327][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 751.643327][T20946] ? kmsan_get_metadata+0x116/0x180 [ 751.643327][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 751.643327][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 751.643327][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 751.643327][T20946] ? kmsan_get_metadata+0x116/0x180 [ 751.643327][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 751.643327][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 751.643327][T20946] ? kmsan_get_metadata+0x116/0x180 [ 751.643327][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 751.643327][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 751.643327][T20946] ? _copy_from_user+0x1fd/0x300 [ 751.643327][T20946] ? kmsan_get_metadata+0x116/0x180 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 751.643327][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 751.643327][T20946] ? kmsan_get_metadata+0x116/0x180 [ 751.643327][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 751.643327][T20946] ? kmsan_get_metadata+0x116/0x180 [ 751.643327][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 751.643327][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 751.643327][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] RIP: 0023:0xf7f1c549 [ 751.643327][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 751.643327][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 751.643327][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 751.643327][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 751.643327][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 751.643327][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 751.643327][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Uninit was stored to memory at: [ 751.643327][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 751.643327][T20946] __msan_chain_origin+0x57/0xa0 [ 751.643327][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 751.643327][T20946] get_compat_msghdr+0x108/0x2b0 [ 751.643327][T20946] do_recvmmsg+0xdc1/0x22d0 [ 751.643327][T20946] __sys_recvmmsg+0x519/0x6f0 [ 751.643327][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 751.643327][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 751.643327][T20946] __do_fast_syscall_32+0x102/0x160 [ 751.643327][T20946] do_fast_syscall_32+0x6a/0xc0 [ 751.643327][T20946] do_SYSENTER_32+0x73/0x90 [ 751.643327][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 751.643327][T20946] [ 751.643327][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 751.643327][T20946] do_recvmmsg+0xbf/0x22d0 [ 751.643327][T20946] do_recvmmsg+0xbf/0x22d0 [ 753.298537][T20946] not chained 190000 origins [ 753.303283][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 753.303283][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 753.303283][T20946] Call Trace: [ 753.329195][T20946] dump_stack+0x21c/0x280 [ 753.329195][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 753.329195][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 753.329195][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 753.329195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 753.329195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 753.329195][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 753.329195][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 753.329195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 753.329195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 753.329195][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 753.329195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 753.329195][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 753.329195][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 753.329195][T20946] ? _copy_from_user+0x1fd/0x300 [ 753.329195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 753.329195][T20946] __msan_chain_origin+0x57/0xa0 [ 753.329195][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 753.329195][T20946] get_compat_msghdr+0x108/0x2b0 [ 753.329195][T20946] do_recvmmsg+0xdc1/0x22d0 [ 753.329195][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 753.329195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 753.329195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 753.329195][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 753.329195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 753.329195][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 753.329195][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 753.329195][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 753.329195][T20946] __sys_recvmmsg+0x519/0x6f0 [ 753.329195][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 753.329195][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 753.329195][T20946] __do_fast_syscall_32+0x102/0x160 [ 753.329195][T20946] do_fast_syscall_32+0x6a/0xc0 [ 753.329195][T20946] do_SYSENTER_32+0x73/0x90 [ 753.329195][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 753.329195][T20946] RIP: 0023:0xf7f1c549 [ 753.329195][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 753.329195][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 753.329195][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 753.329195][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 753.329195][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 753.329195][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 753.329195][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 753.329195][T20946] Uninit was stored to memory at: [ 753.329195][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 753.329195][T20946] __msan_chain_origin+0x57/0xa0 [ 753.329195][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 753.329195][T20946] get_compat_msghdr+0x108/0x2b0 [ 753.329195][T20946] do_recvmmsg+0xdc1/0x22d0 [ 753.329195][T20946] __sys_recvmmsg+0x519/0x6f0 [ 753.329195][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 753.726190][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 753.726190][T20946] __do_fast_syscall_32+0x102/0x160 [ 753.726190][T20946] do_fast_syscall_32+0x6a/0xc0 [ 753.726190][T20946] do_SYSENTER_32+0x73/0x90 [ 753.726190][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 753.726190][T20946] [ 753.726190][T20946] Uninit was stored to memory at: [ 753.726190][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 753.726190][T20946] __msan_chain_origin+0x57/0xa0 [ 753.726190][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 753.726190][T20946] get_compat_msghdr+0x108/0x2b0 [ 753.726190][T20946] do_recvmmsg+0xdc1/0x22d0 [ 753.726190][T20946] __sys_recvmmsg+0x519/0x6f0 [ 753.726190][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 753.814492][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 753.814492][T20946] __do_fast_syscall_32+0x102/0x160 [ 753.814492][T20946] do_fast_syscall_32+0x6a/0xc0 [ 753.814492][T20946] do_SYSENTER_32+0x73/0x90 [ 753.844117][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 753.844117][T20946] [ 753.844117][T20946] Uninit was stored to memory at: [ 753.844117][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 753.844117][T20946] __msan_chain_origin+0x57/0xa0 [ 753.844117][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 753.844117][T20946] get_compat_msghdr+0x108/0x2b0 [ 753.844117][T20946] do_recvmmsg+0xdc1/0x22d0 [ 753.844117][T20946] __sys_recvmmsg+0x519/0x6f0 [ 753.844117][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 753.844117][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 753.844117][T20946] __do_fast_syscall_32+0x102/0x160 [ 753.844117][T20946] do_fast_syscall_32+0x6a/0xc0 [ 753.844117][T20946] do_SYSENTER_32+0x73/0x90 [ 753.844117][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 753.844117][T20946] [ 753.844117][T20946] Uninit was stored to memory at: [ 753.844117][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 753.844117][T20946] __msan_chain_origin+0x57/0xa0 [ 753.844117][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 753.844117][T20946] get_compat_msghdr+0x108/0x2b0 [ 753.844117][T20946] do_recvmmsg+0xdc1/0x22d0 [ 753.844117][T20946] __sys_recvmmsg+0x519/0x6f0 [ 753.844117][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 753.844117][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.003415][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.003415][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.003415][T20946] do_SYSENTER_32+0x73/0x90 [ 754.003415][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.003415][T20946] [ 754.003415][T20946] Uninit was stored to memory at: [ 754.003415][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.057003][T20946] __msan_chain_origin+0x57/0xa0 [ 754.057003][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.057003][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.057003][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.057003][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.057003][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.057003][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.057003][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.057003][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.057003][T20946] do_SYSENTER_32+0x73/0x90 [ 754.057003][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.057003][T20946] [ 754.057003][T20946] Uninit was stored to memory at: [ 754.057003][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.145494][T20946] __msan_chain_origin+0x57/0xa0 [ 754.145494][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.145494][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.145494][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.145494][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.145494][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.177209][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.177209][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.177209][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.177209][T20946] do_SYSENTER_32+0x73/0x90 [ 754.208228][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.208228][T20946] [ 754.208228][T20946] Uninit was stored to memory at: [ 754.208228][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.208228][T20946] __msan_chain_origin+0x57/0xa0 [ 754.208228][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.208228][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.208228][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.263414][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.263414][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.263414][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.263414][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.296319][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.296319][T20946] do_SYSENTER_32+0x73/0x90 [ 754.296319][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.296319][T20946] [ 754.296319][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 754.324324][T20946] do_recvmmsg+0xbf/0x22d0 [ 754.324324][T20946] do_recvmmsg+0xbf/0x22d0 [ 754.681545][T20946] not chained 200000 origins [ 754.683308][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 754.683308][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.683308][T20946] Call Trace: [ 754.683308][T20946] dump_stack+0x21c/0x280 [ 754.683308][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 754.683308][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 754.683308][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 754.683308][T20946] ? kmsan_get_metadata+0x116/0x180 [ 754.683308][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 754.683308][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 754.764687][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 754.764687][T20946] ? kmsan_get_metadata+0x116/0x180 [ 754.764687][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 754.764687][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 754.764687][T20946] ? kmsan_get_metadata+0x116/0x180 [ 754.764687][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 754.764687][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 754.764687][T20946] ? _copy_from_user+0x1fd/0x300 [ 754.764687][T20946] ? kmsan_get_metadata+0x116/0x180 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 754.764687][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 754.764687][T20946] ? kmsan_get_metadata+0x116/0x180 [ 754.764687][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 754.764687][T20946] ? kmsan_get_metadata+0x116/0x180 [ 754.764687][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 754.764687][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 754.764687][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] RIP: 0023:0xf7f1c549 [ 754.764687][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 754.764687][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 754.764687][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 754.764687][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 754.764687][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 754.764687][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 754.764687][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Uninit was stored to memory at: [ 754.764687][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 754.764687][T20946] __msan_chain_origin+0x57/0xa0 [ 754.764687][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 754.764687][T20946] get_compat_msghdr+0x108/0x2b0 [ 754.764687][T20946] do_recvmmsg+0xdc1/0x22d0 [ 754.764687][T20946] __sys_recvmmsg+0x519/0x6f0 [ 754.764687][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 754.764687][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 754.764687][T20946] __do_fast_syscall_32+0x102/0x160 [ 754.764687][T20946] do_fast_syscall_32+0x6a/0xc0 [ 754.764687][T20946] do_SYSENTER_32+0x73/0x90 [ 754.764687][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 754.764687][T20946] [ 754.764687][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 754.764687][T20946] do_recvmmsg+0xbf/0x22d0 [ 754.764687][T20946] do_recvmmsg+0xbf/0x22d0 [ 755.794325][ T3161] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.800815][ T3161] ieee802154 phy1 wpan1: encryption failed: -22 [ 756.066868][T20946] not chained 210000 origins [ 756.072628][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 756.073311][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 756.097290][T20946] Call Trace: [ 756.097290][T20946] dump_stack+0x21c/0x280 [ 756.097290][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 756.097290][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 756.097290][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 756.097290][T20946] ? kmsan_get_metadata+0x116/0x180 [ 756.097290][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 756.097290][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 756.097290][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 756.097290][T20946] ? kmsan_get_metadata+0x116/0x180 [ 756.097290][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 756.097290][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 756.097290][T20946] ? kmsan_get_metadata+0x116/0x180 [ 756.097290][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 756.097290][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 756.097290][T20946] ? _copy_from_user+0x1fd/0x300 [ 756.097290][T20946] ? kmsan_get_metadata+0x116/0x180 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 756.097290][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 756.097290][T20946] ? kmsan_get_metadata+0x116/0x180 [ 756.097290][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 756.097290][T20946] ? kmsan_get_metadata+0x116/0x180 [ 756.097290][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 756.097290][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 756.097290][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] RIP: 0023:0xf7f1c549 [ 756.097290][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 756.097290][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 756.097290][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 756.097290][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 756.097290][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 756.097290][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 756.097290][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Uninit was stored to memory at: [ 756.097290][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 756.097290][T20946] __msan_chain_origin+0x57/0xa0 [ 756.097290][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 756.097290][T20946] get_compat_msghdr+0x108/0x2b0 [ 756.097290][T20946] do_recvmmsg+0xdc1/0x22d0 [ 756.097290][T20946] __sys_recvmmsg+0x519/0x6f0 [ 756.097290][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 756.097290][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 756.097290][T20946] __do_fast_syscall_32+0x102/0x160 [ 756.097290][T20946] do_fast_syscall_32+0x6a/0xc0 [ 756.097290][T20946] do_SYSENTER_32+0x73/0x90 [ 756.097290][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 756.097290][T20946] [ 756.097290][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 756.097290][T20946] do_recvmmsg+0xbf/0x22d0 [ 756.097290][T20946] do_recvmmsg+0xbf/0x22d0 [ 757.503198][T20946] not chained 220000 origins [ 757.503344][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 757.503344][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 757.527314][T20946] Call Trace: [ 757.527314][T20946] dump_stack+0x21c/0x280 [ 757.527314][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 757.527314][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 757.527314][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 757.527314][T20946] ? kmsan_get_metadata+0x116/0x180 [ 757.527314][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 757.527314][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 757.527314][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 757.527314][T20946] ? kmsan_get_metadata+0x116/0x180 [ 757.527314][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 757.527314][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 757.527314][T20946] ? kmsan_get_metadata+0x116/0x180 [ 757.527314][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 757.527314][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 757.527314][T20946] ? _copy_from_user+0x1fd/0x300 [ 757.527314][T20946] ? kmsan_get_metadata+0x116/0x180 [ 757.527314][T20946] __msan_chain_origin+0x57/0xa0 [ 757.527314][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.527314][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.527314][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.527314][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 757.527314][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 757.527314][T20946] ? kmsan_get_metadata+0x116/0x180 [ 757.527314][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 757.527314][T20946] ? kmsan_get_metadata+0x116/0x180 [ 757.527314][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 757.527314][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 757.527314][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 757.527314][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.527314][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.527314][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.527314][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.527314][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.527314][T20946] do_SYSENTER_32+0x73/0x90 [ 757.527314][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.527314][T20946] RIP: 0023:0xf7f1c549 [ 757.527314][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 757.527314][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 757.527314][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 757.833007][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 757.833007][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 757.833007][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 757.833007][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Uninit was stored to memory at: [ 757.833007][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 757.833007][T20946] __msan_chain_origin+0x57/0xa0 [ 757.833007][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 757.833007][T20946] get_compat_msghdr+0x108/0x2b0 [ 757.833007][T20946] do_recvmmsg+0xdc1/0x22d0 [ 757.833007][T20946] __sys_recvmmsg+0x519/0x6f0 [ 757.833007][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 757.833007][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 757.833007][T20946] __do_fast_syscall_32+0x102/0x160 [ 757.833007][T20946] do_fast_syscall_32+0x6a/0xc0 [ 757.833007][T20946] do_SYSENTER_32+0x73/0x90 [ 757.833007][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 757.833007][T20946] [ 757.833007][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 757.833007][T20946] do_recvmmsg+0xbf/0x22d0 [ 757.833007][T20946] do_recvmmsg+0xbf/0x22d0 [ 758.892264][T20946] not chained 230000 origins [ 758.893310][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 758.893310][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 758.893310][T20946] Call Trace: [ 758.893310][T20946] dump_stack+0x21c/0x280 [ 758.893310][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 758.893310][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 758.893310][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 758.893310][T20946] ? kmsan_get_metadata+0x116/0x180 [ 758.960540][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 758.960540][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 758.960540][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 758.960540][T20946] ? kmsan_get_metadata+0x116/0x180 [ 758.960540][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 758.960540][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 758.960540][T20946] ? kmsan_get_metadata+0x116/0x180 [ 758.960540][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 758.960540][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 758.960540][T20946] ? _copy_from_user+0x1fd/0x300 [ 758.960540][T20946] ? kmsan_get_metadata+0x116/0x180 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 758.960540][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 758.960540][T20946] ? kmsan_get_metadata+0x116/0x180 [ 758.960540][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 758.960540][T20946] ? kmsan_get_metadata+0x116/0x180 [ 758.960540][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 758.960540][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 758.960540][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] RIP: 0023:0xf7f1c549 [ 758.960540][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 758.960540][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 758.960540][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 758.960540][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 758.960540][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 758.960540][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 758.960540][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Uninit was stored to memory at: [ 758.960540][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 758.960540][T20946] __msan_chain_origin+0x57/0xa0 [ 758.960540][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 758.960540][T20946] get_compat_msghdr+0x108/0x2b0 [ 758.960540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 758.960540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 758.960540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 758.960540][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 758.960540][T20946] __do_fast_syscall_32+0x102/0x160 [ 758.960540][T20946] do_fast_syscall_32+0x6a/0xc0 [ 758.960540][T20946] do_SYSENTER_32+0x73/0x90 [ 758.960540][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 758.960540][T20946] [ 758.960540][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 758.960540][T20946] do_recvmmsg+0xbf/0x22d0 [ 758.960540][T20946] do_recvmmsg+0xbf/0x22d0 [ 760.249822][T20946] not chained 240000 origins [ 760.253280][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 760.253280][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 760.253280][T20946] Call Trace: [ 760.278051][T20946] dump_stack+0x21c/0x280 [ 760.290247][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 760.290247][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 760.290247][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 760.290247][T20946] ? kmsan_get_metadata+0x116/0x180 [ 760.317174][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 760.317174][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 760.317174][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 760.317174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 760.317174][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 760.317174][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 760.317174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 760.317174][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 760.317174][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 760.317174][T20946] ? _copy_from_user+0x1fd/0x300 [ 760.317174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 760.317174][T20946] __msan_chain_origin+0x57/0xa0 [ 760.317174][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 760.317174][T20946] get_compat_msghdr+0x108/0x2b0 [ 760.317174][T20946] do_recvmmsg+0xdc1/0x22d0 [ 760.317174][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 760.317174][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 760.317174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 760.317174][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 760.317174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 760.317174][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 760.317174][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 760.317174][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 760.317174][T20946] __sys_recvmmsg+0x519/0x6f0 [ 760.317174][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 760.317174][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 760.317174][T20946] __do_fast_syscall_32+0x102/0x160 [ 760.317174][T20946] do_fast_syscall_32+0x6a/0xc0 [ 760.317174][T20946] do_SYSENTER_32+0x73/0x90 [ 760.317174][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 760.317174][T20946] RIP: 0023:0xf7f1c549 [ 760.317174][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 760.317174][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 760.317174][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 760.317174][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 760.317174][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 760.317174][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 760.317174][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 760.317174][T20946] Uninit was stored to memory at: [ 760.317174][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 760.317174][T20946] __msan_chain_origin+0x57/0xa0 [ 760.317174][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 760.317174][T20946] get_compat_msghdr+0x108/0x2b0 [ 760.317174][T20946] do_recvmmsg+0xdc1/0x22d0 [ 760.317174][T20946] __sys_recvmmsg+0x519/0x6f0 [ 760.317174][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 760.317174][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 760.317174][T20946] __do_fast_syscall_32+0x102/0x160 [ 760.317174][T20946] do_fast_syscall_32+0x6a/0xc0 [ 760.317174][T20946] do_SYSENTER_32+0x73/0x90 [ 760.317174][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 760.317174][T20946] [ 760.317174][T20946] Uninit was stored to memory at: [ 760.317174][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 760.317174][T20946] __msan_chain_origin+0x57/0xa0 [ 760.317174][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 760.317174][T20946] get_compat_msghdr+0x108/0x2b0 [ 760.317174][T20946] do_recvmmsg+0xdc1/0x22d0 [ 760.317174][T20946] __sys_recvmmsg+0x519/0x6f0 [ 760.317174][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 760.317174][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 760.317174][T20946] __do_fast_syscall_32+0x102/0x160 [ 760.317174][T20946] do_fast_syscall_32+0x6a/0xc0 [ 760.317174][T20946] do_SYSENTER_32+0x73/0x90 [ 760.317174][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 760.317174][T20946] [ 760.317174][T20946] Uninit was stored to memory at: [ 760.317174][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 760.317174][T20946] __msan_chain_origin+0x57/0xa0 [ 760.317174][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 760.317174][T20946] get_compat_msghdr+0x108/0x2b0 [ 760.317174][T20946] do_recvmmsg+0xdc1/0x22d0 [ 760.317174][T20946] __sys_recvmmsg+0x519/0x6f0 [ 760.317174][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 760.317174][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 760.317174][T20946] __do_fast_syscall_32+0x102/0x160 [ 760.317174][T20946] do_fast_syscall_32+0x6a/0xc0 [ 760.317174][T20946] do_SYSENTER_32+0x73/0x90 [ 760.317174][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 760.317174][T20946] [ 760.317174][T20946] Uninit was stored to memory at: [ 760.317174][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 760.317174][T20946] __msan_chain_origin+0x57/0xa0 [ 760.317174][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 760.317174][T20946] get_compat_msghdr+0x108/0x2b0 [ 760.317174][T20946] do_recvmmsg+0xdc1/0x22d0 [ 760.317174][T20946] __sys_recvmmsg+0x519/0x6f0 [ 760.968699][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 760.968699][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 760.968699][T20946] __do_fast_syscall_32+0x102/0x160 [ 760.968699][T20946] do_fast_syscall_32+0x6a/0xc0 [ 760.968699][T20946] do_SYSENTER_32+0x73/0x90 [ 761.003438][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 761.003438][T20946] [ 761.003438][T20946] Uninit was stored to memory at: [ 761.003438][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 761.003438][T20946] __msan_chain_origin+0x57/0xa0 [ 761.003438][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 761.003438][T20946] get_compat_msghdr+0x108/0x2b0 [ 761.003438][T20946] do_recvmmsg+0xdc1/0x22d0 [ 761.003438][T20946] __sys_recvmmsg+0x519/0x6f0 [ 761.003438][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 761.003438][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 761.003438][T20946] __do_fast_syscall_32+0x102/0x160 [ 761.098375][T20946] do_fast_syscall_32+0x6a/0xc0 [ 761.098375][T20946] do_SYSENTER_32+0x73/0x90 [ 761.098375][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 761.098375][T20946] [ 761.128699][T20946] Uninit was stored to memory at: [ 761.128699][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 761.128699][T20946] __msan_chain_origin+0x57/0xa0 [ 761.128699][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 761.157191][T20946] get_compat_msghdr+0x108/0x2b0 [ 761.157191][T20946] do_recvmmsg+0xdc1/0x22d0 [ 761.157191][T20946] __sys_recvmmsg+0x519/0x6f0 [ 761.157191][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 761.157191][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 761.157191][T20946] __do_fast_syscall_32+0x102/0x160 [ 761.157191][T20946] do_fast_syscall_32+0x6a/0xc0 [ 761.157191][T20946] do_SYSENTER_32+0x73/0x90 [ 761.213528][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 761.213528][T20946] [ 761.213528][T20946] Uninit was stored to memory at: [ 761.213528][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 761.243643][T20946] __msan_chain_origin+0x57/0xa0 [ 761.243643][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 761.243643][T20946] get_compat_msghdr+0x108/0x2b0 [ 761.243643][T20946] do_recvmmsg+0xdc1/0x22d0 [ 761.274571][T20946] __sys_recvmmsg+0x519/0x6f0 [ 761.274571][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 761.274571][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 761.274571][T20946] __do_fast_syscall_32+0x102/0x160 [ 761.274571][T20946] do_fast_syscall_32+0x6a/0xc0 [ 761.308910][T20946] do_SYSENTER_32+0x73/0x90 [ 761.308910][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 761.308910][T20946] [ 761.308910][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 761.338831][T20946] do_recvmmsg+0xbf/0x22d0 [ 761.338831][T20946] do_recvmmsg+0xbf/0x22d0 [ 761.676751][T20946] not chained 250000 origins [ 761.683279][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 761.683279][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.683279][T20946] Call Trace: [ 761.683279][T20946] dump_stack+0x21c/0x280 [ 761.683279][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 761.683279][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 761.683279][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 761.683279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 761.683279][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 761.683279][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 761.683279][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 761.683279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 761.683279][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 761.683279][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 761.683279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 761.683279][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 761.683279][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 761.683279][T20946] ? _copy_from_user+0x1fd/0x300 [ 761.683279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 761.683279][T20946] __msan_chain_origin+0x57/0xa0 [ 761.683279][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 761.683279][T20946] get_compat_msghdr+0x108/0x2b0 [ 761.683279][T20946] do_recvmmsg+0xdc1/0x22d0 [ 761.683279][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 761.683279][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 761.683279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 761.683279][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 761.683279][T20946] ? kmsan_get_metadata+0x116/0x180 [ 761.683279][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 761.683279][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 761.683279][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 761.683279][T20946] __sys_recvmmsg+0x519/0x6f0 [ 761.683279][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 761.683279][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 761.683279][T20946] __do_fast_syscall_32+0x102/0x160 [ 761.683279][T20946] do_fast_syscall_32+0x6a/0xc0 [ 761.683279][T20946] do_SYSENTER_32+0x73/0x90 [ 761.683279][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 761.683279][T20946] RIP: 0023:0xf7f1c549 [ 761.683279][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 761.683279][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 762.006336][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 762.026209][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 762.026209][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 762.026209][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 762.026209][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 762.026209][T20946] Uninit was stored to memory at: [ 762.026209][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.026209][T20946] __msan_chain_origin+0x57/0xa0 [ 762.026209][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.095645][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.095645][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.095645][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.095645][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.095645][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.095645][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.095645][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.095645][T20946] do_SYSENTER_32+0x73/0x90 [ 762.095645][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.095645][T20946] [ 762.095645][T20946] Uninit was stored to memory at: [ 762.095645][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.095645][T20946] __msan_chain_origin+0x57/0xa0 [ 762.095645][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.095645][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.095645][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.095645][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.095645][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.095645][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.234881][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.234881][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.234881][T20946] do_SYSENTER_32+0x73/0x90 [ 762.234881][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.234881][T20946] [ 762.234881][T20946] Uninit was stored to memory at: [ 762.234881][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.234881][T20946] __msan_chain_origin+0x57/0xa0 [ 762.234881][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.234881][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.234881][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.327130][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.327130][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.327130][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.357553][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.357553][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.357553][T20946] do_SYSENTER_32+0x73/0x90 [ 762.383846][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.383846][T20946] [ 762.383846][T20946] Uninit was stored to memory at: [ 762.383846][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.383846][T20946] __msan_chain_origin+0x57/0xa0 [ 762.383846][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.383846][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.383846][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.383846][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.449657][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.449657][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.449657][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.476176][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.476176][T20946] do_SYSENTER_32+0x73/0x90 [ 762.476176][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.476176][T20946] [ 762.509396][T20946] Uninit was stored to memory at: [ 762.509396][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.509396][T20946] __msan_chain_origin+0x57/0xa0 [ 762.509396][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.536408][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.536408][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.536408][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.536408][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.567951][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.567951][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.567951][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.595412][T20946] do_SYSENTER_32+0x73/0x90 [ 762.595412][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.595412][T20946] [ 762.595412][T20946] Uninit was stored to memory at: [ 762.629182][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.629182][T20946] __msan_chain_origin+0x57/0xa0 [ 762.629182][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.629182][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.656882][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.656882][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.656882][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.656882][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.688952][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.688952][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.688952][T20946] do_SYSENTER_32+0x73/0x90 [ 762.688952][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.717243][T20946] [ 762.717243][T20946] Uninit was stored to memory at: [ 762.717243][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 762.717243][T20946] __msan_chain_origin+0x57/0xa0 [ 762.717243][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 762.748543][T20946] get_compat_msghdr+0x108/0x2b0 [ 762.748543][T20946] do_recvmmsg+0xdc1/0x22d0 [ 762.748543][T20946] __sys_recvmmsg+0x519/0x6f0 [ 762.773471][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 762.773471][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 762.773471][T20946] __do_fast_syscall_32+0x102/0x160 [ 762.773471][T20946] do_fast_syscall_32+0x6a/0xc0 [ 762.773471][T20946] do_SYSENTER_32+0x73/0x90 [ 762.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 762.807181][T20946] [ 762.807181][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 762.807181][T20946] do_recvmmsg+0xbf/0x22d0 [ 762.835593][T20946] do_recvmmsg+0xbf/0x22d0 [ 763.142262][T20946] not chained 260000 origins [ 763.143305][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 763.158444][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 763.158444][T20946] Call Trace: [ 763.158444][T20946] dump_stack+0x21c/0x280 [ 763.158444][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 763.158444][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 763.158444][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 763.158444][T20946] ? kmsan_get_metadata+0x116/0x180 [ 763.158444][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 763.158444][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 763.158444][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 763.158444][T20946] ? kmsan_get_metadata+0x116/0x180 [ 763.158444][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 763.158444][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 763.158444][T20946] ? kmsan_get_metadata+0x116/0x180 [ 763.158444][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 763.158444][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 763.158444][T20946] ? _copy_from_user+0x1fd/0x300 [ 763.158444][T20946] ? kmsan_get_metadata+0x116/0x180 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 763.158444][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 763.158444][T20946] ? kmsan_get_metadata+0x116/0x180 [ 763.158444][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 763.158444][T20946] ? kmsan_get_metadata+0x116/0x180 [ 763.158444][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 763.158444][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 763.158444][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] RIP: 0023:0xf7f1c549 [ 763.158444][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 763.158444][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 763.158444][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 763.158444][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 763.158444][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 763.158444][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 763.158444][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Uninit was stored to memory at: [ 763.158444][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 763.158444][T20946] __msan_chain_origin+0x57/0xa0 [ 763.158444][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 763.158444][T20946] get_compat_msghdr+0x108/0x2b0 [ 763.158444][T20946] do_recvmmsg+0xdc1/0x22d0 [ 763.158444][T20946] __sys_recvmmsg+0x519/0x6f0 [ 763.158444][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 763.158444][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 763.158444][T20946] __do_fast_syscall_32+0x102/0x160 [ 763.158444][T20946] do_fast_syscall_32+0x6a/0xc0 [ 763.158444][T20946] do_SYSENTER_32+0x73/0x90 [ 763.158444][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 763.158444][T20946] [ 763.158444][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 763.158444][T20946] do_recvmmsg+0xbf/0x22d0 [ 763.158444][T20946] do_recvmmsg+0xbf/0x22d0 [ 764.605407][T20946] not chained 270000 origins [ 764.612689][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 764.613441][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 764.613441][T20946] Call Trace: [ 764.613441][T20946] dump_stack+0x21c/0x280 [ 764.613441][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 764.613441][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 764.613441][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 764.613441][T20946] ? kmsan_get_metadata+0x116/0x180 [ 764.677614][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 764.677614][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 764.693916][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 764.693916][T20946] ? kmsan_get_metadata+0x116/0x180 [ 764.693916][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 764.693916][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 764.693916][T20946] ? kmsan_get_metadata+0x116/0x180 [ 764.693916][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 764.693916][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 764.693916][T20946] ? _copy_from_user+0x1fd/0x300 [ 764.693916][T20946] ? kmsan_get_metadata+0x116/0x180 [ 764.693916][T20946] __msan_chain_origin+0x57/0xa0 [ 764.693916][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 764.693916][T20946] get_compat_msghdr+0x108/0x2b0 [ 764.693916][T20946] do_recvmmsg+0xdc1/0x22d0 [ 764.693916][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 764.693916][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 764.693916][T20946] ? kmsan_get_metadata+0x116/0x180 [ 764.693916][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 764.693916][T20946] ? kmsan_get_metadata+0x116/0x180 [ 764.693916][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 764.693916][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 764.693916][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 764.693916][T20946] __sys_recvmmsg+0x519/0x6f0 [ 764.693916][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 764.693916][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 764.883399][T20946] __do_fast_syscall_32+0x102/0x160 [ 764.883399][T20946] do_fast_syscall_32+0x6a/0xc0 [ 764.883399][T20946] do_SYSENTER_32+0x73/0x90 [ 764.883399][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 764.883399][T20946] RIP: 0023:0xf7f1c549 [ 764.883399][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 764.883399][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 764.883399][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 764.883399][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 764.883399][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 764.883399][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 764.883399][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 764.883399][T20946] Uninit was stored to memory at: [ 764.883399][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 764.883399][T20946] __msan_chain_origin+0x57/0xa0 [ 764.883399][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 764.883399][T20946] get_compat_msghdr+0x108/0x2b0 [ 764.883399][T20946] do_recvmmsg+0xdc1/0x22d0 [ 764.883399][T20946] __sys_recvmmsg+0x519/0x6f0 [ 764.883399][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 764.883399][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 764.883399][T20946] __do_fast_syscall_32+0x102/0x160 [ 764.883399][T20946] do_fast_syscall_32+0x6a/0xc0 [ 764.883399][T20946] do_SYSENTER_32+0x73/0x90 [ 764.883399][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 764.883399][T20946] [ 764.883399][T20946] Uninit was stored to memory at: [ 764.883399][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 764.883399][T20946] __msan_chain_origin+0x57/0xa0 [ 764.883399][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 764.883399][T20946] get_compat_msghdr+0x108/0x2b0 [ 764.883399][T20946] do_recvmmsg+0xdc1/0x22d0 [ 764.883399][T20946] __sys_recvmmsg+0x519/0x6f0 [ 764.883399][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 764.883399][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 764.883399][T20946] __do_fast_syscall_32+0x102/0x160 [ 764.883399][T20946] do_fast_syscall_32+0x6a/0xc0 [ 764.883399][T20946] do_SYSENTER_32+0x73/0x90 [ 764.883399][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 764.883399][T20946] [ 764.883399][T20946] Uninit was stored to memory at: [ 764.883399][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 764.883399][T20946] __msan_chain_origin+0x57/0xa0 [ 764.883399][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 764.883399][T20946] get_compat_msghdr+0x108/0x2b0 [ 764.883399][T20946] do_recvmmsg+0xdc1/0x22d0 [ 764.883399][T20946] __sys_recvmmsg+0x519/0x6f0 [ 764.883399][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 764.883399][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 764.883399][T20946] __do_fast_syscall_32+0x102/0x160 [ 764.883399][T20946] do_fast_syscall_32+0x6a/0xc0 [ 764.883399][T20946] do_SYSENTER_32+0x73/0x90 [ 764.883399][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 764.883399][T20946] [ 764.883399][T20946] Uninit was stored to memory at: [ 764.883399][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 765.366026][T20946] __msan_chain_origin+0x57/0xa0 [ 765.366026][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 765.366026][T20946] get_compat_msghdr+0x108/0x2b0 [ 765.395441][T20946] do_recvmmsg+0xdc1/0x22d0 [ 765.395441][T20946] __sys_recvmmsg+0x519/0x6f0 [ 765.395441][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 765.395441][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 765.395441][T20946] __do_fast_syscall_32+0x102/0x160 [ 765.395441][T20946] do_fast_syscall_32+0x6a/0xc0 [ 765.395441][T20946] do_SYSENTER_32+0x73/0x90 [ 765.395441][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 765.395441][T20946] [ 765.395441][T20946] Uninit was stored to memory at: [ 765.395441][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 765.395441][T20946] __msan_chain_origin+0x57/0xa0 [ 765.488601][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 765.488601][T20946] get_compat_msghdr+0x108/0x2b0 [ 765.488601][T20946] do_recvmmsg+0xdc1/0x22d0 [ 765.516581][T20946] __sys_recvmmsg+0x519/0x6f0 [ 765.516581][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 765.516581][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 765.516581][T20946] __do_fast_syscall_32+0x102/0x160 [ 765.549517][T20946] do_fast_syscall_32+0x6a/0xc0 [ 765.549517][T20946] do_SYSENTER_32+0x73/0x90 [ 765.549517][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 765.549517][T20946] [ 765.549517][T20946] Uninit was stored to memory at: [ 765.549517][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 765.549517][T20946] __msan_chain_origin+0x57/0xa0 [ 765.606922][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 765.606922][T20946] get_compat_msghdr+0x108/0x2b0 [ 765.606922][T20946] do_recvmmsg+0xdc1/0x22d0 [ 765.634745][T20946] __sys_recvmmsg+0x519/0x6f0 [ 765.634745][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 765.634745][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 765.634745][T20946] __do_fast_syscall_32+0x102/0x160 [ 765.664059][T20946] do_fast_syscall_32+0x6a/0xc0 [ 765.664059][T20946] do_SYSENTER_32+0x73/0x90 [ 765.664059][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 765.664059][T20946] [ 765.693474][T20946] Uninit was stored to memory at: [ 765.693474][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 765.693474][T20946] __msan_chain_origin+0x57/0xa0 [ 765.724529][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 765.724529][T20946] get_compat_msghdr+0x108/0x2b0 [ 765.724529][T20946] do_recvmmsg+0xdc1/0x22d0 [ 765.724529][T20946] __sys_recvmmsg+0x519/0x6f0 [ 765.724529][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 765.755418][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 765.755418][T20946] __do_fast_syscall_32+0x102/0x160 [ 765.755418][T20946] do_fast_syscall_32+0x6a/0xc0 [ 765.755418][T20946] do_SYSENTER_32+0x73/0x90 [ 765.784792][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 765.784792][T20946] [ 765.784792][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 765.784792][T20946] do_recvmmsg+0xbf/0x22d0 [ 765.814660][T20946] do_recvmmsg+0xbf/0x22d0 [ 766.097535][T20946] not chained 280000 origins [ 766.103288][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 766.103288][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 766.130933][T20946] Call Trace: [ 766.130933][T20946] dump_stack+0x21c/0x280 [ 766.130933][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 766.130933][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 766.130933][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 766.130933][T20946] ? kmsan_get_metadata+0x116/0x180 [ 766.130933][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 766.130933][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 766.130933][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 766.130933][T20946] ? kmsan_get_metadata+0x116/0x180 [ 766.130933][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 766.130933][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 766.130933][T20946] ? kmsan_get_metadata+0x116/0x180 [ 766.130933][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 766.130933][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 766.130933][T20946] ? _copy_from_user+0x1fd/0x300 [ 766.130933][T20946] ? kmsan_get_metadata+0x116/0x180 [ 766.130933][T20946] __msan_chain_origin+0x57/0xa0 [ 766.130933][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 766.130933][T20946] get_compat_msghdr+0x108/0x2b0 [ 766.130933][T20946] do_recvmmsg+0xdc1/0x22d0 [ 766.130933][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 766.130933][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 766.130933][T20946] ? kmsan_get_metadata+0x116/0x180 [ 766.130933][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 766.130933][T20946] ? kmsan_get_metadata+0x116/0x180 [ 766.130933][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 766.130933][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 766.130933][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 766.130933][T20946] __sys_recvmmsg+0x519/0x6f0 [ 766.130933][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 766.130933][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 766.409972][T20946] __do_fast_syscall_32+0x102/0x160 [ 766.419080][T20946] do_fast_syscall_32+0x6a/0xc0 [ 766.419080][T20946] do_SYSENTER_32+0x73/0x90 [ 766.419080][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 766.419080][T20946] RIP: 0023:0xf7f1c549 [ 766.419080][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 766.419080][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 766.419080][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 766.419080][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 766.419080][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 766.419080][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 766.419080][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 766.419080][T20946] Uninit was stored to memory at: [ 766.419080][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 766.419080][T20946] __msan_chain_origin+0x57/0xa0 [ 766.419080][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 766.419080][T20946] get_compat_msghdr+0x108/0x2b0 [ 