[   55.854098] audit: type=1800 audit(1542923086.890:27): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   55.873765] audit: type=1800 audit(1542923086.900:28): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   57.555924] audit: type=1800 audit(1542923088.600:29): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   57.575491] audit: type=1800 audit(1542923088.600:30): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts.
2018/11/22 21:45:01 fuzzer started
2018/11/22 21:45:06 dialing manager at 10.128.0.26:36751
2018/11/22 21:45:06 syscalls: 1
2018/11/22 21:45:06 code coverage: enabled
2018/11/22 21:45:06 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/11/22 21:45:06 setuid sandbox: enabled
2018/11/22 21:45:06 namespace sandbox: enabled
2018/11/22 21:45:06 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/22 21:45:06 fault injection: enabled
2018/11/22 21:45:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/22 21:45:06 net packet injection: enabled
2018/11/22 21:45:06 net device setup: enabled
21:47:18 executing program 0:
add_key(&(0x7f0000000180)='big_key\x00', &(0x7f00000001c0)={'.yz'}, &(0x7f00000005c0), 0x0, 0xfffffffffffffffd)

syzkaller login: [  208.423325] IPVS: ftp: loaded support on port[0] = 21
[  210.459669] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.466221] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.474781] device bridge_slave_0 entered promiscuous mode
[  210.612501] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.618981] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.627467] device bridge_slave_1 entered promiscuous mode
[  210.747867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  210.867583] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.239429] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  211.365035] bond0: Enslaving bond_slave_1 as an active interface with an up link
21:47:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

[  212.206304] IPVS: ftp: loaded support on port[0] = 21
[  212.255812] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  212.263851] team0: Port device team_slave_0 added
[  212.453347] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  212.461284] team0: Port device team_slave_1 added
[  212.580698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  212.591541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  212.600514] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.750379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.889127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  212.896854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.905983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  213.102157] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  213.109974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.119033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  215.105774] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.112343] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.119250] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.125821] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.134268] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  215.512731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  215.590486] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.597212] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.605789] device bridge_slave_0 entered promiscuous mode
[  215.782931] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.789492] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.798016] device bridge_slave_1 entered promiscuous mode
[  215.932090] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  216.111301] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  216.667484] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  216.916313] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  217.086348] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  217.093659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
21:47:28 executing program 2:
mkdir(&(0x7f0000000680)='./control\x00', 0x0)
r0 = open(&(0x7f0000000600)='./control\x00', 0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x24)
mknodat(r0, &(0x7f0000000000)='./control\x00', 0x103c, 0x0)
faccessat(r0, &(0x7f000003fff6)='./control\x00', 0x0, 0x0)

[  217.278900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  217.286330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.067710] IPVS: ftp: loaded support on port[0] = 21
[  218.075817] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  218.083770] team0: Port device team_slave_0 added
[  218.281234] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  218.289645] team0: Port device team_slave_1 added
[  218.496642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  218.727820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  218.735297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  218.744192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  218.960795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  218.968800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.977783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  219.226462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  219.234219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.243249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.824152] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.830635] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.837748] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.844288] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.853137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  221.892180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  222.266724] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.274114] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.282514] device bridge_slave_0 entered promiscuous mode
[  222.554010] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.560498] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.569059] device bridge_slave_1