766.419080][T20946] do_recvmmsg+0xdc1/0x22d0 [ 766.419080][T20946] __sys_recvmmsg+0x519/0x6f0 [ 766.419080][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 766.419080][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 766.419080][T20946] __do_fast_syscall_32+0x102/0x160 [ 766.419080][T20946] do_fast_syscall_32+0x6a/0xc0 [ 766.639691][T20946] do_SYSENTER_32+0x73/0x90 [ 766.639691][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 766.639691][T20946] [ 766.639691][T20946] Uninit was stored to memory at: [ 766.639691][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 766.639691][T20946] __msan_chain_origin+0x57/0xa0 [ 766.685550][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 766.685550][T20946] get_compat_msghdr+0x108/0x2b0 [ 766.685550][T20946] do_recvmmsg+0xdc1/0x22d0 [ 766.717238][T20946] __sys_recvmmsg+0x519/0x6f0 [ 766.717238][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 766.717238][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 766.750396][T20946] __do_fast_syscall_32+0x102/0x160 [ 766.750396][T20946] do_fast_syscall_32+0x6a/0xc0 [ 766.750396][T20946] do_SYSENTER_32+0x73/0x90 [ 766.777806][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 766.777806][T20946] [ 766.777806][T20946] Uninit was stored to memory at: [ 766.777806][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 766.777806][T20946] __msan_chain_origin+0x57/0xa0 [ 766.777806][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 766.777806][T20946] get_compat_msghdr+0x108/0x2b0 [ 766.839155][T20946] do_recvmmsg+0xdc1/0x22d0 [ 766.839155][T20946] __sys_recvmmsg+0x519/0x6f0 [ 766.839155][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 766.865987][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 766.865987][T20946] __do_fast_syscall_32+0x102/0x160 [ 766.865987][T20946] do_fast_syscall_32+0x6a/0xc0 [ 766.897095][T20946] do_SYSENTER_32+0x73/0x90 [ 766.897095][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 766.897095][T20946] [ 766.927922][T20946] Uninit was stored to memory at: [ 766.927922][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 766.927922][T20946] __msan_chain_origin+0x57/0xa0 [ 766.953495][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 766.953495][T20946] get_compat_msghdr+0x108/0x2b0 [ 766.953495][T20946] do_recvmmsg+0xdc1/0x22d0 [ 766.953495][T20946] __sys_recvmmsg+0x519/0x6f0 [ 766.953495][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 766.953495][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 766.953495][T20946] __do_fast_syscall_32+0x102/0x160 [ 766.953495][T20946] do_fast_syscall_32+0x6a/0xc0 [ 766.953495][T20946] do_SYSENTER_32+0x73/0x90 [ 766.953495][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 766.953495][T20946] [ 766.953495][T20946] Uninit was stored to memory at: [ 766.953495][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 766.953495][T20946] __msan_chain_origin+0x57/0xa0 [ 767.044348][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.044348][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.044348][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.044348][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.044348][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.078237][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.078237][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.078237][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.105366][T20946] do_SYSENTER_32+0x73/0x90 [ 767.105366][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.105366][T20946] [ 767.105366][T20946] Uninit was stored to memory at: [ 767.133427][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.133427][T20946] __msan_chain_origin+0x57/0xa0 [ 767.133427][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.133427][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.155344][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.155344][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.155344][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.155344][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.155344][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.155344][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.155344][T20946] do_SYSENTER_32+0x73/0x90 [ 767.155344][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.155344][T20946] [ 767.155344][T20946] Uninit was stored to memory at: [ 767.155344][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.155344][T20946] __msan_chain_origin+0x57/0xa0 [ 767.155344][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.155344][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.155344][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.155344][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.284182][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.284182][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.284182][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.284182][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.284182][T20946] do_SYSENTER_32+0x73/0x90 [ 767.284182][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.284182][T20946] [ 767.284182][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 767.284182][T20946] do_recvmmsg+0xbf/0x22d0 [ 767.284182][T20946] do_recvmmsg+0xbf/0x22d0 [ 767.671712][T20946] not chained 290000 origins [ 767.673363][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 767.673363][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.673363][T20946] Call Trace: [ 767.673363][T20946] dump_stack+0x21c/0x280 [ 767.673363][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 767.673363][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 767.673363][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 767.673363][T20946] ? kmsan_get_metadata+0x116/0x180 [ 767.673363][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 767.673363][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 767.767820][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 767.767820][T20946] ? kmsan_get_metadata+0x116/0x180 [ 767.767820][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 767.767820][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 767.767820][T20946] ? kmsan_get_metadata+0x116/0x180 [ 767.767820][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 767.767820][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 767.767820][T20946] ? _copy_from_user+0x1fd/0x300 [ 767.767820][T20946] ? kmsan_get_metadata+0x116/0x180 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 767.767820][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 767.767820][T20946] ? kmsan_get_metadata+0x116/0x180 [ 767.767820][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 767.767820][T20946] ? kmsan_get_metadata+0x116/0x180 [ 767.767820][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 767.767820][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 767.767820][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] RIP: 0023:0xf7f1c549 [ 767.767820][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 767.767820][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 767.767820][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 767.767820][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 767.767820][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 767.767820][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 767.767820][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Uninit was stored to memory at: [ 767.767820][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 767.767820][T20946] __msan_chain_origin+0x57/0xa0 [ 767.767820][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 767.767820][T20946] get_compat_msghdr+0x108/0x2b0 [ 767.767820][T20946] do_recvmmsg+0xdc1/0x22d0 [ 767.767820][T20946] __sys_recvmmsg+0x519/0x6f0 [ 767.767820][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 767.767820][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 767.767820][T20946] __do_fast_syscall_32+0x102/0x160 [ 767.767820][T20946] do_fast_syscall_32+0x6a/0xc0 [ 767.767820][T20946] do_SYSENTER_32+0x73/0x90 [ 767.767820][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 767.767820][T20946] [ 767.767820][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 767.767820][T20946] do_recvmmsg+0xbf/0x22d0 [ 767.767820][T20946] do_recvmmsg+0xbf/0x22d0 [ 769.185515][T20946] not chained 300000 origins [ 769.193309][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 769.193309][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 769.193309][T20946] Call Trace: [ 769.193309][T20946] dump_stack+0x21c/0x280 [ 769.193309][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 769.193309][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 769.193309][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 769.193309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 769.193309][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 769.193309][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 769.193309][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 769.193309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 769.193309][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 769.193309][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 769.193309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 769.193309][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 769.193309][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 769.193309][T20946] ? _copy_from_user+0x1fd/0x300 [ 769.193309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 769.193309][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 769.193309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 769.193309][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 769.193309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 769.193309][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 769.193309][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 769.193309][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] RIP: 0023:0xf7f1c549 [ 769.193309][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 769.193309][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 769.193309][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 769.193309][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 769.193309][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 769.193309][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 769.193309][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Uninit was stored to memory at: [ 769.193309][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 769.193309][T20946] __msan_chain_origin+0x57/0xa0 [ 769.193309][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 769.193309][T20946] get_compat_msghdr+0x108/0x2b0 [ 769.193309][T20946] do_recvmmsg+0xdc1/0x22d0 [ 769.193309][T20946] __sys_recvmmsg+0x519/0x6f0 [ 769.193309][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 769.193309][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 769.193309][T20946] __do_fast_syscall_32+0x102/0x160 [ 769.193309][T20946] do_fast_syscall_32+0x6a/0xc0 [ 769.193309][T20946] do_SYSENTER_32+0x73/0x90 [ 769.193309][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 769.193309][T20946] [ 769.193309][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 769.193309][T20946] do_recvmmsg+0xbf/0x22d0 [ 769.193309][T20946] do_recvmmsg+0xbf/0x22d0 [ 770.814968][T20946] not chained 310000 origins [ 770.823284][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 770.823284][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.837473][T20946] Call Trace: [ 770.837473][T20946] dump_stack+0x21c/0x280 [ 770.837473][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 770.837473][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 770.870195][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 770.870195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 770.870195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 770.870195][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 770.870195][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 770.870195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 770.870195][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 770.870195][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 770.870195][T20946] ? kmsan_get_metadata+0x116/0x180 [ 770.870195][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 770.959535][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 770.973209][T20946] ? _copy_from_user+0x1fd/0x300 [ 770.973209][T20946] ? kmsan_get_metadata+0x116/0x180 [ 770.973209][T20946] __msan_chain_origin+0x57/0xa0 [ 770.990736][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 770.990736][T20946] get_compat_msghdr+0x108/0x2b0 [ 770.990736][T20946] do_recvmmsg+0xdc1/0x22d0 [ 770.990736][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 770.990736][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 770.990736][T20946] ? kmsan_get_metadata+0x116/0x180 [ 770.990736][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 770.990736][T20946] ? kmsan_get_metadata+0x116/0x180 [ 770.990736][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 770.990736][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 770.990736][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 770.990736][T20946] __sys_recvmmsg+0x519/0x6f0 [ 770.990736][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 770.990736][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 770.990736][T20946] __do_fast_syscall_32+0x102/0x160 [ 770.990736][T20946] do_fast_syscall_32+0x6a/0xc0 [ 770.990736][T20946] do_SYSENTER_32+0x73/0x90 [ 770.990736][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 770.990736][T20946] RIP: 0023:0xf7f1c549 [ 770.990736][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 770.990736][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 771.194354][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 771.194354][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 771.194354][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 771.194354][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 771.228903][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 771.228903][T20946] Uninit was stored to memory at: [ 771.253425][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 771.253425][T20946] __msan_chain_origin+0x57/0xa0 [ 771.253425][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 771.253425][T20946] get_compat_msghdr+0x108/0x2b0 [ 771.286258][T20946] do_recvmmsg+0xdc1/0x22d0 [ 771.286258][T20946] __sys_recvmmsg+0x519/0x6f0 [ 771.286258][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 771.286258][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 771.286258][T20946] __do_fast_syscall_32+0x102/0x160 [ 771.286258][T20946] do_fast_syscall_32+0x6a/0xc0 [ 771.286258][T20946] do_SYSENTER_32+0x73/0x90 [ 771.349759][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 771.349759][T20946] [ 771.349759][T20946] Uninit was stored to memory at: [ 771.349759][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 771.380765][T20946] __msan_chain_origin+0x57/0xa0 [ 771.380765][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 771.380765][T20946] get_compat_msghdr+0x108/0x2b0 [ 771.406390][T20946] do_recvmmsg+0xdc1/0x22d0 [ 771.406390][T20946] __sys_recvmmsg+0x519/0x6f0 [ 771.406390][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 771.406390][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 771.439837][T20946] __do_fast_syscall_32+0x102/0x160 [ 771.439837][T20946] do_fast_syscall_32+0x6a/0xc0 [ 771.439837][T20946] do_SYSENTER_32+0x73/0x90 [ 771.464662][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 771.464662][T20946] [ 771.464662][T20946] Uninit was stored to memory at: [ 771.464662][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 771.500196][T20946] __msan_chain_origin+0x57/0xa0 [ 771.500196][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 771.500196][T20946] get_compat_msghdr+0x108/0x2b0 [ 771.525772][T20946] do_recvmmsg+0xdc1/0x22d0 [ 771.525772][T20946] __sys_recvmmsg+0x519/0x6f0 [ 771.525772][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 771.556047][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 771.556047][T20946] __do_fast_syscall_32+0x102/0x160 [ 771.556047][T20946] do_fast_syscall_32+0x6a/0xc0 [ 771.588371][T20946] do_SYSENTER_32+0x73/0x90 [ 771.588371][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 771.588371][T20946] [ 771.613933][T20946] Uninit was stored to memory at: [ 771.613933][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 771.613933][T20946] __msan_chain_origin+0x57/0xa0 [ 771.613933][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 771.647968][T20946] get_compat_msghdr+0x108/0x2b0 [ 771.647968][T20946] do_recvmmsg+0xdc1/0x22d0 [ 771.647968][T20946] __sys_recvmmsg+0x519/0x6f0 [ 771.647968][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 771.678281][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 771.678281][T20946] __do_fast_syscall_32+0x102/0x160 [ 771.678281][T20946] do_fast_syscall_32+0x6a/0xc0 [ 771.707964][T20946] do_SYSENTER_32+0x73/0x90 [ 771.707964][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 771.707964][T20946] [ 771.707964][T20946] Uninit was stored to memory at: [ 771.741180][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 771.741180][T20946] __msan_chain_origin+0x57/0xa0 [ 771.741180][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 771.770292][T20946] get_compat_msghdr+0x108/0x2b0 [ 771.770292][T20946] do_recvmmsg+0xdc1/0x22d0 [ 771.770292][T20946] __sys_recvmmsg+0x519/0x6f0 [ 771.800502][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 771.800502][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 771.800502][T20946] __do_fast_syscall_32+0x102/0x160 [ 771.827885][T20946] do_fast_syscall_32+0x6a/0xc0 [ 771.827885][T20946] do_SYSENTER_32+0x73/0x90 [ 771.827885][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 771.853824][T20946] [ 771.853824][T20946] Uninit was stored to memory at: [ 771.853824][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 771.853824][T20946] __msan_chain_origin+0x57/0xa0 [ 771.884591][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 771.884591][T20946] get_compat_msghdr+0x108/0x2b0 [ 771.884591][T20946] do_recvmmsg+0xdc1/0x22d0 [ 771.915544][T20946] __sys_recvmmsg+0x519/0x6f0 [ 771.915544][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 771.915544][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 771.915544][T20946] __do_fast_syscall_32+0x102/0x160 [ 771.949355][T20946] do_fast_syscall_32+0x6a/0xc0 [ 771.949355][T20946] do_SYSENTER_32+0x73/0x90 [ 771.949355][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 771.978499][T20946] [ 771.978499][T20946] Uninit was stored to memory at: [ 771.978499][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.007204][T20946] __msan_chain_origin+0x57/0xa0 [ 772.007204][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.007204][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.036848][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.036848][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.036848][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.036848][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.071791][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.071791][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.093504][T20946] do_SYSENTER_32+0x73/0x90 [ 772.093504][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.093504][T20946] [ 772.124330][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 772.124330][T20946] do_recvmmsg+0xbf/0x22d0 [ 772.124330][T20946] do_recvmmsg+0xbf/0x22d0 [ 772.468023][T20946] not chained 320000 origins [ 772.473315][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 772.483719][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.483719][T20946] Call Trace: [ 772.483719][T20946] dump_stack+0x21c/0x280 [ 772.483719][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 772.483719][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 772.483719][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 772.483719][T20946] ? kmsan_get_metadata+0x116/0x180 [ 772.483719][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 772.483719][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 772.483719][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 772.483719][T20946] ? kmsan_get_metadata+0x116/0x180 [ 772.483719][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 772.483719][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 772.483719][T20946] ? kmsan_get_metadata+0x116/0x180 [ 772.483719][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 772.483719][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 772.483719][T20946] ? _copy_from_user+0x1fd/0x300 [ 772.483719][T20946] ? kmsan_get_metadata+0x116/0x180 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 772.483719][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 772.483719][T20946] ? kmsan_get_metadata+0x116/0x180 [ 772.483719][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 772.483719][T20946] ? kmsan_get_metadata+0x116/0x180 [ 772.483719][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 772.483719][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 772.483719][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] RIP: 0023:0xf7f1c549 [ 772.483719][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 772.483719][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 772.483719][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 772.483719][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 772.483719][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 772.483719][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 772.483719][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Uninit was stored to memory at: [ 772.483719][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 772.483719][T20946] __msan_chain_origin+0x57/0xa0 [ 772.483719][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 772.483719][T20946] get_compat_msghdr+0x108/0x2b0 [ 772.483719][T20946] do_recvmmsg+0xdc1/0x22d0 [ 772.483719][T20946] __sys_recvmmsg+0x519/0x6f0 [ 772.483719][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 772.483719][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 772.483719][T20946] __do_fast_syscall_32+0x102/0x160 [ 772.483719][T20946] do_fast_syscall_32+0x6a/0xc0 [ 772.483719][T20946] do_SYSENTER_32+0x73/0x90 [ 772.483719][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 772.483719][T20946] [ 772.483719][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 772.483719][T20946] do_recvmmsg+0xbf/0x22d0 [ 772.483719][T20946] do_recvmmsg+0xbf/0x22d0 [ 774.110098][T20946] not chained 330000 origins [ 774.113312][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 774.120588][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.120588][T20946] Call Trace: [ 774.120588][T20946] dump_stack+0x21c/0x280 [ 774.120588][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 774.120588][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 774.120588][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 774.120588][T20946] ? kmsan_get_metadata+0x116/0x180 [ 774.120588][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 774.120588][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 774.120588][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 774.120588][T20946] ? kmsan_get_metadata+0x116/0x180 [ 774.120588][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 774.120588][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 774.120588][T20946] ? kmsan_get_metadata+0x116/0x180 [ 774.120588][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 774.120588][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 774.120588][T20946] ? _copy_from_user+0x1fd/0x300 [ 774.120588][T20946] ? kmsan_get_metadata+0x116/0x180 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 774.120588][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 774.120588][T20946] ? kmsan_get_metadata+0x116/0x180 [ 774.120588][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 774.120588][T20946] ? kmsan_get_metadata+0x116/0x180 [ 774.120588][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 774.120588][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 774.120588][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] RIP: 0023:0xf7f1c549 [ 774.120588][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 774.120588][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 774.120588][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 774.120588][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 774.120588][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 774.120588][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 774.120588][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Uninit was stored to memory at: [ 774.120588][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 774.120588][T20946] __msan_chain_origin+0x57/0xa0 [ 774.120588][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 774.120588][T20946] get_compat_msghdr+0x108/0x2b0 [ 774.120588][T20946] do_recvmmsg+0xdc1/0x22d0 [ 774.120588][T20946] __sys_recvmmsg+0x519/0x6f0 [ 774.120588][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 774.120588][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 774.120588][T20946] __do_fast_syscall_32+0x102/0x160 [ 774.120588][T20946] do_fast_syscall_32+0x6a/0xc0 [ 774.120588][T20946] do_SYSENTER_32+0x73/0x90 [ 774.120588][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 774.120588][T20946] [ 774.120588][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 774.120588][T20946] do_recvmmsg+0xbf/0x22d0 [ 774.120588][T20946] do_recvmmsg+0xbf/0x22d0 [ 775.701973][T20946] not chained 340000 origins [ 775.703321][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 775.703321][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.703321][T20946] Call Trace: [ 775.703321][T20946] dump_stack+0x21c/0x280 [ 775.754056][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 775.754056][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 775.754056][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 775.754056][T20946] ? kmsan_get_metadata+0x116/0x180 [ 775.754056][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 775.754056][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 775.754056][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 775.754056][T20946] ? kmsan_get_metadata+0x116/0x180 [ 775.754056][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 775.754056][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 775.754056][T20946] ? kmsan_get_metadata+0x116/0x180 [ 775.754056][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 775.754056][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 775.754056][T20946] ? _copy_from_user+0x1fd/0x300 [ 775.754056][T20946] ? kmsan_get_metadata+0x116/0x180 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 775.754056][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 775.754056][T20946] ? kmsan_get_metadata+0x116/0x180 [ 775.754056][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 775.754056][T20946] ? kmsan_get_metadata+0x116/0x180 [ 775.754056][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 775.754056][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 775.754056][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] RIP: 0023:0xf7f1c549 [ 775.754056][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 775.754056][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 775.754056][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 775.754056][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 775.754056][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 775.754056][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 775.754056][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Uninit was stored to memory at: [ 775.754056][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 775.754056][T20946] __msan_chain_origin+0x57/0xa0 [ 775.754056][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 775.754056][T20946] get_compat_msghdr+0x108/0x2b0 [ 775.754056][T20946] do_recvmmsg+0xdc1/0x22d0 [ 775.754056][T20946] __sys_recvmmsg+0x519/0x6f0 [ 775.754056][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 775.754056][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 775.754056][T20946] __do_fast_syscall_32+0x102/0x160 [ 775.754056][T20946] do_fast_syscall_32+0x6a/0xc0 [ 775.754056][T20946] do_SYSENTER_32+0x73/0x90 [ 775.754056][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 775.754056][T20946] [ 775.754056][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 775.754056][T20946] do_recvmmsg+0xbf/0x22d0 [ 775.754056][T20946] do_recvmmsg+0xbf/0x22d0 [ 777.351952][T20946] not chained 350000 origins [ 777.353456][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 777.353456][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.353456][T20946] Call Trace: [ 777.353456][T20946] dump_stack+0x21c/0x280 [ 777.353456][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 777.353456][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 777.353456][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 777.353456][T20946] ? kmsan_get_metadata+0x116/0x180 [ 777.353456][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 777.353456][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 777.353456][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 777.353456][T20946] ? kmsan_get_metadata+0x116/0x180 [ 777.353456][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 777.353456][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 777.353456][T20946] ? kmsan_get_metadata+0x116/0x180 [ 777.353456][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 777.353456][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 777.353456][T20946] ? _copy_from_user+0x1fd/0x300 [ 777.353456][T20946] ? kmsan_get_metadata+0x116/0x180 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 777.353456][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 777.353456][T20946] ? kmsan_get_metadata+0x116/0x180 [ 777.353456][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 777.353456][T20946] ? kmsan_get_metadata+0x116/0x180 [ 777.353456][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 777.353456][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 777.353456][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] RIP: 0023:0xf7f1c549 [ 777.353456][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 777.353456][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 777.353456][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 777.353456][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 777.353456][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 777.353456][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 777.353456][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Uninit was stored to memory at: [ 777.353456][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 777.353456][T20946] __msan_chain_origin+0x57/0xa0 [ 777.353456][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 777.353456][T20946] get_compat_msghdr+0x108/0x2b0 [ 777.353456][T20946] do_recvmmsg+0xdc1/0x22d0 [ 777.353456][T20946] __sys_recvmmsg+0x519/0x6f0 [ 777.353456][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 777.353456][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 777.353456][T20946] __do_fast_syscall_32+0x102/0x160 [ 777.353456][T20946] do_fast_syscall_32+0x6a/0xc0 [ 777.353456][T20946] do_SYSENTER_32+0x73/0x90 [ 777.353456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 777.353456][T20946] [ 777.353456][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 777.353456][T20946] do_recvmmsg+0xbf/0x22d0 [ 777.353456][T20946] do_recvmmsg+0xbf/0x22d0 [ 778.946132][T20946] not chained 360000 origins [ 778.953309][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 778.953309][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.953309][T20946] Call Trace: [ 778.953309][T20946] dump_stack+0x21c/0x280 [ 778.953309][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 778.953309][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 778.953309][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 778.953309][T20946] ? kmsan_get_metadata+0x116/0x180 [ 778.953309][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 779.017029][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 779.017029][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 779.030145][T20946] ? kmsan_get_metadata+0x116/0x180 [ 779.030145][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 779.030145][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 779.030145][T20946] ? kmsan_get_metadata+0x116/0x180 [ 779.030145][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 779.030145][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 779.030145][T20946] ? _copy_from_user+0x1fd/0x300 [ 779.030145][T20946] ? kmsan_get_metadata+0x116/0x180 [ 779.030145][T20946] __msan_chain_origin+0x57/0xa0 [ 779.030145][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.030145][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.113823][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.113823][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 779.113823][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 779.113823][T20946] ? kmsan_get_metadata+0x116/0x180 [ 779.113823][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 779.113823][T20946] ? kmsan_get_metadata+0x116/0x180 [ 779.113823][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 779.113823][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 779.113823][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 779.113823][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.113823][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.113823][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.113823][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.113823][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.113823][T20946] do_SYSENTER_32+0x73/0x90 [ 779.113823][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.113823][T20946] RIP: 0023:0xf7f1c549 [ 779.113823][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 779.113823][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 779.113823][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 779.113823][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 779.113823][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 779.113823][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 779.113823][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 779.113823][T20946] Uninit was stored to memory at: [ 779.113823][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.113823][T20946] __msan_chain_origin+0x57/0xa0 [ 779.113823][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.113823][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.113823][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.113823][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.113823][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.113823][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.113823][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.113823][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.113823][T20946] do_SYSENTER_32+0x73/0x90 [ 779.113823][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.113823][T20946] [ 779.113823][T20946] Uninit was stored to memory at: [ 779.113823][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.113823][T20946] __msan_chain_origin+0x57/0xa0 [ 779.113823][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.113823][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.113823][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.398832][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.398832][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.398832][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.398832][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.398832][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.398832][T20946] do_SYSENTER_32+0x73/0x90 [ 779.398832][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.398832][T20946] [ 779.398832][T20946] Uninit was stored to memory at: [ 779.398832][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.398832][T20946] __msan_chain_origin+0x57/0xa0 [ 779.398832][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.398832][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.398832][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.398832][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.398832][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.398832][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.398832][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.398832][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.398832][T20946] do_SYSENTER_32+0x73/0x90 [ 779.503558][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.503558][T20946] [ 779.503558][T20946] Uninit was stored to memory at: [ 779.503558][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.503558][T20946] __msan_chain_origin+0x57/0xa0 [ 779.503558][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.503558][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.503558][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.503558][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.503558][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.503558][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.503558][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.503558][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.503558][T20946] do_SYSENTER_32+0x73/0x90 [ 779.503558][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.503558][T20946] [ 779.503558][T20946] Uninit was stored to memory at: [ 779.503558][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.503558][T20946] __msan_chain_origin+0x57/0xa0 [ 779.503558][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.503558][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.503558][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.503558][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.503558][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.503558][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.503558][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.503558][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.503558][T20946] do_SYSENTER_32+0x73/0x90 [ 779.503558][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.503558][T20946] [ 779.503558][T20946] Uninit was stored to memory at: [ 779.670141][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.670141][T20946] __msan_chain_origin+0x57/0xa0 [ 779.683559][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.683559][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.683559][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.683559][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.683559][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.683559][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.683559][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.683559][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.683559][T20946] do_SYSENTER_32+0x73/0x90 [ 779.683559][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.683559][T20946] [ 779.683559][T20946] Uninit was stored to memory at: [ 779.683559][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 779.683559][T20946] __msan_chain_origin+0x57/0xa0 [ 779.683559][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 779.683559][T20946] get_compat_msghdr+0x108/0x2b0 [ 779.683559][T20946] do_recvmmsg+0xdc1/0x22d0 [ 779.683559][T20946] __sys_recvmmsg+0x519/0x6f0 [ 779.683559][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 779.683559][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 779.683559][T20946] __do_fast_syscall_32+0x102/0x160 [ 779.683559][T20946] do_fast_syscall_32+0x6a/0xc0 [ 779.683559][T20946] do_SYSENTER_32+0x73/0x90 [ 779.683559][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 779.683559][T20946] [ 779.683559][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 779.683559][T20946] do_recvmmsg+0xbf/0x22d0 [ 779.683559][T20946] do_recvmmsg+0xbf/0x22d0 [ 780.205399][T20946] not chained 370000 origins [ 780.213324][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 780.213324][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.213324][T20946] Call Trace: [ 780.213324][T20946] dump_stack+0x21c/0x280 [ 780.260329][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 780.260329][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 780.260329][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 780.260329][T20946] ? kmsan_get_metadata+0x116/0x180 [ 780.260329][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 780.260329][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 780.260329][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 780.260329][T20946] ? kmsan_get_metadata+0x116/0x180 [ 780.260329][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 780.260329][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 780.260329][T20946] ? kmsan_get_metadata+0x116/0x180 [ 780.260329][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 780.260329][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 780.260329][T20946] ? _copy_from_user+0x1fd/0x300 [ 780.260329][T20946] ? kmsan_get_metadata+0x116/0x180 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 780.260329][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 780.260329][T20946] ? kmsan_get_metadata+0x116/0x180 [ 780.260329][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 780.260329][T20946] ? kmsan_get_metadata+0x116/0x180 [ 780.260329][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 780.260329][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 780.260329][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] RIP: 0023:0xf7f1c549 [ 780.260329][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 780.260329][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 780.260329][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 780.260329][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 780.260329][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 780.260329][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 780.260329][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Uninit was stored to memory at: [ 780.260329][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 780.260329][T20946] __msan_chain_origin+0x57/0xa0 [ 780.260329][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 780.260329][T20946] get_compat_msghdr+0x108/0x2b0 [ 780.260329][T20946] do_recvmmsg+0xdc1/0x22d0 [ 780.260329][T20946] __sys_recvmmsg+0x519/0x6f0 [ 780.260329][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 780.260329][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 780.260329][T20946] __do_fast_syscall_32+0x102/0x160 [ 780.260329][T20946] do_fast_syscall_32+0x6a/0xc0 [ 780.260329][T20946] do_SYSENTER_32+0x73/0x90 [ 780.260329][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 780.260329][T20946] [ 780.260329][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 780.260329][T20946] do_recvmmsg+0xbf/0x22d0 [ 780.260329][T20946] do_recvmmsg+0xbf/0x22d0 [ 781.741741][T20946] not chained 380000 origins [ 781.744697][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 781.744697][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.744697][T20946] Call Trace: [ 781.744697][T20946] dump_stack+0x21c/0x280 [ 781.744697][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 781.744697][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 781.744697][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 781.744697][T20946] ? kmsan_get_metadata+0x116/0x180 [ 781.744697][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 781.744697][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 781.835053][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 781.846262][T20946] ? kmsan_get_metadata+0x116/0x180 [ 781.846262][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 781.846262][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 781.846262][T20946] ? kmsan_get_metadata+0x116/0x180 [ 781.846262][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 781.846262][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 781.846262][T20946] ? _copy_from_user+0x1fd/0x300 [ 781.846262][T20946] ? kmsan_get_metadata+0x116/0x180 [ 781.846262][T20946] __msan_chain_origin+0x57/0xa0 [ 781.924678][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 781.924678][T20946] get_compat_msghdr+0x108/0x2b0 [ 781.924678][T20946] do_recvmmsg+0xdc1/0x22d0 [ 781.924678][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 781.924678][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 781.924678][T20946] ? kmsan_get_metadata+0x116/0x180 [ 781.924678][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 781.924678][T20946] ? kmsan_get_metadata+0x116/0x180 [ 781.924678][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 781.924678][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 781.924678][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 781.924678][T20946] __sys_recvmmsg+0x519/0x6f0 [ 781.924678][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 781.924678][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 781.924678][T20946] __do_fast_syscall_32+0x102/0x160 [ 781.924678][T20946] do_fast_syscall_32+0x6a/0xc0 [ 781.924678][T20946] do_SYSENTER_32+0x73/0x90 [ 781.924678][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 781.924678][T20946] RIP: 0023:0xf7f1c549 [ 781.924678][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 781.924678][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 781.924678][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 781.924678][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 781.924678][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 781.924678][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 781.924678][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 781.924678][T20946] Uninit was stored to memory at: [ 781.924678][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 781.924678][T20946] __msan_chain_origin+0x57/0xa0 [ 781.924678][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 781.924678][T20946] get_compat_msghdr+0x108/0x2b0 [ 781.924678][T20946] do_recvmmsg+0xdc1/0x22d0 [ 781.924678][T20946] __sys_recvmmsg+0x519/0x6f0 [ 781.924678][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 781.924678][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 781.924678][T20946] __do_fast_syscall_32+0x102/0x160 [ 781.924678][T20946] do_fast_syscall_32+0x6a/0xc0 [ 781.924678][T20946] do_SYSENTER_32+0x73/0x90 [ 781.924678][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 781.924678][T20946] [ 781.924678][T20946] Uninit was stored to memory at: [ 781.924678][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 781.924678][T20946] __msan_chain_origin+0x57/0xa0 [ 781.924678][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 781.924678][T20946] get_compat_msghdr+0x108/0x2b0 [ 781.924678][T20946] do_recvmmsg+0xdc1/0x22d0 [ 781.924678][T20946] __sys_recvmmsg+0x519/0x6f0 [ 781.924678][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 781.924678][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 781.924678][T20946] __do_fast_syscall_32+0x102/0x160 [ 781.924678][T20946] do_fast_syscall_32+0x6a/0xc0 [ 781.924678][T20946] do_SYSENTER_32+0x73/0x90 [ 781.924678][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 781.924678][T20946] [ 781.924678][T20946] Uninit was stored to memory at: [ 781.924678][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 781.924678][T20946] __msan_chain_origin+0x57/0xa0 [ 781.924678][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 781.924678][T20946] get_compat_msghdr+0x108/0x2b0 [ 781.924678][T20946] do_recvmmsg+0xdc1/0x22d0 [ 782.483468][T20946] __sys_recvmmsg+0x519/0x6f0 [ 782.483468][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 782.483468][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 782.483468][T20946] __do_fast_syscall_32+0x102/0x160 [ 782.502757][T20946] do_fast_syscall_32+0x6a/0xc0 [ 782.502757][T20946] do_SYSENTER_32+0x73/0x90 [ 782.502757][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 782.502757][T20946] [ 782.502757][T20946] Uninit was stored to memory at: [ 782.502757][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 782.502757][T20946] __msan_chain_origin+0x57/0xa0 [ 782.502757][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 782.502757][T20946] get_compat_msghdr+0x108/0x2b0 [ 782.502757][T20946] do_recvmmsg+0xdc1/0x22d0 [ 782.502757][T20946] __sys_recvmmsg+0x519/0x6f0 [ 782.502757][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 782.502757][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 782.502757][T20946] __do_fast_syscall_32+0x102/0x160 [ 782.502757][T20946] do_fast_syscall_32+0x6a/0xc0 [ 782.502757][T20946] do_SYSENTER_32+0x73/0x90 [ 782.502757][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 782.502757][T20946] [ 782.502757][T20946] Uninit was stored to memory at: [ 782.502757][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 782.502757][T20946] __msan_chain_origin+0x57/0xa0 [ 782.502757][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 782.502757][T20946] get_compat_msghdr+0x108/0x2b0 [ 782.502757][T20946] do_recvmmsg+0xdc1/0x22d0 [ 782.502757][T20946] __sys_recvmmsg+0x519/0x6f0 [ 782.502757][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 782.502757][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 782.502757][T20946] __do_fast_syscall_32+0x102/0x160 [ 782.502757][T20946] do_fast_syscall_32+0x6a/0xc0 [ 782.502757][T20946] do_SYSENTER_32+0x73/0x90 [ 782.502757][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 782.502757][T20946] [ 782.502757][T20946] Uninit was stored to memory at: [ 782.502757][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 782.502757][T20946] __msan_chain_origin+0x57/0xa0 [ 782.502757][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 782.502757][T20946] get_compat_msghdr+0x108/0x2b0 [ 782.502757][T20946] do_recvmmsg+0xdc1/0x22d0 [ 782.502757][T20946] __sys_recvmmsg+0x519/0x6f0 [ 782.502757][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 782.502757][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 782.502757][T20946] __do_fast_syscall_32+0x102/0x160 [ 782.502757][T20946] do_fast_syscall_32+0x6a/0xc0 [ 782.502757][T20946] do_SYSENTER_32+0x73/0x90 [ 782.502757][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 782.502757][T20946] [ 782.502757][T20946] Uninit was stored to memory at: [ 782.502757][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 782.502757][T20946] __msan_chain_origin+0x57/0xa0 [ 782.502757][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 782.502757][T20946] get_compat_msghdr+0x108/0x2b0 [ 782.502757][T20946] do_recvmmsg+0xdc1/0x22d0 [ 782.502757][T20946] __sys_recvmmsg+0x519/0x6f0 [ 782.502757][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 782.502757][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 782.502757][T20946] __do_fast_syscall_32+0x102/0x160 [ 782.502757][T20946] do_fast_syscall_32+0x6a/0xc0 [ 782.502757][T20946] do_SYSENTER_32+0x73/0x90 [ 782.502757][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 782.502757][T20946] [ 782.502757][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 782.502757][T20946] do_recvmmsg+0xbf/0x22d0 [ 782.502757][T20946] do_recvmmsg+0xbf/0x22d0 [ 783.350739][T20946] not chained 390000 origins [ 783.353283][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 783.359251][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.359251][T20946] Call Trace: [ 783.359251][T20946] dump_stack+0x21c/0x280 [ 783.359251][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 783.359251][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 783.359251][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 783.359251][T20946] ? kmsan_get_metadata+0x116/0x180 [ 783.359251][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 783.359251][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 783.359251][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 783.359251][T20946] ? kmsan_get_metadata+0x116/0x180 [ 783.359251][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 783.359251][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 783.468717][T20946] ? kmsan_get_metadata+0x116/0x180 [ 783.468717][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 783.468717][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 783.468717][T20946] ? _copy_from_user+0x1fd/0x300 [ 783.468717][T20946] ? kmsan_get_metadata+0x116/0x180 [ 783.468717][T20946] __msan_chain_origin+0x57/0xa0 [ 783.468717][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 783.529223][T20946] get_compat_msghdr+0x108/0x2b0 [ 783.529223][T20946] do_recvmmsg+0xdc1/0x22d0 [ 783.529223][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 783.558371][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 783.558371][T20946] ? kmsan_get_metadata+0x116/0x180 [ 783.558371][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 783.558371][T20946] ? kmsan_get_metadata+0x116/0x180 [ 783.558371][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 783.558371][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 783.558371][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 783.558371][T20946] __sys_recvmmsg+0x519/0x6f0 [ 783.558371][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 783.558371][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 783.558371][T20946] __do_fast_syscall_32+0x102/0x160 [ 783.558371][T20946] do_fast_syscall_32+0x6a/0xc0 [ 783.558371][T20946] do_SYSENTER_32+0x73/0x90 [ 783.558371][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 783.558371][T20946] RIP: 0023:0xf7f1c549 [ 783.558371][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 783.558371][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 783.558371][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 783.558371][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 783.558371][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 783.558371][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 783.558371][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 783.558371][T20946] Uninit was stored to memory at: [ 783.558371][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 783.767167][T20946] __msan_chain_origin+0x57/0xa0 [ 783.767167][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 783.767167][T20946] get_compat_msghdr+0x108/0x2b0 [ 783.767167][T20946] do_recvmmsg+0xdc1/0x22d0 [ 783.798977][T20946] __sys_recvmmsg+0x519/0x6f0 [ 783.798977][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 783.798977][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 783.825868][T20946] __do_fast_syscall_32+0x102/0x160 [ 783.825868][T20946] do_fast_syscall_32+0x6a/0xc0 [ 783.825868][T20946] do_SYSENTER_32+0x73/0x90 [ 783.825868][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 783.825868][T20946] [ 783.825868][T20946] Uninit was stored to memory at: [ 783.825868][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 783.888562][T20946] __msan_chain_origin+0x57/0xa0 [ 783.888562][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 783.888562][T20946] get_compat_msghdr+0x108/0x2b0 [ 783.915164][T20946] do_recvmmsg+0xdc1/0x22d0 [ 783.915164][T20946] __sys_recvmmsg+0x519/0x6f0 [ 783.930477][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 783.930477][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 783.946758][T20946] __do_fast_syscall_32+0x102/0x160 [ 783.946758][T20946] do_fast_syscall_32+0x6a/0xc0 [ 783.946758][T20946] do_SYSENTER_32+0x73/0x90 [ 783.946758][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 783.946758][T20946] [ 783.946758][T20946] Uninit was stored to memory at: [ 783.946758][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 783.946758][T20946] __msan_chain_origin+0x57/0xa0 [ 783.946758][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 783.946758][T20946] get_compat_msghdr+0x108/0x2b0 [ 783.946758][T20946] do_recvmmsg+0xdc1/0x22d0 [ 784.037261][T20946] __sys_recvmmsg+0x519/0x6f0 [ 784.037261][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 784.037261][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 784.037261][T20946] __do_fast_syscall_32+0x102/0x160 [ 784.066159][T20946] do_fast_syscall_32+0x6a/0xc0 [ 784.066159][T20946] do_SYSENTER_32+0x73/0x90 [ 784.066159][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 784.095146][T20946] [ 784.095146][T20946] Uninit was stored to memory at: [ 784.095146][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 784.095146][T20946] __msan_chain_origin+0x57/0xa0 [ 784.128227][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 784.128227][T20946] get_compat_msghdr+0x108/0x2b0 [ 784.128227][T20946] do_recvmmsg+0xdc1/0x22d0 [ 784.154175][T20946] __sys_recvmmsg+0x519/0x6f0 [ 784.154175][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 784.154175][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 784.186252][T20946] __do_fast_syscall_32+0x102/0x160 [ 784.186252][T20946] do_fast_syscall_32+0x6a/0xc0 [ 784.186252][T20946] do_SYSENTER_32+0x73/0x90 [ 784.186252][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 784.218017][T20946] [ 784.218017][T20946] Uninit was stored to memory at: [ 784.218017][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 784.243874][T20946] __msan_chain_origin+0x57/0xa0 [ 784.243874][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 784.243874][T20946] get_compat_msghdr+0x108/0x2b0 [ 784.279559][T20946] do_recvmmsg+0xdc1/0x22d0 [ 784.279559][T20946] __sys_recvmmsg+0x519/0x6f0 [ 784.279559][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 784.307852][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 784.307852][T20946] __do_fast_syscall_32+0x102/0x160 [ 784.307852][T20946] do_fast_syscall_32+0x6a/0xc0 [ 784.307852][T20946] do_SYSENTER_32+0x73/0x90 [ 784.339260][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 784.339260][T20946] [ 784.339260][T20946] Uninit was stored to memory at: [ 784.339260][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 784.368265][T20946] __msan_chain_origin+0x57/0xa0 [ 784.368265][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 784.368265][T20946] get_compat_msghdr+0x108/0x2b0 [ 784.394783][T20946] do_recvmmsg+0xdc1/0x22d0 [ 784.394783][T20946] __sys_recvmmsg+0x519/0x6f0 [ 784.394783][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 784.394783][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 784.428009][T20946] __do_fast_syscall_32+0x102/0x160 [ 784.428009][T20946] do_fast_syscall_32+0x6a/0xc0 [ 784.428009][T20946] do_SYSENTER_32+0x73/0x90 [ 784.428009][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 784.459409][T20946] [ 784.459409][T20946] Uninit was stored to memory at: [ 784.459409][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 784.459409][T20946] __msan_chain_origin+0x57/0xa0 [ 784.488246][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 784.488246][T20946] get_compat_msghdr+0x108/0x2b0 [ 784.488246][T20946] do_recvmmsg+0xdc1/0x22d0 [ 784.516603][T20946] __sys_recvmmsg+0x519/0x6f0 [ 784.516603][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 784.516603][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 784.516603][T20946] __do_fast_syscall_32+0x102/0x160 [ 784.547656][T20946] do_fast_syscall_32+0x6a/0xc0 [ 784.547656][T20946] do_SYSENTER_32+0x73/0x90 [ 784.547656][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 784.547656][T20946] [ 784.574999][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 784.574999][T20946] do_recvmmsg+0xbf/0x22d0 [ 784.574999][T20946] do_recvmmsg+0xbf/0x22d0 [ 784.944247][T20946] not chained 400000 origins [ 784.951784][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 784.953336][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.968819][T20946] Call Trace: [ 784.968819][T20946] dump_stack+0x21c/0x280 [ 784.968819][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 784.968819][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 784.968819][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 784.968819][T20946] ? kmsan_get_metadata+0x116/0x180 [ 784.968819][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 784.968819][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 784.968819][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 784.968819][T20946] ? kmsan_get_metadata+0x116/0x180 [ 784.968819][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 784.968819][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 784.968819][T20946] ? kmsan_get_metadata+0x116/0x180 [ 784.968819][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 784.968819][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 785.083367][T20946] ? _copy_from_user+0x1fd/0x300 [ 785.083367][T20946] ? kmsan_get_metadata+0x116/0x180 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 785.083367][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 785.083367][T20946] ? kmsan_get_metadata+0x116/0x180 [ 785.083367][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 785.083367][T20946] ? kmsan_get_metadata+0x116/0x180 [ 785.083367][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 785.083367][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 785.083367][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] RIP: 0023:0xf7f1c549 [ 785.083367][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 785.083367][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 785.083367][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 785.083367][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 785.083367][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 785.083367][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 785.083367][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Uninit was stored to memory at: [ 785.083367][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 785.083367][T20946] __msan_chain_origin+0x57/0xa0 [ 785.083367][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 785.083367][T20946] get_compat_msghdr+0x108/0x2b0 [ 785.083367][T20946] do_recvmmsg+0xdc1/0x22d0 [ 785.083367][T20946] __sys_recvmmsg+0x519/0x6f0 [ 785.083367][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 785.083367][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 785.083367][T20946] __do_fast_syscall_32+0x102/0x160 [ 785.083367][T20946] do_fast_syscall_32+0x6a/0xc0 [ 785.083367][T20946] do_SYSENTER_32+0x73/0x90 [ 785.083367][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 785.083367][T20946] [ 785.083367][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 785.083367][T20946] do_recvmmsg+0xbf/0x22d0 [ 785.083367][T20946] do_recvmmsg+0xbf/0x22d0 [ 786.487904][T20946] not chained 410000 origins [ 786.493306][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 786.493306][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.507911][T20946] Call Trace: [ 786.507911][T20946] dump_stack+0x21c/0x280 [ 786.507911][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 786.507911][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 786.507911][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 786.507911][T20946] ? kmsan_get_metadata+0x116/0x180 [ 786.507911][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 786.507911][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 786.507911][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 786.507911][T20946] ? kmsan_get_metadata+0x116/0x180 [ 786.507911][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 786.507911][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 786.507911][T20946] ? kmsan_get_metadata+0x116/0x180 [ 786.507911][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 786.507911][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 786.507911][T20946] ? _copy_from_user+0x1fd/0x300 [ 786.507911][T20946] ? kmsan_get_metadata+0x116/0x180 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 786.507911][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 786.507911][T20946] ? kmsan_get_metadata+0x116/0x180 [ 786.507911][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 786.507911][T20946] ? kmsan_get_metadata+0x116/0x180 [ 786.507911][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 786.507911][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 786.507911][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] RIP: 0023:0xf7f1c549 [ 786.507911][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 786.507911][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 786.507911][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 786.507911][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 786.507911][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 786.507911][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 786.507911][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Uninit was stored to memory at: [ 786.507911][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 786.507911][T20946] __msan_chain_origin+0x57/0xa0 [ 786.507911][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 786.507911][T20946] get_compat_msghdr+0x108/0x2b0 [ 786.507911][T20946] do_recvmmsg+0xdc1/0x22d0 [ 786.507911][T20946] __sys_recvmmsg+0x519/0x6f0 [ 786.507911][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 786.507911][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 786.507911][T20946] __do_fast_syscall_32+0x102/0x160 [ 786.507911][T20946] do_fast_syscall_32+0x6a/0xc0 [ 786.507911][T20946] do_SYSENTER_32+0x73/0x90 [ 786.507911][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 786.507911][T20946] [ 786.507911][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 786.507911][T20946] do_recvmmsg+0xbf/0x22d0 [ 786.507911][T20946] do_recvmmsg+0xbf/0x22d0 [ 787.969602][T20946] not chained 420000 origins [ 787.973311][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 787.977088][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.977088][T20946] Call Trace: [ 787.977088][T20946] dump_stack+0x21c/0x280 [ 787.977088][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 787.977088][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 787.977088][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 787.977088][T20946] ? kmsan_get_metadata+0x116/0x180 [ 787.977088][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 787.977088][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 787.977088][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 787.977088][T20946] ? kmsan_get_metadata+0x116/0x180 [ 787.977088][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 787.977088][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 788.092985][T20946] ? kmsan_get_metadata+0x116/0x180 [ 788.092985][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 788.092985][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 788.092985][T20946] ? _copy_from_user+0x1fd/0x300 [ 788.092985][T20946] ? kmsan_get_metadata+0x116/0x180 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 788.092985][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 788.092985][T20946] ? kmsan_get_metadata+0x116/0x180 [ 788.092985][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 788.092985][T20946] ? kmsan_get_metadata+0x116/0x180 [ 788.092985][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 788.092985][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 788.092985][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] RIP: 0023:0xf7f1c549 [ 788.092985][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 788.092985][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 788.092985][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 788.092985][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 788.092985][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 788.092985][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 788.092985][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Uninit was stored to memory at: [ 788.092985][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 788.092985][T20946] __msan_chain_origin+0x57/0xa0 [ 788.092985][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 788.092985][T20946] get_compat_msghdr+0x108/0x2b0 [ 788.092985][T20946] do_recvmmsg+0xdc1/0x22d0 [ 788.092985][T20946] __sys_recvmmsg+0x519/0x6f0 [ 788.092985][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 788.092985][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 788.092985][T20946] __do_fast_syscall_32+0x102/0x160 [ 788.092985][T20946] do_fast_syscall_32+0x6a/0xc0 [ 788.092985][T20946] do_SYSENTER_32+0x73/0x90 [ 788.092985][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 788.092985][T20946] [ 788.092985][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 788.092985][T20946] do_recvmmsg+0xbf/0x22d0 [ 788.092985][T20946] do_recvmmsg+0xbf/0x22d0 [ 789.634253][T20946] not chained 430000 origins [ 789.641508][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 789.643327][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.643327][T20946] Call Trace: [ 789.643327][T20946] dump_stack+0x21c/0x280 [ 789.683351][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 789.683351][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 789.683351][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 789.683351][T20946] ? kmsan_get_metadata+0x116/0x180 [ 789.683351][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 789.683351][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 789.683351][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 789.683351][T20946] ? kmsan_get_metadata+0x116/0x180 [ 789.683351][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 789.683351][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 789.683351][T20946] ? kmsan_get_metadata+0x116/0x180 [ 789.683351][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 789.683351][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 789.683351][T20946] ? _copy_from_user+0x1fd/0x300 [ 789.683351][T20946] ? kmsan_get_metadata+0x116/0x180 [ 789.683351][T20946] __msan_chain_origin+0x57/0xa0 [ 789.683351][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 789.683351][T20946] get_compat_msghdr+0x108/0x2b0 [ 789.683351][T20946] do_recvmmsg+0xdc1/0x22d0 [ 789.683351][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 789.683351][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 789.683351][T20946] ? kmsan_get_metadata+0x116/0x180 [ 789.683351][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 789.683351][T20946] ? kmsan_get_metadata+0x116/0x180 [ 789.683351][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 789.683351][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 789.683351][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 789.683351][T20946] __sys_recvmmsg+0x519/0x6f0 [ 789.683351][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 789.683351][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 789.683351][T20946] __do_fast_syscall_32+0x102/0x160 [ 789.683351][T20946] do_fast_syscall_32+0x6a/0xc0 [ 789.683351][T20946] do_SYSENTER_32+0x73/0x90 [ 789.683351][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 789.683351][T20946] RIP: 0023:0xf7f1c549 [ 789.683351][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 789.683351][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 789.683351][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 789.683351][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 789.683351][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 789.683351][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 789.683351][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 789.683351][T20946] Uninit was stored to memory at: [ 789.683351][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 789.683351][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Uninit was stored to memory at: [ 790.090235][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 790.090235][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Uninit was stored to memory at: [ 790.090235][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 790.090235][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Uninit was stored to memory at: [ 790.090235][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 790.090235][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Uninit was stored to memory at: [ 790.090235][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 790.090235][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Uninit was stored to memory at: [ 790.090235][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 790.090235][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Uninit was stored to memory at: [ 790.090235][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 790.090235][T20946] __msan_chain_origin+0x57/0xa0 [ 790.090235][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 790.090235][T20946] get_compat_msghdr+0x108/0x2b0 [ 790.090235][T20946] do_recvmmsg+0xdc1/0x22d0 [ 790.090235][T20946] __sys_recvmmsg+0x519/0x6f0 [ 790.090235][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 790.090235][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 790.090235][T20946] __do_fast_syscall_32+0x102/0x160 [ 790.090235][T20946] do_fast_syscall_32+0x6a/0xc0 [ 790.090235][T20946] do_SYSENTER_32+0x73/0x90 [ 790.090235][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 790.090235][T20946] [ 790.090235][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 790.090235][T20946] do_recvmmsg+0xbf/0x22d0 [ 790.090235][T20946] do_recvmmsg+0xbf/0x22d0 [ 791.141854][T20946] not chained 440000 origins [ 791.143285][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 791.143285][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.143285][T20946] Call Trace: [ 791.143285][T20946] dump_stack+0x21c/0x280 [ 791.143285][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 791.143285][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 791.143285][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 791.215838][T20946] ? kmsan_get_metadata+0x116/0x180 [ 791.215838][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 791.215838][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 791.215838][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 791.215838][T20946] ? kmsan_get_metadata+0x116/0x180 [ 791.215838][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 791.215838][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 791.215838][T20946] ? kmsan_get_metadata+0x116/0x180 [ 791.215838][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 791.215838][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 791.215838][T20946] ? _copy_from_user+0x1fd/0x300 [ 791.215838][T20946] ? kmsan_get_metadata+0x116/0x180 [ 791.215838][T20946] __msan_chain_origin+0x57/0xa0 [ 791.215838][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 791.215838][T20946] get_compat_msghdr+0x108/0x2b0 [ 791.215838][T20946] do_recvmmsg+0xdc1/0x22d0 [ 791.215838][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 791.215838][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 791.215838][T20946] ? kmsan_get_metadata+0x116/0x180 [ 791.215838][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 791.215838][T20946] ? kmsan_get_metadata+0x116/0x180 [ 791.215838][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 791.215838][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 791.215838][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 791.215838][T20946] __sys_recvmmsg+0x519/0x6f0 [ 791.215838][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 791.215838][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 791.215838][T20946] __do_fast_syscall_32+0x102/0x160 [ 791.215838][T20946] do_fast_syscall_32+0x6a/0xc0 [ 791.215838][T20946] do_SYSENTER_32+0x73/0x90 [ 791.215838][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 791.215838][T20946] RIP: 0023:0xf7f1c549 [ 791.215838][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 791.215838][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 791.215838][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 791.215838][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 791.215838][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 791.215838][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 791.215838][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 791.215838][T20946] Uninit was stored to memory at: [ 791.215838][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 791.215838][T20946] __msan_chain_origin+0x57/0xa0 [ 791.215838][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 791.215838][T20946] get_compat_msghdr+0x108/0x2b0 [ 791.215838][T20946] do_recvmmsg+0xdc1/0x22d0 [ 791.215838][T20946] __sys_recvmmsg+0x519/0x6f0 [ 791.215838][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 791.215838][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 791.215838][T20946] __do_fast_syscall_32+0x102/0x160 [ 791.215838][T20946] do_fast_syscall_32+0x6a/0xc0 [ 791.215838][T20946] do_SYSENTER_32+0x73/0x90 [ 791.215838][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 791.215838][T20946] [ 791.215838][T20946] Uninit was stored to memory at: [ 791.215838][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 791.215838][T20946] __msan_chain_origin+0x57/0xa0 [ 791.215838][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 791.215838][T20946] get_compat_msghdr+0x108/0x2b0 [ 791.215838][T20946] do_recvmmsg+0xdc1/0x22d0 [ 791.215838][T20946] __sys_recvmmsg+0x519/0x6f0 [ 791.215838][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 791.215838][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 791.215838][T20946] __do_fast_syscall_32+0x102/0x160 [ 791.215838][T20946] do_fast_syscall_32+0x6a/0xc0 [ 791.215838][T20946] do_SYSENTER_32+0x73/0x90 [ 791.215838][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 791.215838][T20946] [ 791.215838][T20946] Uninit was stored to memory at: [ 791.215838][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 791.215838][T20946] __msan_chain_origin+0x57/0xa0 [ 791.215838][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 791.215838][T20946] get_compat_msghdr+0x108/0x2b0 [ 791.215838][T20946] do_recvmmsg+0xdc1/0x22d0 [ 791.215838][T20946] __sys_recvmmsg+0x519/0x6f0 [ 791.215838][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 791.215838][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 791.215838][T20946] __do_fast_syscall_32+0x102/0x160 [ 791.215838][T20946] do_fast_syscall_32+0x6a/0xc0 [ 791.215838][T20946] do_SYSENTER_32+0x73/0x90 [ 791.215838][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 791.215838][T20946] [ 791.215838][T20946] Uninit was stored to memory at: [ 791.936980][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 791.936980][T20946] __msan_chain_origin+0x57/0xa0 [ 791.936980][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 791.936980][T20946] get_compat_msghdr+0x108/0x2b0 [ 791.936980][T20946] do_recvmmsg+0xdc1/0x22d0 [ 791.974937][T20946] __sys_recvmmsg+0x519/0x6f0 [ 791.974937][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 791.974937][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.004515][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.004515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.004515][T20946] do_SYSENTER_32+0x73/0x90 [ 792.004515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.004515][T20946] [ 792.004515][T20946] Uninit was stored to memory at: [ 792.004515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.004515][T20946] __msan_chain_origin+0x57/0xa0 [ 792.004515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.004515][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.004515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.004515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.004515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.004515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.004515][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.004515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.004515][T20946] do_SYSENTER_32+0x73/0x90 [ 792.004515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.004515][T20946] [ 792.004515][T20946] Uninit was stored to memory at: [ 792.004515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.004515][T20946] __msan_chain_origin+0x57/0xa0 [ 792.004515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.004515][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.004515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.004515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.004515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.004515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.004515][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.004515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.004515][T20946] do_SYSENTER_32+0x73/0x90 [ 792.004515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.004515][T20946] [ 792.004515][T20946] Uninit was stored to memory at: [ 792.004515][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.004515][T20946] __msan_chain_origin+0x57/0xa0 [ 792.004515][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.004515][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.004515][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.004515][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.004515][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.004515][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.004515][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.004515][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.004515][T20946] do_SYSENTER_32+0x73/0x90 [ 792.004515][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.004515][T20946] [ 792.004515][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 792.004515][T20946] do_recvmmsg+0xbf/0x22d0 [ 792.004515][T20946] do_recvmmsg+0xbf/0x22d0 [ 792.788715][T20946] not chained 450000 origins [ 792.793311][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 792.797530][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.807181][T20946] Call Trace: [ 792.807181][T20946] dump_stack+0x21c/0x280 [ 792.807181][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 792.807181][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 792.807181][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 792.807181][T20946] ? kmsan_get_metadata+0x116/0x180 [ 792.807181][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 792.807181][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 792.807181][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 792.807181][T20946] ? kmsan_get_metadata+0x116/0x180 [ 792.807181][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 792.807181][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 792.807181][T20946] ? kmsan_get_metadata+0x116/0x180 [ 792.807181][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 792.807181][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 792.807181][T20946] ? _copy_from_user+0x1fd/0x300 [ 792.807181][T20946] ? kmsan_get_metadata+0x116/0x180 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 792.807181][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 792.807181][T20946] ? kmsan_get_metadata+0x116/0x180 [ 792.807181][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 792.807181][T20946] ? kmsan_get_metadata+0x116/0x180 [ 792.807181][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 792.807181][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 792.807181][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] RIP: 0023:0xf7f1c549 [ 792.807181][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 792.807181][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 792.807181][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 792.807181][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 792.807181][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 792.807181][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 792.807181][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Uninit was stored to memory at: [ 792.807181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 792.807181][T20946] __msan_chain_origin+0x57/0xa0 [ 792.807181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 792.807181][T20946] get_compat_msghdr+0x108/0x2b0 [ 792.807181][T20946] do_recvmmsg+0xdc1/0x22d0 [ 792.807181][T20946] __sys_recvmmsg+0x519/0x6f0 [ 792.807181][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 792.807181][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 792.807181][T20946] __do_fast_syscall_32+0x102/0x160 [ 792.807181][T20946] do_fast_syscall_32+0x6a/0xc0 [ 792.807181][T20946] do_SYSENTER_32+0x73/0x90 [ 792.807181][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 792.807181][T20946] [ 792.807181][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 792.807181][T20946] do_recvmmsg+0xbf/0x22d0 [ 792.807181][T20946] do_recvmmsg+0xbf/0x22d0 [ 794.299249][T20946] not chained 460000 origins [ 794.303283][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 794.303283][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.303283][T20946] Call Trace: [ 794.303283][T20946] dump_stack+0x21c/0x280 [ 794.303283][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 794.303283][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 794.303283][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 794.303283][T20946] ? kmsan_get_metadata+0x116/0x180 [ 794.303283][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 794.303283][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 794.389602][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 794.389602][T20946] ? kmsan_get_metadata+0x116/0x180 [ 794.389602][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 794.389602][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 794.389602][T20946] ? kmsan_get_metadata+0x116/0x180 [ 794.389602][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 794.435740][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 794.435740][T20946] ? _copy_from_user+0x1fd/0x300 [ 794.435740][T20946] ? kmsan_get_metadata+0x116/0x180 [ 794.435740][T20946] __msan_chain_origin+0x57/0xa0 [ 794.465707][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 794.465707][T20946] get_compat_msghdr+0x108/0x2b0 [ 794.465707][T20946] do_recvmmsg+0xdc1/0x22d0 [ 794.465707][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 794.465707][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 794.465707][T20946] ? kmsan_get_metadata+0x116/0x180 [ 794.465707][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 794.465707][T20946] ? kmsan_get_metadata+0x116/0x180 [ 794.465707][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 794.465707][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 794.465707][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 794.465707][T20946] __sys_recvmmsg+0x519/0x6f0 [ 794.465707][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 794.465707][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 794.465707][T20946] __do_fast_syscall_32+0x102/0x160 [ 794.465707][T20946] do_fast_syscall_32+0x6a/0xc0 [ 794.465707][T20946] do_SYSENTER_32+0x73/0x90 [ 794.465707][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 794.465707][T20946] RIP: 0023:0xf7f1c549 [ 794.465707][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 794.465707][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 794.465707][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 794.465707][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 794.465707][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 794.465707][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 794.465707][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 794.465707][T20946] Uninit was stored to memory at: [ 794.465707][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 794.465707][T20946] __msan_chain_origin+0x57/0xa0 [ 794.465707][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 794.465707][T20946] get_compat_msghdr+0x108/0x2b0 [ 794.465707][T20946] do_recvmmsg+0xdc1/0x22d0 [ 794.465707][T20946] __sys_recvmmsg+0x519/0x6f0 [ 794.465707][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 794.465707][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 794.465707][T20946] __do_fast_syscall_32+0x102/0x160 [ 794.465707][T20946] do_fast_syscall_32+0x6a/0xc0 [ 794.465707][T20946] do_SYSENTER_32+0x73/0x90 [ 794.465707][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 794.465707][T20946] [ 794.465707][T20946] Uninit was stored to memory at: [ 794.465707][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 794.465707][T20946] __msan_chain_origin+0x57/0xa0 [ 794.465707][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 794.465707][T20946] get_compat_msghdr+0x108/0x2b0 [ 794.465707][T20946] do_recvmmsg+0xdc1/0x22d0 [ 794.465707][T20946] __sys_recvmmsg+0x519/0x6f0 [ 794.465707][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 794.465707][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 794.465707][T20946] __do_fast_syscall_32+0x102/0x160 [ 794.465707][T20946] do_fast_syscall_32+0x6a/0xc0 [ 794.465707][T20946] do_SYSENTER_32+0x73/0x90 [ 794.465707][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 794.465707][T20946] [ 794.465707][T20946] Uninit was stored to memory at: [ 794.465707][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 794.465707][T20946] __msan_chain_origin+0x57/0xa0 [ 794.465707][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 794.465707][T20946] get_compat_msghdr+0x108/0x2b0 [ 794.465707][T20946] do_recvmmsg+0xdc1/0x22d0 [ 794.465707][T20946] __sys_recvmmsg+0x519/0x6f0 [ 794.465707][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 794.465707][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 794.465707][T20946] __do_fast_syscall_32+0x102/0x160 [ 794.465707][T20946] do_fast_syscall_32+0x6a/0xc0 [ 794.465707][T20946] do_SYSENTER_32+0x73/0x90 [ 794.465707][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 794.465707][T20946] [ 794.465707][T20946] Uninit was stored to memory at: [ 794.465707][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 794.465707][T20946] __msan_chain_origin+0x57/0xa0 [ 794.465707][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 794.465707][T20946] get_compat_msghdr+0x108/0x2b0 [ 794.465707][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.047620][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.047620][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.047620][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.047620][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.047620][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.047620][T20946] do_SYSENTER_32+0x73/0x90 [ 795.047620][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.047620][T20946] [ 795.047620][T20946] Uninit was stored to memory at: [ 795.047620][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.047620][T20946] __msan_chain_origin+0x57/0xa0 [ 795.047620][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.047620][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.047620][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.047620][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.047620][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.047620][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.047620][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.047620][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.047620][T20946] do_SYSENTER_32+0x73/0x90 [ 795.047620][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.047620][T20946] [ 795.047620][T20946] Uninit was stored to memory at: [ 795.047620][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.047620][T20946] __msan_chain_origin+0x57/0xa0 [ 795.047620][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.047620][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.047620][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.047620][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.047620][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.047620][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.047620][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.047620][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.047620][T20946] do_SYSENTER_32+0x73/0x90 [ 795.047620][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.047620][T20946] [ 795.047620][T20946] Uninit was stored to memory at: [ 795.047620][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.047620][T20946] __msan_chain_origin+0x57/0xa0 [ 795.047620][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.047620][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.047620][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.047620][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.047620][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.047620][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.047620][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.047620][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.047620][T20946] do_SYSENTER_32+0x73/0x90 [ 795.047620][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.047620][T20946] [ 795.047620][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 795.047620][T20946] do_recvmmsg+0xbf/0x22d0 [ 795.047620][T20946] do_recvmmsg+0xbf/0x22d0 [ 795.695634][T20946] not chained 470000 origins [ 795.703304][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 795.703304][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.703304][T20946] Call Trace: [ 795.703304][T20946] dump_stack+0x21c/0x280 [ 795.703304][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 795.703304][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 795.703304][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 795.703304][T20946] ? kmsan_get_metadata+0x116/0x180 [ 795.703304][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 795.703304][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 795.703304][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 795.703304][T20946] ? kmsan_get_metadata+0x116/0x180 [ 795.703304][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 795.703304][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 795.703304][T20946] ? kmsan_get_metadata+0x116/0x180 [ 795.703304][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 795.703304][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 795.703304][T20946] ? _copy_from_user+0x1fd/0x300 [ 795.703304][T20946] ? kmsan_get_metadata+0x116/0x180 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 795.703304][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 795.703304][T20946] ? kmsan_get_metadata+0x116/0x180 [ 795.703304][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 795.703304][T20946] ? kmsan_get_metadata+0x116/0x180 [ 795.703304][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 795.703304][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 795.703304][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] RIP: 0023:0xf7f1c549 [ 795.703304][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 795.703304][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 795.703304][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 795.703304][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 795.703304][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 795.703304][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 795.703304][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Uninit was stored to memory at: [ 795.703304][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 795.703304][T20946] __msan_chain_origin+0x57/0xa0 [ 795.703304][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 795.703304][T20946] get_compat_msghdr+0x108/0x2b0 [ 795.703304][T20946] do_recvmmsg+0xdc1/0x22d0 [ 795.703304][T20946] __sys_recvmmsg+0x519/0x6f0 [ 795.703304][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 795.703304][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 795.703304][T20946] __do_fast_syscall_32+0x102/0x160 [ 795.703304][T20946] do_fast_syscall_32+0x6a/0xc0 [ 795.703304][T20946] do_SYSENTER_32+0x73/0x90 [ 795.703304][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 795.703304][T20946] [ 795.703304][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 795.703304][T20946] do_recvmmsg+0xbf/0x22d0 [ 795.703304][T20946] do_recvmmsg+0xbf/0x22d0 [ 797.171508][T20946] not chained 480000 origins [ 797.173285][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 797.173285][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.173285][T20946] Call Trace: [ 797.173285][T20946] dump_stack+0x21c/0x280 [ 797.173285][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 797.173285][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 797.173285][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 797.173285][T20946] ? kmsan_get_metadata+0x116/0x180 [ 797.256692][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 797.256692][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 797.256692][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 797.256692][T20946] ? kmsan_get_metadata+0x116/0x180 [ 797.256692][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 797.256692][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 797.256692][T20946] ? kmsan_get_metadata+0x116/0x180 [ 797.256692][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 797.256692][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 797.256692][T20946] ? _copy_from_user+0x1fd/0x300 [ 797.256692][T20946] ? kmsan_get_metadata+0x116/0x180 [ 797.256692][T20946] __msan_chain_origin+0x57/0xa0 [ 797.256692][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 797.256692][T20946] get_compat_msghdr+0x108/0x2b0 [ 797.256692][T20946] do_recvmmsg+0xdc1/0x22d0 [ 797.256692][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 797.256692][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 797.256692][T20946] ? kmsan_get_metadata+0x116/0x180 [ 797.256692][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 797.256692][T20946] ? kmsan_get_metadata+0x116/0x180 [ 797.256692][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 797.256692][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 797.256692][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 797.256692][T20946] __sys_recvmmsg+0x519/0x6f0 [ 797.256692][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 797.256692][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 797.256692][T20946] __do_fast_syscall_32+0x102/0x160 [ 797.256692][T20946] do_fast_syscall_32+0x6a/0xc0 [ 797.256692][T20946] do_SYSENTER_32+0x73/0x90 [ 797.256692][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 797.256692][T20946] RIP: 0023:0xf7f1c549 [ 797.256692][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 797.256692][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 797.256692][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 797.256692][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 797.256692][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 797.256692][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 797.256692][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 797.256692][T20946] Uninit was stored to memory at: [ 797.256692][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 797.256692][T20946] __msan_chain_origin+0x57/0xa0 [ 797.256692][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 797.256692][T20946] get_compat_msghdr+0x108/0x2b0 [ 797.256692][T20946] do_recvmmsg+0xdc1/0x22d0 [ 797.256692][T20946] __sys_recvmmsg+0x519/0x6f0 [ 797.256692][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 797.256692][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 797.256692][T20946] __do_fast_syscall_32+0x102/0x160 [ 797.256692][T20946] do_fast_syscall_32+0x6a/0xc0 [ 797.256692][T20946] do_SYSENTER_32+0x73/0x90 [ 797.256692][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 797.256692][T20946] [ 797.256692][T20946] Uninit was stored to memory at: [ 797.256692][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 797.256692][T20946] __msan_chain_origin+0x57/0xa0 [ 797.256692][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 797.256692][T20946] get_compat_msghdr+0x108/0x2b0 [ 797.256692][T20946] do_recvmmsg+0xdc1/0x22d0 [ 797.256692][T20946] __sys_recvmmsg+0x519/0x6f0 [ 797.256692][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 797.256692][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 797.256692][T20946] __do_fast_syscall_32+0x102/0x160 [ 797.256692][T20946] do_fast_syscall_32+0x6a/0xc0 [ 797.256692][T20946] do_SYSENTER_32+0x73/0x90 [ 797.256692][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 797.256692][T20946] [ 797.256692][T20946] Uninit was stored to memory at: [ 797.256692][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 797.256692][T20946] __msan_chain_origin+0x57/0xa0 [ 797.256692][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 797.256692][T20946] get_compat_msghdr+0x108/0x2b0 [ 797.256692][T20946] do_recvmmsg+0xdc1/0x22d0 [ 797.256692][T20946] __sys_recvmmsg+0x519/0x6f0 [ 797.256692][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 797.256692][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 797.256692][T20946] __do_fast_syscall_32+0x102/0x160 [ 797.256692][T20946] do_fast_syscall_32+0x6a/0xc0 [ 797.256692][T20946] do_SYSENTER_32+0x73/0x90 [ 797.927724][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 797.927724][T20946] [ 797.927724][T20946] Uninit was stored to memory at: [ 797.927724][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 797.927724][T20946] __msan_chain_origin+0x57/0xa0 [ 797.927724][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 797.927724][T20946] get_compat_msghdr+0x108/0x2b0 [ 797.985038][T20946] do_recvmmsg+0xdc1/0x22d0 [ 797.985038][T20946] __sys_recvmmsg+0x519/0x6f0 [ 797.985038][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 797.985038][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 797.985038][T20946] __do_fast_syscall_32+0x102/0x160 [ 797.985038][T20946] do_fast_syscall_32+0x6a/0xc0 [ 797.985038][T20946] do_SYSENTER_32+0x73/0x90 [ 798.023427][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 798.023427][T20946] [ 798.023427][T20946] Uninit was stored to memory at: [ 798.023427][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 798.023427][T20946] __msan_chain_origin+0x57/0xa0 [ 798.023427][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 798.023427][T20946] get_compat_msghdr+0x108/0x2b0 [ 798.023427][T20946] do_recvmmsg+0xdc1/0x22d0 [ 798.023427][T20946] __sys_recvmmsg+0x519/0x6f0 [ 798.023427][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 798.023427][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 798.023427][T20946] __do_fast_syscall_32+0x102/0x160 [ 798.023427][T20946] do_fast_syscall_32+0x6a/0xc0 [ 798.023427][T20946] do_SYSENTER_32+0x73/0x90 [ 798.023427][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 798.023427][T20946] [ 798.023427][T20946] Uninit was stored to memory at: [ 798.023427][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 798.023427][T20946] __msan_chain_origin+0x57/0xa0 [ 798.023427][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 798.023427][T20946] get_compat_msghdr+0x108/0x2b0 [ 798.023427][T20946] do_recvmmsg+0xdc1/0x22d0 [ 798.197889][T20946] __sys_recvmmsg+0x519/0x6f0 [ 798.197889][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 798.197889][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 798.197889][T20946] __do_fast_syscall_32+0x102/0x160 [ 798.228890][T20946] do_fast_syscall_32+0x6a/0xc0 [ 798.228890][T20946] do_SYSENTER_32+0x73/0x90 [ 798.228890][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 798.228890][T20946] [ 798.258512][T20946] Uninit was stored to memory at: [ 798.258512][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 798.258512][T20946] __msan_chain_origin+0x57/0xa0 [ 798.258512][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 798.258512][T20946] get_compat_msghdr+0x108/0x2b0 [ 798.258512][T20946] do_recvmmsg+0xdc1/0x22d0 [ 798.258512][T20946] __sys_recvmmsg+0x519/0x6f0 [ 798.315908][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 798.315908][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 798.315908][T20946] __do_fast_syscall_32+0x102/0x160 [ 798.315908][T20946] do_fast_syscall_32+0x6a/0xc0 [ 798.346830][T20946] do_SYSENTER_32+0x73/0x90 [ 798.346830][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 798.346830][T20946] [ 798.346830][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 798.376461][T20946] do_recvmmsg+0xbf/0x22d0 [ 798.376461][T20946] do_recvmmsg+0xbf/0x22d0 [ 798.677374][T20946] not chained 490000 origins [ 798.683279][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 798.691847][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.691847][T20946] Call Trace: [ 798.691847][T20946] dump_stack+0x21c/0x280 [ 798.691847][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 798.691847][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 798.691847][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 798.691847][T20946] ? kmsan_get_metadata+0x116/0x180 [ 798.691847][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 798.765655][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 798.765655][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 798.765655][T20946] ? kmsan_get_metadata+0x116/0x180 [ 798.795357][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 798.795357][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 798.795357][T20946] ? kmsan_get_metadata+0x116/0x180 [ 798.823480][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 798.823480][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 798.823480][T20946] ? _copy_from_user+0x1fd/0x300 [ 798.823480][T20946] ? kmsan_get_metadata+0x116/0x180 [ 798.823480][T20946] __msan_chain_origin+0x57/0xa0 [ 798.859100][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 798.859100][T20946] get_compat_msghdr+0x108/0x2b0 [ 798.859100][T20946] do_recvmmsg+0xdc1/0x22d0 [ 798.859100][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 798.859100][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 798.859100][T20946] ? kmsan_get_metadata+0x116/0x180 [ 798.859100][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 798.919921][T20946] ? kmsan_get_metadata+0x116/0x180 [ 798.919921][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 798.919921][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 798.946330][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 798.946330][T20946] __sys_recvmmsg+0x519/0x6f0 [ 798.946330][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 798.946330][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 798.977324][T20946] __do_fast_syscall_32+0x102/0x160 [ 798.977324][T20946] do_fast_syscall_32+0x6a/0xc0 [ 798.977324][T20946] do_SYSENTER_32+0x73/0x90 [ 798.977324][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.009146][T20946] RIP: 0023:0xf7f1c549 [ 799.009146][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 799.036711][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 799.036711][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 799.065371][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 799.065371][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 799.065371][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 799.100127][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 799.100127][T20946] Uninit was stored to memory at: [ 799.100127][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.100127][T20946] __msan_chain_origin+0x57/0xa0 [ 799.124093][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.124093][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.124093][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.124093][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.124093][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.124093][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.124093][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.124093][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.124093][T20946] do_SYSENTER_32+0x73/0x90 [ 799.124093][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.124093][T20946] [ 799.124093][T20946] Uninit was stored to memory at: [ 799.124093][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.124093][T20946] __msan_chain_origin+0x57/0xa0 [ 799.124093][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.124093][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.124093][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.124093][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.124093][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.278745][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.278745][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.278745][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.306706][T20946] do_SYSENTER_32+0x73/0x90 [ 799.306706][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.306706][T20946] [ 799.306706][T20946] Uninit was stored to memory at: [ 799.306706][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.339328][T20946] __msan_chain_origin+0x57/0xa0 [ 799.339328][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.339328][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.365339][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.365339][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.365339][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.393409][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.393409][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.393409][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.393409][T20946] do_SYSENTER_32+0x73/0x90 [ 799.393409][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.430221][T20946] [ 799.430221][T20946] Uninit was stored to memory at: [ 799.430221][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.459122][T20946] __msan_chain_origin+0x57/0xa0 [ 799.459122][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.459122][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.459122][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.490364][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.490364][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.490364][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.514848][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.514848][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.514848][T20946] do_SYSENTER_32+0x73/0x90 [ 799.544727][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.544727][T20946] [ 799.544727][T20946] Uninit was stored to memory at: [ 799.544727][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.580506][T20946] __msan_chain_origin+0x57/0xa0 [ 799.580506][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.580506][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.604656][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.604656][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.604656][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.604656][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.637636][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.637636][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.637636][T20946] do_SYSENTER_32+0x73/0x90 [ 799.666239][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.666239][T20946] [ 799.666239][T20946] Uninit was stored to memory at: [ 799.694181][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.694181][T20946] __msan_chain_origin+0x57/0xa0 [ 799.694181][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.694181][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.729710][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.729710][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.729710][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.759375][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.759375][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.759375][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.759375][T20946] do_SYSENTER_32+0x73/0x90 [ 799.759375][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.759375][T20946] [ 799.759375][T20946] Uninit was stored to memory at: [ 799.759375][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 799.759375][T20946] __msan_chain_origin+0x57/0xa0 [ 799.759375][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 799.759375][T20946] get_compat_msghdr+0x108/0x2b0 [ 799.834763][T20946] do_recvmmsg+0xdc1/0x22d0 [ 799.834763][T20946] __sys_recvmmsg+0x519/0x6f0 [ 799.834763][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 799.834763][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 799.834763][T20946] __do_fast_syscall_32+0x102/0x160 [ 799.834763][T20946] do_fast_syscall_32+0x6a/0xc0 [ 799.834763][T20946] do_SYSENTER_32+0x73/0x90 [ 799.834763][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 799.903802][T20946] [ 799.903802][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 799.903802][T20946] do_recvmmsg+0xbf/0x22d0 [ 799.903802][T20946] do_recvmmsg+0xbf/0x22d0 [ 800.223170][T20946] not chained 500000 origins [ 800.232521][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 800.232521][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.232521][T20946] Call Trace: [ 800.232521][T20946] dump_stack+0x21c/0x280 [ 800.232521][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 800.232521][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 800.232521][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 800.232521][T20946] ? kmsan_get_metadata+0x116/0x180 [ 800.232521][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 800.232521][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 800.232521][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 800.232521][T20946] ? kmsan_get_metadata+0x116/0x180 [ 800.232521][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 800.232521][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 800.232521][T20946] ? kmsan_get_metadata+0x116/0x180 [ 800.232521][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 800.232521][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 800.232521][T20946] ? _copy_from_user+0x1fd/0x300 [ 800.232521][T20946] ? kmsan_get_metadata+0x116/0x180 [ 800.232521][T20946] __msan_chain_origin+0x57/0xa0 [ 800.232521][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 800.232521][T20946] get_compat_msghdr+0x108/0x2b0 [ 800.232521][T20946] do_recvmmsg+0xdc1/0x22d0 [ 800.232521][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 800.232521][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 800.232521][T20946] ? kmsan_get_metadata+0x116/0x180 [ 800.232521][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 800.232521][T20946] ? kmsan_get_metadata+0x116/0x180 [ 800.232521][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 800.232521][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 800.232521][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 800.232521][T20946] __sys_recvmmsg+0x519/0x6f0 [ 800.232521][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 800.232521][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 800.232521][T20946] __do_fast_syscall_32+0x102/0x160 [ 800.232521][T20946] do_fast_syscall_32+0x6a/0xc0 [ 800.232521][T20946] do_SYSENTER_32+0x73/0x90 [ 800.232521][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 800.232521][T20946] RIP: 0023:0xf7f1c549 [ 800.232521][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 800.232521][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 800.232521][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 800.232521][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 800.232521][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 800.232521][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 800.232521][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 800.232521][T20946] Uninit was stored to memory at: [ 800.232521][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 800.232521][T20946] __msan_chain_origin+0x57/0xa0 [ 800.232521][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 800.232521][T20946] get_compat_msghdr+0x108/0x2b0 [ 800.232521][T20946] do_recvmmsg+0xdc1/0x22d0 [ 800.232521][T20946] __sys_recvmmsg+0x519/0x6f0 [ 800.232521][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 800.232521][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 800.232521][T20946] __do_fast_syscall_32+0x102/0x160 [ 800.232521][T20946] do_fast_syscall_32+0x6a/0xc0 [ 800.232521][T20946] do_SYSENTER_32+0x73/0x90 [ 800.232521][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 800.232521][T20946] [ 800.232521][T20946] Uninit was stored to memory at: [ 800.232521][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 800.232521][T20946] __msan_chain_origin+0x57/0xa0 [ 800.232521][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 800.232521][T20946] get_compat_msghdr+0x108/0x2b0 [ 800.232521][T20946] do_recvmmsg+0xdc1/0x22d0 [ 800.232521][T20946] __sys_recvmmsg+0x519/0x6f0 [ 800.232521][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 800.232521][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 800.232521][T20946] __do_fast_syscall_32+0x102/0x160 [ 800.232521][T20946] do_fast_syscall_32+0x6a/0xc0 [ 800.232521][T20946] do_SYSENTER_32+0x73/0x90 [ 800.232521][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 800.232521][T20946] [ 800.232521][T20946] Uninit was stored to memory at: [ 800.232521][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 800.232521][T20946] __msan_chain_origin+0x57/0xa0 [ 800.232521][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 800.232521][T20946] get_compat_msghdr+0x108/0x2b0 [ 800.232521][T20946] do_recvmmsg+0xdc1/0x22d0 [ 800.232521][T20946] __sys_recvmmsg+0x519/0x6f0 [ 800.232521][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 800.232521][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 800.232521][T20946] __do_fast_syscall_32+0x102/0x160 [ 800.232521][T20946] do_fast_syscall_32+0x6a/0xc0 [ 800.232521][T20946] do_SYSENTER_32+0x73/0x90 [ 800.232521][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 800.232521][T20946] [ 800.232521][T20946] Uninit was stored to memory at: [ 800.232521][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 801.064642][T20946] __msan_chain_origin+0x57/0xa0 [ 801.064642][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 801.075035][T20946] get_compat_msghdr+0x108/0x2b0 [ 801.075035][T20946] do_recvmmsg+0xdc1/0x22d0 [ 801.075035][T20946] __sys_recvmmsg+0x519/0x6f0 [ 801.075035][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 801.075035][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 801.075035][T20946] __do_fast_syscall_32+0x102/0x160 [ 801.075035][T20946] do_fast_syscall_32+0x6a/0xc0 [ 801.075035][T20946] do_SYSENTER_32+0x73/0x90 [ 801.075035][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 801.075035][T20946] [ 801.075035][T20946] Uninit was stored to memory at: [ 801.075035][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 801.075035][T20946] __msan_chain_origin+0x57/0xa0 [ 801.075035][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 801.075035][T20946] get_compat_msghdr+0x108/0x2b0 [ 801.075035][T20946] do_recvmmsg+0xdc1/0x22d0 [ 801.075035][T20946] __sys_recvmmsg+0x519/0x6f0 [ 801.075035][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 801.075035][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 801.075035][T20946] __do_fast_syscall_32+0x102/0x160 [ 801.075035][T20946] do_fast_syscall_32+0x6a/0xc0 [ 801.075035][T20946] do_SYSENTER_32+0x73/0x90 [ 801.075035][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 801.075035][T20946] [ 801.075035][T20946] Uninit was stored to memory at: [ 801.075035][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 801.075035][T20946] __msan_chain_origin+0x57/0xa0 [ 801.075035][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 801.075035][T20946] get_compat_msghdr+0x108/0x2b0 [ 801.075035][T20946] do_recvmmsg+0xdc1/0x22d0 [ 801.075035][T20946] __sys_recvmmsg+0x519/0x6f0 [ 801.075035][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 801.075035][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 801.075035][T20946] __do_fast_syscall_32+0x102/0x160 [ 801.075035][T20946] do_fast_syscall_32+0x6a/0xc0 [ 801.075035][T20946] do_SYSENTER_32+0x73/0x90 [ 801.075035][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 801.075035][T20946] [ 801.075035][T20946] Uninit was stored to memory at: [ 801.075035][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 801.075035][T20946] __msan_chain_origin+0x57/0xa0 [ 801.075035][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 801.075035][T20946] get_compat_msghdr+0x108/0x2b0 [ 801.075035][T20946] do_recvmmsg+0xdc1/0x22d0 [ 801.075035][T20946] __sys_recvmmsg+0x519/0x6f0 [ 801.075035][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 801.075035][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 801.075035][T20946] __do_fast_syscall_32+0x102/0x160 [ 801.075035][T20946] do_fast_syscall_32+0x6a/0xc0 [ 801.075035][T20946] do_SYSENTER_32+0x73/0x90 [ 801.075035][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 801.075035][T20946] [ 801.075035][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 801.075035][T20946] do_recvmmsg+0xbf/0x22d0 [ 801.075035][T20946] do_recvmmsg+0xbf/0x22d0 [ 801.762949][T20946] not chained 510000 origins [ 801.766174][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 801.766174][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.766174][T20946] Call Trace: [ 801.766174][T20946] dump_stack+0x21c/0x280 [ 801.766174][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 801.766174][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 801.766174][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 801.766174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 801.766174][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 801.766174][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 801.766174][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 801.766174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 801.766174][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 801.766174][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 801.766174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 801.766174][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 801.766174][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 801.766174][T20946] ? _copy_from_user+0x1fd/0x300 [ 801.766174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 801.766174][T20946] __msan_chain_origin+0x57/0xa0 [ 801.766174][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 801.766174][T20946] get_compat_msghdr+0x108/0x2b0 [ 801.766174][T20946] do_recvmmsg+0xdc1/0x22d0 [ 801.766174][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 801.766174][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 801.766174][T20946] ? kmsan_get_metadata+0x116/0x180 [ 801.766174][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 802.010805][T20946] ? kmsan_get_metadata+0x116/0x180 [ 802.010805][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 802.010805][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 802.010805][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 802.010805][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.010805][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.010805][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.010805][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.086015][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.086015][T20946] do_SYSENTER_32+0x73/0x90 [ 802.099887][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.099887][T20946] RIP: 0023:0xf7f1c549 [ 802.099887][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 802.099887][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 802.099887][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 802.099887][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 802.172454][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 802.172454][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 802.186907][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 802.186907][T20946] Uninit was stored to memory at: [ 802.186907][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.186907][T20946] __msan_chain_origin+0x57/0xa0 [ 802.186907][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.186907][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.186907][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.186907][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.186907][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.186907][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.186907][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.186907][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.186907][T20946] do_SYSENTER_32+0x73/0x90 [ 802.186907][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.186907][T20946] [ 802.186907][T20946] Uninit was stored to memory at: [ 802.333555][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.333555][T20946] __msan_chain_origin+0x57/0xa0 [ 802.333555][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.333555][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.333555][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.368405][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.368405][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.368405][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.368405][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.400319][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.400319][T20946] do_SYSENTER_32+0x73/0x90 [ 802.400319][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.400319][T20946] [ 802.400319][T20946] Uninit was stored to memory at: [ 802.400319][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.400319][T20946] __msan_chain_origin+0x57/0xa0 [ 802.458791][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.458791][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.458791][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.458791][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.458791][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.458791][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.458791][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.458791][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.458791][T20946] do_SYSENTER_32+0x73/0x90 [ 802.458791][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.543569][T20946] [ 802.543569][T20946] Uninit was stored to memory at: [ 802.543569][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.543569][T20946] __msan_chain_origin+0x57/0xa0 [ 802.543569][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.580195][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.580195][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.580195][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.606682][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.606682][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.606682][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.635307][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.635307][T20946] do_SYSENTER_32+0x73/0x90 [ 802.635307][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.664109][T20946] [ 802.664109][T20946] Uninit was stored to memory at: [ 802.664109][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.664109][T20946] __msan_chain_origin+0x57/0xa0 [ 802.696286][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.696286][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.696286][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.696286][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.726361][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.726361][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.726361][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.755499][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.755499][T20946] do_SYSENTER_32+0x73/0x90 [ 802.755499][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.784153][T20946] [ 802.784153][T20946] Uninit was stored to memory at: [ 802.784153][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.784153][T20946] __msan_chain_origin+0x57/0xa0 [ 802.819307][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.819307][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.819307][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.819307][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.819307][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.819307][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.819307][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.819307][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.819307][T20946] do_SYSENTER_32+0x73/0x90 [ 802.819307][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 802.905342][T20946] [ 802.905342][T20946] Uninit was stored to memory at: [ 802.905342][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 802.905342][T20946] __msan_chain_origin+0x57/0xa0 [ 802.936161][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 802.936161][T20946] get_compat_msghdr+0x108/0x2b0 [ 802.936161][T20946] do_recvmmsg+0xdc1/0x22d0 [ 802.965683][T20946] __sys_recvmmsg+0x519/0x6f0 [ 802.965683][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 802.965683][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 802.994314][T20946] __do_fast_syscall_32+0x102/0x160 [ 802.994314][T20946] do_fast_syscall_32+0x6a/0xc0 [ 802.994314][T20946] do_SYSENTER_32+0x73/0x90 [ 803.023456][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.023456][T20946] [ 803.023456][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 803.023456][T20946] do_recvmmsg+0xbf/0x22d0 [ 803.023456][T20946] do_recvmmsg+0xbf/0x22d0 [ 803.342778][T20946] not chained 520000 origins [ 803.343303][T20946] CPU: 1 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 803.343303][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.343303][T20946] Call Trace: [ 803.343303][T20946] dump_stack+0x21c/0x280 [ 803.343303][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 803.343303][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 803.407040][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 803.407040][T20946] ? kmsan_get_metadata+0x116/0x180 [ 803.407040][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 803.407040][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 803.407040][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 803.407040][T20946] ? kmsan_get_metadata+0x116/0x180 [ 803.407040][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 803.407040][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 803.407040][T20946] ? kmsan_get_metadata+0x116/0x180 [ 803.407040][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 803.407040][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 803.407040][T20946] ? _copy_from_user+0x1fd/0x300 [ 803.407040][T20946] ? kmsan_get_metadata+0x116/0x180 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 803.407040][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 803.407040][T20946] ? kmsan_get_metadata+0x116/0x180 [ 803.407040][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 803.407040][T20946] ? kmsan_get_metadata+0x116/0x180 [ 803.407040][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 803.407040][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 803.407040][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] RIP: 0023:0xf7f1c549 [ 803.407040][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 803.407040][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 803.407040][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 803.407040][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 803.407040][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 803.407040][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 803.407040][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Uninit was stored to memory at: [ 803.407040][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 803.407040][T20946] __msan_chain_origin+0x57/0xa0 [ 803.407040][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 803.407040][T20946] get_compat_msghdr+0x108/0x2b0 [ 803.407040][T20946] do_recvmmsg+0xdc1/0x22d0 [ 803.407040][T20946] __sys_recvmmsg+0x519/0x6f0 [ 803.407040][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 803.407040][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 803.407040][T20946] __do_fast_syscall_32+0x102/0x160 [ 803.407040][T20946] do_fast_syscall_32+0x6a/0xc0 [ 803.407040][T20946] do_SYSENTER_32+0x73/0x90 [ 803.407040][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 803.407040][T20946] [ 803.407040][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 803.407040][T20946] do_recvmmsg+0xbf/0x22d0 [ 803.407040][T20946] do_recvmmsg+0xbf/0x22d0 [ 804.904875][T20946] not chained 530000 origins [ 804.913296][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 804.920483][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.936508][T20946] Call Trace: [ 804.936508][T20946] dump_stack+0x21c/0x280 [ 804.936508][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 804.936508][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 804.936508][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 804.936508][T20946] ? kmsan_get_metadata+0x116/0x180 [ 804.936508][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 804.936508][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 804.936508][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 804.936508][T20946] ? kmsan_get_metadata+0x116/0x180 [ 804.936508][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 804.936508][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 804.936508][T20946] ? kmsan_get_metadata+0x116/0x180 [ 804.936508][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 804.936508][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 804.936508][T20946] ? _copy_from_user+0x1fd/0x300 [ 804.936508][T20946] ? kmsan_get_metadata+0x116/0x180 [ 804.936508][T20946] __msan_chain_origin+0x57/0xa0 [ 804.936508][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 804.936508][T20946] get_compat_msghdr+0x108/0x2b0 [ 804.936508][T20946] do_recvmmsg+0xdc1/0x22d0 [ 804.936508][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 804.936508][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 804.936508][T20946] ? kmsan_get_metadata+0x116/0x180 [ 804.936508][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 804.936508][T20946] ? kmsan_get_metadata+0x116/0x180 [ 804.936508][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 804.936508][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 804.936508][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 804.936508][T20946] __sys_recvmmsg+0x519/0x6f0 [ 804.936508][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 804.936508][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 804.936508][T20946] __do_fast_syscall_32+0x102/0x160 [ 804.936508][T20946] do_fast_syscall_32+0x6a/0xc0 [ 804.936508][T20946] do_SYSENTER_32+0x73/0x90 [ 804.936508][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 804.936508][T20946] RIP: 0023:0xf7f1c549 [ 804.936508][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 804.936508][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 804.936508][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 804.936508][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 804.936508][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 804.936508][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 804.936508][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 804.936508][T20946] Uninit was stored to memory at: [ 805.344246][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.344246][T20946] __msan_chain_origin+0x57/0xa0 [ 805.344246][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 805.344246][T20946] get_compat_msghdr+0x108/0x2b0 [ 805.344246][T20946] do_recvmmsg+0xdc1/0x22d0 [ 805.344246][T20946] __sys_recvmmsg+0x519/0x6f0 [ 805.344246][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 805.344246][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 805.344246][T20946] __do_fast_syscall_32+0x102/0x160 [ 805.344246][T20946] do_fast_syscall_32+0x6a/0xc0 [ 805.344246][T20946] do_SYSENTER_32+0x73/0x90 [ 805.344246][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 805.344246][T20946] [ 805.344246][T20946] Uninit was stored to memory at: [ 805.344246][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.344246][T20946] __msan_chain_origin+0x57/0xa0 [ 805.344246][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 805.344246][T20946] get_compat_msghdr+0x108/0x2b0 [ 805.344246][T20946] do_recvmmsg+0xdc1/0x22d0 [ 805.344246][T20946] __sys_recvmmsg+0x519/0x6f0 [ 805.344246][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 805.344246][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 805.344246][T20946] __do_fast_syscall_32+0x102/0x160 [ 805.344246][T20946] do_fast_syscall_32+0x6a/0xc0 [ 805.344246][T20946] do_SYSENTER_32+0x73/0x90 [ 805.344246][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 805.344246][T20946] [ 805.344246][T20946] Uninit was stored to memory at: [ 805.557886][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.557886][T20946] __msan_chain_origin+0x57/0xa0 [ 805.557886][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 805.557886][T20946] get_compat_msghdr+0x108/0x2b0 [ 805.557886][T20946] do_recvmmsg+0xdc1/0x22d0 [ 805.557886][T20946] __sys_recvmmsg+0x519/0x6f0 [ 805.557886][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 805.557886][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 805.557886][T20946] __do_fast_syscall_32+0x102/0x160 [ 805.557886][T20946] do_fast_syscall_32+0x6a/0xc0 [ 805.557886][T20946] do_SYSENTER_32+0x73/0x90 [ 805.557886][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 805.557886][T20946] [ 805.557886][T20946] Uninit was stored to memory at: [ 805.557886][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.557886][T20946] __msan_chain_origin+0x57/0xa0 [ 805.687722][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 805.687722][T20946] get_compat_msghdr+0x108/0x2b0 [ 805.687722][T20946] do_recvmmsg+0xdc1/0x22d0 [ 805.687722][T20946] __sys_recvmmsg+0x519/0x6f0 [ 805.687722][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 805.687722][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 805.687722][T20946] __do_fast_syscall_32+0x102/0x160 [ 805.738751][T20946] do_fast_syscall_32+0x6a/0xc0 [ 805.738751][T20946] do_SYSENTER_32+0x73/0x90 [ 805.738751][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 805.738751][T20946] [ 805.738751][T20946] Uninit was stored to memory at: [ 805.738751][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.738751][T20946] __msan_chain_origin+0x57/0xa0 [ 805.738751][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 805.738751][T20946] get_compat_msghdr+0x108/0x2b0 [ 805.738751][T20946] do_recvmmsg+0xdc1/0x22d0 [ 805.738751][T20946] __sys_recvmmsg+0x519/0x6f0 [ 805.738751][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 805.738751][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 805.738751][T20946] __do_fast_syscall_32+0x102/0x160 [ 805.738751][T20946] do_fast_syscall_32+0x6a/0xc0 [ 805.738751][T20946] do_SYSENTER_32+0x73/0x90 [ 805.738751][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 805.738751][T20946] [ 805.738751][T20946] Uninit was stored to memory at: [ 805.738751][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.738751][T20946] __msan_chain_origin+0x57/0xa0 [ 805.738751][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 805.738751][T20946] get_compat_msghdr+0x108/0x2b0 [ 805.738751][T20946] do_recvmmsg+0xdc1/0x22d0 [ 805.738751][T20946] __sys_recvmmsg+0x519/0x6f0 [ 805.946374][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 805.946374][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 805.946374][T20946] __do_fast_syscall_32+0x102/0x160 [ 805.946374][T20946] do_fast_syscall_32+0x6a/0xc0 [ 805.946374][T20946] do_SYSENTER_32+0x73/0x90 [ 805.946374][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 805.946374][T20946] [ 805.946374][T20946] Uninit was stored to memory at: [ 805.946374][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 805.946374][T20946] __msan_chain_origin+0x57/0xa0 [ 805.946374][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 806.039923][T20946] get_compat_msghdr+0x108/0x2b0 [ 806.039923][T20946] do_recvmmsg+0xdc1/0x22d0 [ 806.039923][T20946] __sys_recvmmsg+0x519/0x6f0 [ 806.068068][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 806.068068][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 806.085225][T20946] __do_fast_syscall_32+0x102/0x160 [ 806.085225][T20946] do_fast_syscall_32+0x6a/0xc0 [ 806.085225][T20946] do_SYSENTER_32+0x73/0x90 [ 806.085225][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 806.085225][T20946] [ 806.085225][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 806.085225][T20946] do_recvmmsg+0xbf/0x22d0 [ 806.085225][T20946] do_recvmmsg+0xbf/0x22d0 [ 806.455994][T20946] not chained 540000 origins [ 806.463284][T20946] CPU: 0 PID: 20946 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 806.464318][T20946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.464318][T20946] Call Trace: [ 806.464318][T20946] dump_stack+0x21c/0x280 [ 806.464318][T20946] kmsan_internal_chain_origin+0x6f/0x130 [ 806.464318][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 806.464318][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 806.464318][T20946] ? kmsan_get_metadata+0x116/0x180 [ 806.464318][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 806.464318][T20946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 806.464318][T20946] ? unix_dgram_recvmsg+0x1a6f/0x1c80 [ 806.464318][T20946] ? kmsan_get_metadata+0x116/0x180 [ 806.464318][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 806.464318][T20946] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 806.464318][T20946] ? kmsan_get_metadata+0x116/0x180 [ 806.464318][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 806.464318][T20946] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 806.464318][T20946] ? _copy_from_user+0x1fd/0x300 [ 806.464318][T20946] ? kmsan_get_metadata+0x116/0x180 [ 806.464318][T20946] __msan_chain_origin+0x57/0xa0 [ 806.464318][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 806.464318][T20946] get_compat_msghdr+0x108/0x2b0 [ 806.464318][T20946] do_recvmmsg+0xdc1/0x22d0 [ 806.464318][T20946] ? __perf_event_task_sched_out+0x2d07/0x2d90 [ 806.464318][T20946] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 806.464318][T20946] ? kmsan_get_metadata+0x116/0x180 [ 806.464318][T20946] ? kmsan_internal_check_memory+0xb1/0x520 [ 806.464318][T20946] ? kmsan_get_metadata+0x116/0x180 [ 806.464318][T20946] ? kmsan_internal_set_origin+0x85/0xc0 [ 806.725008][T20946] ? __msan_poison_alloca+0xe9/0x110 [ 806.725008][T20946] ? __sys_recvmmsg+0xb5/0x6f0 [ 806.725008][T20946] __sys_recvmmsg+0x519/0x6f0 [ 806.725008][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 806.725008][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 806.725008][T20946] __do_fast_syscall_32+0x102/0x160 [ 806.725008][T20946] do_fast_syscall_32+0x6a/0xc0 [ 806.725008][T20946] do_SYSENTER_32+0x73/0x90 [ 806.725008][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 806.725008][T20946] RIP: 0023:0xf7f1c549 [ 806.725008][T20946] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 806.725008][T20946] RSP: 002b:00000000f55165fc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 806.725008][T20946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 806.725008][T20946] RDX: 000000000400014c RSI: 0000000000000000 RDI: 0000000000000000 [ 806.725008][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 806.725008][T20946] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 806.725008][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 806.725008][T20946] Uninit was stored to memory at: [ 806.725008][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 806.725008][T20946] __msan_chain_origin+0x57/0xa0 [ 806.725008][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 806.725008][T20946] get_compat_msghdr+0x108/0x2b0 [ 806.725008][T20946] do_recvmmsg+0xdc1/0x22d0 [ 806.725008][T20946] __sys_recvmmsg+0x519/0x6f0 [ 806.725008][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 806.725008][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 806.725008][T20946] __do_fast_syscall_32+0x102/0x160 [ 806.725008][T20946] do_fast_syscall_32+0x6a/0xc0 [ 806.725008][T20946] do_SYSENTER_32+0x73/0x90 [ 806.725008][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 806.725008][T20946] [ 806.725008][T20946] Uninit was stored to memory at: [ 806.725008][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 806.725008][T20946] __msan_chain_origin+0x57/0xa0 [ 806.725008][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 806.725008][T20946] get_compat_msghdr+0x108/0x2b0 [ 806.725008][T20946] do_recvmmsg+0xdc1/0x22d0 [ 806.725008][T20946] __sys_recvmmsg+0x519/0x6f0 [ 806.725008][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 807.091191][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 807.091191][T20946] __do_fast_syscall_32+0x102/0x160 [ 807.091191][T20946] do_fast_syscall_32+0x6a/0xc0 [ 807.091191][T20946] do_SYSENTER_32+0x73/0x90 [ 807.091191][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 807.091191][T20946] [ 807.091191][T20946] Uninit was stored to memory at: [ 807.091191][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 807.091191][T20946] __msan_chain_origin+0x57/0xa0 [ 807.091191][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 807.091191][T20946] get_compat_msghdr+0x108/0x2b0 [ 807.091191][T20946] do_recvmmsg+0xdc1/0x22d0 [ 807.091191][T20946] __sys_recvmmsg+0x519/0x6f0 [ 807.187409][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 807.187409][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 807.187409][T20946] __do_fast_syscall_32+0x102/0x160 [ 807.187409][T20946] do_fast_syscall_32+0x6a/0xc0 [ 807.187409][T20946] do_SYSENTER_32+0x73/0x90 [ 807.187409][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 807.187409][T20946] [ 807.187409][T20946] Uninit was stored to memory at: [ 807.187409][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 807.187409][T20946] __msan_chain_origin+0x57/0xa0 [ 807.187409][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 807.187409][T20946] get_compat_msghdr+0x108/0x2b0 [ 807.273584][T20946] do_recvmmsg+0xdc1/0x22d0 [ 807.273584][T20946] __sys_recvmmsg+0x519/0x6f0 [ 807.273584][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 807.273584][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 807.304081][T20946] __do_fast_syscall_32+0x102/0x160 [ 807.304081][T20946] do_fast_syscall_32+0x6a/0xc0 [ 807.304081][T20946] do_SYSENTER_32+0x73/0x90 [ 807.304081][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 807.339872][T20946] [ 807.339872][T20946] Uninit was stored to memory at: [ 807.339872][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 807.339872][T20946] __msan_chain_origin+0x57/0xa0 [ 807.339872][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 807.339872][T20946] get_compat_msghdr+0x108/0x2b0 [ 807.397498][T20946] do_recvmmsg+0xdc1/0x22d0 [ 807.397498][T20946] __sys_recvmmsg+0x519/0x6f0 [ 807.397498][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 807.424516][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 807.424516][T20946] __do_fast_syscall_32+0x102/0x160 [ 807.424516][T20946] do_fast_syscall_32+0x6a/0xc0 [ 807.424516][T20946] do_SYSENTER_32+0x73/0x90 [ 807.454520][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 807.454520][T20946] [ 807.454520][T20946] Uninit was stored to memory at: [ 807.483461][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 807.483461][T20946] __msan_chain_origin+0x57/0xa0 [ 807.483461][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 807.483461][T20946] get_compat_msghdr+0x108/0x2b0 [ 807.516540][T20946] do_recvmmsg+0xdc1/0x22d0 [ 807.516540][T20946] __sys_recvmmsg+0x519/0x6f0 [ 807.516540][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 807.545394][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 807.545394][T20946] __do_fast_syscall_32+0x102/0x160 [ 807.545394][T20946] do_fast_syscall_32+0x6a/0xc0 [ 807.576997][T20946] do_SYSENTER_32+0x73/0x90 [ 807.576997][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 807.576997][T20946] [ 807.603874][T20946] Uninit was stored to memory at: [ 807.603874][T20946] kmsan_internal_chain_origin+0xad/0x130 [ 807.603874][T20946] __msan_chain_origin+0x57/0xa0 [ 807.603874][T20946] __get_compat_msghdr+0x6db/0x9d0 [ 807.603874][T20946] get_compat_msghdr+0x108/0x2b0 [ 807.640496][T20946] do_recvmmsg+0xdc1/0x22d0 [ 807.640496][T20946] __sys_recvmmsg+0x519/0x6f0 [ 807.640496][T20946] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 807.667987][T20946] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 807.667987][T20946] __do_fast_syscall_32+0x102/0x160 [ 807.667987][T20946] do_fast_syscall_32+0x6a/0xc0 [ 807.693419][T20946] do_SYSENTER_32+0x73/0x90 [ 807.693419][T20946] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 807.693419][T20946] [ 807.693419][T20946] Local variable ----msg_sys@do_recvmmsg created at: [ 807.693419][T20946] do_recvmmsg+0xbf/0x22d0 [ 807.725724][T20946] do_recvmmsg+0xbf/0x22d0 [ 808.701536][ T290] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 06:07:49 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x20040, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xee01, 0xee01, 0x0) 06:07:49 executing program 4: open$dir(&(0x7f00000001c0)='./file0\x00', 0x20140, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x2c8400, 0x100) 06:07:49 executing program 1: open$dir(&(0x7f00000001c0)='./file0\x00', 0x20140, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r0) 06:07:49 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:07:49 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002480)='/dev/zero\x00', 0x0, 0x0) getresuid(&(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200)) fchownat(r0, &(0x7f0000000040)='\x00', r1, 0x0, 0x1000) 06:07:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:07:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000007500)='trusted.overlay.redirect\x00', &(0x7f0000007540)='./file0\x00', 0x8, 0x0) 06:07:50 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x133d, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x40) [ 809.262091][ T290] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 06:07:50 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) accept4(r0, 0x0, 0x0, 0x80c00) [ 809.418023][T21007] device bridge40 entered promiscuous mode [ 809.558481][T21005] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:07:50 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 810.063783][ T290] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 06:07:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mtu(r0, 0x0, 0x2, 0x0, 0x0) 06:07:51 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x401, 0x0, 0x0, 0x0, 0x0, "c531a09c38cab780"}) [ 810.682838][ T290] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 810.752806][T21025] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 815.206752][ T290] device hsr_slave_0 left promiscuous mode [ 815.225869][ T290] device hsr_slave_1 left promiscuous mode [ 815.236419][ T290] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 815.244250][ T290] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 815.264680][ T290] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 815.272287][ T290] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 815.316104][ T290] device bridge_slave_1 left promiscuous mode [ 815.323049][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 815.352766][ T290] device bridge_slave_0 left promiscuous mode [ 815.359701][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.413843][ T290] device veth1_macvtap left promiscuous mode [ 815.419990][ T290] device veth0_macvtap left promiscuous mode [ 815.426320][ T290] device veth1_vlan left promiscuous mode [ 815.432214][ T290] device veth0_vlan left promiscuous mode [ 817.051629][ T3161] ieee802154 phy0 wpan0: encryption failed: -22 [ 817.058202][ T3161] ieee802154 phy1 wpan1: encryption failed: -22 [ 820.852872][ T290] team0 (unregistering): Port device team_slave_1 removed [ 820.899279][ T290] team0 (unregistering): Port device team_slave_0 removed [ 820.929485][ T290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 820.983181][ T290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 821.123112][ T290] bond0 (unregistering): Released all slaves [ 821.251480][T21084] IPVS: ftp: loaded support on port[0] = 21 [ 821.670179][T21084] chnl_net:caif_netlink_parms(): no params data found [ 821.979767][T21084] bridge0: port 1(bridge_slave_0) entered blocking state [ 821.988505][T21084] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.998750][T21084] device bridge_slave_0 entered promiscuous mode [ 822.019700][ T8464] Bluetooth: hci2: command 0x0409 tx timeout [ 822.081687][T21084] bridge0: port 2(bridge_slave_1) entered blocking state [ 822.089171][T21084] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.099757][T21084] device bridge_slave_1 entered promiscuous mode [ 822.221900][T21084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 822.244478][T21084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 822.309286][T21084] team0: Port device team_slave_0 added [ 822.330005][T21084] team0: Port device team_slave_1 added [ 822.389195][T21084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 822.396517][T21084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 822.422836][T21084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 822.460212][T21084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 822.469345][T21084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 822.501730][T21084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 822.589771][T21084] device hsr_slave_0 entered promiscuous mode [ 822.602912][T21084] device hsr_slave_1 entered promiscuous mode [ 822.624271][T21084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 822.633560][T21084] Cannot create hsr debugfs directory [ 823.271586][T21084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 823.330005][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 823.352396][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 823.382257][T21084] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.423682][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 823.439278][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 823.448923][T21083] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.456468][T21083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.504226][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 823.521684][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 823.538471][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 823.555870][T21083] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.569060][T21083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 823.583572][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 823.606433][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 823.665937][T21084] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 823.680874][T21084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 823.746576][T21084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 823.766929][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 823.780183][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 823.797068][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 823.814338][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 823.835599][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 823.846727][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 823.864453][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 823.880046][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 823.891475][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 823.907103][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 823.921169][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 823.935433][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 824.091910][T11438] Bluetooth: hci2: command 0x041b tx timeout [ 824.132049][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 824.156353][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 824.221901][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 824.236313][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 824.256286][T21084] device veth0_vlan entered promiscuous mode [ 824.285258][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 824.304183][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 824.329595][T21084] device veth1_vlan entered promiscuous mode [ 824.419872][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 824.432369][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 824.451044][T21084] device veth0_macvtap entered promiscuous mode [ 824.476793][T21084] device veth1_macvtap entered promiscuous mode [ 824.538826][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 824.558645][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.569608][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 824.583511][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.595796][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 824.613801][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.627724][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 824.638658][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.650160][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 824.661649][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.681590][T21084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 824.696599][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 824.706424][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 824.716121][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 824.726452][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 824.764140][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 824.788274][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.799103][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 824.817455][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.828704][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 824.843747][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.855977][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 824.869323][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.881194][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 824.897153][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 824.911573][T21084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 824.924846][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 824.935193][T21083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 825.264346][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 825.272844][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 825.290337][ T2020] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 825.379945][ T110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 825.392329][ T110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 825.408336][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 06:08:06 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) preadv2(r0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0xe) 06:08:06 executing program 1: sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0xfd08fe0292d59ce1) 06:08:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) r2 = syz_open_pts(r1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r0) ioctl$TCSETS(r3, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "542928bb86a7787c32f192953cba198d13837c"}) 06:08:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:08:06 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:06 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendto(r0, 0x0, 0x0, 0x8d0, 0x0, 0xffffffffffffffdf) [ 826.162497][T21327] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 826.174511][ T8464] Bluetooth: hci2: command 0x040f tx timeout [ 826.216521][T21326] device bridge40 entered promiscuous mode 06:08:07 executing program 3: pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) syz_fuse_handle_req(r0, &(0x7f0000000380)="4ad6e438723873c0e825ed4d5511bbfcb52e9eb83c4ce242af3c83000a25cb28a979290fc031df3fa8757fccc2599c44865ded628caa922b4cedce0f5ea818b2f5b01efcbc679d1ef3a171d11d494604eff30c9dd49ac719da1942d9e7d28714f9047609f0602db212b963c7dbfbd81d693293d39fd99b732fcd63cb501ab95e8bdec1f0dfaf80837c30bba0d6f8bfebba6d9dea87a995b88a9d6455e83e8e3185c7b55ad5580abed6cae07fa3887235f882791aa95aa19831d07d51acb2b08165f2ba657926e3e8b0b76d21a62da78d169260f215d846ff5bb9c2bba0fc808f61c2ae72fff63598e18cd070013761b6f3569d310522f66c0d4328bab62915c3970dbda6a28c3e1e34b538a135119e2a325eeb98c3625166bdf3973617fde8bf6c67b4a3cd5561e4f4cfb5a7bcaf887452f5c19ee7a5a6bd6a6ea293d9066a2dbbbb9f94cebb02f24b1c4398f8ed5a66935cd7619710459e5ab4875d6b684a5092dfccf5d6bf96ce28de43b5331fb865ccc5258796a805b50378e2bb09f47b7a6b644f352cf811a3007f825fbb41023334719b8491c47564dbd39855a609f06b02abeb886aa657bc12249036169a290a59e5b0b6f5b810fabb0190a3c7261218520cf1478570ea81249428a090833edf57144fdc379c5cb8c5b7dfb71e525d90bb1e259f9383f4ce3b2d1544d80b17442db2f4057cfa54bc8f6d65506d5430a45fff0643af0f396c050a44c19d5732f4a56a3bef87adbc905a3d150c72449e1cf20c39bc0ebaba204916ca81c766bcd290fe6519df018f9543975f634ac753290627ae57ee320b9422e9e548f9cd12e277df29ee6aa9cf5d836d6ea24e34bea43d789449990bd02ec34801dd6e2764ff7f31970941b801460aacdf4ddafe4761dff5d4e5b875e8ad2a8244a514a53902d759c7dbdfbf245e90cf8fe007d4f3f8e4536d57ec2fe369064da5b59fec0edf5f0f48bf2332c031d655fe77099eaf220fd0efa017236b23b31ec86b9e9f437c4ae6e0902121e3194f875f79ba4ae1c9bd18042f8bb720d8e98057b5b0de3d18fe5908ad48293b7e6c9f82fe83663d9c0be20dca5d87b92b866fed08d8e0892827d919b09d51a76b3c835bf1744ed998e660d0b4156a966c48c75ebb391ad2b4ae53fe4e9455ba16da0bd16a7d48f51d943f706510149a70211308609bac7e467fa459b47ae49e18d84ba49b720e90aaef3485cb7aa9c80313bb0ea4b3ec5ff003281057acea718e215b7e19da57e6d16633d4655ea29df616c0549bfd63739a57a093bc8b5f33531ccd151dab7ed2f4bd76ed9597e2b16f7bd46787ce613b8754bbb5046832cd3d1d8eaa111ee93da0bf2c051f7fba01e90f190b3197c2037be8345786491dd86e9b96dad2601a19afe19a1b0d8933c4e499d1e71bbabd7d163a589d96f3011cfcac81d6fdbfa04a40c3e9e273539fe54ea3fdd69999ac719782bc9902826d81752c1712b52feaf8dc3519219f2087d2ccff6523ec74b22d30ac363d085171235b23277f7d0d97ab8dd3d4f291d28823f543ef50aa76948c22d08945ed5f65d129de866375b4cb51dd4586e709c3b451a4221d0c42f3a40336152b240c793639224128c881e9520952fc3de51f12670bbaa4ebdc467f972977cfcc4db366ee38e08e75239e63518d79c106f882ee96f4553c01160febbe614ad4e765583f663f34dce976b5bc8c0678ffe9054f10396091861f6b183882e9bcd2563546d781010c95ef67e52fde23e371bd1a10fb31cb03f0df3bee77991cf108a875fbccad9155b328b2eeefadb56269a7b089c5d66a2349513775eacd80a94f0ca905a614d1bca3a174df3748cf8167725db125ed913594f582b154726743c215a942c104a122545fdede36557bea48b165c8bf714a0cdc7add2f5c4aafa9e7db813bba0e079094c6edd311b3319805de53a27419905898cb8f3b563ef379b75f36855a6b1f8d277e0e8090cc3ce997e5e03a770fa381eaa0e3019cbb07b8a5fb8c7974cc7de6c57656598f74b5beb63f315ec8015f59f396d5bf4be1970d1d1aba72678cafcca0e09d881e7c69507f59b3df01076a52f0eb8e2aa21b7d09a11041b13a81c782ec043845701f5350f0a7bb94e9747717cce98b6549a2787b830579a56f2e85e7d006fde76d4a8eda68f63e0ddd7e1c0c291bb080502b340a1d1fac18bc921487b1f363555f276e3fd6552b29c0a7fde1d6afd20ba13bc4b8b5bff8a6cefe5b2ccc6ec7e2cc6e2148dddd22327585e83af33b7a989cb46bb643e54759c9dc6ef68db2779ccfa68a7392c94fd5dba05caa8d6a608680834ab3549ee1d610f68fbc6fab80be264e1a2892d8ff560d2c371ff24b6b8232bdfde91fd4ee31ac9a6bc6a9691df1994748da8c988d5e0298c2c1d51520ccee1b968647fb2c91c4992a3de0560c8a8a9cbfdd9305247d27b830d2e9ad23902d21b37e7ca3662c163a2aab7ab96d777dab6e7947862f5318453b6c6dc94bb7dd9a96231c3e5b22822154058cf088eeb7d71c3a817b88673b6384c1e8e715e8a5ce9462c1cd4e7d731cb3f9f5a0d16c0d56a334f3226ebc511c249aa71c0c9bd749e440960b9b03aac1b392d03e9502eac51e3575cfcff4d899014c0c075d3e7ce9602af053d8eee007db9c63a62a6a465216d55ef36f0c303400b748c52862695050da7f3ccff5e9ac5c004c024a98cf5004b226b14f06c4a12c23b1f25dd5318d92dd3e3c1bc05bae4e8b7ed12aa1d8aea8469a859daea3f6a747418699793c48f030b60ed3476c09285687c3e9317f1fb49b649b9ea1aa54f2c2096f9262c97e15763cc98a7ee847465850f82db35d6a0b4a645cddde3cbabc154b5eba093284631375d300a320952b01e2c322da2b92584d634d9d2423e17b489c62afd3d04ee43a553ceeeff4eb3025a2857033650f1f13bc74ad4f85de6fa4e584ca73888a60444435d4a83e199e119fdf627cbb2b99d5e8529f857822d8807c5ba4dea56341a23aef753e235d80d25209eecb890ac4c9202e61b56dfd1305b713267a957b5c33f40b0c2b9f44bbb1abab1a888ad890262fab658f9ce78d33af1f0eecd49308ba711e581e051fcef89179d42a4453d670ba606f914643e942c7f969c6554364ec2be2de678a11ec35f9b923691fc7bb83f905e3aee8c8b4b6c1e84a6ab4c9d3083a4572af973a11616e8a2eb8b1e4a7a84f3c2097ab206639a3bb7a60705a532a1f528e8979a781657f694f53517b5ff0ab0231023be2560117038f11f6c218a04990de61be4e1f5b9ea8ec396f8f2b774079b916a825bd1ad3c5169d55188e9cb623a1c48ab089e95d53fb471ff604a7cb7388ecee7a860cdaeb963f16514fb514437522a6cc276570044a5bb5c29ec31ec257b0a2a81f69ba67f1949a1d6d86966facd5d220f609a5888034d139af505662c85e48c4df62ceb747f2d16e192632cbaf0f5150795e714421f8b2f2c87e89411330b7076bda00efb75014a47dc6c3934f4f9821e04ce8f263b0186b19c2df9bee0e9b8ac934fa221b8db96fa23bbfc9facd5b45c900b80c8019bab87cf9ba8a4c3651c45dc353cb5f5f4643c1e5e46bfc7c46faace50acd5d520e19a0eeb0bc00327f20eec2eb18e28c9c42ab16fe7f499e0c6439dec500350f31aa5e7d3ce83189b6b01128cb310ab5b885066841caf7a25dee7d0e12007973076062f2f99401dd7e46c6d548175d2dcc830a797acb17a8821a7b68d0fdc5c2d26f9fb203b16799032115c4c720d81aa99afcf3ff0db24b9bd2cec2ef2a9b56a4b93129fb44bf32b341c4dc8d70fc09bf317ef3852b0b0677e7d67f423134021e6a440179d15027322ad1f6b91523c75cf495036dfe80368e38dabde3efba405bd86d9ef52549bc4cab26975f0f6df92b759f0dcdecc68e53573c74df14aaa5654996d1e7245997b4e8787920c6f954adc372ee1812a852551fbcef3c28f6a4b31db37b4553fc43bf2f3c73de7494b3967305ccd08e238b446b55e87b0e81025358c5a51be12d3267c01afac60f6aead904b398c3ae97c9c3c8117fb3f9eabc9a5f2d56a46262a2c3c32721ca8c61eace5a8a8245871d7a84ffac453e976baea92c73b67baccd528bd91b926c600ebc84eb10e842e11325e7237db36cb45a48aad5113c6db9235a7059eca18806c7f06f3256e74c9c0849e23d2b212f88b81bffc3d949670e17f980fdf3b06bd9704b536d205845eef4f7f45a8f41fb0470d989fab7b3c6c5af22deaea29425d583545ec85e040da1fa1bdc43b4cc20df443e32dbc6f670964a0e5233ba0b2c26077c147e70c89d9634abe82e46e9bd41bfab477642fc2f2b436059c1f9bcdef4790a4831e3770f95a394649f7c25664224ac1faf36e567bf9dbf160da04f0b979b3b72f593856f16af897730c1d207472925a255fe6e220fe4e88d218b654b135931ff5b4411c1a1dea99d6fa832ee27df6f036e493a3e46ba9c9b73c2985e212408f054427135c54ad9b7c4b7e193a16f3f67e2684cd0746bcad6f84b48e5776912cdb13e5307645c8049ee67fea20179cf50d2254f7c4d798790a91273398db6849e0a3d53147eb79a14fc66c4ae309b43bbf320230aad87f819091e5761d31f1a7385edb7c079104bf5ac7191bec02c270e8ff15948ccd4ad5ca120423c1ce80370b0ce4b217c9cc1f628b3fc3c602925e75980e99aeebd66d5b92400ffe1091ba0dd7ab0fbb062d299337fddab9935d4e2b6cfd99c5851ef408b37db35d33b5022bfbd04d12e4df01652827f64b53d018508c77baac8ae6372efa9e199009cd7e815431780cb613a084910c88e41b70c4eb3d78a65bee49ed9d9e387a682da76e3093b19c962d2fe08f15c3ea7e0247760b6fa5d5363f8b19ad2bf7ef1fe8b49441a7b2bfb683d2e92e777fe42cf330371fa08e2b66a071f44700f318b03eb472adb546ad799c8fe873dee510ba53b5fb111c0b800e2d04273308fd224bded202ecbdb63051ed36e1b96bd8a0bbb1bc9f085c25b71e3d381a5e14df99886b09b5a64773ef65116b6ea87c250caf438e8c749fa365a39751dbfead91ed5adac7c9307b2c5d78ee6b2c064fb1f046fba921558904075abd241803bc7a4b22fed939d41bbdd7b96732e33f55857bb79116e2be8b52d9a1b3d9f24d15daea66b32517ff5d16511de749691b8d9672358ace44d2a127343c42bbbfc0106efbd074b003e322be61f0853483e55ff49c9ca2ffa2519eea2d86622e80ca84167d5431b966cf43b697402ec6fe15ba5c6c61a232e9e43899e3bdf50ca501e4dc3129b00335fb50cca849413a48eeca3fe596b73efb6731593b19136647249d54d722fad2cb4f383f57e4abb88062b11237494fc54039718acd770e8a96667dea20275cde87b2ed8cabfce641c6f0ce0effb1155006e7fb3f38c70d9a75ffdfafbdd8179d7f3049d0eb411d38a1925ae874f71f06770b32bbd735f86ffbbdebc5cf2238a2e18030f51b985f7c8edf1cd8665df57fb238f9b04aa4f44d0cf53379474a47d811ffa34d7aa36dd33c8d8cd990fcf9119ab00df6b53cf45494fb6b9d8492c734cc1c7da0e23a596c4ee7bdfb288f2dc2eb60d0bc83e70f894d47531341c051a52b9e21dc0d02557383a8f28a51d1344a09f346fe53222665e5f8b3d3ec762f10b44e25b09699d1a581460e7db04c9a84ee6364071886833ed7e7274498034e156f8f18cdff6838f3e55ce887c2d96a60ee2ae51d65976fb565ac6aa022100de416f7fc31314149f7b91de66207235783fe384118e34c7eda88d7e3e6cf3e7597fdcc2ea8a8d546e61e44e4e05a019e02ae9b3bc9df0855447baa9f8d3443d921f334b1630db46cda1967969c7180eed7ab3db5e81348d069ca93beb650c167bb1609bcd9156c1062e5891a40289ad8d44ca19308e1020539c1da1f7a347bc4c24215dc6b7fa398205ae4bd5be4804bf89a451084fb9f6e61700b62092e17586797071eb875fb29e2b892ccdedae2e74453a6e10b7dc0ec57c0a983ece114f64c496709981c4a6b9f81739f3609673473f3657559ece9559165a1b50a4e250c9e680121c5f79dcb171427dbb3e13b02e066fe7946546186b9ce696355dbf492d13021e18c5d945e5ddb1ff8c701d442e7d85f81dfef265dfef99dea178bc7268d8f5ef4e9523486c7c95307c98d766d610f2f1559b1cc3b8e1abb99cc1354e45951d6ca93be7ac0d5b73cbcc6d68419195b64bf8eda1c4ef3308751c6b3ce6f769a98ca51e4f98aa76a88a2be6776116e930138e59022f68662b528d8183038480486728e4a0e4aa6dc2cc2946153724bcd84d1a391680393de46aa7c8e1d332d88cb4a2c2d5b0bed408cd3c86713971a9090b7595d6a3826e7fc1c142922bb093406f46baedb9418d54d8324d9ea36910c475dcec5009f009aed0123c8d0ac0080610657944655a47923acdd896bf7f80f48cda5bd0717086e774b2d8432e03e8e98ca7658a9d51a62b0f3c537004e9cd4771034be840a44569ef3e53d30f4f735fe002879c0dbdf45080baa64165c14f0e3560d7fe5735ebee0979fdccb8bccf027ed14c1eab010eaf3336c958db5c28446f4302b1e30268211dcdee6d46830015795e0d02403f80126e968ea0b526daedba1bdae63d4037f4e7f61fcdd0e0f2ab1b9e1bae71904cb47a582e9a642e6d3405051869f42c6417bb9f6d83a8565708ee7df67fe322d0b74d31c0d7cf4ee5b3eb36d74fdc4c6710f332499cedebd145d69dcb57ddd2daff23c34bef1f6f7bad70fd56da41565e2f4b7c790aebc78a6d8a2dd626d20e9e54848e5a404d93655a0e601f6f2b7c5bfeb2ccaf4e1d39eff2e013390d6f9df9b3b5616006b7743d57fa438373501a5b3f69dd4da2d5c8803ee0f3c7f2a138bb7e5c50d4c71a4e86cab57fd01df523180fa0259cf60a4c42612b94dab3afc87869aa478daefbbf2bb696e417648a48e8a4e591f61285ef5f465d341d4897c0b468ad8dea329cc308f832785172e22fd95fb3e65301098d1bca3b503e2253b9d568717fcd85a4e0d3e401b6badf67523b06513b8d7ce0f94cd9dd40ecc5774f9f2fe42907af153d0da201dc1eba6f172b46d3b96ea7ce39f77159098570f952f5f23cdaa9aab3d61be5d3309ffbbf43fe2d8da5464f73a0b7e3d5549e3b84af192b589291b12ea79fd788c343576010f308fb4d702e73252019fdd135d02d0084283a383ee8bfc742fb6876eadd90dd1cba74f7f38bb64bb4ad9db5313db5de6e3371b77cf10ce68df51acd43d0e2aae78c9099dede87225596302ec435783db552dd78bc5c768b41ce3b87644c2335b0ec1b828bbbb1e3a9b85efc6fb4b53174f7e03802fafc5336d14aa81d5decdd29a3a60160f9821023e9fbba145e30d77f5a195928b8c2589c512b124f95583ea8dfe16f4c864173e252b64dd566e075016f3c1b9469d9083dbb1de0f2cfc7df70bcfdd2974e32155386010edf5efaef299adc625a23cda926b28c33f0c3b13146dde85ba87a8ba6823783efde118c0cf87886bb3fab7de0d4bce8eebe9267e9c7d5cac616390885b08e557e43277a31c8403abc25407c58d90b50d520111d9511785b83d52bd3910c189934cdc7af6add407ec0e713fa31f824abf4907394140dbaafebc167b896531823f1f416df80fe6c1bebda2b72ec7d64f6509eefb1d33b681e8cc7d995667d21e27595d4e91de8654d7b894230ef3aa4fbe16fbfce1070ded52edbd8c37c9117c4119abe96a75b86f47ac87b4808dbd968cbd70a8248e71f80b650330505bac7e505c6fe5ed0a753266f1d47466d297936cdb260afc919e700322d1958384f9af03a288a8f7c471e4ae80433123b0e85fe5380c18ed44fdc812f6363b0e8736203cb56437d8699b85cb6e04c5b5e8a84ed3ece4563c81249b4143820a4c9bab2fdd4b335e20719abfed2752b771528b16a7439b23fa5779bf9a863f37974ca3215d6451a6313874d53052e8802ef76e048392f8c0aad986ae5c50f5ab3b214cd79492f1523ae3f664c419df00f586edcdc67485527d289faba8c194d5192057a352c20cbf036fc76a15d7487a1d762e597cc5225b106d85d5d4107408de49cd7592d1f259d3d44e295521fe7be5072ace508e27c697e34ec1fd2594f9e9d9f0b082d014f47379ac4983c12c6be46d4f54f4a51e9340ebdc3d6b12bce2bf0258775a582679123c1fa1f022d2a6c8f0999430d981467b920ed1fabe187443624093f13b2b0990e2f6836a9e826bc4c3a9e755261ae8125667b27a93c22c03eb141d1c3a5afba65374e64487d1128e284d792f0a37b1452c3167e9521a841ca9b29bf49d334a2684053fd53cb319da02657660599f64caaf06fa9fb80ba2e8426fad0274abc9802261e2525708c3b886ffcbb37dc97feea83092c627aa575bfe7c45b1f8ec386ef13c3b6dfcd96a52a9e564f553e3e6001af57fa76884818adf0fb1a649401908e46561e44540172850948cbe9a0b439abf7f3ce57b9d87e1269959dd91ec2fd67eb4fd7f9fdcb3b1b01965ca61cb323839fb9506015a72d3c67b66be41e3b061d730b3e5ff45bbe65942169e565517802019628fbdaf0a6fea7ceabddcc2ebcc33f1468e7262a8f1f108dd5171d34f8802eaf1e86dded2b761420a43b51bf7f29788cea44f08390eab7e70e84235478d44c38819262d64a777d7512ba7a33f85b700efe83c933e34f509a7c400b6108f145c18361b77c1a10032a22bc48167de5624d268a48db19b90814389e6cad84aa4cda325d451456f63a6cd16f6dbe9e179682dca28ef2bb9d71513894d2cd68fd8b0d6c1ad3460a705db32c9470a152e84e025d28fe8a378e8d38354af09eaf28f82c1b2d9f08b387538291fbfec362781144346b47c931edee45fce62f46948662a5dcf1464f5e419536c27d710ce91ff94116c5e7b67f8f22fe83bd09d041df7bd04c45a0823f5b3ded4f890a038fbce497e848e2984119aa8cd68d5a35adf0af5ee6c136c4c72e2b18bad667656b9344c7eb314d9b33006c646af62586ce3cec4e3e15131b73b6712d8d91ebb47739cf6c3aaebccf655411c082aacee1ed184990b9e00a0e6a085990ae2ef0a56f37597c6b6b8873c954af797c846bca3ce3618af663ac0819cafadad7dd4e2713bcf9b023af6f6ef7dbcdcc5c75eb8110612d1418fd4acfbd56c7319b0cc87436a8518961374b70e731c7c4b9c58bbc4c4257f7fedde32c0f5e895d5f7f0689a1d5461d518bbadb9022840fba6d92fcaee5823ea7af11bd8818b149658ba9b535a84a1885a988ec7afc97e58c00bbd20d9977f4b79f0dff646f8b3c6217bf995e88359915a147120848a309d6f03d43ae86b0b3eea22061aaaaaf4766f550579c98408758e48d72dfc9c487bed7898ae80b4d942701d97ad89ab6d74889312ca341472aae3370d28107d8db12f2e264b679d0f867159e63cd0c22bc9e4ed98aa42d2db177e00a992d7a952ea8cb63e9259de678024859b4e9de7453b5ce43eaf3b4704bcee7e63df2d1b2085efa32c6fc5ff47a438586bae67450e087d7a9e3dd81702c97e2312e1e0ef14471a76ed1657b6ad4ea18b46681eb5bea8102db08a2af907e8146b8fce51772c1fccc2d8b34eeb0787b97a011d1cb8f557e272b301444685ee035a2cc5bfa6aeade375812b3c1b5b63358f0925cd7b0c37afda20dba5c9bd41db52a458ef2a8c08653b66fc156b450c7b4a9fa995bcb3504d5b39fbcc0cbe51f366b514e99f0ab2e953be5ddfe3e1c799e33ecb37500870430e473a9e24c645a0eb8580afa983995525a730b1f1294704fb5b02dbff427651df571219b10b9404aaee07c7799f949f884867b548c1472aea4d2c8589250050f31cf7d6964d1a950e48cb45542df49da541127e003af61e20359f464fe3f994aafa900cbcb2f29ff55eb0ef735d28a55b896fc2611290ca1f09b36789e9f73624cde09bff7d540738c7eba3064d86eeccd17ec033987e12e4ed2c6dff1499f4af440482d9ed328eb0597ec9f98ecca6aa93c924158805b2a046023232b06f7a7ab8eba054a16ee7fc8d7c4249c6a8805baef50125499b200e139a4175007408cdc5744087406dc828f3a1d1e6b86a296d162853efe729430f4f46a00e25537d74b718d2717c3c5018bade94b5b8d87c003f20c20d70304680e1cc79536fb5154ebb8fc41b92835b861bdf8d0c8cb17a261a3f8d14ffe5b61ac598b2bbf00ee9a50201fbcdce4f80020849b8ce051278e9a1adacbfe8cd382cbbc276a2d8b697b07f8536f0bb2e2d1b48561cc4011317cae6522d1c33344c76322f831b3d32164e05dc329d78909173b1d15cca6476bd64b727cef37fa1e9927765c2e8319a6b2d7c1cc5c4f086ec76c40a378e85044d111f0a03ca8e259afa5eb0c3c7f1fc3744d86be026ef0628d58236e14679cae6578110a24da352fa2e549c31f0f1d6c640e5c9ee090d6e06bfcc75116d94cd46e181046f481f09d7c946105ad73e9aecec7e5a6ed9cdea737fd50eed4ebc08d8fe9ff3243de4b1cb694e885990ed58a2acebd4ea8f5f4b92ead9c0f7056bd4e07c3ad0fb09181dcdfb3fb19c405cda0cb421d64c3b66e35c7b3faf27bd7ed962a7f2e1f5dd955832cecd3fa9c14e5820b0243fd272f589b8bdbd5b6bfa4c2ddc3ee121766037b019782e14456f4a52e26edcf01328a047df2a8e09a922bfdcca5eb5cb24f3d4a37aeea0376a81cac569ca5c9dbe1c1e14a0226dbcc9e0ecdf4fac4ffa1d00bb0eb722160a5a2b7829af37b12bc6b6bd1e1ae9ab4e3410f0a747b0a49acd02c7a9252288f9b0db4dbfefa4381d002fa1aa8bc20a07a27f77d0a3a7cfb5fd86871042e3dc3a643607997c8af603ee4c8aadca31480009e993e54570b5927ff6df809ac97207319dae267381ea4047d5acccbe58d580d220497db44191ecfa342a7f59a6851b45f7796492b5f08b684b76e036c1ad019844aa863722dc75b62364b9e2abc1dfbd5d00ec5e19b0c5637209e560edad51e55299ca585fd0f64d42b33c1a9a7a36bedbbf517c97cea53d18e393363557bb20c210b4790cae6a15031e665294c330c5a9219971cc60a188e34364a5733869057fa433af0b78094da6d946316bf4d45f92a7748fbf3186eac82ee829ff7822ce5b3e9fe49599ee3809fb09945d193e69614316e55d9ce7384593692cd703e5b42541fb24a6dbf7107fd18b4cf327dcffe419d30e2fb4857aee1d738716fe13b8f93a44aa9b94f9de6c72259818f20bd80bd5cb2a1ddc95c95efd08562cf0535dbb68847e04929c9dfb2896fb12f51771c3f71fce9a1b8ff60792212f162ba688dac4c05623ba5fd377555eb97ce207d8d6ef8772b58d4b4f840de829b7aaaf1e7955e9eafe1cd4f34833d55ebf7606f2d2ab3c673424cb75ac9e4626e46b713c1aa0afcda768b9be5526b19e65f6f3fb8d9c2d789ad2ea957be67ae18243eaee4472843164ae667f1e3b762362b2d22a53c7c4f3d34b4a8c433081f3feb750deabb073a370d0a7f7228848504813cd8208ae210ec195ad16e841ca341256b261194e0d759b2", 0x2000, &(0x7f0000004a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 06:08:07 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000018c0)={0xffffffffffffffff}) sendto(r0, &(0x7f0000000040)='J', 0x1, 0x2fc50152d2fed323, 0x0, 0x0) 06:08:07 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) 06:08:07 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100085060000", @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:08:07 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$KDFONTOP_COPY(r0, 0x4b46, &(0x7f0000000400)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) 06:08:08 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x5602) [ 827.235106][T21346] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:08:08 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_COPY(r0, 0x560e, &(0x7f0000000400)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 827.348835][T21353] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 827.424278][T21357] device bridge40 entered promiscuous mode 06:08:08 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfc, 0x0, 0x15], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082, r3}) 06:08:08 executing program 2: syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x84200) 06:08:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100085060000", @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:08:08 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x9fff}], &(0x7f0000000000)='GPL\x00', 0x0, 0x9c, &(0x7f00000002c0)=""/156, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10000}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00') removexattr(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000003a40), 0x4) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000200)=0x2) umount2(0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xfffffef2, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 828.196791][T21383] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 828.243581][ T8464] Bluetooth: hci2: command 0x0419 tx timeout [ 828.274009][T21384] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 06:08:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty={[0x45]}, @private0}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, 0x0) syz_open_procfs(0x0, 0x0) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) [ 828.360302][T21386] device bridge40 entered promiscuous mode 06:08:09 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x560d) 06:08:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 828.660068][T21391] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 828.698340][T21391] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 828.707094][T21391] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 828.736372][T21391] device bridge_slave_0 left promiscuous mode [ 828.744460][T21391] bridge0: port 1(bridge_slave_0) entered disabled state 06:08:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100085060000", @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:08:09 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_COPY(r0, 0x541b, &(0x7f0000000400)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) 06:08:10 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VT_DISALLOCATE(r0, 0x5608) dup2(0xffffffffffffffff, r0) [ 829.474210][T21391] device bridge_slave_1 left promiscuous mode [ 829.486653][T21391] bridge0: port 2(bridge_slave_1) entered disabled state 06:08:10 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setlease(r0, 0x400, 0x0) [ 829.622495][T21391] bond0: (slave bond_slave_0): Releasing backup interface [ 830.235436][T21391] bond0: (slave bond_slave_1): Releasing backup interface 06:08:11 executing program 4: bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="030005020314af00031400000000000000000f0000000000000000075b00000000004200000000000000000000000000000000000000000000000000200055aa", 0x40, 0x1c0}]) 06:08:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x1c}}]}, 0x4c}}, 0x0) [ 830.895104][T21444] loop4: detected capacity change from 1 to 0 [ 831.032227][T21444] ldm_validate_privheads(): Disk read failed. [ 831.068166][T21444] loop4: p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 831.068788][T21444] loop4: partition table partially beyond EOD, truncated [ 831.169281][T21444] loop4: p2 size 2 extends beyond EOD, truncated [ 831.247158][T21444] loop4: p4 size 2097152 extends beyond EOD, truncated [ 831.265128][T21391] team0: Port device team_slave_0 removed [ 831.283774][T21444] loop4: p5 size 2097152 extends beyond EOD, truncated [ 831.303930][T21444] loop4: p6 size 2097152 extends beyond EOD, truncated [ 831.327873][T21444] loop4: p7 size 2097152 extends beyond EOD, truncated [ 831.365679][T21444] loop4: p8 size 2097152 extends beyond EOD, truncated [ 831.381902][T21444] loop4: p9 size 2097152 extends beyond EOD, truncated [ 831.401878][T21444] loop4: p10 size 2097152 extends beyond EOD, truncated [ 831.427254][T21444] loop4: p11 size 2097152 extends beyond EOD, truncated [ 831.449141][T21444] loop4: p12 size 2097152 extends beyond EOD, truncated [ 831.484120][T21444] loop4: p13 size 2097152 extends beyond EOD, truncated [ 831.523679][T21444] loop4: p14 size 2097152 extends beyond EOD, truncated [ 831.540617][T21444] loop4: p15 size 2097152 extends beyond EOD, truncated [ 831.570760][T21444] loop4: p16 size 2097152 extends beyond EOD, truncated [ 831.587867][T21444] loop4: p17 size 2097152 extends beyond EOD, truncated [ 831.606053][T21444] loop4: p18 size 2097152 extends beyond EOD, truncated [ 831.625711][T21444] loop4: p19 size 2097152 extends beyond EOD, truncated [ 831.638900][T21444] loop4: p20 size 2097152 extends beyond EOD, truncated [ 831.667781][T21444] loop4: p21 size 2097152 extends beyond EOD, truncated [ 831.690331][T21444] loop4: p22 size 2097152 extends beyond EOD, truncated [ 831.701316][T21444] loop4: p23 size 2097152 extends beyond EOD, truncated [ 831.714218][T21444] loop4: p24 size 2097152 extends beyond EOD, truncated [ 831.735007][T21444] loop4: p25 size 2097152 extends beyond EOD, truncated [ 831.751414][T21444] loop4: p26 size 2097152 extends beyond EOD, truncated [ 831.788978][T21444] loop4: p27 size 2097152 extends beyond EOD, truncated [ 831.803956][T21444] loop4: p28 size 2097152 extends beyond EOD, truncated [ 831.814581][T21391] team0: Port device team_slave_1 removed [ 831.820177][T21444] loop4: p29 size 2097152 extends beyond EOD, truncated [ 831.823610][T21391] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 831.834678][T21444] loop4: p30 size 2097152 extends beyond EOD, truncated [ 831.835538][T21391] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 831.852995][T21444] loop4: p31 size 2097152 extends beyond EOD, truncated [ 831.880822][T21444] loop4: p32 size 2097152 extends beyond EOD, truncated [ 831.894631][T21444] loop4: p33 size 2097152 extends beyond EOD, truncated [ 831.914421][T21444] loop4: p34 size 2097152 extends beyond EOD, truncated [ 831.927197][T21444] loop4: p35 size 2097152 extends beyond EOD, truncated [ 831.957364][T21444] loop4: p36 size 2097152 extends beyond EOD, truncated [ 831.982785][T21444] loop4: p37 size 2097152 extends beyond EOD, truncated [ 831.993125][T21444] loop4: p38 size 2097152 extends beyond EOD, truncated [ 832.022555][T21444] loop4: p39 size 2097152 extends beyond EOD, truncated [ 832.038303][T21444] loop4: p40 size 2097152 extends beyond EOD, truncated [ 832.049521][T21444] loop4: p41 size 2097152 extends beyond EOD, truncated [ 832.078360][T21444] loop4: p42 size 2097152 extends beyond EOD, truncated [ 832.079165][T21391] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 832.094142][T21391] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 832.096674][T21444] loop4: p43 size 2097152 extends beyond EOD, truncated [ 832.139242][T21444] loop4: p44 size 2097152 extends beyond EOD, truncated [ 832.167198][T21444] loop4: p45 size 2097152 extends beyond EOD, truncated [ 832.199026][T21391] bond1: (slave wireguard0): Releasing backup interface [ 832.199713][T21444] loop4: p46 size 2097152 extends beyond EOD, [ 832.206560][T21391] bond1: (slave wireguard1): making interface the new active one [ 832.224103][T21444] truncated [ 832.231902][T21444] loop4: p47 size 2097152 extends beyond EOD, truncated [ 832.256939][T21444] loop4: p48 size 2097152 extends beyond EOD, truncated [ 832.279065][T21444] loop4: p49 size 2097152 extends beyond EOD, truncated [ 832.322266][T21444] loop4: p50 size 2097152 extends beyond EOD, truncated [ 832.364012][T21444] loop4: p51 size 2097152 extends beyond EOD, truncated [ 832.394474][T21444] loop4: p52 size 2097152 extends beyond EOD, truncated [ 832.437282][T21444] loop4: p53 size 2097152 extends beyond EOD, truncated [ 832.456287][T21391] bond1: (slave wireguard1): Releasing backup interface [ 832.475186][T21391] bond1: (slave wireguard2): making interface the new active one [ 832.493691][T21444] loop4: p54 size 2097152 extends beyond EOD, truncated [ 832.505324][T21444] loop4: p55 size 2097152 extends beyond EOD, truncated [ 832.531926][T21444] loop4: p56 size 2097152 extends beyond EOD, truncated [ 832.553116][T21444] loop4: p57 size 2097152 extends beyond EOD, truncated [ 832.614059][T21444] loop4: p58 size 2097152 extends beyond EOD, truncated [ 832.667279][T21444] loop4: p59 size 2097152 extends beyond EOD, truncated [ 832.690537][T21444] loop4: p60 size 2097152 extends beyond EOD, truncated [ 832.728008][T21444] loop4: p61 size 2097152 extends beyond EOD, truncated [ 832.740231][T21391] bond1: (slave wireguard2): Releasing backup interface [ 832.765413][T21444] loop4: p62 size 2097152 extends beyond EOD, truncated [ 832.790184][T21444] loop4: p63 size 2097152 extends beyond EOD, truncated [ 832.814088][T21444] loop4: p64 size 2097152 extends beyond EOD, truncated [ 832.842904][T21444] loop4: p65 size 2097152 extends beyond EOD, truncated [ 832.906437][T21444] loop4: p66 size 2097152 extends beyond EOD, truncated [ 832.929979][T21444] loop4: p67 size 2097152 extends beyond EOD, truncated [ 832.956379][T21444] loop4: p68 size 2097152 extends beyond EOD, truncated [ 832.982941][T21444] loop4: p69 size 2097152 extends beyond EOD, truncated [ 833.002016][T21444] loop4: p70 size 2097152 extends beyond EOD, truncated [ 833.040930][T21411] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 833.061364][T21411] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 833.070138][T21411] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 833.145281][T21410] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 833.160535][T21414] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 833.191167][T21420] device bridge40 entered promiscuous mode [ 833.234704][T21444] loop4: p71 size 2097152 extends beyond EOD, truncated [ 833.306911][T21444] loop4: p72 size 2097152 extends beyond EOD, truncated [ 833.328878][T21448] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 833.339637][T21444] loop4: p73 size 2097152 extends beyond EOD, truncated 06:08:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:14 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x9fff}], &(0x7f0000000000)='GPL\x00', 0x0, 0x9c, &(0x7f00000002c0)=""/156, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10000}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00') removexattr(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000003a40), 0x4) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000200)=0x2) umount2(0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xfffffef2, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 833.363000][T21444] loop4: p74 size 2097152 extends beyond EOD, truncated [ 833.397290][T21444] loop4: p75 size 2097152 extends beyond EOD, truncated [ 833.428829][T21476] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 833.461089][T21444] loop4: p76 size 2097152 extends beyond EOD, truncated 06:08:14 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty={[0x45]}, @ipv4={[0x0, 0x2], [], @local}, 0x0, 0x20}}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'ipvlan0\x00', 0x0}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/cgroups\x00', 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYRESHEX=r1, @ANYRES64, @ANYRESDEC=r0, @ANYRES32=r4, @ANYRES16=0x0, @ANYRES16=r2, @ANYBLOB="fa37d06d4b215bbb7c9e7167525a351c6f7c50e6748f14b16f6e005c358b7eb3211875d61697135963e625b107beab95752184972e83b7b58e3180759616f991b9e5c8fc80d23ae0c489432df113069961d42f9a39a6678f3bf0588bcffa62e6a55bba41e3de4dbec09351c1bad51271dea9a9246b2b0ff349e8edc586e74e69b09b66c3e0c892cc51980c60c879e0c136a6e9d23ded41d515487695ec44e3701e6062540df0050cf13d46d827c608f25cdb025f80593da4eb1cd5f9846c97defffdab0f83a265e12fddcffdf378482a46f8ce84ac0500000000000000fc550e54b46bb87d1f66cef732425828c046a860c61f55928051f55c001fc7b59b886546e5f6517aade8a147cd1031f6"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20004080) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000240)={'ip6tnl0\x00', r3, 0x0, 0x4, 0x2, 0xbf8d, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, [], 0x22}, 0x40, 0x8000, 0x0, 0x6}}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r5, @ANYBLOB="100a000008020400"], 0x48}}, 0x0) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) [ 833.509627][T21444] loop4: p77 size 2097152 extends beyond EOD, truncated [ 833.554231][T21444] loop4: p78 size 2097152 extends beyond EOD, truncated 06:08:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600000000000000", @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 833.599769][T21444] loop4: p79 size 2097152 extends beyond EOD, truncated [ 833.664496][T21444] loop4: p80 size 2097152 extends beyond EOD, truncated [ 833.712866][T21444] loop4: p81 size 2097152 extends beyond EOD, truncated 06:08:14 executing program 3: openat$rfkill(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/rfkill\x00', 0xc001, 0x0) [ 833.868087][T21444] loop4: p82 size 2097152 extends beyond EOD, truncated [ 834.007831][T21444] loop4: p83 size 2097152 extends beyond EOD, truncated [ 834.075984][T21444] loop4: p84 size 2097152 extends beyond EOD, truncated [ 834.105396][T21542] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 834.141241][T21444] loop4: p85 size 2097152 extends beyond EOD, truncated [ 834.245594][T21444] loop4: p86 size 2097152 extends beyond EOD, truncated [ 834.291041][T21444] loop4: p87 size 2097152 extends beyond EOD, truncated 06:08:15 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 834.425886][T21444] loop4: p88 size 2097152 extends beyond EOD, truncated [ 834.501301][T21444] loop4: p89 size 2097152 extends beyond EOD, truncated [ 834.561310][T21444] loop4: p90 size 2097152 extends beyond EOD, truncated [ 834.618490][T21444] loop4: p91 size 2097152 extends beyond EOD, truncated [ 834.671161][T21444] loop4: p92 size 2097152 extends beyond EOD, truncated 06:08:15 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VT_DISALLOCATE(r0, 0x5608) r1 = dup2(0xffffffffffffffff, r0) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x7, 0x0, 0x2, 0x9d, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x9, 0x2, @perf_config_ext={0x0, 0x9}, 0x40418, 0x7fffffff, 0x7, 0x4, 0x8, 0x20, 0x2}, 0x0, 0x3, r1, 0x9) [ 834.722036][T21444] loop4: p93 size 2097152 extends beyond EOD, truncated [ 834.762393][T21444] loop4: p94 size 2097152 extends beyond EOD, truncated [ 834.801499][T21444] loop4: p95 size 2097152 extends beyond EOD, truncated [ 834.847070][T21444] loop4: p96 size 2097152 extends beyond EOD, truncated [ 834.884359][T21444] loop4: p97 size 2097152 extends beyond EOD, truncated [ 834.907029][T21444] loop4: p98 size 2097152 extends beyond EOD, truncated [ 834.950172][T21444] loop4: p99 size 2097152 extends beyond EOD, truncated [ 834.979052][T21444] loop4: p100 size 2097152 extends beyond EOD, truncated [ 835.015489][T21444] loop4: p101 size 2097152 extends beyond EOD, truncated [ 835.051566][T21444] loop4: p102 size 2097152 extends beyond EOD, truncated [ 835.095452][T21444] loop4: p103 size 2097152 extends beyond EOD, truncated [ 835.147997][T21444] loop4: p104 size 2097152 extends beyond EOD, truncated [ 835.178865][T21444] loop4: p105 size 2097152 extends beyond EOD, truncated [ 835.213904][T21444] loop4: p106 size 2097152 extends beyond EOD, truncated [ 835.239686][T21444] loop4: p107 size 2097152 extends beyond EOD, truncated [ 835.267894][T21444] loop4: p108 size 2097152 extends beyond EOD, truncated [ 835.290004][T21444] loop4: p109 size 2097152 extends beyond EOD, truncated [ 835.310043][T21444] loop4: p110 size 2097152 extends beyond EOD, truncated [ 835.329953][T21444] loop4: p111 size 2097152 extends beyond EOD, truncated [ 835.343078][T21444] loop4: p112 size 2097152 extends beyond EOD, truncated [ 835.361355][T21444] loop4: p113 size 2097152 extends beyond EOD, truncated [ 835.379431][T21444] loop4: p114 size 2097152 extends beyond EOD, truncated [ 835.412268][T21444] loop4: p115 size 2097152 extends beyond EOD, truncated [ 835.432346][T21444] loop4: p116 size 2097152 extends beyond EOD, truncated [ 835.444343][T21557] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 835.468457][T21561] device bridge40 entered promiscuous mode [ 835.501625][T21444] loop4: p117 size 2097152 extends beyond EOD, truncated [ 835.521459][T21444] loop4: p118 size 2097152 extends beyond EOD, truncated [ 835.538381][T21444] loop4: p119 size 2097152 extends beyond EOD, truncated [ 835.564512][T21444] loop4: p120 size 2097152 extends beyond EOD, truncated [ 835.576893][T21444] loop4: p121 size 2097152 extends beyond EOD, truncated [ 835.594571][T21444] loop4: p122 size 2097152 extends beyond EOD, truncated [ 835.605087][T21578] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 06:08:16 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x9fff}], &(0x7f0000000000)='GPL\x00', 0x0, 0x9c, &(0x7f00000002c0)=""/156, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10000}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00') removexattr(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000003a40), 0x4) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000200)=0x2) umount2(0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xfffffef2, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 835.627400][T21444] loop4: p123 size 2097152 extends beyond EOD, truncated [ 835.686450][T21444] loop4: p124 size 2097152 extends beyond EOD, truncated [ 835.728751][T21444] loop4: p125 size 2097152 extends beyond EOD, truncated [ 835.731248][T21444] loop4: p126 size 2097152 extends beyond EOD, truncated [ 835.751379][T21444] loop4: p127 size 2097152 extends beyond EOD, truncated [ 835.766429][T21444] loop4: p128 size 2097152 extends beyond EOD, truncated 06:08:16 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600000000000000", @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 835.857578][T21444] loop4: p129 size 2097152 extends beyond EOD, truncated [ 835.883746][T21444] loop4: p130 size 2097152 extends beyond EOD, truncated [ 835.925827][T21444] loop4: p131 size 2097152 extends beyond EOD, truncated [ 835.980213][T21444] loop4: p132 size 2097152 extends beyond EOD, truncated [ 836.017745][T21444] loop4: p133 size 2097152 extends beyond EOD, truncated [ 836.057349][T21444] loop4: p134 size 2097152 extends beyond EOD, truncated [ 836.121963][T21444] loop4: p135 size 2097152 extends beyond EOD, truncated [ 836.172982][T21444] loop4: p136 size 2097152 extends beyond EOD, truncated [ 836.201006][T21444] loop4: p137 size 2097152 extends beyond EOD, truncated [ 836.235914][T21444] loop4: p138 size 2097152 extends beyond EOD, truncated [ 836.277481][T21444] loop4: p139 size 2097152 extends beyond EOD, truncated [ 836.289672][T21444] loop4: p140 size 2097152 extends beyond EOD, truncated [ 836.305666][T21444] loop4: p141 size 2097152 extends beyond EOD, truncated [ 836.331182][T21444] loop4: p142 size 2097152 extends beyond EOD, truncated [ 836.343948][T21647] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 836.366672][T21444] loop4: p143 size 2097152 extends beyond EOD, truncated [ 836.406624][T21647] device bridge40 entered promiscuous mode [ 836.415701][T21444] loop4: p144 size 2097152 extends beyond EOD, truncated [ 836.449035][T21444] loop4: p145 size 2097152 extends beyond EOD, truncated [ 836.479109][T21444] loop4: p146 size 2097152 extends beyond EOD, truncated [ 836.494464][T21444] loop4: p147 size 2097152 extends beyond EOD, truncated [ 836.519184][T21652] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 836.539865][T21444] loop4: p148 size 2097152 extends beyond EOD, truncated [ 836.585569][T21444] loop4: p149 size 2097152 extends beyond EOD, truncated [ 836.608820][T21444] loop4: p150 size 2097152 extends beyond EOD, truncated [ 836.663048][T21444] loop4: p151 size 2097152 extends beyond EOD, truncated [ 836.716819][T21444] loop4: p152 size 2097152 extends beyond EOD, truncated [ 836.774302][T21444] loop4: p153 size 2097152 extends beyond EOD, truncated [ 836.813823][T21444] loop4: p154 size 2097152 extends beyond EOD, truncated [ 836.846865][T21444] loop4: p155 size 2097152 extends beyond EOD, truncated [ 836.885953][T21444] loop4: p156 size 2097152 extends beyond EOD, truncated [ 836.900469][T21444] loop4: p157 size 2097152 extends beyond EOD, truncated [ 836.912437][T21444] loop4: p158 size 2097152 extends beyond EOD, truncated [ 836.930572][T21444] loop4: p159 size 2097152 extends beyond EOD, truncated [ 836.964743][T21444] loop4: p160 size 2097152 extends beyond EOD, truncated [ 837.014251][T21444] loop4: p161 size 2097152 extends beyond EOD, truncated [ 837.032838][T21444] loop4: p162 size 2097152 extends beyond EOD, truncated [ 837.064127][T21444] loop4: p163 size 2097152 extends beyond EOD, truncated [ 837.092097][T21444] loop4: p164 size 2097152 extends beyond EOD, truncated [ 837.124000][T21444] loop4: p165 size 2097152 extends beyond EOD, truncated [ 837.134448][T21444] loop4: p166 size 2097152 extends beyond EOD, truncated [ 837.164210][T21444] loop4: p167 size 2097152 extends beyond EOD, truncated [ 837.194990][T21444] loop4: p168 size 2097152 extends beyond EOD, truncated [ 837.228061][T21444] loop4: p169 size 2097152 extends beyond EOD, truncated [ 837.254048][T21444] loop4: p170 size 2097152 extends beyond EOD, truncated [ 837.285101][T21444] loop4: p171 size 2097152 extends beyond EOD, truncated [ 837.326510][T21444] loop4: p172 size 2097152 extends beyond EOD, truncated [ 837.346623][T21444] loop4: p173 size 2097152 extends beyond EOD, truncated [ 837.384393][T21444] loop4: p174 size 2097152 extends beyond EOD, truncated [ 837.431573][T21444] loop4: p175 size 2097152 extends beyond EOD, truncated [ 837.453936][T21444] loop4: p176 size 2097152 extends beyond EOD, truncated [ 837.494123][T21444] loop4: p177 size 2097152 extends beyond EOD, truncated [ 837.531173][T21444] loop4: p178 size 2097152 extends beyond EOD, truncated [ 837.551400][T21444] loop4: p179 size 2097152 extends beyond EOD, truncated [ 837.576344][T21444] loop4: p180 size 2097152 extends beyond EOD, truncated [ 837.596116][T21444] loop4: p181 size 2097152 extends beyond EOD, truncated [ 837.621046][T21444] loop4: p182 size 2097152 extends beyond EOD, truncated [ 837.663047][T21444] loop4: p183 size 2097152 extends beyond EOD, truncated [ 837.686260][T21444] loop4: p184 size 2097152 extends beyond EOD, truncated [ 837.707245][T21444] loop4: p185 size 2097152 extends beyond EOD, truncated [ 837.730738][T21444] loop4: p186 size 2097152 extends beyond EOD, truncated [ 837.745249][T21444] loop4: p187 size 2097152 extends beyond EOD, truncated [ 837.757549][T21444] loop4: p188 size 2097152 extends beyond EOD, truncated [ 837.779967][T21444] loop4: p189 size 2097152 extends beyond EOD, truncated [ 837.802900][T21444] loop4: p190 size 2097152 extends beyond EOD, truncated [ 837.829360][T21444] loop4: p191 size 2097152 extends beyond EOD, truncated [ 837.851640][T21444] loop4: p192 size 2097152 extends beyond EOD, truncated [ 837.886334][T21444] loop4: p193 size 2097152 extends beyond EOD, truncated [ 837.934298][T21444] loop4: p194 size 2097152 extends beyond EOD, truncated [ 837.974057][T21444] loop4: p195 size 2097152 extends beyond EOD, truncated [ 837.998482][T21444] loop4: p196 size 2097152 extends beyond EOD, truncated [ 838.015514][ T290] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 838.044195][T21444] loop4: p197 size 2097152 extends beyond EOD, truncated [ 838.057002][T21444] loop4: p198 size 2097152 extends beyond EOD, truncated [ 838.081006][T21444] loop4: p199 size 2097152 extends beyond EOD, truncated [ 838.102136][T21444] loop4: p200 size 2097152 extends beyond EOD, truncated [ 838.124670][T21444] loop4: p201 size 2097152 extends beyond EOD, truncated [ 838.142533][T21444] loop4: p202 size 2097152 extends beyond EOD, truncated [ 838.207805][T21444] loop4: p203 size 2097152 extends beyond EOD, truncated [ 838.264196][T21444] loop4: p204 size 2097152 extends beyond EOD, truncated [ 838.300556][ T290] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 838.339528][T21444] loop4: p205 size 2097152 extends beyond EOD, truncated [ 838.353961][T21444] loop4: p206 size 2097152 extends beyond EOD, truncated [ 838.418916][T21444] loop4: p207 size 2097152 extends beyond EOD, truncated [ 838.449024][T21444] loop4: p208 size 2097152 extends beyond EOD, truncated [ 838.466558][T21444] loop4: p209 size 2097152 extends beyond EOD, truncated [ 838.478285][T21444] loop4: p210 size 2097152 extends beyond EOD, truncated [ 838.496679][T21444] loop4: p211 size 2097152 extends beyond EOD, truncated [ 838.515084][T21444] loop4: p212 size 2097152 extends beyond EOD, truncated [ 838.533708][T21444] loop4: p213 size 2097152 extends beyond EOD, truncated [ 838.558456][T21444] loop4: p214 size 2097152 extends beyond EOD, truncated [ 838.571955][T21444] loop4: p215 size 2097152 extends beyond EOD, truncated [ 838.588693][T21444] loop4: p216 size 2097152 extends beyond EOD, truncated [ 838.610419][T21444] loop4: p217 size 2097152 extends beyond EOD, truncated [ 838.634105][T21444] loop4: p218 size 2097152 extends beyond EOD, truncated [ 838.642021][ T290] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 838.649651][T21444] loop4: p219 size 2097152 extends beyond EOD, truncated [ 838.672712][T21444] loop4: p220 size 2097152 extends beyond EOD, truncated [ 838.686268][T21444] loop4: p221 size 2097152 extends beyond EOD, truncated [ 838.700683][T21444] loop4: p222 size 2097152 extends beyond EOD, truncated [ 838.726590][T21444] loop4: p223 size 2097152 extends beyond EOD, truncated [ 838.747563][T21444] loop4: p224 size 2097152 extends beyond EOD, truncated [ 838.769858][T21444] loop4: p225 size 2097152 extends beyond EOD, truncated [ 838.787621][T21444] loop4: p226 size 2097152 extends beyond EOD, truncated [ 838.798511][T21444] loop4: p227 size 2097152 extends beyond EOD, truncated [ 838.843878][T21444] loop4: p228 size 2097152 extends beyond EOD, truncated [ 838.860555][T21444] loop4: p229 size 2097152 extends beyond EOD, truncated [ 838.871483][T21444] loop4: p230 size 2097152 extends beyond EOD, truncated [ 838.888560][T21444] loop4: p231 size 2097152 extends beyond EOD, truncated [ 838.911782][ T290] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 838.944927][T21444] loop4: p232 size 2097152 extends beyond EOD, truncated [ 838.962841][T21444] loop4: p233 size 2097152 extends beyond EOD, truncated [ 838.987549][T21444] loop4: p234 size 2097152 extends beyond EOD, truncated [ 839.002636][T21444] loop4: p235 size 2097152 extends beyond EOD, truncated [ 839.023875][T21444] loop4: p236 size 2097152 extends beyond EOD, truncated [ 839.040450][T21444] loop4: p237 size 2097152 extends beyond EOD, truncated [ 839.070691][T21444] loop4: p238 size 2097152 extends beyond EOD, truncated [ 839.103027][T21444] loop4: p239 size 2097152 extends beyond EOD, truncated [ 839.119970][T21444] loop4: p240 size 2097152 extends beyond EOD, truncated [ 839.142377][T21444] loop4: p241 size 2097152 extends beyond EOD, truncated [ 839.163795][T21444] loop4: p242 size 2097152 extends beyond EOD, truncated [ 839.185750][T21444] loop4: p243 size 2097152 extends beyond EOD, truncated [ 839.210679][T21444] loop4: p244 size 2097152 extends beyond EOD, truncated [ 839.222326][T21444] loop4: p245 size 2097152 extends beyond EOD, truncated [ 839.245558][T21444] loop4: p246 size 2097152 extends beyond EOD, truncated [ 839.273739][T21444] loop4: p247 size 2097152 extends beyond EOD, truncated [ 839.295009][T21444] loop4: p248 size 2097152 extends beyond EOD, truncated [ 839.326779][T21444] loop4: p249 size 2097152 extends beyond EOD, truncated [ 839.344943][T21444] loop4: p250 size 2097152 extends beyond EOD, truncated [ 839.369332][T21444] loop4: p251 size 2097152 extends beyond EOD, truncated [ 839.392342][T21444] loop4: p252 size 2097152 extends beyond EOD, truncated [ 839.407811][T21444] loop4: p253 size 2097152 extends beyond EOD, truncated [ 839.429093][T21444] loop4: p254 size 2097152 extends beyond EOD, truncated [ 839.472742][T21444] loop4: p255 size 2097152 extends beyond EOD, truncated [ 841.197972][ T4710] ldm_validate_privheads(): Disk read failed. [ 841.234442][ T4710] loop4: p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 841.234847][ T4710] loop4: partition table partially beyond EOD, truncated [ 841.330195][ T4710] loop4: p2 size 2 extends beyond EOD, truncated [ 841.350284][ T4710] loop4: p4 size 2097152 extends beyond EOD, truncated [ 841.360255][ T4710] loop4: p5 size 2097152 extends beyond EOD, truncated [ 841.395220][ T4710] loop4: p6 size 2097152 extends beyond EOD, truncated [ 841.405040][ T4710] loop4: p7 size 2097152 extends beyond EOD, truncated [ 841.419472][ T4710] loop4: p8 size 2097152 extends beyond EOD, truncated [ 841.429734][ T4710] loop4: p9 size 2097152 extends beyond EOD, truncated [ 841.449362][ T4710] loop4: p10 size 2097152 extends beyond EOD, truncated [ 841.466863][ T4710] loop4: p11 size 2097152 extends beyond EOD, truncated [ 841.477286][ T4710] loop4: p12 size 2097152 extends beyond EOD, truncated [ 841.488472][ T4710] loop4: p13 size 2097152 extends beyond EOD, truncated [ 841.502197][ T4710] loop4: p14 size 2097152 extends beyond EOD, truncated [ 841.512935][ T4710] loop4: p15 size 2097152 extends beyond EOD, truncated [ 841.531916][ T4710] loop4: p16 size 2097152 extends beyond EOD, truncated [ 841.544535][ T4710] loop4: p17 size 2097152 extends beyond EOD, truncated [ 841.557015][ T4710] loop4: p18 size 2097152 extends beyond EOD, truncated [ 841.577159][ T4710] loop4: p19 size 2097152 extends beyond EOD, truncated [ 841.591076][ T4710] loop4: p20 size 2097152 extends beyond EOD, truncated [ 841.611742][ T4710] loop4: p21 size 2097152 extends beyond EOD, truncated [ 841.621472][ T4710] loop4: p22 size 2097152 extends beyond EOD, truncated [ 841.640757][ T4710] loop4: p23 size 2097152 extends beyond EOD, truncated [ 841.658418][ T4710] loop4: p24 size 2097152 extends beyond EOD, truncated [ 841.680730][ T4710] loop4: p25 size 2097152 extends beyond EOD, truncated [ 841.710641][ T4710] loop4: p26 size 2097152 extends beyond EOD, truncated [ 841.721989][ T4710] loop4: p27 size 2097152 extends beyond EOD, truncated [ 841.736118][ T4710] loop4: p28 size 2097152 extends beyond EOD, truncated [ 841.752836][ T4710] loop4: p29 size 2097152 extends beyond EOD, truncated [ 841.768997][ T4710] loop4: p30 size 2097152 extends beyond EOD, truncated [ 841.816345][ T4710] loop4: p31 size 2097152 extends beyond EOD, truncated [ 841.847155][ T4710] loop4: p32 size 2097152 extends beyond EOD, truncated [ 841.884236][ T4710] loop4: p33 size 2097152 extends beyond EOD, truncated [ 841.906934][ T4710] loop4: p34 size 2097152 extends beyond EOD, truncated [ 841.926704][ T4710] loop4: p35 size 2097152 extends beyond EOD, truncated [ 841.955847][ T4710] loop4: p36 size 2097152 extends beyond EOD, truncated [ 841.978450][ T4710] loop4: p37 size 2097152 extends beyond EOD, truncated [ 842.028303][ T4710] loop4: p38 size 2097152 extends beyond EOD, truncated [ 842.058100][ T4710] loop4: p39 size 2097152 extends beyond EOD, truncated [ 842.083921][ T4710] loop4: p40 size 2097152 extends beyond EOD, truncated [ 842.108632][ T4710] loop4: p41 size 2097152 extends beyond EOD, truncated [ 842.128457][ T4710] loop4: p42 size 2097152 extends beyond EOD, truncated [ 842.146630][ T4710] loop4: p43 size 2097152 extends beyond EOD, truncated [ 842.165607][ T4710] loop4: p44 size 2097152 extends beyond EOD, truncated [ 842.178104][ T4710] loop4: p45 size 2097152 extends beyond EOD, truncated [ 842.197806][ T4710] loop4: p46 size 2097152 extends beyond EOD, truncated [ 842.212218][ T4710] loop4: p47 size 2097152 extends beyond EOD, truncated [ 842.228033][ T4710] loop4: p48 size 2097152 extends beyond EOD, truncated [ 842.252097][ T4710] loop4: p49 size 2097152 extends beyond EOD, truncated [ 842.290029][ T4710] loop4: p50 size 2097152 extends beyond EOD, truncated [ 842.315633][ T4710] loop4: p51 size 2097152 extends beyond EOD, truncated [ 842.334608][ T4710] loop4: p52 size 2097152 extends beyond EOD, truncated [ 842.345426][ T4710] loop4: p53 size 2097152 extends beyond EOD, truncated [ 842.368233][ T4710] loop4: p54 size 2097152 extends beyond EOD, truncated [ 842.380302][ T4710] loop4: p55 size 2097152 extends beyond EOD, truncated [ 842.436203][ T4710] loop4: p56 size 2097152 extends beyond EOD, truncated [ 842.446854][ T4710] loop4: p57 size 2097152 extends beyond EOD, truncated [ 842.459791][ T4710] loop4: p58 size 2097152 extends beyond EOD, truncated [ 842.473723][ T4710] loop4: p59 size 2097152 extends beyond EOD, truncated [ 842.492652][ T4710] loop4: p60 size 2097152 extends beyond EOD, truncated [ 842.507020][ T4710] loop4: p61 size 2097152 extends beyond EOD, truncated [ 842.529015][ T4710] loop4: p62 size 2097152 extends beyond EOD, truncated [ 842.545393][ T4710] loop4: p63 size 2097152 extends beyond EOD, truncated [ 842.565667][ T4710] loop4: p64 size 2097152 extends beyond EOD, truncated [ 842.588141][ T4710] loop4: p65 size 2097152 extends beyond EOD, truncated [ 842.611301][ T4710] loop4: p66 size 2097152 extends beyond EOD, truncated [ 842.631598][ T4710] loop4: p67 size 2097152 extends beyond EOD, truncated [ 842.644507][ T4710] loop4: p68 size 2097152 extends beyond EOD, truncated [ 842.670798][ T4710] loop4: p69 size 2097152 extends beyond EOD, truncated [ 842.703623][ T4710] loop4: p70 size 2097152 extends beyond EOD, truncated [ 842.735270][ T4710] loop4: p71 size 2097152 extends beyond EOD, truncated [ 842.749159][ T4710] loop4: p72 size 2097152 extends beyond EOD, truncated [ 842.809873][ T4710] loop4: p73 size 2097152 extends beyond EOD, truncated [ 842.840396][ T4710] loop4: p74 size 2097152 extends beyond EOD, truncated [ 842.850986][ T4710] loop4: p75 size 2097152 extends beyond EOD, truncated [ 842.869854][ T4710] loop4: p76 size 2097152 extends beyond EOD, truncated [ 842.888468][ T4710] loop4: p77 size 2097152 extends beyond EOD, truncated [ 842.907361][ T4710] loop4: p78 size 2097152 extends beyond EOD, truncated [ 842.934097][ T4710] loop4: p79 size 2097152 extends beyond EOD, truncated [ 842.964058][ T4710] loop4: p80 size 2097152 extends beyond EOD, truncated [ 842.978364][ T4710] loop4: p81 size 2097152 extends beyond EOD, truncated [ 843.025410][ T4710] loop4: p82 size 2097152 extends beyond EOD, truncated [ 843.039412][ T4710] loop4: p83 size 2097152 extends beyond EOD, truncated [ 843.062394][ T4710] loop4: p84 size 2097152 extends beyond EOD, truncated [ 843.084037][ T4710] loop4: p85 size 2097152 extends beyond EOD, truncated [ 843.105618][ T4710] loop4: p86 size 2097152 extends beyond EOD, truncated [ 843.106230][ T290] device hsr_slave_0 left promiscuous mode [ 843.135668][ T4710] loop4: p87 size 2097152 extends beyond EOD, truncated [ 843.146333][ T4710] loop4: p88 size 2097152 extends beyond EOD, truncated [ 843.155484][ T290] device hsr_slave_1 left promiscuous mode [ 843.171570][ T4710] loop4: p89 size 2097152 extends beyond EOD, truncated [ 843.181511][ T4710] loop4: p90 size 2097152 extends beyond EOD, truncated [ 843.211812][ T4710] loop4: p91 size 2097152 extends beyond EOD, truncated [ 843.229733][ T290] device veth1_macvtap left promiscuous mode [ 843.251397][ T4710] loop4: p92 size 2097152 extends beyond EOD, truncated [ 843.252064][ T290] device veth0_macvtap left promiscuous mode [ 843.270292][ T290] device veth1_vlan left promiscuous mode [ 843.280397][ T290] device veth0_vlan left promiscuous mode [ 843.309919][ T4710] loop4: p93 size 2097152 extends beyond EOD, truncated [ 843.328215][ T4710] loop4: p94 size 2097152 extends beyond EOD, truncated [ 843.345628][ T4710] loop4: p95 size 2097152 extends beyond EOD, truncated [ 843.356528][ T4710] loop4: p96 size 2097152 extends beyond EOD, truncated [ 843.368022][ T4710] loop4: p97 size 2097152 extends beyond EOD, truncated [ 843.388622][ T4710] loop4: p98 size 2097152 extends beyond EOD, truncated [ 843.400710][ T4710] loop4: p99 size 2097152 extends beyond EOD, truncated [ 843.412578][ T4710] loop4: p100 size 2097152 extends beyond EOD, truncated [ 843.426798][ T4710] loop4: p101 size 2097152 extends beyond EOD, truncated [ 843.452830][ T4710] loop4: p102 size 2097152 extends beyond EOD, truncated [ 843.471996][ T4710] loop4: p103 size 2097152 extends beyond EOD, truncated [ 843.488928][ T4710] loop4: p104 size 2097152 extends beyond EOD, truncated [ 843.504808][ T4710] loop4: p105 size 2097152 extends beyond EOD, truncated [ 843.554659][ T4710] loop4: p106 size 2097152 extends beyond EOD, truncated [ 843.594207][ T4710] loop4: p107 size 2097152 extends beyond EOD, truncated [ 843.626074][ T4710] loop4: p108 size 2097152 extends beyond EOD, truncated [ 843.663980][ T4710] loop4: p109 size 2097152 extends beyond EOD, truncated [ 843.695348][ T4710] loop4: p110 size 2097152 extends beyond EOD, truncated [ 843.714138][ T4710] loop4: p111 size 2097152 extends beyond EOD, truncated [ 843.744295][ T4710] loop4: p112 size 2097152 extends beyond EOD, truncated [ 843.778013][ T4710] loop4: p113 size 2097152 extends beyond EOD, truncated [ 843.804036][ T4710] loop4: p114 size 2097152 extends beyond EOD, truncated [ 843.844033][ T4710] loop4: p115 size 2097152 extends beyond EOD, truncated [ 843.876564][ T4710] loop4: p116 size 2097152 extends beyond EOD, truncated [ 843.924205][ T4710] loop4: p117 size 2097152 extends beyond EOD, truncated [ 843.953582][ T4710] loop4: p118 size 2097152 extends beyond EOD, truncated [ 843.990839][ T4710] loop4: p119 size 2097152 extends beyond EOD, truncated [ 844.016129][ T4710] loop4: p120 size 2097152 extends beyond EOD, truncated [ 844.044108][ T4710] loop4: p121 size 2097152 extends beyond EOD, truncated [ 844.063053][ T4710] loop4: p122 size 2097152 extends beyond EOD, truncated [ 844.084248][ T4710] loop4: p123 size 2097152 extends beyond EOD, truncated [ 844.126052][ T4710] loop4: p124 size 2097152 extends beyond EOD, truncated [ 844.167498][ T4710] loop4: p125 size 2097152 extends beyond EOD, truncated [ 844.194158][ T4710] loop4: p126 size 2097152 extends beyond EOD, truncated [ 844.226382][ T4710] loop4: p127 size 2097152 extends beyond EOD, truncated [ 844.263981][ T4710] loop4: p128 size 2097152 extends beyond EOD, truncated [ 844.293952][ T4710] loop4: p129 size 2097152 extends beyond EOD, truncated [ 844.316072][ T4710] loop4: p130 size 2097152 extends beyond EOD, truncated [ 844.344137][ T4710] loop4: p131 size 2097152 extends beyond EOD, truncated [ 844.384138][ T4710] loop4: p132 size 2097152 extends beyond EOD, truncated [ 844.412023][ T4710] loop4: p133 size 2097152 extends beyond EOD, truncated [ 844.451681][ T4710] loop4: p134 size 2097152 extends beyond EOD, truncated [ 844.475778][ T4710] loop4: p135 size 2097152 extends beyond EOD, truncated [ 844.512403][ T4710] loop4: p136 size 2097152 extends beyond EOD, truncated [ 844.521975][ T4710] loop4: p137 size 2097152 extends beyond EOD, truncated [ 844.544824][ T4710] loop4: p138 size 2097152 extends beyond EOD, truncated [ 844.566343][ T4710] loop4: p139 size 2097152 extends beyond EOD, truncated [ 844.585337][ T4710] loop4: p140 size 2097152 extends beyond EOD, truncated [ 844.604206][ T4710] loop4: p141 size 2097152 extends beyond EOD, truncated [ 844.632171][ T4710] loop4: p142 size 2097152 extends beyond EOD, truncated [ 844.641460][ T4710] loop4: p143 size 2097152 extends beyond EOD, truncated [ 844.663523][ T4710] loop4: p144 size 2097152 extends beyond EOD, truncated [ 844.701599][ T4710] loop4: p145 size 2097152 extends beyond EOD, truncated [ 844.711122][ T4710] loop4: p146 size 2097152 extends beyond EOD, truncated [ 844.730643][ T4710] loop4: p147 size 2097152 extends beyond EOD, truncated [ 844.748904][ T4710] loop4: p148 size 2097152 extends beyond EOD, truncated [ 844.772445][ T4710] loop4: p149 size 2097152 extends beyond EOD, truncated [ 844.792550][ T4710] loop4: p150 size 2097152 extends beyond EOD, truncated [ 844.812689][ T4710] loop4: p151 size 2097152 extends beyond EOD, truncated [ 844.831597][ T4710] loop4: p152 size 2097152 extends beyond EOD, truncated [ 844.850783][ T4710] loop4: p153 size 2097152 extends beyond EOD, truncated [ 844.869024][ T4710] loop4: p154 size 2097152 extends beyond EOD, truncated [ 844.892534][ T4710] loop4: p155 size 2097152 extends beyond EOD, truncated [ 844.910930][ T4710] loop4: p156 size 2097152 extends beyond EOD, truncated [ 844.931574][ T4710] loop4: p157 size 2097152 extends beyond EOD, truncated [ 844.951012][ T4710] loop4: p158 size 2097152 extends beyond EOD, truncated [ 844.970175][ T4710] loop4: p159 size 2097152 extends beyond EOD, truncated [ 844.994131][ T4710] loop4: p160 size 2097152 extends beyond EOD, truncated [ 845.021842][ T4710] loop4: p161 size 2097152 extends beyond EOD, truncated [ 845.040599][ T4710] loop4: p162 size 2097152 extends beyond EOD, truncated [ 845.060031][ T4710] loop4: p163 size 2097152 extends beyond EOD, truncated [ 845.081189][ T4710] loop4: p164 size 2097152 extends beyond EOD, truncated [ 845.090854][ T4710] loop4: p165 size 2097152 extends beyond EOD, truncated [ 845.112126][ T4710] loop4: p166 size 2097152 extends beyond EOD, truncated [ 845.132072][ T4710] loop4: p167 size 2097152 extends beyond EOD, truncated [ 845.150683][ T4710] loop4: p168 size 2097152 extends beyond EOD, truncated [ 845.169739][ T4710] loop4: p169 size 2097152 extends beyond EOD, truncated [ 845.200543][ T4710] loop4: p170 size 2097152 extends beyond EOD, truncated [ 845.221309][ T4710] loop4: p171 size 2097152 extends beyond EOD, truncated [ 845.241309][ T4710] loop4: p172 size 2097152 extends beyond EOD, truncated [ 845.259685][ T4710] loop4: p173 size 2097152 extends beyond EOD, truncated [ 845.278425][ T4710] loop4: p174 size 2097152 extends beyond EOD, truncated [ 845.300456][ T4710] loop4: p175 size 2097152 extends beyond EOD, truncated [ 845.321757][ T4710] loop4: p176 size 2097152 extends beyond EOD, truncated [ 845.340364][ T4710] loop4: p177 size 2097152 extends beyond EOD, truncated [ 845.359818][ T4710] loop4: p178 size 2097152 extends beyond EOD, truncated [ 845.378292][ T4710] loop4: p179 size 2097152 extends beyond EOD, truncated [ 845.400795][ T4710] loop4: p180 size 2097152 extends beyond EOD, truncated [ 845.419349][ T4710] loop4: p181 size 2097152 extends beyond EOD, truncated [ 845.440985][ T4710] loop4: p182 size 2097152 extends beyond EOD, truncated [ 845.459716][ T4710] loop4: p183 size 2097152 extends beyond EOD, truncated [ 845.479082][ T4710] loop4: p184 size 2097152 extends beyond EOD, truncated [ 845.514024][ T4710] loop4: p185 size 2097152 extends beyond EOD, truncated [ 845.541086][ T4710] loop4: p186 size 2097152 extends beyond EOD, truncated [ 845.560224][ T4710] loop4: p187 size 2097152 extends beyond EOD, truncated [ 845.570331][ T4710] loop4: p188 size 2097152 extends beyond EOD, truncated [ 845.592865][ T4710] loop4: p189 size 2097152 extends beyond EOD, truncated [ 845.612000][ T4710] loop4: p190 size 2097152 extends beyond EOD, truncated [ 845.626307][ T4710] loop4: p191 size 2097152 extends beyond EOD, truncated [ 845.648293][ T4710] loop4: p192 size 2097152 extends beyond EOD, truncated [ 845.667479][ T4710] loop4: p193 size 2097152 extends beyond EOD, truncated [ 845.678945][ T4710] loop4: p194 size 2097152 extends beyond EOD, truncated [ 845.705740][ T4710] loop4: p195 size 2097152 extends beyond EOD, truncated [ 845.725122][ T4710] loop4: p196 size 2097152 extends beyond EOD, truncated [ 845.752715][ T4710] loop4: p197 size 2097152 extends beyond EOD, truncated [ 845.764726][ T4710] loop4: p198 size 2097152 extends beyond EOD, truncated [ 845.792137][ T4710] loop4: p199 size 2097152 extends beyond EOD, truncated [ 845.804710][ T4710] loop4: p200 size 2097152 extends beyond EOD, truncated [ 845.814015][ T4710] loop4: p201 size 2097152 extends beyond EOD, truncated [ 845.823412][ T4710] loop4: p202 size 2097152 extends beyond EOD, truncated [ 845.842665][ T4710] loop4: p203 size 2097152 extends beyond EOD, truncated [ 845.860851][ T4710] loop4: p204 size 2097152 extends beyond EOD, truncated [ 845.882080][ T4710] loop4: p205 size 2097152 extends beyond EOD, truncated [ 845.902353][ T4710] loop4: p206 size 2097152 extends beyond EOD, truncated [ 845.921172][ T4710] loop4: p207 size 2097152 extends beyond EOD, truncated [ 845.939280][ T4710] loop4: p208 size 2097152 extends beyond EOD, truncated [ 845.958054][ T4710] loop4: p209 size 2097152 extends beyond EOD, truncated [ 845.976425][ T4710] loop4: p210 size 2097152 extends beyond EOD, truncated [ 845.999739][ T4710] loop4: p211 size 2097152 extends beyond EOD, truncated [ 846.017900][ T4710] loop4: p212 size 2097152 extends beyond EOD, truncated [ 846.036581][ T4710] loop4: p213 size 2097152 extends beyond EOD, truncated [ 846.054472][ T4710] loop4: p214 size 2097152 extends beyond EOD, truncated [ 846.073237][ T4710] loop4: p215 size 2097152 extends beyond EOD, truncated [ 846.105860][ T4710] loop4: p216 size 2097152 extends beyond EOD, truncated [ 846.124976][ T4710] loop4: p217 size 2097152 extends beyond EOD, truncated [ 846.144773][ T4710] loop4: p218 size 2097152 extends beyond EOD, truncated [ 846.164223][ T4710] loop4: p219 size 2097152 extends beyond EOD, truncated [ 846.184367][ T4710] loop4: p220 size 2097152 extends beyond EOD, truncated [ 846.207302][ T4710] loop4: p221 size 2097152 extends beyond EOD, truncated [ 846.220510][ T4710] loop4: p222 size 2097152 extends beyond EOD, truncated [ 846.234202][ T4710] loop4: p223 size 2097152 extends beyond EOD, truncated [ 846.246717][ T4710] loop4: p224 size 2097152 extends beyond EOD, truncated [ 846.267115][ T4710] loop4: p225 size 2097152 extends beyond EOD, truncated [ 846.289859][ T4710] loop4: p226 size 2097152 extends beyond EOD, truncated [ 846.316988][ T4710] loop4: p227 size 2097152 extends beyond EOD, truncated [ 846.334590][ T4710] loop4: p228 size 2097152 extends beyond EOD, truncated [ 846.350218][ T4710] loop4: p229 size 2097152 extends beyond EOD, truncated [ 846.367026][ T4710] loop4: p230 size 2097152 extends beyond EOD, truncated [ 846.394153][ T4710] loop4: p231 size 2097152 extends beyond EOD, truncated [ 846.425572][ T4710] loop4: p232 size 2097152 extends beyond EOD, truncated [ 846.468369][ T4710] loop4: p233 size 2097152 extends beyond EOD, truncated [ 846.483909][ T4710] loop4: p234 size 2097152 extends beyond EOD, truncated [ 846.497645][ T4710] loop4: p235 size 2097152 extends beyond EOD, truncated [ 846.517766][ T4710] loop4: p236 size 2097152 extends beyond EOD, truncated [ 846.529433][ T4710] loop4: p237 size 2097152 extends beyond EOD, truncated [ 846.556396][ T4710] loop4: p238 size 2097152 extends beyond EOD, truncated [ 846.559701][ T1] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=6/ABRT [ 846.584561][ T4710] loop4: p239 size 2097152 extends beyond EOD, truncated [ 846.595188][ T4710] loop4: p240 size 2097152 extends beyond EOD, truncated [ 846.616636][ T4710] loop4: p241 size 2097152 extends beyond EOD, truncated [ 846.634062][ T4710] loop4: p242 size 2097152 extends beyond EOD, truncated [ 846.654391][ T4710] loop4: p243 size 2097152 extends beyond EOD, truncated [ 846.676159][ T4710] loop4: p244 size 2097152 extends beyond EOD, truncated [ 846.707997][ T4710] loop4: p245 size 2097152 extends beyond EOD, truncated [ 846.735294][ T4710] loop4: p246 size 2097152 extends beyond EOD, truncated [ 846.748159][ T1] systemd[1]: systemd-journald.service: Unit entered failed state. [ 846.757486][ T4710] loop4: p247 size 2097152 extends beyond EOD, truncated [ 846.771047][ T4710] loop4: p248 size 2097152 extends beyond EOD, truncated [ 846.787279][ T1] systemd[1]: systemd-journald.service: Failed with result 'watchdog'. [ 846.796714][ T4710] loop4: p249 size 2097152 extends beyond EOD, truncated [ 846.824517][ T4710] loop4: p250 size 2097152 extends beyond EOD, truncated [ 846.836350][ T4710] loop4: p251 size 2097152 extends beyond EOD, truncated [ 846.854176][ T4710] loop4: p252 size 2097152 extends beyond EOD, truncated [ 846.868152][ T1] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 846.879135][ T4710] loop4: p253 size 2097152 extends beyond EOD, truncated [ 846.904948][ T4710] loop4: p254 size 2097152 extends beyond EOD, truncated [ 846.915840][ T4710] loop4: p255 size 2097152 extends beyond EOD, truncated 06:08:28 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x560c) 06:08:28 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x4b69) 06:08:28 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x9fff}], &(0x7f0000000000)='GPL\x00', 0x0, 0x9c, &(0x7f00000002c0)=""/156, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10000}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00') removexattr(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000003a40), 0x4) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000200)=0x2) umount2(0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xfffffef2, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 06:08:28 executing program 4: bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="030005020314af00031400000000000000000f0000000000000000075b00000000004200000000000000000000000000000000000000000000000000200055aa", 0x40, 0x1c0}]) 06:08:28 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010062"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600000000000000", @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 847.161230][ T1] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 847.230627][ T1] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 847.359713][ T1] systemd[1]: Stopped Journal Service. 06:08:28 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x560c) 06:08:28 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2}, @fwd]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000640)=""/181, 0x34, 0xb5, 0x1}, 0x20) [ 847.926380][ T1] systemd[1]: Starting Journal Service... 06:08:29 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000003800)) 06:08:29 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x560c) 06:08:30 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmsg$sock(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) [ 849.510718][T22371] systemd-journald[22371]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing. 06:08:30 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) ioctl$VT_DISALLOCATE(r0, 0x560c) 06:08:31 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) recvmsg(r0, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x40012163) 06:08:31 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x11}, 0x40) [ 850.943763][T22589] loop4: detected capacity change from 1 to 0 [ 851.101300][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 851.138802][T22589] ldm_validate_privheads(): Disk read failed. [ 851.173121][T22589] loop4: p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 851.173703][T22589] loop4: partition table partially beyond EOD, truncated [ 851.270567][T22589] loop4: p2 size 2 extends beyond EOD, truncated [ 851.667351][T22589] loop4: p4 size 2097152 extends beyond EOD, truncated [ 851.709508][T22589] loop4: p5 size 2097152 extends beyond EOD, truncated [ 851.749571][T22589] loop4: p6 size 2097152 extends beyond EOD, truncated [ 851.779873][T22589] loop4: p7 size 2097152 extends beyond EOD, truncated [ 851.809972][T22589] loop4: p8 size 2097152 extends beyond EOD, truncated [ 851.858282][T22589] loop4: p9 size 2097152 extends beyond EOD, truncated [ 851.880391][T22589] loop4: p10 size 2097152 extends beyond EOD, truncated [ 851.901525][T22589] loop4: p11 size 2097152 extends beyond EOD, truncated [ 851.931842][T22589] loop4: p12 size 2097152 extends beyond EOD, truncated [ 851.947478][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 851.971511][T22589] loop4: p13 size 2097152 extends beyond EOD, truncated [ 852.010554][T22589] loop4: p14 size 2097152 extends beyond EOD, truncated [ 852.031775][T22589] loop4: p15 size 2097152 extends beyond EOD, truncated [ 852.097098][T22589] loop4: p16 size 2097152 extends beyond EOD, truncated [ 852.109978][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.126888][T22589] loop4: p17 size 2097152 extends beyond EOD, truncated [ 852.157579][T22589] loop4: p18 size 2097152 extends beyond EOD, truncated [ 852.188901][T22589] loop4: p19 size 2097152 extends beyond EOD, truncated [ 852.219256][T22589] loop4: p20 size 2097152 extends beyond EOD, truncated [ 852.258350][T22589] loop4: p21 size 2097152 extends beyond EOD, truncated [ 852.289597][T22589] loop4: p22 size 2097152 extends beyond EOD, truncated [ 852.302204][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.318305][T22589] loop4: p23 size 2097152 extends beyond EOD, truncated [ 852.351662][T22589] loop4: p24 size 2097152 extends beyond EOD, truncated [ 852.361848][T22589] loop4: p25 size 2097152 extends beyond EOD, truncated [ 852.382224][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.391716][T22589] loop4: p26 size 2097152 extends beyond EOD, truncated [ 852.408608][T22589] loop4: p27 size 2097152 extends beyond EOD, truncated [ 852.437941][T22589] loop4: p28 size 2097152 extends beyond EOD, truncated [ 852.457455][T22589] loop4: p29 size 2097152 extends beyond EOD, truncated [ 852.469372][T22589] loop4: p30 size 2097152 extends beyond EOD, truncated [ 852.480613][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.490496][T22589] loop4: p31 size 2097152 extends beyond EOD, truncated [ 852.529470][T22589] loop4: p32 size 2097152 extends beyond EOD, truncated [ 852.539632][T22589] loop4: p33 size 2097152 extends beyond EOD, truncated [ 852.566459][T22589] loop4: p34 size 2097152 extends beyond EOD, truncated [ 852.576191][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.586676][T22589] loop4: p35 size 2097152 extends beyond EOD, truncated [ 852.624439][T22589] loop4: p36 size 2097152 extends beyond EOD, truncated [ 852.641347][T22589] loop4: p37 size 2097152 extends beyond EOD, truncated [ 852.679753][T22589] loop4: p38 size 2097152 extends beyond EOD, truncated [ 852.702562][T22589] loop4: p39 size 2097152 extends beyond EOD, truncated [ 852.716343][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.725756][T22589] loop4: p40 size 2097152 extends beyond EOD, truncated [ 852.737404][T22589] loop4: p41 size 2097152 extends beyond EOD, truncated [ 852.774181][T22589] loop4: p42 size 2097152 extends beyond EOD, truncated [ 852.784050][T22589] loop4: p43 size 2097152 extends beyond EOD, truncated [ 852.795740][T22589] loop4: p44 size 2097152 extends beyond EOD, truncated [ 852.814653][T22589] loop4: p45 size 2097152 extends beyond EOD, truncated [ 852.823140][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 852.834948][T22589] loop4: p46 size 2097152 extends beyond EOD, truncated [ 852.879768][T22589] loop4: p47 size 2097152 extends beyond EOD, truncated [ 852.912858][T22589] loop4: p48 size 2097152 extends beyond EOD, truncated [ 852.934084][T22589] loop4: p49 size 2097152 extends beyond EOD, truncated [ 852.971096][T22589] loop4: p50 size 2097152 extends beyond EOD, truncated [ 852.981544][T22589] loop4: p51 size 2097152 extends beyond EOD, truncated [ 852.991974][T22589] loop4: p52 size 2097152 extends beyond EOD, truncated [ 853.023609][ T290] bond1 (unregistering): Released all slaves [ 853.052036][T22589] loop4: p53 size 2097152 extends beyond EOD, truncated [ 853.066230][T22589] loop4: p54 size 2097152 extends beyond EOD, truncated [ 853.083089][T22589] loop4: p55 size 2097152 extends beyond EOD, truncated [ 853.104501][T22589] loop4: p56 size 2097152 extends beyond EOD, truncated [ 853.117160][T22589] loop4: p57 size 2097152 extends beyond EOD, truncated [ 853.148499][T22589] loop4: p58 size 2097152 extends beyond EOD, truncated [ 853.159382][T22589] loop4: p59 size 2097152 extends beyond EOD, truncated [ 853.182126][T22589] loop4: p60 size 2097152 extends beyond EOD, truncated [ 853.217981][T22589] loop4: p61 size 2097152 extends beyond EOD, truncated [ 853.229129][T22589] loop4: p62 size 2097152 extends beyond EOD, truncated [ 853.250396][T22589] loop4: p63 size 2097152 extends beyond EOD, truncated [ 853.281607][T22589] loop4: p64 size 2097152 extends beyond EOD, truncated [ 853.293793][T22589] loop4: p65 size 2097152 extends beyond EOD, truncated [ 853.311263][T22589] loop4: p66 size 2097152 extends beyond EOD, truncated [ 853.520441][ T290] bond0 (unregistering): Released all slaves [ 853.863572][T22589] loop4: p67 size 2097152 extends beyond EOD, truncated [ 853.917550][T22589] loop4: p68 size 2097152 extends beyond EOD, truncated [ 853.956476][T22589] loop4: p69 size 2097152 extends beyond EOD, truncated [ 853.973077][T22589] loop4: p70 size 2097152 extends beyond EOD, truncated [ 854.004512][T22589] loop4: p71 size 2097152 extends beyond EOD, truncated [ 854.015958][T22589] loop4: p72 size 2097152 extends beyond EOD, truncated [ 854.026869][T22308] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 854.046352][T22324] device bridge40 entered promiscuous mode [ 854.054672][T22589] loop4: p73 size 2097152 extends beyond EOD, truncated [ 854.093966][T22589] loop4: p74 size 2097152 extends beyond EOD, truncated [ 854.104846][T22589] loop4: p75 size 2097152 extends beyond EOD, truncated [ 854.141128][T22589] loop4: p76 size 2097152 extends beyond EOD, truncated [ 854.178530][T22318] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 854.179730][T22589] loop4: p77 size 2097152 extends beyond EOD, truncated [ 854.305784][T22589] loop4: p78 size 2097152 extends beyond EOD, truncated [ 854.344727][T22589] loop4: p79 size 2097152 extends beyond EOD, truncated [ 854.404417][T22589] loop4: p80 size 2097152 extends beyond EOD, truncated [ 854.462714][T22589] loop4: p81 size 2097152 extends beyond EOD, truncated [ 854.505122][T22589] loop4: p82 size 2097152 extends beyond EOD, truncated [ 854.520349][T22589] loop4: p83 size 2097152 extends beyond EOD, truncated [ 854.536527][T22589] loop4: p84 size 2097152 extends beyond EOD, truncated [ 854.553775][T22589] loop4: p85 size 2097152 extends beyond EOD, truncated [ 854.585646][T22589] loop4: p86 size 2097152 extends beyond EOD, truncated [ 854.619444][T22589] loop4: p87 size 2097152 extends beyond EOD, truncated [ 854.632696][T22589] loop4: p88 size 2097152 extends beyond EOD, truncated [ 854.647215][T22589] loop4: p89 size 2097152 extends beyond EOD, truncated [ 854.658604][T22589] loop4: p90 size 2097152 extends beyond EOD, truncated [ 854.671982][T22589] loop4: p91 size 2097152 extends beyond EOD, truncated [ 854.709817][T22589] loop4: p92 size 2097152 extends beyond EOD, truncated [ 854.721483][T22589] loop4: p93 size 2097152 extends beyond EOD, truncated [ 854.740309][T22589] loop4: p94 size 2097152 extends beyond EOD, truncated [ 854.811819][T22589] loop4: p95 size 2097152 extends beyond EOD, truncated [ 854.842679][T22589] loop4: p96 size 2097152 extends beyond EOD, truncated [ 854.875086][T22589] loop4: p97 size 2097152 extends beyond EOD, truncated [ 854.897535][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 854.912430][T22589] loop4: p98 size 2097152 extends beyond EOD, truncated [ 854.947127][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 854.978638][T22589] loop4: p99 size 2097152 extends beyond EOD, truncated [ 855.010176][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.025707][T22589] loop4: p100 size 2097152 extends beyond EOD, truncated [ 855.068003][T22589] loop4: p101 size 2097152 extends beyond EOD, truncated [ 855.133171][T22589] loop4: p102 size 2097152 extends beyond EOD, truncated [ 855.184205][T22589] loop4: p103 size 2097152 extends beyond EOD, truncated [ 855.211950][T22589] loop4: p104 size 2097152 extends beyond EOD, truncated [ 855.234078][T22589] loop4: p105 size 2097152 extends beyond EOD, truncated [ 855.242652][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.264030][T22589] loop4: p106 size 2097152 extends beyond EOD, truncated [ 855.290899][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.329261][T22589] loop4: p107 size 2097152 extends beyond EOD, truncated [ 855.340927][T22589] loop4: p108 size 2097152 extends beyond EOD, truncated [ 855.354626][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.364216][T22589] loop4: p109 size 2097152 extends beyond EOD, truncated [ 855.394154][T22589] loop4: p110 size 2097152 extends beyond EOD, truncated [ 855.397692][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.422715][T22589] loop4: p111 size 2097152 extends beyond EOD, truncated [ 855.440530][T22589] loop4: p112 size 2097152 extends beyond EOD, truncated [ 855.460002][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.466180][T22589] loop4: p113 size 2097152 extends beyond EOD, truncated [ 855.501353][T22589] loop4: p114 size 2097152 extends beyond EOD, truncated [ 855.529313][T22589] loop4: p115 size 2097152 extends beyond EOD, truncated [ 855.537264][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.576383][T22589] loop4: p116 size 2097152 extends beyond EOD, truncated [ 855.607355][T22589] loop4: p117 size 2097152 extends beyond EOD, truncated [ 855.631525][T22589] loop4: p118 size 2097152 extends beyond EOD, truncated [ 855.657475][T22589] loop4: p119 size 2097152 extends beyond EOD, truncated [ 855.684038][T22589] loop4: p120 size 2097152 extends beyond EOD, truncated [ 855.693898][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 855.704132][T22589] loop4: p121 size 2097152 extends beyond EOD, truncated [ 855.735215][T22589] loop4: p122 size 2097152 extends beyond EOD, truncated [ 855.750644][T22589] loop4: p123 size 2097152 extends beyond EOD, truncated [ 855.777735][T22589] loop4: p124 size 2097152 extends beyond EOD, truncated [ 855.810069][T22589] loop4: p125 size 2097152 extends beyond EOD, truncated [ 855.845347][T22589] loop4: p126 size 2097152 extends beyond EOD, truncated [ 855.878017][T22589] loop4: p127 size 2097152 extends beyond EOD, truncated [ 855.913754][T22589] loop4: p128 size 2097152 extends beyond EOD, truncated [ 855.946629][T22589] loop4: p129 size 2097152 extends beyond EOD, truncated [ 855.971709][T22589] loop4: p130 size 2097152 extends beyond EOD, truncated [ 856.003227][T22589] loop4: p131 size 2097152 extends beyond EOD, truncated [ 856.026667][T22589] loop4: p132 size 2097152 extends beyond EOD, truncated [ 856.067641][T22589] loop4: p133 size 2097152 extends beyond EOD, truncated [ 856.099867][T22589] loop4: p134 size 2097152 extends beyond EOD, truncated [ 856.128266][T22589] loop4: p135 size 2097152 extends beyond EOD, truncated [ 856.161600][T22589] loop4: p136 size 2097152 extends beyond EOD, truncated [ 856.201909][T22589] loop4: p137 size 2097152 extends beyond EOD, truncated [ 856.226587][T22589] loop4: p138 size 2097152 extends beyond EOD, truncated [ 856.264962][T22589] loop4: p139 size 2097152 extends beyond EOD, truncated [ 856.289033][T22589] loop4: p140 size 2097152 extends beyond EOD, truncated [ 856.318615][T22589] loop4: p141 size 2097152 extends beyond EOD, truncated [ 856.349334][T22589] loop4: p142 size 2097152 extends beyond EOD, truncated [ 856.365046][T22589] loop4: p143 size 2097152 extends beyond EOD, truncated [ 856.399942][T22589] loop4: p144 size 2097152 extends beyond EOD, truncated [ 856.429808][T22589] loop4: p145 size 2097152 extends beyond EOD, truncated [ 856.444143][T22589] loop4: p146 size 2097152 extends beyond EOD, truncated [ 856.468677][T22589] loop4: p147 size 2097152 extends beyond EOD, truncated [ 856.481540][T22589] loop4: p148 size 2097152 extends beyond EOD, truncated [ 856.539563][T22589] loop4: p149 size 2097152 extends beyond EOD, truncated [ 856.596265][T22713] IPVS: ftp: loaded support on port[0] = 21 [ 856.611723][ T1] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 856.638048][T22589] loop4: p150 size 2097152 extends beyond EOD, truncated [ 856.653191][T22589] loop4: p151 size 2097152 extends beyond EOD, truncated [ 856.665648][T22589] loop4: p152 size 2097152 extends beyond EOD, truncated [ 856.775116][T22589] loop4: p153 size 2097152 extends beyond EOD, truncated [ 856.794028][T22589] loop4: p154 size 2097152 extends beyond EOD, truncated [ 856.844245][T22589] loop4: p155 size 2097152 extends beyond EOD, truncated [ 856.883564][T22589] loop4: p156 size 2097152 extends beyond EOD, truncated [ 856.951376][T22589] loop4: p157 size 2097152 extends beyond EOD, truncated [ 856.986389][T22589] loop4: p158 size 2097152 extends beyond EOD, truncated [ 857.001995][T22589] loop4: p159 size 2097152 extends beyond EOD, truncated [ 857.135516][T22589] loop4: p160 size 2097152 extends beyond EOD, truncated [ 857.178961][T22589] loop4: p161 size 2097152 extends beyond EOD, truncated [ 857.182847][T22713] chnl_net:caif_netlink_parms(): no params data found [ 857.220402][T22589] loop4: p162 size 2097152 extends beyond EOD, truncated [ 857.249472][T22589] loop4: p163 size 2097152 extends beyond EOD, truncated [ 857.288551][T22589] loop4: p164 size 2097152 extends beyond EOD, truncated [ 857.308577][T22589] loop4: p165 size 2097152 extends beyond EOD, truncated [ 857.349965][T22713] bridge0: port 1(bridge_slave_0) entered blocking state [ 857.357457][T22713] bridge0: port 1(bridge_slave_0) entered disabled state [ 857.361686][T22589] loop4: p166 size 2097152 extends beyond EOD, truncated [ 857.369904][T22713] device bridge_slave_0 entered promiscuous mode [ 857.387295][T22713] bridge0: port 2(bridge_slave_1) entered blocking state [ 857.411396][T22713] bridge0: port 2(bridge_slave_1) entered disabled state [ 857.412209][T22589] loop4: p167 size 2097152 extends beyond EOD, truncated [ 857.421685][T22713] device bridge_slave_1 entered promiscuous mode [ 857.441244][T22589] loop4: p168 size 2097152 extends beyond EOD, truncated [ 857.475691][T22589] loop4: p169 size 2097152 extends beyond EOD, truncated [ 857.507477][T22713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 857.531599][T22589] loop4: p170 size 2097152 extends beyond EOD, truncated [ 857.548187][T22713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 857.564542][T22589] loop4: p171 size 2097152 extends beyond EOD, truncated [ 857.577963][T22589] loop4: p172 size 2097152 extends beyond EOD, truncated [ 857.588032][T22589] loop4: p173 size 2097152 extends beyond EOD, truncated [ 857.644302][T22589] loop4: p174 size 2097152 extends beyond EOD, truncated [ 857.667159][T22713] team0: Port device team_slave_0 added [ 857.701174][T22589] loop4: p175 size 2097152 extends beyond EOD, truncated [ 857.739534][T22713] team0: Port device team_slave_1 added [ 857.757359][T22589] loop4: p176 size 2097152 extends beyond EOD, truncated [ 857.794737][T22589] loop4: p177 size 2097152 extends beyond EOD, truncated [ 857.817508][T22589] loop4: p178 size 2097152 extends beyond EOD, truncated [ 857.847135][T22589] loop4: p179 size 2097152 extends beyond EOD, truncated [ 857.851808][T22713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 857.869769][T22713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 857.870792][T22589] loop4: p180 size 2097152 extends beyond EOD, [ 857.896022][T22713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 857.909909][T22713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 857.915699][T22589] truncated [ 857.946199][T22713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 857.964739][T22589] loop4: p181 size 2097152 extends beyond EOD, truncated [ 857.973672][T22713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 858.019443][T22589] loop4: p182 size 2097152 extends beyond EOD, truncated [ 858.052185][T22589] loop4: p183 size 2097152 extends beyond EOD, truncated [ 858.076407][T22589] loop4: p184 size 2097152 extends beyond EOD, truncated [ 858.131007][T22589] loop4: p185 size 2097152 extends beyond EOD, truncated [ 858.164649][T22589] loop4: p186 size 2097152 extends beyond EOD, truncated [ 858.210280][T22589] loop4: p187 size 2097152 extends beyond EOD, truncated [ 858.243187][T22589] loop4: p188 size 2097152 extends beyond EOD, truncated [ 858.280672][T22589] loop4: p189 size 2097152 extends beyond EOD, truncated [ 858.313158][T22713] device hsr_slave_0 entered promiscuous mode [ 858.316140][T22589] loop4: p190 size 2097152 extends beyond EOD, truncated [ 858.343627][T22713] device hsr_slave_1 entered promiscuous mode [ 858.346695][T22589] loop4: p191 size 2097152 extends beyond EOD, truncated [ 858.382632][T22589] loop4: p192 size 2097152 extends beyond EOD, truncated [ 858.385600][T22713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 858.397543][T22713] Cannot create hsr debugfs directory [ 858.403873][T22589] loop4: p193 size 2097152 extends beyond EOD, truncated [ 858.422070][T22589] loop4: p194 size 2097152 extends beyond EOD, truncated [ 858.448971][T22589] loop4: p195 size 2097152 extends beyond EOD, truncated [ 858.488805][T22589] loop4: p196 size 2097152 extends beyond EOD, truncated [ 858.522646][T22589] loop4: p197 size 2097152 extends beyond EOD, truncated [ 858.562601][T22589] loop4: p198 size 2097152 extends beyond EOD, truncated [ 858.576647][ T8925] Bluetooth: hci1: command 0x0409 tx timeout [ 858.602831][T22589] loop4: p199 size 2097152 extends beyond EOD, truncated [ 858.623933][T22589] loop4: p200 size 2097152 extends beyond EOD, truncated [ 858.638025][T22589] loop4: p201 size 2097152 extends beyond EOD, truncated [ 858.709242][T22589] loop4: p202 size 2097152 extends beyond EOD, truncated [ 858.774437][T22589] loop4: p203 size 2097152 extends beyond EOD, truncated [ 858.836588][T22589] loop4: p204 size 2097152 extends beyond EOD, truncated [ 858.871835][T22589] loop4: p205 size 2097152 extends beyond EOD, truncated [ 858.886863][T22589] loop4: p206 size 2097152 extends beyond EOD, truncated [ 858.911844][T22589] loop4: p207 size 2097152 extends beyond EOD, truncated [ 858.963636][T22589] loop4: p208 size 2097152 extends beyond EOD, truncated [ 858.975763][T22589] loop4: p209 size 2097152 extends beyond EOD, truncated [ 858.997822][T22589] loop4: p210 size 2097152 extends beyond EOD, truncated [ 859.035221][T22589] loop4: p211 size 2097152 extends beyond EOD, truncated [ 859.051231][T22589] loop4: p212 size 2097152 extends beyond EOD, truncated [ 859.079162][T22589] loop4: p213 size 2097152 extends beyond EOD, truncated [ 859.089514][T22713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 859.119017][T22589] loop4: p214 size 2097152 extends beyond EOD, truncated [ 859.138201][T22589] loop4: p215 size 2097152 extends beyond EOD, truncated [ 859.140924][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 859.160380][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 859.162219][T22589] loop4: p216 size 2097152 extends beyond EOD, truncated [ 859.182676][T22713] 8021q: adding VLAN 0 to HW filter on device team0 [ 859.224300][T22589] loop4: p217 size 2097152 extends beyond EOD, truncated [ 859.244839][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 859.269557][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 859.290816][ T8925] bridge0: port 1(bridge_slave_0) entered blocking state [ 859.304528][ T8925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 859.334483][T22589] loop4: p218 size 2097152 extends beyond EOD, truncated [ 859.359623][T22589] loop4: p219 size 2097152 extends beyond EOD, truncated [ 859.396718][T22589] loop4: p220 size 2097152 extends beyond EOD, truncated [ 859.409788][T22589] loop4: p221 size 2097152 extends beyond EOD, truncated [ 859.428189][T22713] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 859.437661][T22589] loop4: p222 size 2097152 extends beyond EOD, truncated [ 859.447783][T22713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 859.485782][T22589] loop4: p223 size 2097152 extends beyond EOD, truncated [ 859.489140][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 859.507909][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 859.509412][T22589] loop4: p224 size 2097152 extends beyond EOD, truncated [ 859.521699][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 859.537059][ T8925] bridge0: port 2(bridge_slave_1) entered blocking state [ 859.562453][ T8925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 859.568036][T22589] loop4: p225 size 2097152 extends beyond EOD, truncated [ 859.571739][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 859.596976][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 859.597605][T22589] loop4: p226 size 2097152 extends beyond EOD, truncated [ 859.608474][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 859.637243][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 859.644725][T22589] loop4: p227 size 2097152 extends beyond EOD, truncated [ 859.648640][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 859.668641][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 859.669683][T22589] loop4: p228 size 2097152 extends beyond EOD, truncated [ 859.679556][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 859.710896][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 859.714375][T22589] loop4: p229 size 2097152 extends beyond EOD, truncated [ 859.722438][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 859.738876][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 859.746935][T22589] loop4: p230 size 2097152 extends beyond EOD, truncated [ 859.774920][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 859.796521][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 859.797609][T22589] loop4: p231 size 2097152 extends beyond EOD, truncated [ 859.854521][T22589] loop4: p232 size 2097152 extends beyond EOD, truncated [ 859.907313][T22589] loop4: p233 size 2097152 extends beyond EOD, truncated [ 859.946455][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 859.958999][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 859.985260][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 860.028699][T22713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 860.053200][T22589] loop4: p234 size 2097152 extends beyond EOD, truncated [ 860.078732][T22589] loop4: p235 size 2097152 extends beyond EOD, truncated [ 860.093597][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.126926][T22589] loop4: p236 size 2097152 extends beyond EOD, truncated [ 860.142309][T22589] loop4: p237 size 2097152 extends beyond EOD, truncated [ 860.152747][T22589] loop4: p238 size 2097152 extends beyond EOD, truncated [ 860.174251][T22589] loop4: p239 size 2097152 extends beyond EOD, truncated [ 860.185637][T22589] loop4: p240 size 2097152 extends beyond EOD, truncated [ 860.187518][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.210805][T22589] loop4: p241 size 2097152 extends beyond EOD, truncated [ 860.242197][T22589] loop4: p242 size 2097152 extends beyond EOD, truncated [ 860.275776][T22589] loop4: p243 size 2097152 extends beyond EOD, truncated [ 860.286322][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.317460][T22589] loop4: p244 size 2097152 extends beyond EOD, truncated [ 860.330941][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 860.338651][T22589] loop4: p245 size 2097152 extends beyond EOD, truncated [ 860.343955][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 860.365757][T22589] loop4: p246 size 2097152 extends beyond EOD, truncated [ 860.377605][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.391462][T22589] loop4: p247 size 2097152 extends beyond EOD, truncated [ 860.424263][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 860.425755][T22589] loop4: p248 size 2097152 extends beyond EOD, truncated [ 860.435963][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 860.463182][T22589] loop4: p249 size 2097152 extends beyond EOD, truncated [ 860.468135][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 860.481102][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 860.483599][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.499713][T22589] loop4: p250 size 2097152 extends beyond EOD, truncated [ 860.509295][T22589] loop4: p251 size 2097152 extends beyond EOD, truncated [ 860.528027][T22713] device veth0_vlan entered promiscuous mode [ 860.541210][T22589] loop4: p252 size 2097152 extends beyond EOD, truncated [ 860.563119][T22589] loop4: p253 size 2097152 extends beyond EOD, truncated [ 860.578831][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.585439][T22713] device veth1_vlan entered promiscuous mode [ 860.591361][T22589] loop4: p254 size 2097152 extends beyond EOD, truncated [ 860.624676][T22589] loop4: p255 size 2097152 extends beyond EOD, truncated [ 860.653366][ T8463] Bluetooth: hci1: command 0x041b tx timeout [ 860.661206][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.672736][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 860.701667][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 860.722673][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 860.734533][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 860.765681][T22713] device veth0_macvtap entered promiscuous mode [ 860.794696][T22713] device veth1_macvtap entered promiscuous mode [ 860.819806][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.862228][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 860.886045][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.896714][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 860.907513][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.917672][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 860.928438][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.938754][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 860.949518][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.954248][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 860.960346][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 860.979242][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.993181][T22713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 861.028804][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 861.054611][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 861.064013][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 861.074362][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 861.136522][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 861.149309][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.167224][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 861.178746][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.189061][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 861.199839][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.210497][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 861.222332][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.232688][T22713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 861.247437][T22713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.261361][T22713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 861.286705][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 861.311032][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 861.751714][ T1220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 861.769798][ T1220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 861.781656][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 861.880670][ T1220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 861.896537][ T1220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 861.925972][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 862.435776][T23294] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 862.478071][T23294] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 862.491289][T23294] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 862.518621][T23294] device bridge_slave_0 left promiscuous mode [ 862.528867][T23294] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.581953][T23294] device bridge_slave_1 left promiscuous mode [ 862.590235][T23294] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.728702][ T4710] ldm_validate_privheads(): Disk read failed. [ 862.738372][T23294] bond0: (slave bond_slave_0): Releasing backup interface [ 862.769887][ T4710] loop4: p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 862.788588][ T4710] loop4: partition table partially beyond EOD, truncated [ 862.886026][ T4710] loop4: p2 size 2 extends beyond EOD, truncated [ 862.901679][ T8463] Bluetooth: hci1: command 0x040f tx timeout [ 862.924778][ T4710] loop4: p4 size 2097152 extends beyond EOD, truncated [ 862.934943][ T4710] loop4: p5 size 2097152 extends beyond EOD, truncated [ 862.971508][ T4710] loop4: p6 size 2097152 extends beyond EOD, truncated [ 862.981939][ T4710] loop4: p7 size 2097152 extends beyond EOD, truncated [ 862.992210][ T4710] loop4: p8 size 2097152 extends beyond EOD, truncated [ 863.015013][ T4710] loop4: p9 size 2097152 extends beyond EOD, truncated [ 863.058106][ T4710] loop4: p10 size 2097152 extends beyond EOD, truncated [ 863.124219][ T4710] loop4: p11 size 2097152 extends beyond EOD, truncated [ 863.174482][ T4710] loop4: p12 size 2097152 extends beyond EOD, truncated [ 863.191298][ T4710] loop4: p13 size 2097152 extends beyond EOD, truncated [ 863.239136][ T4710] loop4: p14 size 2097152 extends beyond EOD, truncated [ 863.269859][T23294] bond0: (slave bond_slave_1): Releasing backup interface [ 863.286555][ T4710] loop4: p15 size 2097152 extends beyond EOD, truncated [ 863.329918][ T4710] loop4: p16 size 2097152 extends beyond EOD, truncated [ 863.373993][ T4710] loop4: p17 size 2097152 extends beyond EOD, truncated [ 863.413506][ T4710] loop4: p18 size 2097152 extends beyond EOD, truncated [ 863.452792][ T4710] loop4: p19 size 2097152 extends beyond EOD, truncated [ 863.516669][ T4710] loop4: p20 size 2097152 extends beyond EOD, truncated [ 863.530891][ T4710] loop4: p21 size 2097152 extends beyond EOD, truncated [ 863.604637][ T4710] loop4: p22 size 2097152 extends beyond EOD, truncated [ 863.674199][ T4710] loop4: p23 size 2097152 extends beyond EOD, truncated [ 863.708091][T23294] team0: Port device team_slave_0 removed [ 863.752363][ T4710] loop4: p24 size 2097152 extends beyond EOD, truncated [ 863.775295][ T4710] loop4: p25 size 2097152 extends beyond EOD, truncated [ 863.833945][ T4710] loop4: p26 size 2097152 extends beyond EOD, truncated [ 863.865877][ T4710] loop4: p27 size 2097152 extends beyond EOD, truncated [ 863.902725][ T4710] loop4: p28 size 2097152 extends beyond EOD, truncated [ 863.964438][ T4710] loop4: p29 size 2097152 extends beyond EOD, truncated [ 864.045608][ T4710] loop4: p30 size 2097152 extends beyond EOD, truncated [ 864.077993][T23294] team0: Port device team_slave_1 removed [ 864.102357][T23294] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 864.126518][T23294] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 864.164024][ T4710] loop4: p31 size 2097152 extends beyond EOD, truncated [ 864.214071][ T4710] loop4: p32 size 2097152 extends beyond EOD, truncated [ 864.282270][T23294] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 864.315988][T23294] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 864.347732][ T4710] loop4: p33 size 2097152 extends beyond EOD, truncated [ 864.376042][ T4710] loop4: p34 size 2097152 extends beyond EOD, truncated [ 864.391239][ T4710] loop4: p35 size 2097152 extends beyond EOD, truncated [ 864.402149][ T4710] loop4: p36 size 2097152 extends beyond EOD, truncated [ 864.459552][ T4710] loop4: p37 size 2097152 extends beyond EOD, truncated [ 864.514329][ T4710] loop4: p38 size 2097152 extends beyond EOD, truncated [ 864.529021][ T4710] loop4: p39 size 2097152 extends beyond EOD, truncated [ 864.554127][ T4710] loop4: p40 size 2097152 extends beyond EOD, truncated 06:08:45 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)={@multicast1, @broadcast, 0x0, 0x400000000000020a, [@rand_addr, @rand_addr]}, 0x14) 06:08:45 executing program 2: socketpair(0x1d, 0x0, 0x1, &(0x7f00000000c0)) 06:08:45 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010062"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:45 executing program 4: bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="030005020314af00031400000000000000000f0000000000000000075b00000000004200000000000000000000000000000000000000000000000000200055aa", 0x40, 0x1c0}]) 06:08:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 864.576512][ T4710] loop4: p41 size 2097152 extends beyond EOD, truncated [ 864.587128][ T4710] loop4: p42 size 2097152 extends beyond EOD, truncated [ 864.668708][ T4710] loop4: p43 size 2097152 extends beyond EOD, truncated [ 864.731339][ T4710] loop4: p44 size 2097152 extends beyond EOD, truncated [ 864.791534][T23390] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 864.810694][T23389] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 864.816209][ T4710] loop4: p45 size 2097152 extends beyond EOD, truncated [ 864.872043][T23391] device bridge40 entered promiscuous mode [ 864.975008][ T8464] Bluetooth: hci1: command 0x0419 tx timeout 06:08:45 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f0000000300)={0x2, 0x0, @local}, 0x10) 06:08:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00*\x00\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f'], 0x24}}, 0x0) [ 865.040506][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 865.070779][ T4710] loop4: p46 size 2097152 extends beyond EOD, truncated [ 865.113634][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 865.152462][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. 06:08:46 executing program 2: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x38}}, 0x0) [ 865.170024][ T4710] loop4: p47 size 2097152 extends beyond EOD, truncated 06:08:46 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010062"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 865.264818][ T4710] loop4: p48 size 2097152 extends beyond EOD, truncated [ 865.277345][ T4710] loop4: p49 size 2097152 extends beyond EOD, truncated [ 865.324464][ T4710] loop4: p50 size 2097152 extends beyond EOD, truncated [ 865.333836][ T4710] loop4: p51 size 2097152 extends beyond EOD, truncated [ 865.342868][ T4710] loop4: p52 size 2097152 extends beyond EOD, truncated [ 865.381104][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 865.394539][ T4710] loop4: p53 size 2097152 extends beyond EOD, truncated [ 865.439917][ T4710] loop4: p54 size 2097152 extends beyond EOD, truncated [ 865.529350][ T4710] loop4: p55 size 2097152 extends beyond EOD, truncated [ 865.577277][ T4710] loop4: p56 size 2097152 extends beyond EOD, truncated [ 865.626985][ T4710] loop4: p57 size 2097152 extends beyond EOD, truncated [ 865.637729][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 865.652630][ T4710] loop4: p58 size 2097152 extends beyond EOD, truncated [ 865.734025][ T4710] loop4: p59 size 2097152 extends beyond EOD, truncated [ 865.775602][ T4710] loop4: p60 size 2097152 extends beyond EOD, truncated 06:08:46 executing program 1: accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0)) [ 865.823670][ T4710] loop4: p61 size 2097152 extends beyond EOD, truncated [ 865.838339][ T4710] loop4: p62 size 2097152 extends beyond EOD, truncated 06:08:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 865.894626][ T4710] loop4: p63 size 2097152 extends beyond EOD, truncated [ 865.934617][ T4710] loop4: p64 size 2097152 extends beyond EOD, truncated [ 865.944048][ T4710] loop4: p65 size 2097152 extends beyond EOD, truncated [ 865.962788][ T4710] loop4: p66 size 2097152 extends beyond EOD, truncated 06:08:46 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89a1, &(0x7f0000001ec0)={'syztnl1\x00', 0x0}) [ 866.023981][ T4710] loop4: p67 size 2097152 extends beyond EOD, truncated [ 866.032277][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 866.065023][ T4710] loop4: p68 size 2097152 extends beyond EOD, truncated 06:08:47 executing program 2: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000540)='/dev/dlm-monitor\x00', 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x1800) [ 866.132382][T23434] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 866.134030][ T4710] loop4: p69 size 2097152 extends beyond EOD, truncated [ 866.192848][ T4710] loop4: p70 size 2097152 extends beyond EOD, truncated [ 866.206147][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 866.230745][ T4710] loop4: p71 size 2097152 extends beyond EOD, truncated [ 866.252777][T23439] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 866.289489][ T4710] loop4: p72 size 2097152 extends beyond EOD, truncated [ 866.311026][T23439] device bridge40 entered promiscuous mode [ 866.338382][ T4710] loop4: p73 size 2097152 extends beyond EOD, truncated [ 866.351158][ T4710] loop4: p74 size 2097152 extends beyond EOD, truncated 06:08:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0x0, 0x0, 0xb1a5, 0x8, 0x0, "802f09d91808fe8ed02d26bef8ed05e974d29f"}) [ 866.390861][ T4710] loop4: p75 size 2097152 extends beyond EOD, truncated [ 866.402275][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 866.425445][ T4710] loop4: p76 size 2097152 extends beyond EOD, truncated 06:08:47 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010062726964"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 866.506399][ T4710] loop4: p77 size 2097152 extends beyond EOD, truncated [ 866.538812][ T4710] loop4: p78 size 2097152 extends beyond EOD, truncated [ 866.593028][ T4710] loop4: p79 size 2097152 extends beyond EOD, truncated [ 866.637425][ T4710] loop4: p80 size 2097152 extends beyond EOD, truncated [ 866.662740][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 866.684503][ T4710] loop4: p81 size 2097152 extends beyond EOD, truncated [ 866.715622][ T4710] loop4: p82 size 2097152 extends beyond EOD, truncated [ 866.797313][ T4710] loop4: p83 size 2097152 extends beyond EOD, truncated [ 866.850767][ T4710] loop4: p84 size 2097152 extends beyond EOD, truncated [ 866.893077][ T4710] loop4: p85 size 2097152 extends beyond EOD, truncated [ 866.908442][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 866.931552][ T4710] loop4: p86 size 2097152 extends beyond EOD, truncated [ 866.987848][ T4710] loop4: p87 size 2097152 extends beyond EOD, truncated [ 867.016159][ T4710] loop4: p88 size 2097152 extends beyond EOD, truncated [ 867.036380][ T4710] loop4: p89 size 2097152 extends beyond EOD, truncated [ 867.073802][ T4710] loop4: p90 size 2097152 extends beyond EOD, truncated [ 867.082243][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 867.093855][ T4710] loop4: p91 size 2097152 extends beyond EOD, truncated [ 867.117901][ T4710] loop4: p92 size 2097152 extends beyond EOD, truncated [ 867.156561][ T4710] loop4: p93 size 2097152 extends beyond EOD, truncated [ 867.180378][ T4710] loop4: p94 size 2097152 extends beyond EOD, truncated [ 867.189502][T23472] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 867.242464][ T4710] loop4: p95 size 2097152 extends beyond EOD, truncated [ 867.274026][ T4710] loop4: p96 size 2097152 extends beyond EOD, truncated [ 867.283124][ T4710] loop4: p97 size 2097152 extends beyond EOD, truncated [ 867.306799][ T4710] loop4: p98 size 2097152 extends beyond EOD, truncated [ 867.334020][ T4710] loop4: p99 size 2097152 extends beyond EOD, truncated [ 867.357202][ T4710] loop4: p100 size 2097152 extends beyond EOD, truncated [ 867.404976][ T4710] loop4: p101 size 2097152 extends beyond EOD, truncated [ 867.424028][ T4710] loop4: p102 size 2097152 extends beyond EOD, truncated [ 867.454522][ T4710] loop4: p103 size 2097152 extends beyond EOD, truncated [ 867.495087][ T4710] loop4: p104 size 2097152 extends beyond EOD, truncated [ 867.524701][ T4710] loop4: p105 size 2097152 extends beyond EOD, truncated [ 867.548489][ T4710] loop4: p106 size 2097152 extends beyond EOD, truncated [ 867.591397][ T4710] loop4: p107 size 2097152 extends beyond EOD, truncated [ 867.613964][ T4710] loop4: p108 size 2097152 extends beyond EOD, truncated [ 867.644469][ T4710] loop4: p109 size 2097152 extends beyond EOD, truncated [ 867.683026][ T4710] loop4: p110 size 2097152 extends beyond EOD, truncated [ 867.700036][ T4710] loop4: p111 size 2097152 extends beyond EOD, truncated [ 867.734036][ T4710] loop4: p112 size 2097152 extends beyond EOD, truncated [ 867.752693][ T4710] loop4: p113 size 2097152 extends beyond EOD, truncated [ 867.768109][ T4710] loop4: p114 size 2097152 extends beyond EOD, truncated [ 867.834015][ T4710] loop4: p115 size 2097152 extends beyond EOD, truncated [ 867.864087][ T4710] loop4: p116 size 2097152 extends beyond EOD, truncated [ 867.902830][ T4710] loop4: p117 size 2097152 extends beyond EOD, truncated [ 867.948481][ T4710] loop4: p118 size 2097152 extends beyond EOD, truncated [ 867.984094][ T4710] loop4: p119 size 2097152 extends beyond EOD, truncated [ 868.042548][ T4710] loop4: p120 size 2097152 extends beyond EOD, truncated [ 868.074473][ T4710] loop4: p121 size 2097152 extends beyond EOD, truncated [ 868.128893][ T4710] loop4: p122 size 2097152 extends beyond EOD, truncated [ 868.184566][ T4710] loop4: p123 size 2097152 extends beyond EOD, truncated [ 868.204196][ T4710] loop4: p124 size 2097152 extends beyond EOD, truncated [ 868.226806][ T4710] loop4: p125 size 2097152 extends beyond EOD, truncated [ 868.263562][ T4710] loop4: p126 size 2097152 extends beyond EOD, truncated [ 868.284673][ T4710] loop4: p127 size 2097152 extends beyond EOD, truncated [ 868.306243][ T4710] loop4: p128 size 2097152 extends beyond EOD, truncated [ 868.374056][ T4710] loop4: p129 size 2097152 extends beyond EOD, truncated [ 868.404086][ T4710] loop4: p130 size 2097152 extends beyond EOD, truncated [ 868.427524][ T4710] loop4: p131 size 2097152 extends beyond EOD, truncated [ 868.483898][ T4710] loop4: p132 size 2097152 extends beyond EOD, truncated [ 868.503399][ T4710] loop4: p133 size 2097152 extends beyond EOD, truncated [ 868.523887][ T4710] loop4: p134 size 2097152 extends beyond EOD, truncated [ 868.559346][ T4710] loop4: p135 size 2097152 extends beyond EOD, truncated [ 868.605853][ T4710] loop4: p136 size 2097152 extends beyond EOD, truncated [ 868.626275][ T4710] loop4: p137 size 2097152 extends beyond EOD, truncated [ 868.658675][ T4710] loop4: p138 size 2097152 extends beyond EOD, truncated [ 868.700554][ T4710] loop4: p139 size 2097152 extends beyond EOD, truncated [ 868.744677][ T4710] loop4: p140 size 2097152 extends beyond EOD, truncated [ 868.788629][ T4710] loop4: p141 size 2097152 extends beyond EOD, truncated [ 868.813618][ T4710] loop4: p142 size 2097152 extends beyond EOD, truncated [ 868.845450][ T4710] loop4: p143 size 2097152 extends beyond EOD, truncated [ 868.872179][ T4710] loop4: p144 size 2097152 extends beyond EOD, truncated [ 868.923652][ T4710] loop4: p145 size 2097152 extends beyond EOD, truncated [ 868.963898][ T4710] loop4: p146 size 2097152 extends beyond EOD, truncated [ 868.993147][ T4710] loop4: p147 size 2097152 extends beyond EOD, truncated [ 869.032272][ T4710] loop4: p148 size 2097152 extends beyond EOD, truncated [ 869.066215][ T4710] loop4: p149 size 2097152 extends beyond EOD, truncated [ 869.091985][ T4710] loop4: p150 size 2097152 extends beyond EOD, truncated [ 869.119965][ T4710] loop4: p151 size 2097152 extends beyond EOD, truncated [ 869.148692][ T4710] loop4: p152 size 2097152 extends beyond EOD, truncated [ 869.180549][ T4710] loop4: p153 size 2097152 extends beyond EOD, truncated [ 869.218750][ T4710] loop4: p154 size 2097152 extends beyond EOD, truncated [ 869.256694][ T4710] loop4: p155 size 2097152 extends beyond EOD, truncated [ 869.291672][ T4710] loop4: p156 size 2097152 extends beyond EOD, truncated [ 869.301106][ T4710] loop4: p157 size 2097152 extends beyond EOD, truncated [ 869.333032][ T4710] loop4: p158 size 2097152 extends beyond EOD, truncated [ 869.350707][ T4710] loop4: p159 size 2097152 extends beyond EOD, truncated [ 869.381548][ T4710] loop4: p160 size 2097152 extends beyond EOD, truncated [ 869.414128][ T4710] loop4: p161 size 2097152 extends beyond EOD, truncated [ 869.433822][ T4710] loop4: p162 size 2097152 extends beyond EOD, truncated [ 869.461555][ T4710] loop4: p163 size 2097152 extends beyond EOD, truncated [ 869.500672][ T4710] loop4: p164 size 2097152 extends beyond EOD, truncated [ 869.533768][ T4710] loop4: p165 size 2097152 extends beyond EOD, truncated [ 869.544308][ T4710] loop4: p166 size 2097152 extends beyond EOD, truncated [ 869.580777][ T4710] loop4: p167 size 2097152 extends beyond EOD, truncated [ 869.597562][ T4710] loop4: p168 size 2097152 extends beyond EOD, truncated [ 869.622513][ T4710] loop4: p169 size 2097152 extends beyond EOD, truncated [ 869.632829][ T4710] loop4: p170 size 2097152 extends beyond EOD, truncated [ 869.672381][ T4710] loop4: p171 size 2097152 extends beyond EOD, truncated [ 870.231281][ T4710] loop4: p172 size 2097152 extends beyond EOD, truncated [ 870.241888][ T4710] loop4: p173 size 2097152 extends beyond EOD, truncated [ 870.263689][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 870.264269][ T4710] loop4: p174 size 2097152 extends beyond EOD, truncated [ 870.355714][ T4710] loop4: p175 size 2097152 extends beyond EOD, truncated [ 870.384260][ T4710] loop4: p176 size 2097152 extends beyond EOD, truncated [ 870.443819][ T4710] loop4: p177 size 2097152 extends beyond EOD, truncated [ 870.499896][ T4710] loop4: p178 size 2097152 extends beyond EOD, truncated [ 870.534528][ T4710] loop4: p179 size 2097152 extends beyond EOD, truncated [ 870.608260][ T4710] loop4: p180 size 2097152 extends beyond EOD, truncated [ 870.652252][ T4710] loop4: p181 size 2097152 extends beyond EOD, truncated [ 870.674708][ T4710] loop4: p182 size 2097152 extends beyond EOD, truncated [ 870.745860][ T4710] loop4: p183 size 2097152 extends beyond EOD, truncated [ 870.774031][ T4710] loop4: p184 size 2097152 extends beyond EOD, truncated [ 870.820551][ T4710] loop4: p185 size 2097152 extends beyond EOD, truncated [ 870.861760][ T4710] loop4: p186 size 2097152 extends beyond EOD, truncated [ 870.874598][ T4710] loop4: p187 size 2097152 extends beyond EOD, truncated [ 870.937479][ T4710] loop4: p188 size 2097152 extends beyond EOD, truncated [ 870.995866][ T4710] loop4: p189 size 2097152 extends beyond EOD, truncated [ 871.025342][ T4710] loop4: p190 size 2097152 extends beyond EOD, truncated [ 871.048495][ T4710] loop4: p191 size 2097152 extends beyond EOD, truncated [ 871.084213][ T4710] loop4: p192 size 2097152 extends beyond EOD, truncated [ 871.115193][ T4710] loop4: p193 size 2097152 extends beyond EOD, truncated [ 871.140490][ T4710] loop4: p194 size 2097152 extends beyond EOD, truncated [ 871.160960][ T4710] loop4: p195 size 2097152 extends beyond EOD, truncated [ 871.194907][ T4710] loop4: p196 size 2097152 extends beyond EOD, truncated [ 871.204920][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.217831][ T4710] loop4: p197 size 2097152 extends beyond EOD, truncated [ 871.252974][ T4710] loop4: p198 size 2097152 extends beyond EOD, truncated [ 871.309922][ T4710] loop4: p199 size 2097152 extends beyond EOD, truncated [ 871.345946][ T4710] loop4: p200 size 2097152 extends beyond EOD, truncated [ 871.351823][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.361048][ T4710] loop4: p201 size 2097152 extends beyond EOD, truncated [ 871.390826][ T4710] loop4: p202 size 2097152 extends beyond EOD, truncated [ 871.410784][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.414526][ T4710] loop4: p203 size 2097152 extends beyond EOD, truncated [ 871.446428][ T4710] loop4: p204 size 2097152 extends beyond EOD, truncated [ 871.452267][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.465355][ T4710] loop4: p205 size 2097152 extends beyond EOD, truncated [ 871.508657][ T4710] loop4: p206 size 2097152 extends beyond EOD, truncated [ 871.548709][ T4710] loop4: p207 size 2097152 extends beyond EOD, truncated [ 871.561665][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.564539][ T4710] loop4: p208 size 2097152 extends beyond EOD, truncated [ 871.600762][ T4710] loop4: p209 size 2097152 extends beyond EOD, truncated [ 871.620482][ T4710] loop4: p210 size 2097152 extends beyond EOD, truncated [ 871.624681][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.630788][ T4710] loop4: p211 size 2097152 extends beyond EOD, truncated [ 871.664007][ T4710] loop4: p212 size 2097152 extends beyond EOD, truncated [ 871.677286][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.684716][ T4710] loop4: p213 size 2097152 extends beyond EOD, truncated [ 871.718381][ T4710] loop4: p214 size 2097152 extends beyond EOD, truncated [ 871.731117][ T4710] loop4: p215 size 2097152 extends beyond EOD, truncated [ 871.743132][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.748641][ T4710] loop4: p216 size 2097152 extends beyond EOD, truncated [ 871.780950][ T4710] loop4: p217 size 2097152 extends beyond EOD, truncated [ 871.792030][ T4710] loop4: p218 size 2097152 extends beyond EOD, truncated [ 871.809089][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 871.843709][ T4710] loop4: p219 size 2097152 extends beyond EOD, truncated [ 871.879244][ T4710] loop4: p220 size 2097152 extends beyond EOD, truncated [ 871.892473][ T4710] loop4: p221 size 2097152 extends beyond EOD, truncated [ 871.938653][ T4710] loop4: p222 size 2097152 extends beyond EOD, truncated [ 871.977483][ T4710] loop4: p223 size 2097152 extends beyond EOD, truncated [ 871.999118][ T4710] loop4: p224 size 2097152 extends beyond EOD, truncated [ 872.049588][ T4710] loop4: p225 size 2097152 extends beyond EOD, truncated [ 872.060239][ T4710] loop4: p226 size 2097152 extends beyond EOD, truncated [ 872.077169][ T4710] loop4: p227 size 2097152 extends beyond EOD, truncated [ 872.093143][T23572] IPVS: ftp: loaded support on port[0] = 21 [ 872.101901][ T4710] loop4: p228 size 2097152 extends beyond EOD, truncated [ 872.138409][ T4710] loop4: p229 size 2097152 extends beyond EOD, truncated [ 872.159539][ T4710] loop4: p230 size 2097152 extends beyond EOD, truncated [ 872.175070][ T4710] loop4: p231 size 2097152 extends beyond EOD, truncated [ 872.195807][ T4710] loop4: p232 size 2097152 extends beyond EOD, truncated [ 872.207202][ T4710] loop4: p233 size 2097152 extends beyond EOD, truncated [ 872.236687][ T4710] loop4: p234 size 2097152 extends beyond EOD, truncated [ 872.249366][ T4710] loop4: p235 size 2097152 extends beyond EOD, truncated [ 872.262456][ T4710] loop4: p236 size 2097152 extends beyond EOD, truncated [ 872.274724][ T4710] loop4: p237 size 2097152 extends beyond EOD, truncated [ 872.285713][ T4710] loop4: p238 size 2097152 extends beyond EOD, truncated [ 872.312188][ T4710] loop4: p239 size 2097152 extends beyond EOD, truncated [ 872.345611][ T4710] loop4: p240 size 2097152 extends beyond EOD, truncated [ 872.366563][ T4710] loop4: p241 size 2097152 extends beyond EOD, truncated [ 872.396996][ T4710] loop4: p242 size 2097152 extends beyond EOD, truncated [ 872.498383][ T4710] loop4: p243 size 2097152 extends beyond EOD, truncated [ 872.579813][ T4710] loop4: p244 size 2097152 extends beyond EOD, truncated [ 872.605209][ T4710] loop4: p245 size 2097152 extends beyond EOD, truncated [ 872.616987][T23572] chnl_net:caif_netlink_parms(): no params data found [ 872.653762][ T4710] loop4: p246 size 2097152 extends beyond EOD, truncated [ 872.666734][ T4710] loop4: p247 size 2097152 extends beyond EOD, truncated [ 872.700651][ T4710] loop4: p248 size 2097152 extends beyond EOD, truncated [ 872.736852][ T4710] loop4: p249 size 2097152 extends beyond EOD, truncated [ 872.751700][ T4710] loop4: p250 size 2097152 extends beyond EOD, truncated [ 872.771790][ T4710] loop4: p251 size 2097152 extends beyond EOD, truncated [ 872.818166][T23572] bridge0: port 1(bridge_slave_0) entered blocking state [ 872.824411][ T4710] loop4: p252 size 2097152 extends beyond EOD, truncated [ 872.825836][T23572] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.845965][T23572] device bridge_slave_0 entered promiscuous mode [ 872.879170][ T4710] loop4: p253 size 2097152 extends beyond EOD, truncated [ 872.879663][T23572] bridge0: port 2(bridge_slave_1) entered blocking state [ 872.894214][T23572] bridge0: port 2(bridge_slave_1) entered disabled state [ 872.900379][ T4710] loop4: p254 size 2097152 extends beyond EOD, truncated [ 872.903957][T23572] device bridge_slave_1 entered promiscuous mode [ 872.939935][ T4710] loop4: p255 size 2097152 extends beyond EOD, truncated [ 872.985642][T23572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 873.053190][T23572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 873.142921][T23572] team0: Port device team_slave_0 added [ 873.166130][T23572] team0: Port device team_slave_1 added [ 873.257245][T23572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 873.264998][T23572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 873.291887][T23572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 873.309914][T23572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 873.317161][T23572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 873.368081][T23572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 873.490532][T23572] device hsr_slave_0 entered promiscuous mode [ 873.547863][T23572] device hsr_slave_1 entered promiscuous mode [ 873.558006][T23572] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 873.579117][T23572] Cannot create hsr debugfs directory [ 874.100687][T11438] Bluetooth: hci1: command 0x0409 tx timeout [ 874.806166][T23572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 874.873812][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 874.886473][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 874.924970][T23572] 8021q: adding VLAN 0 to HW filter on device team0 [ 874.981194][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 874.991660][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 875.001644][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state [ 875.016451][ T8464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 875.026661][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 875.046190][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 875.055557][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state [ 875.062843][ T8464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 875.171827][T23572] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 875.185678][T23572] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 875.221010][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 875.230696][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 875.241971][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 875.260175][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 875.270624][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 875.281407][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 875.291936][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 875.302279][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 875.317942][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 875.328348][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 875.337935][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 06:08:56 executing program 4: bind$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="030005020314af00031400000000000000000f0000000000000000075b00000000004200000000000000000000000000000000000000000000000000200055aa", 0x40, 0x1c0}]) 06:08:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x5e) 06:08:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:08:56 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010062726964"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:56 executing program 2: fork() wait4(0x0, 0x0, 0x40000000, 0x0) [ 875.414391][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 875.479271][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 875.509115][T23572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 875.564405][T24100] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 875.616219][T24107] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 875.698718][T24107] device bridge40 entered promiscuous mode 06:08:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x19) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup2(r1, r0) [ 875.739499][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 875.882065][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 875.892697][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 875.901739][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 875.912540][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 875.917322][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 876.163810][ T18] Bluetooth: hci1: command 0x041b tx timeout 06:08:57 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010062726964"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:08:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 876.267104][T24120] loop4: detected capacity change from 1 to 0 [ 876.366405][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 876.435858][T24120] ldm_validate_privheads(): Disk read failed. [ 876.470352][T24120] loop4: p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 876.470783][T24120] loop4: partition table partially beyond EOD, truncated [ 876.569528][T24120] loop4: p2 size 2 extends beyond EOD, truncated 06:08:57 executing program 2: setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f00000000c0)='od\xc2\x10\xd3\xebU/Q8\x94\x87\xd3e\x81lbus/us\xec\x1d~\xe1\xf5\xea,kvr*|B\xfd\xc5p\bX\xe6\xb2:[', 0xffffffffffffffab) [ 876.640429][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 876.650904][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 06:08:57 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000000)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@huge_advise='huge=advise'}, {@huge_always='huge=always'}, {@mpol={'mpol', 0x3d, {'interleave', '', @void}}}, {@size={'size', 0x3d, [0x0]}}]}) [ 876.780272][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 876.812707][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 876.834156][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 876.862824][T23572] device veth0_vlan entered promiscuous mode [ 876.930390][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 876.936003][T24136] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 876.961847][T24137] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 876.972684][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 876.982015][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 877.011119][T24139] device bridge40 entered promiscuous mode [ 877.051007][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 877.092946][T24120] loop4: p4 size 2097152 extends beyond EOD, truncated [ 877.106156][T24120] loop4: p5 size 2097152 extends beyond EOD, truncated [ 877.117019][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 877.142370][T24120] loop4: p6 size 2097152 extends beyond EOD, truncated [ 877.162133][T24120] loop4: p7 size 2097152 extends beyond EOD, truncated [ 877.175928][T23572] device veth1_vlan entered promiscuous mode [ 877.187203][T24120] loop4: p8 size 2097152 extends beyond EOD, truncated [ 877.242003][T24120] loop4: p9 size 2097152 extends beyond EOD, truncated [ 877.259538][T24120] loop4: p10 size 2097152 extends beyond EOD, truncated [ 877.272421][T24120] loop4: p11 size 2097152 extends beyond EOD, truncated [ 877.308286][T24120] loop4: p12 size 2097152 extends beyond EOD, truncated [ 877.449161][T24120] loop4: p13 size 2097152 extends beyond EOD, truncated [ 877.514803][T24120] loop4: p14 size 2097152 extends beyond EOD, truncated [ 877.521666][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 877.532313][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 877.562966][T23572] device veth0_macvtap entered promiscuous mode [ 877.585923][T24159] tmpfs: Bad value for 'size' [ 877.588101][T24120] loop4: p15 size 2097152 extends beyond EOD, truncated [ 877.609254][T24159] tmpfs: Bad value for 'size' [ 877.641731][T23572] device veth1_macvtap entered promiscuous mode [ 877.664913][T24120] loop4: p16 size 2097152 extends beyond EOD, truncated [ 877.688808][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 877.701407][T24120] loop4: p17 size 2097152 extends beyond EOD, truncated [ 877.747442][T24120] loop4: p18 size 2097152 extends beyond EOD, truncated [ 877.762218][T24120] loop4: p19 size 2097152 extends beyond EOD, truncated [ 877.786143][T24120] loop4: p20 size 2097152 extends beyond EOD, truncated [ 877.797513][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 877.810766][T24120] loop4: p21 size 2097152 extends beyond EOD, truncated [ 877.854660][T24120] loop4: p22 size 2097152 extends beyond EOD, truncated [ 877.867798][T24120] loop4: p23 size 2097152 extends beyond EOD, truncated [ 877.879154][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 877.889864][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 877.891085][T24120] loop4: p24 size 2097152 extends beyond EOD, [ 877.899998][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 877.900086][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 877.900164][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 877.907326][T24120] truncated [ 877.939846][T24120] loop4: p25 size 2097152 extends beyond EOD, [ 877.949591][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 877.949680][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 877.949765][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 877.949886][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 877.949965][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 877.954630][T23572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 877.960978][T24120] truncated [ 877.977135][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 878.035648][T24120] loop4: p26 size 2097152 extends beyond EOD, [ 878.041738][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 878.042713][T24120] truncated [ 878.085404][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 878.085687][T24120] loop4: p27 size 2097152 extends beyond EOD, truncated [ 878.095863][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 878.145413][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 878.158202][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.176201][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 878.181761][T24120] loop4: p28 size 2097152 extends beyond EOD, truncated [ 878.186869][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.186959][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 878.214511][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.234107][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 878.237565][T24120] loop4: p29 size 2097152 extends beyond EOD, [ 878.244795][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.244923][T23572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 878.251097][T24120] truncated [ 878.274933][T23572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.289210][T24120] loop4: p30 size 2097152 extends beyond EOD, truncated [ 878.289293][T23572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 878.314296][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 878.333733][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 878.376199][T24120] loop4: p31 size 2097152 extends beyond EOD, truncated [ 878.378837][ T2095] Bluetooth: hci1: command 0x040f tx timeout [ 878.387244][T24120] loop4: p32 size 2097152 extends beyond EOD, truncated [ 878.418245][T24120] loop4: p33 size 2097152 extends beyond EOD, truncated [ 878.453724][T24120] loop4: p34 size 2097152 extends beyond EOD, truncated [ 878.474577][T24120] loop4: p35 size 2097152 extends beyond EOD, truncated [ 878.497728][ T3161] ieee802154 phy0 wpan0: encryption failed: -22 [ 878.504274][ T3161] ieee802154 phy1 wpan1: encryption failed: -22 [ 878.514220][T24120] loop4: p36 size 2097152 extends beyond EOD, truncated [ 878.580122][T24120] loop4: p37 size 2097152 extends beyond EOD, truncated [ 878.626654][T24120] loop4: p38 size 2097152 extends beyond EOD, truncated [ 878.639307][T24120] loop4: p39 size 2097152 extends beyond EOD, truncated [ 878.662026][T24120] loop4: p40 size 2097152 extends beyond EOD, truncated [ 878.684429][T24120] loop4: p41 size 2097152 extends beyond EOD, truncated [ 878.701551][T24120] loop4: p42 size 2097152 extends beyond EOD, truncated [ 878.833423][T24120] loop4: p43 size 2097152 extends beyond EOD, truncated [ 878.839482][T17025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 878.848836][T17025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 878.874651][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 878.877310][T24120] loop4: p44 size 2097152 extends beyond EOD, truncated [ 878.897566][T24120] loop4: p45 size 2097152 extends beyond EOD, truncated [ 878.913632][T24120] loop4: p46 size 2097152 extends beyond EOD, truncated [ 878.947652][T24120] loop4: p47 size 2097152 extends beyond EOD, truncated [ 878.958518][ T209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 878.981573][ T209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 878.988718][T24120] loop4: p48 size 2097152 extends beyond EOD, truncated [ 878.999600][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 879.008870][T24120] loop4: p49 size 2097152 extends beyond EOD, truncated [ 879.051845][T24120] loop4: p50 size 2097152 extends beyond EOD, truncated [ 879.083078][T24120] loop4: p51 size 2097152 extends beyond EOD, truncated [ 879.096741][T24120] loop4: p52 size 2097152 extends beyond EOD, truncated [ 879.152713][T24120] loop4: p53 size 2097152 extends beyond EOD, truncated [ 879.207526][T24120] loop4: p54 size 2097152 extends beyond EOD, truncated [ 879.234654][T24120] loop4: p55 size 2097152 extends beyond EOD, truncated [ 879.282256][T24120] loop4: p56 size 2097152 extends beyond EOD, truncated [ 879.330091][T24120] loop4: p57 size 2097152 extends beyond EOD, truncated [ 879.371023][T24120] loop4: p58 size 2097152 extends beyond EOD, truncated [ 879.431736][T24120] loop4: p59 size 2097152 extends beyond EOD, truncated [ 879.470208][T24120] loop4: p60 size 2097152 extends beyond EOD, truncated [ 879.498533][T24120] loop4: p61 size 2097152 extends beyond EOD, truncated [ 879.519353][T24120] loop4: p62 size 2097152 extends beyond EOD, truncated [ 879.536398][T24120] loop4: p63 size 2097152 extends beyond EOD, truncated [ 879.565116][T24120] loop4: p64 size 2097152 extends beyond EOD, truncated [ 879.579452][T24120] loop4: p65 size 2097152 extends beyond EOD, truncated [ 879.607116][T24120] loop4: p66 size 2097152 extends beyond EOD, truncated [ 879.637925][T24120] loop4: p67 size 2097152 extends beyond EOD, truncated [ 879.650077][T24120] loop4: p68 size 2097152 extends beyond EOD, truncated 06:09:00 executing program 1: move_pages(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000ffd000/0x3000)=nil], &(0x7f0000000080), &(0x7f0000000180), 0x0) 06:09:00 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c0001006272696467"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 879.664951][T24120] loop4: p69 size 2097152 extends beyond EOD, truncated [ 879.734244][T24120] loop4: p70 size 2097152 extends beyond EOD, truncated [ 879.760870][T24120] loop4: p71 size 2097152 extends beyond EOD, truncated [ 879.780910][T24120] loop4: p72 size 2097152 extends beyond EOD, truncated [ 879.808316][T24237] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 879.849737][T24120] loop4: p73 size 2097152 extends beyond EOD, truncated [ 879.881490][T24120] loop4: p74 size 2097152 extends beyond EOD, truncated [ 879.901597][T24120] loop4: p75 size 2097152 extends beyond EOD, truncated [ 879.928065][T24120] loop4: p76 size 2097152 extends beyond EOD, truncated [ 879.959949][T24120] loop4: p77 size 2097152 extends beyond EOD, truncated [ 880.001880][T24120] loop4: p78 size 2097152 extends beyond EOD, truncated [ 880.033865][T24120] loop4: p79 size 2097152 extends beyond EOD, truncated [ 880.049663][T24120] loop4: p80 size 2097152 extends beyond EOD, truncated [ 880.060942][T24120] loop4: p81 size 2097152 extends beyond EOD, truncated [ 880.111303][T24120] loop4: p82 size 2097152 extends beyond EOD, truncated [ 880.122727][T24120] loop4: p83 size 2097152 extends beyond EOD, truncated [ 880.140495][T24120] loop4: p84 size 2097152 extends beyond EOD, truncated [ 880.159517][T24120] loop4: p85 size 2097152 extends beyond EOD, truncated [ 880.192101][T24120] loop4: p86 size 2097152 extends beyond EOD, truncated [ 880.216165][T24120] loop4: p87 size 2097152 extends beyond EOD, truncated [ 880.286033][T24120] loop4: p88 size 2097152 extends beyond EOD, truncated [ 880.308750][T24120] loop4: p89 size 2097152 extends beyond EOD, truncated [ 880.341790][T24120] loop4: p90 size 2097152 extends beyond EOD, truncated [ 880.384555][T24120] loop4: p91 size 2097152 extends beyond EOD, truncated [ 880.425177][ T55] Bluetooth: hci1: command 0x0419 tx timeout [ 880.433567][T24120] loop4: p92 size 2097152 extends beyond EOD, truncated [ 880.457771][T24120] loop4: p93 size 2097152 extends beyond EOD, truncated [ 880.467347][T24120] loop4: p94 size 2097152 extends beyond EOD, truncated [ 880.480769][T24120] loop4: p95 size 2097152 extends beyond EOD, truncated [ 880.491078][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.513659][T24120] loop4: p96 size 2097152 extends beyond EOD, truncated [ 880.544012][T24120] loop4: p97 size 2097152 extends beyond EOD, truncated [ 880.555867][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.569099][T24120] loop4: p98 size 2097152 extends beyond EOD, truncated [ 880.580328][T24120] loop4: p99 size 2097152 extends beyond EOD, truncated [ 880.615833][T24120] loop4: p100 size 2097152 extends beyond EOD, truncated [ 880.621207][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.626205][T24120] loop4: p101 size 2097152 extends beyond EOD, truncated [ 880.658998][T24120] loop4: p102 size 2097152 extends beyond EOD, truncated [ 880.669807][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.686012][T24120] loop4: p103 size 2097152 extends beyond EOD, truncated [ 880.717622][T24120] loop4: p104 size 2097152 extends beyond EOD, truncated [ 880.734793][T24120] loop4: p105 size 2097152 extends beyond EOD, truncated [ 880.739324][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.745270][T24120] loop4: p106 size 2097152 extends beyond EOD, truncated [ 880.778072][T24120] loop4: p107 size 2097152 extends beyond EOD, truncated [ 880.790660][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.798430][T24120] loop4: p108 size 2097152 extends beyond EOD, truncated [ 880.834916][T24120] loop4: p109 size 2097152 extends beyond EOD, truncated [ 880.854789][T24120] loop4: p110 size 2097152 extends beyond EOD, truncated [ 880.859134][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.865318][T24120] loop4: p111 size 2097152 extends beyond EOD, truncated [ 880.918320][T24120] loop4: p112 size 2097152 extends beyond EOD, truncated [ 880.939869][T24120] loop4: p113 size 2097152 extends beyond EOD, truncated [ 880.952654][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 880.953108][T24120] loop4: p114 size 2097152 extends beyond EOD, truncated [ 880.991884][T24120] loop4: p115 size 2097152 extends beyond EOD, truncated [ 881.008200][T24120] loop4: p116 size 2097152 extends beyond EOD, truncated [ 881.009791][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 881.023765][T24120] loop4: p117 size 2097152 extends beyond EOD, truncated [ 881.036610][T24120] loop4: p118 size 2097152 extends beyond EOD, truncated [ 881.074130][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 881.078123][T24120] loop4: p119 size 2097152 extends beyond EOD, truncated [ 881.111804][T24120] loop4: p120 size 2097152 extends beyond EOD, truncated [ 881.155096][T24120] loop4: p121 size 2097152 extends beyond EOD, truncated [ 881.184312][T24120] loop4: p122 size 2097152 extends beyond EOD, truncated [ 881.225835][T24120] loop4: p123 size 2097152 extends beyond EOD, truncated [ 881.266958][T24120] loop4: p124 size 2097152 extends beyond EOD, truncated [ 881.299416][T24120] loop4: p125 size 2097152 extends beyond EOD, truncated [ 881.334596][T24120] loop4: p126 size 2097152 extends beyond EOD, truncated [ 881.348005][T24120] loop4: p127 size 2097152 extends beyond EOD, truncated [ 881.386501][T24120] loop4: p128 size 2097152 extends beyond EOD, truncated [ 881.430377][T24120] loop4: p129 size 2097152 extends beyond EOD, truncated [ 881.468978][T24120] loop4: p130 size 2097152 extends beyond EOD, truncated [ 881.502071][T24120] loop4: p131 size 2097152 extends beyond EOD, truncated [ 881.554462][T24120] loop4: p132 size 2097152 extends beyond EOD, truncated [ 881.620082][T24120] loop4: p133 size 2097152 extends beyond EOD, truncated [ 881.675057][T24120] loop4: p134 size 2097152 extends beyond EOD, truncated [ 881.700196][T24120] loop4: p135 size 2097152 extends beyond EOD, truncated [ 881.751422][T24120] loop4: p136 size 2097152 extends beyond EOD, truncated [ 881.791091][T24120] loop4: p137 size 2097152 extends beyond EOD, truncated [ 881.831325][T24120] loop4: p138 size 2097152 extends beyond EOD, truncated [ 881.877251][T24120] loop4: p139 size 2097152 extends beyond EOD, truncated [ 881.901934][T24120] loop4: p140 size 2097152 extends beyond EOD, truncated [ 881.950005][T24120] loop4: p141 size 2097152 extends beyond EOD, truncated [ 881.979155][T24120] loop4: p142 size 2097152 extends beyond EOD, truncated [ 882.010915][T24120] loop4: p143 size 2097152 extends beyond EOD, truncated [ 882.048831][T24120] loop4: p144 size 2097152 extends beyond EOD, truncated [ 882.107425][T24120] loop4: p145 size 2097152 extends beyond EOD, truncated [ 882.142035][T24120] loop4: p146 size 2097152 extends beyond EOD, truncated [ 882.211520][T24120] loop4: p147 size 2097152 extends beyond EOD, truncated [ 882.239184][T24120] loop4: p148 size 2097152 extends beyond EOD, truncated [ 882.271451][T24120] loop4: p149 size 2097152 extends beyond EOD, truncated [ 882.295362][T24120] loop4: p150 size 2097152 extends beyond EOD, truncated [ 882.322297][T24120] loop4: p151 size 2097152 extends beyond EOD, truncated [ 882.336314][T24120] loop4: p152 size 2097152 extends beyond EOD, truncated [ 882.356507][T24120] loop4: p153 size 2097152 extends beyond EOD, truncated [ 882.384794][T24120] loop4: p154 size 2097152 extends beyond EOD, truncated [ 882.421786][T24120] loop4: p155 size 2097152 extends beyond EOD, truncated [ 882.441214][T24120] loop4: p156 size 2097152 extends beyond EOD, truncated [ 882.479243][T24120] loop4: p157 size 2097152 extends beyond EOD, truncated [ 882.516693][T24120] loop4: p158 size 2097152 extends beyond EOD, truncated [ 882.530866][T24120] loop4: p159 size 2097152 extends beyond EOD, truncated [ 882.569709][T24120] loop4: p160 size 2097152 extends beyond EOD, truncated [ 882.597169][T24120] loop4: p161 size 2097152 extends beyond EOD, truncated [ 882.611580][T24120] loop4: p162 size 2097152 extends beyond EOD, truncated [ 882.650044][T24120] loop4: p163 size 2097152 extends beyond EOD, truncated [ 882.683053][T24120] loop4: p164 size 2097152 extends beyond EOD, truncated [ 882.698207][T24120] loop4: p165 size 2097152 extends beyond EOD, truncated [ 882.728155][T24120] loop4: p166 size 2097152 extends beyond EOD, truncated [ 882.744085][T24120] loop4: p167 size 2097152 extends beyond EOD, truncated [ 882.791732][T24120] loop4: p168 size 2097152 extends beyond EOD, truncated [ 882.834939][T24120] loop4: p169 size 2097152 extends beyond EOD, truncated [ 882.869271][T24120] loop4: p170 size 2097152 extends beyond EOD, truncated [ 882.885574][T24120] loop4: p171 size 2097152 extends beyond EOD, truncated [ 882.938891][T24120] loop4: p172 size 2097152 extends beyond EOD, truncated [ 882.981628][T24120] loop4: p173 size 2097152 extends beyond EOD, truncated [ 883.008540][T24120] loop4: p174 size 2097152 extends beyond EOD, truncated [ 883.042222][T24120] loop4: p175 size 2097152 extends beyond EOD, truncated [ 883.075265][T24120] loop4: p176 size 2097152 extends beyond EOD, truncated [ 883.112317][T24120] loop4: p177 size 2097152 extends beyond EOD, truncated [ 883.130079][T24120] loop4: p178 size 2097152 extends beyond EOD, truncated [ 883.162411][T24120] loop4: p179 size 2097152 extends beyond EOD, truncated [ 883.200925][T24120] loop4: p180 size 2097152 extends beyond EOD, truncated [ 883.216092][T24120] loop4: p181 size 2097152 extends beyond EOD, truncated [ 883.227473][T24120] loop4: p182 size 2097152 extends beyond EOD, truncated [ 883.256284][T24120] loop4: p183 size 2097152 extends beyond EOD, truncated [ 883.293135][T24120] loop4: p184 size 2097152 extends beyond EOD, truncated [ 883.304068][T24120] loop4: p185 size 2097152 extends beyond EOD, truncated [ 883.339904][T24120] loop4: p186 size 2097152 extends beyond EOD, truncated [ 883.354691][T24120] loop4: p187 size 2097152 extends beyond EOD, truncated [ 883.388738][T24120] loop4: p188 size 2097152 extends beyond EOD, truncated [ 883.406735][T24120] loop4: p189 size 2097152 extends beyond EOD, truncated [ 883.447678][T24120] loop4: p190 size 2097152 extends beyond EOD, truncated [ 883.474469][T24120] loop4: p191 size 2097152 extends beyond EOD, truncated [ 883.497656][T24120] loop4: p192 size 2097152 extends beyond EOD, truncated [ 883.535597][T24120] loop4: p193 size 2097152 extends beyond EOD, truncated [ 883.574767][T24120] loop4: p194 size 2097152 extends beyond EOD, truncated [ 883.637680][T24120] loop4: p195 size 2097152 extends beyond EOD, truncated [ 883.647549][T24120] loop4: p196 size 2097152 extends beyond EOD, truncated [ 883.741597][T24120] loop4: p197 size 2097152 extends beyond EOD, truncated [ 883.769770][T24120] loop4: p198 size 2097152 extends beyond EOD, truncated [ 883.804460][T24120] loop4: p199 size 2097152 extends beyond EOD, truncated [ 883.833742][T24120] loop4: p200 size 2097152 extends beyond EOD, truncated [ 883.852072][T24120] loop4: p201 size 2097152 extends beyond EOD, truncated [ 883.879331][T24120] loop4: p202 size 2097152 extends beyond EOD, truncated [ 883.909707][T24120] loop4: p203 size 2097152 extends beyond EOD, truncated [ 883.929787][T24120] loop4: p204 size 2097152 extends beyond EOD, truncated [ 883.948479][T24120] loop4: p205 size 2097152 extends beyond EOD, truncated [ 883.968337][T24120] loop4: p206 size 2097152 extends beyond EOD, truncated [ 884.002594][T24120] loop4: p207 size 2097152 extends beyond EOD, truncated [ 884.016305][T24120] loop4: p208 size 2097152 extends beyond EOD, truncated [ 884.044442][T24120] loop4: p209 size 2097152 extends beyond EOD, truncated [ 884.068818][T24120] loop4: p210 size 2097152 extends beyond EOD, truncated [ 884.101176][T24120] loop4: p211 size 2097152 extends beyond EOD, truncated [ 884.117836][T24120] loop4: p212 size 2097152 extends beyond EOD, truncated [ 884.153805][T24120] loop4: p213 size 2097152 extends beyond EOD, truncated [ 884.215246][T24120] loop4: p214 size 2097152 extends beyond EOD, truncated [ 884.231121][T24120] loop4: p215 size 2097152 extends beyond EOD, truncated [ 884.242041][T24120] loop4: p216 size 2097152 extends beyond EOD, truncated [ 884.275552][T24120] loop4: p217 size 2097152 extends beyond EOD, truncated [ 884.303495][T24120] loop4: p218 size 2097152 extends beyond EOD, truncated [ 884.321059][T24120] loop4: p219 size 2097152 extends beyond EOD, truncated [ 884.357423][T24120] loop4: p220 size 2097152 extends beyond EOD, truncated [ 884.394439][T24120] loop4: p221 size 2097152 extends beyond EOD, truncated [ 884.415559][T24120] loop4: p222 size 2097152 extends beyond EOD, truncated [ 884.450333][T24120] loop4: p223 size 2097152 extends beyond EOD, truncated [ 884.481618][T24120] loop4: p224 size 2097152 extends beyond EOD, truncated [ 884.522930][T24120] loop4: p225 size 2097152 extends beyond EOD, truncated [ 884.556326][T24120] loop4: p226 size 2097152 extends beyond EOD, truncated [ 884.595266][T24120] loop4: p227 size 2097152 extends beyond EOD, truncated [ 884.613892][T24120] loop4: p228 size 2097152 extends beyond EOD, truncated [ 884.649800][T24120] loop4: p229 size 2097152 extends beyond EOD, truncated [ 884.683771][T24120] loop4: p230 size 2097152 extends beyond EOD, truncated [ 884.698146][T24120] loop4: p231 size 2097152 extends beyond EOD, truncated [ 884.731563][T24120] loop4: p232 size 2097152 extends beyond EOD, truncated [ 884.769871][T24120] loop4: p233 size 2097152 extends beyond EOD, truncated [ 884.802351][T24120] loop4: p234 size 2097152 extends beyond EOD, truncated [ 884.827909][T24120] loop4: p235 size 2097152 extends beyond EOD, truncated [ 884.862800][T24120] loop4: p236 size 2097152 extends beyond EOD, truncated [ 884.900987][T24120] loop4: p237 size 2097152 extends beyond EOD, truncated [ 884.934187][T24120] loop4: p238 size 2097152 extends beyond EOD, truncated [ 884.977278][T24120] loop4: p239 size 2097152 extends beyond EOD, truncated [ 884.991416][T24120] loop4: p240 size 2097152 extends beyond EOD, truncated [ 885.037364][T24120] loop4: p241 size 2097152 extends beyond EOD, truncated [ 885.069355][T24120] loop4: p242 size 2097152 extends beyond EOD, truncated [ 885.109147][T24120] loop4: p243 size 2097152 extends beyond EOD, truncated [ 885.154266][T24120] loop4: p244 size 2097152 extends beyond EOD, truncated [ 885.187350][T24120] loop4: p245 size 2097152 extends beyond EOD, truncated [ 885.204585][T24120] loop4: p246 size 2097152 extends beyond EOD, truncated [ 885.249158][T24120] loop4: p247 size 2097152 extends beyond EOD, truncated [ 885.278009][T24120] loop4: p248 size 2097152 extends beyond EOD, truncated [ 885.306132][T24120] loop4: p249 size 2097152 extends beyond EOD, truncated [ 885.334368][T24120] loop4: p250 size 2097152 extends beyond EOD, truncated [ 885.371707][T24120] loop4: p251 size 2097152 extends beyond EOD, truncated [ 885.389700][T24120] loop4: p252 size 2097152 extends beyond EOD, truncated [ 885.430925][T24120] loop4: p253 size 2097152 extends beyond EOD, truncated [ 885.456815][T24120] loop4: p254 size 2097152 extends beyond EOD, truncated [ 885.467171][T24120] loop4: p255 size 2097152 extends beyond EOD, truncated [ 885.614337][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 06:09:06 executing program 2: r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r0, &(0x7f00000000c0)='7\x00', 0x2) 06:09:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:06 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000040)) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000000)) 06:09:06 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c0001006272696467"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:06 executing program 1: perf_event_open(&(0x7f0000000c40)={0x0, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 885.855842][T24461] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 885.990322][T24472] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 886.051609][T24477] device bridge40 entered promiscuous mode 06:09:07 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000000)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)) 06:09:07 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$sock(r0, &(0x7f0000001940)={&(0x7f0000001100)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80, &(0x7f0000001740)=[{&(0x7f0000001180)='h', 0x1}, {0x0}, {0x0}], 0x3}, 0x0) 06:09:07 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1a) 06:09:07 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c0001006272696467"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:07 executing program 3: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self\x00', 0x0, 0x0) 06:09:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 886.720665][ T1] systemd[1]: systemd-rfkill.service: Start operation timed out. Terminating. 06:09:08 executing program 1: msgget(0x1, 0x7f5) [ 887.180980][ T1] systemd[1]: Failed to start Load/Save RF Kill Switch Status. 06:09:08 executing program 2: perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x200000b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 887.250696][ T1] systemd[1]: systemd-rfkill.service: Unit entered failed state. [ 887.278672][T24593] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 887.312269][T24596] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 887.352835][ T1] systemd[1]: systemd-rfkill.service: Failed with result 'timeout'. [ 887.417685][T24596] device bridge40 entered promiscuous mode 06:09:08 executing program 3: socket$inet(0x2, 0x0, 0x530) 06:09:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 887.946747][ T1] systemd[1]: Starting Load/Save RF Kill Switch Status... 06:09:09 executing program 3: pipe(&(0x7f00000002c0)={0xffffffffffffffff}) read$alg(r0, 0x0, 0x0) [ 888.346066][T24682] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 888.458555][T24690] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 888.622834][T24690] device bond22 entered promiscuous mode [ 888.721806][ T4710] ldm_validate_privheads(): Disk read failed. [ 888.755334][ T4710] loop4: p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 888.755758][ T4710] loop4: partition table partially beyond EOD, truncated [ 888.852625][ T4710] loop4: p2 size 2 extends beyond EOD, truncated [ 888.989816][ T4710] loop4: p4 size 2097152 extends beyond EOD, truncated [ 889.002854][ T4710] loop4: p5 size 2097152 extends beyond EOD, truncated [ 889.060880][ T4710] loop4: p6 size 2097152 extends beyond EOD, truncated [ 889.076708][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.091937][ T4710] loop4: p7 size 2097152 extends beyond EOD, truncated [ 889.127318][ T4710] loop4: p8 size 2097152 extends beyond EOD, truncated [ 889.151025][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.151146][ T4710] loop4: p9 size 2097152 extends beyond EOD, truncated [ 889.188061][ T4710] loop4: p10 size 2097152 extends beyond EOD, truncated [ 889.198951][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.209445][ T4710] loop4: p11 size 2097152 extends beyond EOD, truncated [ 889.217674][ T4710] loop4: p12 size 2097152 extends beyond EOD, truncated [ 889.219850][ T4710] loop4: p13 size 2097152 extends beyond EOD, truncated [ 889.241090][ T4710] loop4: p14 size 2097152 extends beyond EOD, truncated [ 889.268444][ T4710] loop4: p15 size 2097152 extends beyond EOD, truncated [ 889.283759][ T4710] loop4: p16 size 2097152 extends beyond EOD, truncated [ 889.288508][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.300168][ T4710] loop4: p17 size 2097152 extends beyond EOD, truncated [ 889.336799][ T4710] loop4: p18 size 2097152 extends beyond EOD, truncated [ 889.372068][ T4710] loop4: p19 size 2097152 extends beyond EOD, truncated [ 889.388736][ T4710] loop4: p20 size 2097152 extends beyond EOD, truncated [ 889.390881][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.399899][ T4710] loop4: p21 size 2097152 extends beyond EOD, truncated [ 889.439385][ T4710] loop4: p22 size 2097152 extends beyond EOD, truncated [ 889.459013][ T4710] loop4: p23 size 2097152 extends beyond EOD, truncated [ 889.464567][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.472811][ T4710] loop4: p24 size 2097152 extends beyond EOD, truncated [ 889.505683][ T4710] loop4: p25 size 2097152 extends beyond EOD, truncated [ 889.522942][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.531003][ T4710] loop4: p26 size 2097152 extends beyond EOD, truncated [ 889.563135][ T4710] loop4: p27 size 2097152 extends beyond EOD, truncated [ 889.578159][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.582013][ T4710] loop4: p28 size 2097152 extends beyond EOD, truncated [ 889.616035][ T4710] loop4: p29 size 2097152 extends beyond EOD, truncated [ 889.633787][ T4710] loop4: p30 size 2097152 extends beyond EOD, truncated [ 889.638242][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.644053][ T4710] loop4: p31 size 2097152 extends beyond EOD, truncated [ 889.679113][ T4710] loop4: p32 size 2097152 extends beyond EOD, truncated [ 889.697453][ T4710] loop4: p33 size 2097152 extends beyond EOD, truncated [ 889.702536][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 889.708645][ T4710] loop4: p34 size 2097152 extends beyond EOD, truncated [ 889.746841][ T4710] loop4: p35 size 2097152 extends beyond EOD, truncated [ 889.763125][ T4710] loop4: p36 size 2097152 extends beyond EOD, truncated [ 889.795436][ T4710] loop4: p37 size 2097152 extends beyond EOD, truncated [ 889.842558][ T4710] loop4: p38 size 2097152 extends beyond EOD, truncated [ 889.877296][ T4710] loop4: p39 size 2097152 extends beyond EOD, truncated [ 889.940811][ T4710] loop4: p40 size 2097152 extends beyond EOD, truncated [ 889.975361][ T4710] loop4: p41 size 2097152 extends beyond EOD, truncated [ 890.024100][ T4710] loop4: p42 size 2097152 extends beyond EOD, truncated [ 890.051662][ T4710] loop4: p43 size 2097152 extends beyond EOD, truncated [ 890.079390][ T4710] loop4: p44 size 2097152 extends beyond EOD, truncated [ 890.112533][ T4710] loop4: p45 size 2097152 extends beyond EOD, truncated [ 890.143492][ T4710] loop4: p46 size 2097152 extends beyond EOD, truncated [ 890.157453][ T4710] loop4: p47 size 2097152 extends beyond EOD, truncated [ 890.167455][ T4710] loop4: p48 size 2097152 extends beyond EOD, truncated [ 890.195139][ T4710] loop4: p49 size 2097152 extends beyond EOD, truncated [ 890.237788][ T4710] loop4: p50 size 2097152 extends beyond EOD, truncated [ 890.257862][ T4710] loop4: p51 size 2097152 extends beyond EOD, truncated [ 890.287676][ T4710] loop4: p52 size 2097152 extends beyond EOD, truncated [ 890.343014][ T4710] loop4: p53 size 2097152 extends beyond EOD, truncated [ 890.362647][ T4710] loop4: p54 size 2097152 extends beyond EOD, truncated [ 890.397892][ T4710] loop4: p55 size 2097152 extends beyond EOD, truncated [ 890.427248][ T4710] loop4: p56 size 2097152 extends beyond EOD, truncated [ 890.466137][ T4710] loop4: p57 size 2097152 extends beyond EOD, truncated [ 890.500804][ T4710] loop4: p58 size 2097152 extends beyond EOD, truncated [ 890.522229][ T4710] loop4: p59 size 2097152 extends beyond EOD, truncated [ 890.576445][ T4710] loop4: p60 size 2097152 extends beyond EOD, truncated [ 890.586469][ T4710] loop4: p61 size 2097152 extends beyond EOD, truncated [ 890.601279][ T4710] loop4: p62 size 2097152 extends beyond EOD, truncated [ 890.632954][ T4710] loop4: p63 size 2097152 extends beyond EOD, truncated [ 890.657013][ T4710] loop4: p64 size 2097152 extends beyond EOD, truncated [ 890.668102][ T4710] loop4: p65 size 2097152 extends beyond EOD, truncated [ 890.709424][ T4710] loop4: p66 size 2097152 extends beyond EOD, truncated [ 890.743635][ T4710] loop4: p67 size 2097152 extends beyond EOD, truncated [ 890.766221][ T4710] loop4: p68 size 2097152 extends beyond EOD, truncated [ 890.793226][ T4710] loop4: p69 size 2097152 extends beyond EOD, truncated [ 890.809078][ T4710] loop4: p70 size 2097152 extends beyond EOD, truncated [ 890.834737][ T4710] loop4: p71 size 2097152 extends beyond EOD, truncated [ 890.858887][ T4710] loop4: p72 size 2097152 extends beyond EOD, truncated [ 890.886839][ T4710] loop4: p73 size 2097152 extends beyond EOD, truncated [ 890.920761][ T4710] loop4: p74 size 2097152 extends beyond EOD, truncated [ 890.937354][ T4710] loop4: p75 size 2097152 extends beyond EOD, truncated [ 890.975957][ T4710] loop4: p76 size 2097152 extends beyond EOD, truncated [ 891.011599][ T4710] loop4: p77 size 2097152 extends beyond EOD, truncated [ 891.036117][ T4710] loop4: p78 size 2097152 extends beyond EOD, truncated [ 891.051912][ T4710] loop4: p79 size 2097152 extends beyond EOD, truncated [ 891.090684][ T4710] loop4: p80 size 2097152 extends beyond EOD, truncated [ 891.125551][ T4710] loop4: p81 size 2097152 extends beyond EOD, truncated [ 891.142311][ T4710] loop4: p82 size 2097152 extends beyond EOD, truncated [ 891.173741][ T4710] loop4: p83 size 2097152 extends beyond EOD, truncated [ 891.219075][ T4710] loop4: p84 size 2097152 extends beyond EOD, truncated [ 891.255626][ T4710] loop4: p85 size 2097152 extends beyond EOD, truncated [ 891.268964][ T4710] loop4: p86 size 2097152 extends beyond EOD, truncated [ 891.311668][ T4710] loop4: p87 size 2097152 extends beyond EOD, truncated [ 891.363650][ T4710] loop4: p88 size 2097152 extends beyond EOD, truncated [ 891.394602][ T4710] loop4: p89 size 2097152 extends beyond EOD, truncated [ 891.412289][ T4710] loop4: p90 size 2097152 extends beyond EOD, truncated [ 891.450462][ T4710] loop4: p91 size 2097152 extends beyond EOD, truncated [ 891.489179][ T4710] loop4: p92 size 2097152 extends beyond EOD, truncated [ 891.506967][ T4710] loop4: p93 size 2097152 extends beyond EOD, truncated [ 891.532521][ T4710] loop4: p94 size 2097152 extends beyond EOD, truncated [ 891.542826][ T4710] loop4: p95 size 2097152 extends beyond EOD, truncated [ 891.582183][ T4710] loop4: p96 size 2097152 extends beyond EOD, truncated [ 891.622408][ T4710] loop4: p97 size 2097152 extends beyond EOD, truncated [ 891.642461][ T4710] loop4: p98 size 2097152 extends beyond EOD, truncated [ 891.681699][ T4710] loop4: p99 size 2097152 extends beyond EOD, truncated [ 891.731449][ T4710] loop4: p100 size 2097152 extends beyond EOD, truncated [ 891.785776][ T4710] loop4: p101 size 2097152 extends beyond EOD, truncated [ 891.816231][ T4710] loop4: p102 size 2097152 extends beyond EOD, truncated [ 891.833227][ T4710] loop4: p103 size 2097152 extends beyond EOD, truncated [ 891.886650][ T4710] loop4: p104 size 2097152 extends beyond EOD, truncated [ 891.915606][ T4710] loop4: p105 size 2097152 extends beyond EOD, truncated [ 891.944772][ T4710] loop4: p106 size 2097152 extends beyond EOD, truncated [ 891.955428][ T4710] loop4: p107 size 2097152 extends beyond EOD, truncated [ 891.973800][ T4710] loop4: p108 size 2097152 extends beyond EOD, truncated [ 891.997311][ T4710] loop4: p109 size 2097152 extends beyond EOD, truncated [ 892.020450][ T4710] loop4: p110 size 2097152 extends beyond EOD, truncated [ 892.056685][ T4710] loop4: p111 size 2097152 extends beyond EOD, truncated [ 892.096386][ T4710] loop4: p112 size 2097152 extends beyond EOD, truncated [ 892.139318][ T4710] loop4: p113 size 2097152 extends beyond EOD, truncated [ 892.153598][ T4710] loop4: p114 size 2097152 extends beyond EOD, truncated [ 892.187700][ T4710] loop4: p115 size 2097152 extends beyond EOD, truncated [ 892.207623][ T4710] loop4: p116 size 2097152 extends beyond EOD, truncated [ 892.232702][ T4710] loop4: p117 size 2097152 extends beyond EOD, truncated [ 892.250398][ T4710] loop4: p118 size 2097152 extends beyond EOD, truncated [ 892.277042][ T4710] loop4: p119 size 2097152 extends beyond EOD, truncated [ 892.295163][ T4710] loop4: p120 size 2097152 extends beyond EOD, truncated [ 892.305932][ T4710] loop4: p121 size 2097152 extends beyond EOD, truncated [ 892.335536][ T4710] loop4: p122 size 2097152 extends beyond EOD, truncated [ 892.352065][ T4710] loop4: p123 size 2097152 extends beyond EOD, truncated [ 892.380093][ T4710] loop4: p124 size 2097152 extends beyond EOD, truncated [ 892.437557][ T4710] loop4: p125 size 2097152 extends beyond EOD, truncated [ 892.462974][ T4710] loop4: p126 size 2097152 extends beyond EOD, truncated [ 892.479172][ T4710] loop4: p127 size 2097152 extends beyond EOD, truncated [ 892.508606][ T4710] loop4: p128 size 2097152 extends beyond EOD, truncated [ 892.519126][ T4710] loop4: p129 size 2097152 extends beyond EOD, truncated [ 892.557931][ T4710] loop4: p130 size 2097152 extends beyond EOD, truncated [ 892.574954][ T4710] loop4: p131 size 2097152 extends beyond EOD, truncated [ 892.585744][ T4710] loop4: p132 size 2097152 extends beyond EOD, truncated [ 892.600512][ T4710] loop4: p133 size 2097152 extends beyond EOD, truncated [ 892.611729][ T4710] loop4: p134 size 2097152 extends beyond EOD, truncated [ 892.650674][ T4710] loop4: p135 size 2097152 extends beyond EOD, truncated [ 892.683734][ T4710] loop4: p136 size 2097152 extends beyond EOD, truncated [ 892.719450][ T4710] loop4: p137 size 2097152 extends beyond EOD, truncated [ 892.757291][ T4710] loop4: p138 size 2097152 extends beyond EOD, truncated [ 892.806637][ T4710] loop4: p139 size 2097152 extends beyond EOD, truncated [ 892.845232][ T4710] loop4: p140 size 2097152 extends beyond EOD, truncated [ 892.873218][ T4710] loop4: p141 size 2097152 extends beyond EOD, truncated [ 892.914086][ T4710] loop4: p142 size 2097152 extends beyond EOD, truncated [ 892.930424][ T4710] loop4: p143 size 2097152 extends beyond EOD, truncated [ 892.963478][ T4710] loop4: p144 size 2097152 extends beyond EOD, truncated [ 893.007823][ T4710] loop4: p145 size 2097152 extends beyond EOD, truncated [ 893.041959][ T4710] loop4: p146 size 2097152 extends beyond EOD, truncated [ 893.077149][ T4710] loop4: p147 size 2097152 extends beyond EOD, truncated [ 893.113981][ T4710] loop4: p148 size 2097152 extends beyond EOD, truncated [ 893.131909][ T4710] loop4: p149 size 2097152 extends beyond EOD, truncated [ 893.163060][ T4710] loop4: p150 size 2097152 extends beyond EOD, truncated [ 893.179936][ T4710] loop4: p151 size 2097152 extends beyond EOD, truncated [ 893.222279][ T4710] loop4: p152 size 2097152 extends beyond EOD, truncated [ 893.252625][ T4710] loop4: p153 size 2097152 extends beyond EOD, truncated [ 893.273206][ T4710] loop4: p154 size 2097152 extends beyond EOD, truncated [ 893.305109][ T4710] loop4: p155 size 2097152 extends beyond EOD, truncated [ 893.359644][ T4710] loop4: p156 size 2097152 extends beyond EOD, truncated [ 893.402114][ T4710] loop4: p157 size 2097152 extends beyond EOD, truncated [ 893.439133][ T4710] loop4: p158 size 2097152 extends beyond EOD, truncated [ 893.471272][ T4710] loop4: p159 size 2097152 extends beyond EOD, truncated [ 893.531958][ T4710] loop4: p160 size 2097152 extends beyond EOD, truncated [ 893.554920][ T4710] loop4: p161 size 2097152 extends beyond EOD, truncated [ 893.604468][ T4710] loop4: p162 size 2097152 extends beyond EOD, truncated [ 893.627819][ T4710] loop4: p163 size 2097152 extends beyond EOD, truncated [ 893.642078][ T4710] loop4: p164 size 2097152 extends beyond EOD, truncated [ 893.686390][ T4710] loop4: p165 size 2097152 extends beyond EOD, truncated [ 893.726688][ T4710] loop4: p166 size 2097152 extends beyond EOD, truncated [ 893.741568][ T4710] loop4: p167 size 2097152 extends beyond EOD, truncated [ 893.786594][ T4710] loop4: p168 size 2097152 extends beyond EOD, truncated [ 893.831097][ T4710] loop4: p169 size 2097152 extends beyond EOD, truncated [ 893.846630][ T4710] loop4: p170 size 2097152 extends beyond EOD, truncated [ 893.857997][ T4710] loop4: p171 size 2097152 extends beyond EOD, truncated [ 893.906209][ T4710] loop4: p172 size 2097152 extends beyond EOD, truncated [ 893.940804][ T4710] loop4: p173 size 2097152 extends beyond EOD, truncated [ 893.975741][ T4710] loop4: p174 size 2097152 extends beyond EOD, truncated [ 894.013769][ T4710] loop4: p175 size 2097152 extends beyond EOD, truncated [ 894.050312][ T4710] loop4: p176 size 2097152 extends beyond EOD, truncated [ 894.088123][ T4710] loop4: p177 size 2097152 extends beyond EOD, truncated [ 894.111998][ T4710] loop4: p178 size 2097152 extends beyond EOD, truncated [ 894.133759][ T4710] loop4: p179 size 2097152 extends beyond EOD, truncated [ 894.136834][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.147419][ T4710] loop4: p180 size 2097152 extends beyond EOD, truncated [ 894.182245][ T4710] loop4: p181 size 2097152 extends beyond EOD, truncated [ 894.194640][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.204992][ T4710] loop4: p182 size 2097152 extends beyond EOD, truncated [ 894.250518][ T4710] loop4: p183 size 2097152 extends beyond EOD, truncated [ 894.268135][ T4710] loop4: p184 size 2097152 extends beyond EOD, truncated [ 894.269136][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.279248][ T4710] loop4: p185 size 2097152 extends beyond EOD, truncated [ 894.319406][ T4710] loop4: p186 size 2097152 extends beyond EOD, truncated [ 894.329151][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.340949][ T4710] loop4: p187 size 2097152 extends beyond EOD, truncated [ 894.361579][ T4710] loop4: p188 size 2097152 extends beyond EOD, truncated [ 894.389174][ T4710] loop4: p189 size 2097152 extends beyond EOD, truncated [ 894.404764][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.410627][ T4710] loop4: p190 size 2097152 extends beyond EOD, truncated [ 894.427863][ T4710] loop4: p191 size 2097152 extends beyond EOD, truncated [ 894.456902][ T4710] loop4: p192 size 2097152 extends beyond EOD, truncated [ 894.474967][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.475994][ T4710] loop4: p193 size 2097152 extends beyond EOD, truncated [ 894.521922][ T4710] loop4: p194 size 2097152 extends beyond EOD, truncated [ 894.557436][ T4710] loop4: p195 size 2097152 extends beyond EOD, truncated [ 894.567236][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 894.584016][ T4710] loop4: p196 size 2097152 extends beyond EOD, truncated [ 894.645218][ T4710] loop4: p197 size 2097152 extends beyond EOD, truncated [ 894.685668][ T4710] loop4: p198 size 2097152 extends beyond EOD, truncated [ 894.729089][ T4710] loop4: p199 size 2097152 extends beyond EOD, truncated [ 894.753207][ T4710] loop4: p200 size 2097152 extends beyond EOD, truncated [ 894.782484][ T4710] loop4: p201 size 2097152 extends beyond EOD, truncated [ 894.821838][ T4710] loop4: p202 size 2097152 extends beyond EOD, truncated [ 894.856265][ T4710] loop4: p203 size 2097152 extends beyond EOD, truncated [ 894.889113][ T4710] loop4: p204 size 2097152 extends beyond EOD, truncated [ 894.913043][ T4710] loop4: p205 size 2097152 extends beyond EOD, truncated [ 894.942345][ T4710] loop4: p206 size 2097152 extends beyond EOD, truncated [ 894.970234][ T4710] loop4: p207 size 2097152 extends beyond EOD, truncated [ 894.987296][ T4710] loop4: p208 size 2097152 extends beyond EOD, truncated [ 895.005624][ T4710] loop4: p209 size 2097152 extends beyond EOD, truncated [ 895.019792][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 895.022630][ T4710] loop4: p210 size 2097152 extends beyond EOD, truncated [ 895.064188][ T4710] loop4: p211 size 2097152 extends beyond EOD, truncated [ 895.081109][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 895.082367][ T4710] loop4: p212 size 2097152 extends beyond EOD, truncated [ 895.121109][ T4710] loop4: p213 size 2097152 extends beyond EOD, truncated [ 895.138232][ T4710] loop4: p214 size 2097152 extends beyond EOD, truncated [ 895.141237][T22371] systemd-journald[22371]: /dev/kmsg buffer overrun, some messages lost. [ 895.147901][ T4710] loop4: p215 size 2097152 extends beyond EOD, truncated [ 895.171890][ T4710] loop4: p216 size 2097152 extends beyond EOD, truncated [ 895.209160][ T4710] loop4: p217 size 2097152 extends beyond EOD, truncated [ 895.238801][ T4710] loop4: p218 size 2097152 extends beyond EOD, truncated [ 895.257796][ T4710] loop4: p219 size 2097152 extends beyond EOD, truncated [ 895.293690][ T4710] loop4: p220 size 2097152 extends beyond EOD, truncated [ 895.335531][ T4710] loop4: p221 size 2097152 extends beyond EOD, truncated [ 895.371353][ T4710] loop4: p222 size 2097152 extends beyond EOD, truncated [ 895.410665][ T4710] loop4: p223 size 2097152 extends beyond EOD, truncated [ 895.448726][ T4710] loop4: p224 size 2097152 extends beyond EOD, truncated [ 895.466934][ T4710] loop4: p225 size 2097152 extends beyond EOD, truncated [ 895.499226][ T4710] loop4: p226 size 2097152 extends beyond EOD, truncated [ 895.540312][ T4710] loop4: p227 size 2097152 extends beyond EOD, truncated [ 895.577458][ T4710] loop4: p228 size 2097152 extends beyond EOD, truncated [ 895.588909][ T4710] loop4: p229 size 2097152 extends beyond EOD, truncated [ 895.640760][ T4710] loop4: p230 size 2097152 extends beyond EOD, truncated [ 895.675588][ T4710] loop4: p231 size 2097152 extends beyond EOD, truncated [ 895.690723][ T4710] loop4: p232 size 2097152 extends beyond EOD, truncated [ 895.701440][ T4710] loop4: p233 size 2097152 extends beyond EOD, truncated [ 895.743523][ T4710] loop4: p234 size 2097152 extends beyond EOD, truncated [ 895.776152][ T4710] loop4: p235 size 2097152 extends beyond EOD, truncated [ 895.778749][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 895.788463][ T4710] loop4: p236 size 2097152 extends beyond EOD, truncated [ 895.811119][ T4710] loop4: p237 size 2097152 extends beyond EOD, truncated [ 895.838694][ T4710] loop4: p238 size 2097152 extends beyond EOD, truncated [ 895.851223][ T4710] loop4: p239 size 2097152 extends beyond EOD, truncated [ 895.872602][ T4710] loop4: p240 size 2097152 extends beyond EOD, truncated [ 895.883894][ T4710] loop4: p241 size 2097152 extends beyond EOD, truncated [ 895.926361][ T4710] loop4: p242 size 2097152 extends beyond EOD, truncated [ 895.938348][ T4710] loop4: p243 size 2097152 extends beyond EOD, truncated [ 895.980762][ T4710] loop4: p244 size 2097152 extends beyond EOD, truncated [ 896.021184][ T4710] loop4: p245 size 2097152 extends beyond EOD, truncated [ 896.063086][ T4710] loop4: p246 size 2097152 extends beyond EOD, truncated [ 896.082657][ T4710] loop4: p247 size 2097152 extends beyond EOD, truncated [ 896.118123][ T4710] loop4: p248 size 2097152 extends beyond EOD, truncated [ 896.157777][ T4710] loop4: p249 size 2097152 extends beyond EOD, truncated [ 896.197593][ T4710] loop4: p250 size 2097152 extends beyond EOD, truncated [ 896.217815][ T4710] loop4: p251 size 2097152 extends beyond EOD, truncated [ 896.247386][ T4710] loop4: p252 size 2097152 extends beyond EOD, truncated [ 896.270240][ T4710] loop4: p253 size 2097152 extends beyond EOD, truncated [ 896.308265][ T4710] loop4: p254 size 2097152 extends beyond EOD, truncated [ 896.336645][ T4710] loop4: p255 size 2097152 extends beyond EOD, truncated 06:09:19 executing program 1: socket(0x0, 0xdb9c84ac13bfee60, 0x0) 06:09:19 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="4c4ced391180"}, 0x14) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 06:09:19 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:19 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000000)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@huge_advise='huge=advise'}, {@huge_always='huge=always'}, {@mpol={'mpol', 0x3d, {'interleave', '', @void}}}, {@huge_within_size='huge=within_size'}, {@size={'size', 0x3d, [0x33, 0x2d, 0x0]}}], [{@fowner_lt={'fowner<', 0xffffffffffffffff}}]}) 06:09:19 executing program 4: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='limits\x00') [ 898.894231][T25287] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 898.928427][T25289] tmpfs: Bad value for 'size' [ 898.956274][T25287] device bond23 entered promiscuous mode [ 898.966001][T25282] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 899.012182][T25289] tmpfs: Bad value for 'size' 06:09:20 executing program 1: clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000600)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8c\xecR\xb2\x1b\x99vS\xa6K&u\x9dX\xcc\r\x12\x01\b\x00\x80\x00\x00\x00\x00E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\xaf\xfdj\x83nj\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c\xdc\xa8\xd30HX\xe9\t\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89m3\x1d\x1c@\x8eu\x85\xce\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D+\x1f\xdd\x9aY\xcd\xbf\xbc\xc8\x85\x1c\xdb1\xee\x14\f{\xf35\xcbH\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n% \x00\x00\x00\x00\x99\xdd\x80\x03\xec@\x9f\x8elx\b\xf1\xb4^X\x99\xbb\xa0\xf5Bx\xa9cT\f\x99\xbf\xb5\xebj.t\xa2\xaeM\x9c\x14_\x19\xe1\xe0H\x16\xedi:\x00\x00\x00\x00\x00\x00\x00\x00\xca\x97\xba\xf2\x1b\xeb\xa5h\xeb\xb0\xc0xe\xa3\x12\xcb\xef\xda\xa2nBP\xaf(\xb0\x8a\xdb\xa2M\xf1\x84\x05\x8cK\x8b\x93\xe9oBx\xd6\xad\xfdF\xee8\xca\x95|\xe2\x84\x11\x1c\x81M\a\x04\xd6\xd1\xed4\xc8\x82\xf2C\xf61\x13X8\x99M\xf1B\xac\xd7\xc7\x1d\x8f\xb2\x80\xf4\x1a\n\xe5\x8e\x80x^k\xfc\n\xd9?g\xa2\x7f!\xdf,\x7f\xa2\xa43\xd3h\xfd\xe7\x1b\x148\x191M\xf4O\xd1%\xa55\x9f[CBF\x00T\xf0\xdf\xe1\xfdK2(cy\x18K\xef\xfe\xeb\xdf\xc9cX\xf4\xf9\x91._\x9b%\x1a[\xa9ql\x19\xf1\x9bYF\x1e\x90\'\xe5\xd2\x19\f&{t%\xb0z \n4\xba5\xa4:\xe8\xdb\xdd\xef\xc4j\xf4@\x8bc\xec(\xb7\xdb\x85\xa3v&;\xaf\xd9\xed$\x9f\x1b0\xad|\xb7&\xbb\xcd\xae\x85\x1c\x865\xb7\xd4_r\xf157\ri\x9b\xe3\xcc\xa9\xab\xf0\x9e\xaa\r\xa1MV\xbe\x82\xbb\xec\"_\xd1]~\xcd\xd7\xc0;\xc7IM&\xb0\x80\xd4\nBD\x01*\xd3d\xe7]\f\\\x85\xc9Qs:$\xf7\xdcGQY?)\x9a\xee\xe02\xabo\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbaK\x10t{\xd6\x11c\x03\xc9\xb3\xff\xfaUe\"k\xa9\xbc\x1a\x03\xfeC;\xed1W\xe6_d\xff8\xa0\xfa\x99\xdd\x92\xe3\xe5y{\xd6\xa0\xc4\ngNn\x9fND\x99\xd9_6\x8f\xb2\xb3;', 0x0) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='io\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, r1, 0x0, 0x1) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) fcntl$setlease(r0, 0x400, 0x0) 06:09:20 executing program 2: statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) 06:09:20 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:20 executing program 3: pipe(&(0x7f0000001100)={0xffffffffffffffff}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 06:09:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:20 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RREADLINK(r0, &(0x7f0000000040)=ANY=[], 0x10) 06:09:20 executing program 2: semget$private(0x0, 0x2, 0x508) [ 900.017781][T25337] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 900.237498][T25345] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 900.419790][T25345] device bond24 entered promiscuous mode 06:09:21 executing program 3: perf_event_open(&(0x7f0000000c40)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) 06:09:21 executing program 4: r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r0, 0x0, 0x0) 06:09:21 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:21 executing program 1: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x800, 0x0) [ 900.728085][ T1] systemd[1]: Starting Cleanup of Temporary Directories... 06:09:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) 06:09:21 executing program 2: openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x400, 0x0) [ 901.156076][T25394] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:22 executing program 3: semget$private(0x0, 0x7, 0x18) 06:09:22 executing program 4: timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x1, &(0x7f0000000200), &(0x7f0000000240)) [ 901.387258][T25398] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:22 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RREADLINK(r0, 0x0, 0x10) 06:09:22 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 901.577928][T25398] device bond25 entered promiscuous mode 06:09:22 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x4101, 0x0) write$P9_RLCREATE(r0, 0x0, 0x0) 06:09:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) [ 902.076113][T25441] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:23 executing program 4: openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8200, 0x0) [ 902.345944][ T1] systemd[1]: Started Cleanup of Temporary Directories. 06:09:23 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000001140)=@abs, 0x6e) 06:09:23 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:23 executing program 1: pipe(&(0x7f0000001100)={0xffffffffffffffff}) openat$cgroup_devices(r0, &(0x7f0000002280)='devices.allow\x00', 0x2, 0x0) [ 902.548525][T25447] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 902.610426][T25447] device bond26 entered promiscuous mode [ 902.919827][T25488] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:24 executing program 2: openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0xa4000, 0x0) 06:09:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) 06:09:24 executing program 3: pipe(&(0x7f0000000280)) 06:09:24 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000600)) 06:09:24 executing program 4: semget$private(0x0, 0x4, 0x40) 06:09:24 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:24 executing program 2: pipe(&(0x7f0000001100)={0xffffffffffffffff}) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020) [ 903.717589][T25500] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 903.931759][T25500] device bond27 entered promiscuous mode 06:09:25 executing program 4: r0 = shmget(0x1, 0x3000, 0x0, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/219) 06:09:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 06:09:25 executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x80, 0x0) 06:09:25 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) [ 904.711006][T25556] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:25 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x200001, 0x0) 06:09:25 executing program 3: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) 06:09:25 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:25 executing program 1: pipe(&(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0) [ 905.027430][T25556] device bond28 entered promiscuous mode 06:09:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 06:09:26 executing program 2: pipe(&(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RSETATTR(r0, 0x0, 0x0) 06:09:26 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, &(0x7f0000000000)) [ 905.665491][T25602] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:26 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 905.803604][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 06:09:26 executing program 1: openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x44000, 0x0) [ 905.944168][T25602] device bond29 entered promiscuous mode 06:09:26 executing program 3: clock_getres(0x1, &(0x7f0000002100)) 06:09:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 06:09:27 executing program 4: pipe2$9p(&(0x7f00000004c0), 0x0) 06:09:27 executing program 2: openat$zero(0xffffffffffffff9c, &(0x7f0000000500)='/dev/zero\x00', 0x88280, 0x0) 06:09:27 executing program 1: r0 = shmget(0x1, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x0) 06:09:27 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:27 executing program 3: pipe(&(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RRENAME(r0, 0x0, 0x0) [ 906.810638][T25650] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 906.902883][T25650] device bond30 entered promiscuous mode 06:09:28 executing program 4: r0 = semget(0x2, 0x0, 0x0) semctl$GETZCNT(r0, 0x3, 0xf, &(0x7f0000000040)=""/76) 06:09:28 executing program 2: pipe(&(0x7f0000001100)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) 06:09:28 executing program 1: timer_create(0x7, &(0x7f0000000100)={0x0, 0x16}, &(0x7f0000000140)) 06:09:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 06:09:28 executing program 3: r0 = epoll_create(0x5) pipe(&(0x7f0000001100)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) 06:09:28 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:28 executing program 4: r0 = shmget(0x1, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) 06:09:28 executing program 2: pipe(&(0x7f0000001100)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, 0x0) [ 908.065601][T25705] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 908.217692][T25705] device bond31 entered promiscuous mode 06:09:29 executing program 1: timer_create(0x6, &(0x7f0000000080)={0x0, 0xe}, &(0x7f00000000c0)) 06:09:29 executing program 3: semget$private(0x0, 0x2, 0x42) 06:09:29 executing program 4: pipe(&(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RAUTH(r0, 0x0, 0x0) 06:09:29 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="34000000100001040000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 06:09:29 executing program 2: semget$private(0x0, 0x2, 0x6c6) 06:09:29 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RRENAME(r0, 0x0, 0x6faefec) 06:09:29 executing program 1: pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) [ 909.051628][T25758] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:30 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) [ 909.113192][T25759] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 909.222996][T25759] device bond32 entered promiscuous mode 06:09:30 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="34000000100001040000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:30 executing program 2: pipe(&(0x7f0000001100)={0xffffffffffffffff}) ioctl$TIOCGSERIAL(r0, 0x541e, 0x0) 06:09:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 06:09:30 executing program 3: bpf$BPF_PROG_WITH_BTFID_LOAD(0x8, 0x0, 0x0) 06:09:30 executing program 4: bpf$BPF_PROG_WITH_BTFID_LOAD(0x9, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:09:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket(0x840000000002, 0x3, 0xff) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0xffffff7f, 0x0}}], 0x300, 0x401eb94) [ 910.098399][T25808] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 910.169064][T25811] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 910.267196][T25811] device bond33 entered promiscuous mode 06:09:31 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x200, [{0x7}]}]}}, &(0x7f0000000500)=""/221, 0x32, 0xdd, 0x1}, 0x20) 06:09:31 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="34000000100001040000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:31 executing program 3: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x8, 0x1, &(0x7f0000000000)=@raw=[@func], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:09:31 executing program 4: madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4) 06:09:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 911.095636][T25860] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00', @private0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x8001}) [ 911.309496][T25867] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 911.417756][T25867] device bond34 entered promiscuous mode 06:09:32 executing program 1: syz_mount_image$squashfs(&(0x7f0000005140)='squashfs\x00', &(0x7f0000005180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000068c0)={[], [{@defcontext={'defcontext', 0x3d, 'root'}}]}) 06:09:32 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:32 executing program 3: io_setup(0x2, &(0x7f0000000bc0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000d40)={[0x10001]}, 0x8}) 06:09:32 executing program 4: pipe2$9p(0x0, 0x88800) 06:09:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 912.064763][T25908] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, &(0x7f0000000780)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000800)=0x80) 06:09:33 executing program 2: utimes(0x0, &(0x7f0000000080)={{0x0, 0x7fffffff}}) 06:09:33 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 912.390579][T25914] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:33 executing program 4: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000840)='/dev/udmabuf\x00', 0x2) 06:09:33 executing program 3: process_vm_writev(0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)=""/67, 0x43}], 0x1, 0x0, 0x0, 0x0) [ 912.481158][T25914] device bond35 entered promiscuous mode 06:09:33 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="21d8195c6982", @broadcast, @val, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @empty, @rand_addr=0x1, @remote, @multicast2}}}}, 0x0) [ 912.924443][T25958] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:33 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000), 0x10) 06:09:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000e80)={0xec4, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xba, 0x2a, [@mesh_chsw={0x76, 0x6}, @channel_switch={0x25, 0x3}, @mesh_id={0x72, 0x6}, @mic={0x8c, 0x18, {0x0, "1e169b641a89", @long="94649304db0011a4a3aa0251cbe702f4"}}, @preq={0x82, 0x7d, @not_ext={{}, 0x0, 0x0, 0x0, @device_b, 0x0, "", 0x0, 0x0, 0x9, [{{}, @device_b}, {{}, @device_b}, {}, {{}, @device_b}, {{}, @broadcast}, {{}, @device_b}, {}, {}, {}]}}, @cf={0x4, 0x6}]}, @NL80211_ATTR_IE_PROBE_RESP={0xdf1, 0x7f, [@dsss={0x3, 0x1}, @measure_req={0x26, 0xde8, {0x0, 0x0, 0x0, "21d4dbb05ddaadbc6a164c8b198181995670876659ec06b3745cce101f73cee63b3732c612c2cef3c23a932932c68b067bd402c85b7999bc3561312f295973c416742443378df0d50dd3610e190186e94c2dd3f6a4d8f1dc7330c1a3acb4fcc91b90a9fd7b4c6196322e858288d5a3f5ddb61e4a6d54505a75aa4499b4d0aa690bd80c3d1ba5b0f2a1d0ef0dcbc721791c72b2d93cd7e4798b291d1f38c699a92fe3df09cad2dd40ec210b693e88d86d22db7628a2f7c9d2ff899fcbecd65376b5c4e655aa3c42918734426e399ed2186cd34c9391c0d97cf0f9b123a8a7681fd62939eef33108b7ed178317137634fb347246c414f4099289512cfa77517c93e3b293ee6bfd096ed1db60cf0db9dc32437ede34975b9de0c721f37139ef3db212dd3a85ed865a927bd7c17774d1245ad27b2e9c7dbeb21b90b4367e3eaecc531f5a1ae8b8fcd90bda4bfd964ab327a0c69f0989d73b69f1e7b1760b106acc6dec410cfa8befcf2f9e823e37aa28d505da19446b1d1674877a26192a07286b9cb0ba5a2c782460a5fef128b4c1ed289c66c15e025337289c34fb347221752367cd79e8f65b00d6a052de38428832bb9850159ecb37b0e290217262f4684b5414bc6e6f7be67f091befa3178439cf39e5d94a30ebb3373d08dacfbe202b075ceaede4028c6246cd9cfd64aff481f9c7f97aa4cb965e14a2b0dfb37482aa043680b24aa03d30bfaa5c4b1248628b4ed33719ae2260e67789fdaa8acb1d05b9404b9cfb0b5503b530e5cbda3c77bca53dc11653c1c182d2e6907e94b8de5f061e948d4298f251c71a0f32378d2d5950012aea4db6fe509f098ebf88e043b596054874a14f676384f8d407333d8f8d920422de73a766e691a3438c6c935daa780e113c0ddf572eec0a37c10e504bf1922fe771b283b6a612e196063021520e34b13e118b059590430d356f950a4e73a75e6f95a0708dcf4ddd4ad01382e5f685fcd628fa131917984614bfa6f4eac90b4132cbdab8ddd036d97fc6343dcc54e33944bde6884b91632adfd8cadd8ae74c80785da0be3f6446c058c61b83e7ba1aa3f6dd59ad96693b558ed1ea1cb20a8371585b29734334f992a9e5ebde3538dec588fbff03cd9c28091131ecf904bcd8d2ac1fe98e9c16dc3220de7dfee51f25c514eb4f42b4f28a89d4a701abcb5493025206d307ace75b59a3605f32057fd6e4e4dc7d3c22fc590edb692057edfd92c949c753d5e7c20065c0f5faa4767fca45170018f994ec40241e1b4de3072fced3e08d6ba95d16e0089aebf88c8ffabde64e418b9b3bb3801dbce203c76b0535d477de1a14dcd1f934f4e7e5a11bb93f154bb1a19bfb7d9e7d7bcd0f4a2d0dcc8ad7ef6c66312f8b1fc13bd8d0fc1335a8f2ed2507310230dbd870efe9feb97d809f061ce8db83b9ff5edb0d3cffff0ab44ef1469619403ae71237ff5d0c1a76b2f40c7b24e5464bcb760133df85fe5f982dc7caa559c33d15824dfc6f170471c39ed32bebb604da31e3e1f00c240c18c2bf912176f0e3e47930858e717fdfe61e3fb9b6e6a0c9943a69871b8456d08b14b59da711386c91b7a4b6a9c1bd54520dfd93ffdd22998657b866353d5da73ddd6644d3a9d99df2e5319a3272611bbd8c5b6ac1da7b67d2d0a3b2d32c430e4e636123265dfb2430f03bd17925e6dffbe7d19bf88aebdbbd0edd44c2477c010b7e49182e827761cacd3c2824752eadbe62f4be5807818d20e209e7606df5a51cddc7e4cfc3941d39c3e1cf8c23c28f421d19a470dcae44e3c6e2099141f7326bbb912a0bb1781f90ef6ff4e55bb0a65e7a49ef61d465671d85b826b9e45392174cdbee1f943c7e8c608a1cf51ea991409263087fa7758f9cbddbb78ac9c3fb3db681855b777d1a2fba0aaebe7af3718d9020604f61da37a43d3f4b09762c9982ddfb99674c4fdb1e230c53a4ce8fda42e46fde10eb4531ff3b9c8f95def99c19db08fd96cc7a4ba29789a55f3afa357aeafc4fd370bfb6d013c4ae98179286e0d277abad76cd06f1a778a45e9f81d710a16a352bd245567dd4509a047ea5bcc4e0c44ed81a8745e99878fe9cb0440ecb54459cee154478c68ac237cd9bf5f9f3d5630cb8edf4c2b13efe57cb679cc479fd6b328e2dda7425d3aeda5c1b1e7f76915ea53fac8f2e629fa9e5d0fc472c07e399ac3fe783725485d754960115f0bca92bea8a5d5104e49952c771e6f21f1dee3c475450c3c79e4e9c62edf232df393280890fb1aaa66b752dcaa08982407bddbc9d6d37fb371a8e9617eabe79fe25db8267f669a1151eb6743ea81590a24c76e976be4c929ba7952440332accef7270ab3a8369ae8347828999fface36b5fb8af34e84dd1557c867979b1834612f83a7b1ec5c353a32f0098521f17f678a4208b2d914d4062415a2f9329b4700debc53e1246633fd60e228afa5bc2d3f8c9c173c32cfab40d9ca2fead3cfa5882ec31981845c8b3375df725f4aa2eb6b3854f4025e73354c79355f1d1840e76ea27db21919089510a6460a5270043fb1a67472d57302b874d3c3fe46c2d4dfe52aa51fcc72eb7484d3f90adfbcac5afd352b06784f20bea71e6ee80b235668c0efde4d30c0be86dfd8a801d2886af8175fc53d7f066bdf58d6d4e7fbf0c97bbeefc0d08c84fe6568b2689837b729a64d7786ecae33b5cd0bf9ad7dd2e23fca8a8ee2765080afacb1ffb32b11a5edcbb0d81d6782be2f9f94b4023391363c3a82122e13d0aac6668000f873438f4a5f4d3a2199acb7f9ffbf8e06f4ca2c84bb179559fb9f279e1295f854daed361b88eb2f15ba44efd8c953f12abb21fd9555eecd4d2be0a8fa74657a525475ee7362fd36ce8806b88057e834b22a6bd0c3cb49785fdfaed9bb43a456e0bf94f7105e5868b91104c64d5dfcfdeb5faa9a6a5ffbffa2b950572b77071e5b43e811c725ccaa6efedeadd732f0fd802c87a96c0bfa2a8b6bd1f71e6ce9cb0e4454c1ad12a060c68166139e55d93d0395a7a44a42ef7065bf8179df5ec572d163450bc53c4c2d195ba47afd358aa10fdde197c888a2181a35954418c60b558ec9e4e15151cc5962b6fb958cec2696d97959f0c91bbf440016088dc8c9f65c16eeed99de50424fedf7eab41a79d838fa59e1ff66da41aaf2480913521b51aaf55aef4b759eefdf03e16783f0c7cd0f4aa8de1fd2ea801239c9528b8ab10dcc19b45b1ccbcc0bea48307a75860fcc3dd1f9ff9e12d48280de807462fdca9ae84e474c5d503b459b8102a8c3adc167ba09d9f2304e112d14ccaa357afa3abeef269b0566b799dc9816eeec20026c50d13e4627a7b75f448fb3f0833b390ab8d07fdf772a84d7345f1e9dba453c6ad61f1a2b6ca5b90bc51e12dfaa6ea8befc2f476605bbd3fbe953e34b22942244328971282619ebba66e13cd5de9fef820983bbef9a9de2c5bddd1e8274b602bfe47a3d99fd4b4a22419a96a377ba1c6cb4cea8bbf1b4e8e06b84717f2c645d2190cb3402dfa7158d4003106a7ce919832c30c122111b95b451c887a08bced06e14ff18c84d2f16001dd25554721720b2c7702a6c4ecbeb93c29d79bc77721b2f751fffaafa87475dde39fe28db30dc1610c4a1157939fd601eb41a8b487e62ad48a1dd0863d11877c0af97203a46d643b9cc84e7101dc9294042cf018a0e344e2bd99a48989abca66729c3f797e69467d6b335b4249b0ab4861317cab91393114f7afadba03ae5de5f842ecd677588e0c1b6cebf127d0401648e3f17a5e7bca5ace78ef200700bdffb9c1d43924e0b39628ddd5939fd3fa854d5e01b83b5d2e08f89a033890699ece03948e0899322ec8af2be826b9a5dfa93182bfcc7160ff5a9c86440503c07d850c13402e90bc312a4723e791ea4e351ba596eb4e57a1ea4243c1eb2c9e99447cc6c0e2ce4a484ebb3a3c90da99e80d259808940ea0ef3474990f9845d17d79ad7c2b3723a403c117b8bfedd44c8e7899dcc21e8dcf5bab44f1b2e8314d0143f0b010c239eaa99b4483dfccc53e9600846c490fea43b0ea34304655306f2f8494b7a0c118d14cf321a459de5655466c880bf5a3e7d1df66095b8ad2552477f8d3564a38c2da6de2df99dc2473900763b69d086c7811536f09adb80b0ff609e31163128649290127b84d3728458c809e878028af973a4ba6c0aa0d40500e14c842818c66356bcc08bb0ff59275e1dddce3bfec6f335c60df90ba51e2b3814962318a5e7c66b7fc50c14e12e79fc3437f13c441c66971b5ff5ac159a5492fa5f4a32f73f3d44c50c1827d01ba940bcaf4224dafe72d2f7647955e14db648f3c0c27ce02400fb066ba815e25cfb4935f8332f5931efe69761dcecbf9ede845a46278cae36aec1f678e6e5103d4f9eba8475f792a197e27f08aea3610649eb69e97ddaac190305c4edd6237d60b41ee286cae6b5368383a834345209e0887caca244f27ed8357f5934073536de165f4fb79e415ffffbfa805426cfd6962618417836eb0100c11e6758f0cd1fb290deb889ee73d532b272c6ee4e552f1c0b1f056e61023c0a12d0080c911f305508900ba5d2a74fd37f76e9de0006bbcb095243fc3d425acc3e78cea6dfbfca5430a83c260aa147cd8dae281571f3a3e32eea0804239d4987bea4a254b283897ec441d292a4102312c2f327b58ba1d803a4afea999f8b6dcb8815f5e3ef6c1473a950a6fe53eaa8ecfb170afc15607a32ad37511e4904536c2afba9ba064f1b28ad7367bc0080fb631c18d09aad1303d2f73932f240d1f5bf963c675acc427c6ebfe86c4c330e53ed0302090c37671cf1cdcbf68d6e8daa3760d3cfb9afc040e72541543630012457b52b2a0d732263c9e2e6637ec29f4d738e9684449c64cc92fa1f8849cf0b7bffa4fc2d0aac052272b983c6f1c5588ff6cfc74208f883e314716f85ddef106c7a8730c678a249cc65a7501f98db474acc01165517c79dc902f419c87f661dd9224d43afbf31ab408b4391366d3c3bd9bc502dc093aa456"}}]}]}, 0xec4}}, 0x0) 06:09:34 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:34 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @local}, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082, r3}) [ 913.516433][T25967] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:34 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000500)=""/221, 0x26, 0xdd, 0x1}, 0x20) [ 913.706967][T25967] device bond36 entered promiscuous mode 06:09:34 executing program 2: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self\x00', 0x0, 0x0) pidfd_send_signal(r0, 0x36, &(0x7f0000000000), 0x0) 06:09:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) [ 913.972250][T26007] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:35 executing program 4: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x2}]}]}}, &(0x7f0000000500)=""/221, 0x32, 0xdd, 0x1}, 0x20) 06:09:35 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff00", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:35 executing program 1: syslog(0x4, &(0x7f0000000000)=""/20, 0x14) 06:09:35 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req={0x0, 0x0, 0x0, 0x1}, 0x10) 06:09:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) getpeername$netlink(r0, 0x0, &(0x7f0000000080)) [ 914.688109][T26019] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 914.755088][T26019] device bond37 entered promiscuous mode [ 914.794364][T26055] device bridge40 entered promiscuous mode [ 914.801677][T26055] bond37: (slave bridge40): Enslaving as an active interface with an up link 06:09:36 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff00", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:36 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001200)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_UIE_OFF(r0, 0x7004) 06:09:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:36 executing program 2: perf_event_open(&(0x7f0000000340)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f050, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 06:09:36 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x9, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 915.978806][T26071] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 915.993953][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 916.061358][T26071] device bond38 entered promiscuous mode 06:09:37 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff00", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:37 executing program 4: process_vm_writev(0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)=""/67, 0x43}], 0x1, &(0x7f0000000600)=[{&(0x7f0000000500)=""/25, 0x19}, {0x0}], 0x2, 0x0) 06:09:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 06:09:37 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f0000003140), 0x8) write$FUSE_CREATE_OPEN(r0, 0x0, 0x0) [ 916.991316][T26121] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:38 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req={0x0, 0x6}, 0x10) 06:09:38 executing program 4: perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 06:09:38 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f00000000c0)=""/137, 0x1a, 0x89, 0x1}, 0x20) 06:09:38 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff0000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 917.049593][T26121] device bond39 entered promiscuous mode [ 917.105674][T26156] device bridge41 entered promiscuous mode [ 917.113626][T26156] bond39: (slave bridge41): Enslaving as an active interface with an up link 06:09:38 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000080)=@framed={{}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x85, &(0x7f0000000100)=""/133, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, 0x0}, 0x78) 06:09:38 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000dc0)='/dev/vcsa\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000d40)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, r0, 0x9, 0xffffffffffffffff, 0xd) [ 917.529250][T26167] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:38 executing program 3: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0) 06:09:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x34, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 06:09:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x14, 0x8, 0x0, 0x1, {0xf, 0x1, 'sane-20000\x00'}}, @CTA_MARK_MASK={0x8}]}, 0x80}}, 0x0) 06:09:38 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff0000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) [ 917.970610][ T1] systemd[1]: systemd-rfkill.service: Start operation timed out. Terminating. [ 918.118360][T26179] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:39 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000005c0)={&(0x7f00000003c0), 0xc, &(0x7f0000000580)={&(0x7f0000000400)={0x1c, 0x0, 0x9, 0x401, 0x0, 0x0, {}, [@NFCTH_STATUS={0x8}]}, 0x1c}}, 0x0) [ 918.217623][T26179] device bond40 entered promiscuous mode [ 918.251807][T26181] device bridge42 entered promiscuous mode 06:09:39 executing program 4: socket$inet6(0xa, 0x5, 0x2) 06:09:39 executing program 3: bpf$BPF_PROG_WITH_BTFID_LOAD(0xc, 0x0, 0x0) [ 918.504367][T26219] netlink: 'syz-executor.1': attribute type 8 has an invalid length. [ 918.508759][ T1] systemd[1]: Failed to start Load/Save RF Kill Switch Status. [ 918.535041][T26218] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 918.609770][ T1] systemd[1]: systemd-rfkill.service: Unit entered failed state. [ 918.683849][ T1] systemd[1]: systemd-rfkill.service: Failed with result 'timeout'. 06:09:39 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff0000", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r5], 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r7], 0x20}}, 0x0) 06:09:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x34, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 06:09:39 executing program 1: io_setup(0x2, &(0x7f0000000bc0)=0x0) io_pgetevents(r0, 0x4, 0x0, 0x0, 0x0, 0x0) 06:09:40 executing program 2: socketpair(0x1, 0x0, 0x7, &(0x7f0000000240)) 06:09:40 executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_user\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc0c0583b, &(0x7f0000000000)) [ 919.352611][ T1] systemd[1]: Starting Load/Save RF Kill Switch Status... 06:09:40 executing program 4: perf_event_open(&(0x7f0000000e00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 919.567784][T26239] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 919.630039][T26241] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 919.737023][T26241] device bond41 entered promiscuous mode [ 919.774457][T26244] device bridge43 entered promiscuous mode 06:09:40 executing program 2: syz_mount_image$squashfs(&(0x7f0000005140)='squashfs\x00', &(0x7f0000005180)='./file0\x00', 0x0, 0x4, &(0x7f00000067c0)=[{0x0}, {0x0}, {0x0, 0x0, 0x7}, {&(0x7f0000006640)}], 0x0, &(0x7f00000068c0)={[{':+/:.'}, {'batadv0\x00'}, {}], [{@obj_type={'obj_type', 0x3d, 'syzkaller\x00'}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller\x00'}}]}) 06:09:40 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:40 executing program 1: r0 = dup(0xffffffffffffffff) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00', 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x100, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080) r2 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) openat(r0, &(0x7f0000000080)='./file0\x00', 0x10000, 0x4) ioctl$sock_inet6_SIOCADDRT(r2, 0x890c, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x15], 0x0, 0x0}}) [ 920.095607][ T1] systemd[1]: Started Load/Save RF Kill Switch Status. 06:09:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fsetxattr$trusted_overlay_redirect(r0, 0x0, 0x0, 0x0, 0x5) 06:09:41 executing program 4: syz_open_dev$dri(&(0x7f0000000380)='/dev/dri/card#\x00', 0x0, 0x5530c0) 06:09:41 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x34, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 920.496247][T26286] squashfs: Unknown parameter ':+/:.' [ 920.586837][T26286] squashfs: Unknown parameter ':+/:.' [ 920.621131][T26290] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 920.667212][T26298] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 920.759630][T26298] device bond42 entered promiscuous mode [ 920.841411][T26306] device bridge44 entered promiscuous mode 06:09:41 executing program 1: syz_emit_ethernet(0x19, &(0x7f00000009c0)={@dev, @link_local, @val, {@x25}}, 0x0) 06:09:41 executing program 2: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000100)="de", 0x1}], 0x0, 0x0) 06:09:41 executing program 4: bpf$BPF_PROG_WITH_BTFID_LOAD(0x4, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:09:42 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002180)='/dev/bsg\x00', 0x0, 0x0) timerfd_gettime(r0, 0x0) 06:09:42 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 06:09:42 executing program 1: perf_event_open(&(0x7f0000000e00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x100000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 921.637243][T26354] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:42 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={0x0, &(0x7f0000000280)=""/12, 0x0, 0xc}, 0x20) 06:09:42 executing program 4: fsopen(&(0x7f0000006980)='ext4\x00', 0x1) [ 921.915866][T26368] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 921.985661][T26368] device bond43 entered promiscuous mode 06:09:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x2, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x9fff}], 0x0, 0x0, 0x9c, &(0x7f00000002c0)=""/156, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='lock_acquire\x00', r0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00') removexattr(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=@known='trusted.syz\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000003a40)=0x9, 0x4) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000200)=0x2) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 06:09:43 executing program 2: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x34e, 0x0, 0x0) 06:09:43 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r1, @ANYBLOB="006ee0000000200008000a00", @ANYRES32=r4], 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 06:09:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) 06:09:43 executing program 4: bpf$BPF_PROG_WITH_BTFID_LOAD(0xd, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 922.840545][T26415] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:43 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000b00)={0x1, &(0x7f0000000ac0)=[{0x3}]}) [ 922.968448][T26415] device bond44 entered promiscuous mode [ 922.978440][T26422] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 06:09:44 executing program 3: clock_gettime(0x757a33ae4399c1e5, 0x0) 06:09:44 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:44 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x7, &(0x7f0000000080)=@framed={{}, [@ldst, @ldst, @map]}, &(0x7f0000000100)='GPL\x00', 0x3, 0x1000, &(0x7f0000000440)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 06:09:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 06:09:44 executing program 4: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000d40)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) 06:09:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fsetxattr$security_ima(r0, &(0x7f0000001440)='security.ima\x00', 0x0, 0x0, 0x0) 06:09:45 executing program 2: syz_mount_image$squashfs(0x0, 0x0, 0x0, 0x2, &(0x7f00000067c0)=[{&(0x7f00000051c0)='*', 0x1, 0x2}, {&(0x7f0000005240)="9655603f15b2c14a45905b24c5a74c18d4471779ffc70ade673bb063188a5a5f5e341408f5a1228aad2dc61db7791410a6cbfe8bed033112e76175cf1d78f677f43b9528c2e54a85c5f80c565a9dc13145aaab4835938e338c80b714e30841be2854857bc6abdae4c38aa6bb46422e75a2e0cbefede06bdee1429848cfd1b6b584a7276ea75dfc1b67e1207bd95adb3fdf3b340ec218e3d3637be1a9b3735d4cf4168f9bd0141b6f03571e387b8905afd1e3ee2d8142e177aafb533fe315d748ba84193f686b91562473c5675bbe90db858e56f9dc330693cf86d4affbc040aa3f57d32a3248b805088cea362a92bdb0bf14", 0xf2, 0x401}], 0x0, 0x0) 06:09:45 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$getflags(r0, 0x1) 06:09:45 executing program 3: r0 = socket(0x1, 0x5, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x4000884, 0x0, 0x2d) [ 924.663098][T26475] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 924.762597][T26480] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:45 executing program 1: r0 = socket(0x1, 0x5, 0x0) read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020) [ 924.822913][T26480] device bond45 entered promiscuous mode [ 924.840151][T26482] device bridge45 entered promiscuous mode 06:09:46 executing program 4: r0 = socket(0x1, 0x5, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x884, 0x0, 0x0) 06:09:46 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x28, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_MASTER={0x8, 0xa, r2}]}, 0x28}}, 0x0) [ 925.300776][T26533] loop2: detected capacity change from 4 to 0 [ 925.407354][T26537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 925.503953][T26533] loop2: detected capacity change from 4 to 0 06:09:46 executing program 1: r0 = socket(0x1, 0x5, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x4000884, 0x0, 0x0) 06:09:46 executing program 3: r0 = socket(0x1, 0x5, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x884, 0x0, 0x6) [ 925.831807][T26547] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:46 executing program 2: r0 = socket(0x1, 0x5, 0x0) recvmmsg(r0, &(0x7f0000000300), 0x0, 0x40000040, 0x0) 06:09:46 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) [ 925.917333][T26547] device bond46 entered promiscuous mode [ 926.003721][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 06:09:47 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x28, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_MASTER={0x8, 0xa, r2}]}, 0x28}}, 0x0) 06:09:47 executing program 4: r0 = socket(0x1, 0x5, 0x0) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x40002140) 06:09:47 executing program 3: r0 = socket(0x1, 0x5, 0x0) sendto$inet6(r0, &(0x7f0000000100)="01030dab96854d641ef32a353468d50511427389c209000000000000002ab7ca7cce3a8f869954b6b232b3d5913da40080000000000000634952f5808e728f", 0x0, 0x24000000, 0x0, 0xffffffffffffff7c) [ 926.482352][T26590] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 926.646564][T26598] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 06:09:47 executing program 2: r0 = socket(0x1, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002040)={0x0}, &(0x7f0000002080)=0xc) setpgid(r1, 0x0) [ 926.887995][T26598] device bond47 entered promiscuous mode 06:09:48 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:48 executing program 4: r0 = socket(0x1, 0x5, 0x0) recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000040, 0x0) 06:09:48 executing program 3: select(0xfffffffffffffca3, 0x0, 0xffffffffffffffff, 0x0, 0x0) 06:09:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="2277f292252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x28, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28100}, [@IFLA_MASTER={0x8, 0xa, r2}]}, 0x28}}, 0x0) [ 927.520489][T26642] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 927.915860][T26653] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 928.046156][T26653] device bond48 entered promiscuous mode [ 932.400249][T26700] IPVS: ftp: loaded support on port[0] = 21 [ 932.552771][ T1] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 932.878721][T26700] chnl_net:caif_netlink_parms(): no params data found [ 933.148014][T26700] bridge0: port 1(bridge_slave_0) entered blocking state [ 933.161133][T26700] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.174491][T26700] device bridge_slave_0 entered promiscuous mode [ 933.278276][T26700] bridge0: port 2(bridge_slave_1) entered blocking state [ 933.285842][T26700] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.296641][T26700] device bridge_slave_1 entered promiscuous mode [ 933.405277][T26700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 933.432487][T26700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 933.514047][T26700] team0: Port device team_slave_0 added [ 933.560759][T26700] team0: Port device team_slave_1 added [ 933.643026][T26700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 933.659009][T26700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 933.685668][T26700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 933.711283][T26700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 933.721840][T26700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 933.748854][T26700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 933.861863][T26700] device hsr_slave_0 entered promiscuous mode [ 933.895083][T26700] device hsr_slave_1 entered promiscuous mode [ 933.916745][T26700] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 933.934615][T26700] Cannot create hsr debugfs directory [ 934.405612][ T8925] Bluetooth: hci1: command 0x0409 tx timeout [ 934.633081][T26700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 934.744991][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 934.761894][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 934.799871][T26700] 8021q: adding VLAN 0 to HW filter on device team0 [ 934.906343][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 934.917413][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 934.929436][ T4719] bridge0: port 1(bridge_slave_0) entered blocking state [ 934.941516][ T4719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 934.960555][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 934.981823][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 935.000512][ T4719] bridge0: port 2(bridge_slave_1) entered blocking state [ 935.014454][ T4719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 935.488868][T26700] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 935.508414][T26700] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 935.529318][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 935.538655][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 935.549672][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 935.560944][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 935.571546][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 935.581949][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 935.592444][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 935.602670][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 935.612429][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 935.622977][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 935.632627][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 935.790148][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 935.800218][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 935.809517][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 935.817519][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 935.847942][T26700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 936.064668][ T290] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 936.312442][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 936.326543][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 936.454995][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 936.478182][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 936.495193][ T4719] Bluetooth: hci1: command 0x041b tx timeout [ 936.515996][T26700] device veth0_vlan entered promiscuous mode [ 936.578244][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 936.587655][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 936.616588][T26700] device veth1_vlan entered promiscuous mode [ 936.772385][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 936.783917][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 936.794048][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 936.814266][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 936.839245][T26700] device veth0_macvtap entered promiscuous mode [ 936.868094][T26700] device veth1_macvtap entered promiscuous mode [ 936.948847][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 936.974680][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 936.984831][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 936.995520][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.005661][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 937.016728][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.035544][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 937.046232][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.067122][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 937.077965][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.088269][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 937.099903][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.114509][T26700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 937.137988][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 937.147826][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 937.157782][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 937.179105][ T2095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 937.476833][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 937.487618][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.497716][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 937.508749][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.518879][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 937.530042][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.540141][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 937.550843][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.560982][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 937.571724][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.581843][T26700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 937.592550][T26700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 937.607963][T26700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 937.622745][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 937.633136][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 937.976908][ T1] systemd[1]: systemd-journald.service: Start operation timed out. Terminating. [ 938.215077][ T110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 938.232403][ T110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 938.246034][T11438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 938.285522][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 938.294274][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 938.303736][T11438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 938.563725][T11438] Bluetooth: hci1: command 0x040f tx timeout 06:09:59 executing program 1: r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x0) 06:09:59 executing program 2: r0 = socket(0x1, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8917, &(0x7f0000000000)={'lo\x00', @ifru_mtu}) 06:09:59 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:09:59 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001b00)=@expire={0xf8, 0x18, 0x901, 0x0, 0x0, {{{@in6=@mcast1, @in=@local}, {@in6=@loopback}, @in6=@private0}}}, 0xf8}}, 0x0) 06:09:59 executing program 4: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x10, 0x0, &(0x7f0000000040)) 06:09:59 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0) [ 938.864693][T26959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 938.891858][T26961] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 06:10:00 executing program 4: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@typedef={0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, &(0x7f0000000340)=""/214, 0x2d, 0xd6, 0x1}, 0x20) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x5450, 0x0) 06:10:00 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000640)={{0x0, 0x2, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) 06:10:00 executing program 2: syz_open_dev$sndctrl(&(0x7f0000001100)='/dev/snd/controlC#\x00', 0xffffffffffffffff, 0x2c0) 06:10:00 executing program 5: request_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0) 06:10:00 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:10:00 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)) [ 939.839691][T26980] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 939.930191][ T3161] ieee802154 phy0 wpan0: encryption failed: -22 [ 939.936950][ T3161] ieee802154 phy1 wpan1: encryption failed: -22 06:10:00 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x5, 0x0, 0x0, 0x0, 0x4, 0x1}, 0x40) 06:10:00 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0xf3cb, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000100)={0x4000000}) 06:10:01 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000002f40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00', r0) 06:10:01 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) 06:10:01 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400000000000080ffff000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000011000101210000000000000000008486", @ANYRES32=r6], 0x20}}, 0x0) 06:10:01 executing program 1: rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f00000004c0)) 06:10:01 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x55, 0xffffffffffffffff, 0x13}, 0x40) [ 940.644286][ T8463] Bluetooth: hci1: command 0x0419 tx timeout [ 940.706175][T26999] ===================================================== [ 940.713141][T26999] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x9c/0xb0 [ 940.713348][T26999] CPU: 1 PID: 26999 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 [ 940.722455][T26999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 940.722455][T26999] Call Trace: [ 940.722455][T26999] dump_stack+0x21c/0x280 [ 940.722455][T26999] kmsan_report+0xfb/0x1e0 [ 940.722455][T26999] kmsan_internal_check_memory+0x484/0x520 [ 940.722455][T26999] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 940.722455][T26999] ? should_fail+0x72/0x9e0 [ 940.722455][T26999] kmsan_copy_to_user+0x9c/0xb0 [ 940.722455][T26999] _copy_to_user+0x1ac/0x270 [ 940.722455][T26999] compat_drm_wait_vblank+0x36f/0x450 [ 940.722455][T26999] drm_compat_ioctl+0x3f6/0x590 [ 940.722455][T26999] ? compat_drm_agp_unbind+0x1a0/0x1a0 [ 940.722455][T26999] ? drm_vblank_worker_init+0x340/0x340 [ 940.722455][T26999] __se_compat_sys_ioctl+0x53d/0x1100 [ 940.722455][T26999] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 940.722455][T26999] ? syscall_enter_from_user_mode_work+0x56/0x100 [ 940.722455][T26999] __ia32_compat_sys_ioctl+0x4a/0x70 [ 940.722455][T26999] __do_fast_syscall_32+0x102/0x160 [ 940.722455][T26999] do_fast_syscall_32+0x6a/0xc0 [ 940.722455][T26999] do_SYSENTER_32+0x73/0x90 [ 940.722455][T26999] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 940.722455][T26999] RIP: 0023:0xf7f47549 [ 940.722455][T26999] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 940.722455][T26999] RSP: 002b:00000000f55415fc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 940.722455][T26999] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c018643a [ 940.722455][T26999] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 940.722455][T26999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 940.722455][T26999] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 940.722455][T26999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 940.722455][T26999] [ 940.722455][T26999] Uninit was stored to memory at: [ 940.722455][T26999] kmsan_internal_chain_origin+0xad/0x130 [ 940.722455][T26999] __msan_chain_origin+0x57/0xa0 [ 940.722455][T26999] compat_drm_wait_vblank+0x43c/0x450 [ 940.722455][T26999] drm_compat_ioctl+0x3f6/0x590 [ 940.722455][T26999] __se_compat_sys_ioctl+0x53d/0x1100 [ 940.722455][T26999] __ia32_compat_sys_ioctl+0x4a/0x70 [ 940.722455][T26999] __do_fast_syscall_32+0x102/0x160 [ 940.722455][T26999] do_fast_syscall_32+0x6a/0xc0 [ 940.722455][T26999] do_SYSENTER_32+0x73/0x90 [ 940.722455][T26999] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 940.722455][T26999] [ 940.722455][T26999] Local variable ----req@compat_drm_wait_vblank created at: [ 940.722455][T26999] compat_drm_wait_vblank+0x7b/0x450 [ 940.722455][T26999] compat_drm_wait_vblank+0x7b/0x450 [ 940.722455][T26999] [ 940.722455][T26999] Bytes 12-15 of 16 are uninitialized [ 940.722455][T26999] Memory access of size 16 starts at ffff88814ffe3c98 [ 940.722455][T26999] Data copied to user address 0000000020000100 [ 940.722455][T26999] ===================================================== [ 940.722455][T26999] Disabling lock debugging due to kernel taint [ 940.722455][T26999] Kernel panic - not syncing: panic_on_warn set ... [ 940.722455][T26999] CPU: 1 PID: 26999 Comm: syz-executor.2 Tainted: G B 5.11.0-rc7-syzkaller #0 [ 940.722455][T26999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 940.722455][T26999] Call Trace: [ 940.722455][T26999] dump_stack+0x21c/0x280 [ 940.722455][T26999] panic+0x4c6/0xea7 [ 940.722455][T26999] ? add_taint+0x17c/0x210 [ 940.722455][T26999] kmsan_report+0x1de/0x1e0 [ 940.722455][T26999] kmsan_internal_check_memory+0x484/0x520 [ 940.722455][T26999] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 940.722455][T26999] ? should_fail+0x72/0x9e0 [ 940.722455][T26999] kmsan_copy_to_user+0x9c/0xb0 [ 940.722455][T26999] _copy_to_user+0x1ac/0x270 [ 940.722455][T26999] compat_drm_wait_vblank+0x36f/0x450 [ 940.722455][T26999] drm_compat_ioctl+0x3f6/0x590 [ 940.722455][T26999] ? compat_drm_agp_unbind+0x1a0/0x1a0 [ 940.722455][T26999] ? drm_vblank_worker_init+0x340/0x340 [ 940.722455][T26999] __se_compat_sys_ioctl+0x53d/0x1100 [ 940.722455][T26999] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 940.722455][T26999] ? syscall_enter_from_user_mode_work+0x56/0x100 [ 940.722455][T26999] __ia32_compat_sys_ioctl+0x4a/0x70 [ 940.722455][T26999] __do_fast_syscall_32+0x102/0x160 [ 940.722455][T26999] do_fast_syscall_32+0x6a/0xc0 [ 940.722455][T26999] do_SYSENTER_32+0x73/0x90 [ 940.722455][T26999] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 940.722455][T26999] RIP: 0023:0xf7f47549 [ 940.722455][T26999] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 940.722455][T26999] RSP: 002b:00000000f55415fc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 940.722455][T26999] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c018643a [ 940.722455][T26999] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 940.722455][T26999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 940.722455][T26999] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 940.722455][T26999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 940.722455][T26999] Kernel Offset: disabled [ 940.722455][T26999] Rebooting in 86400 seconds..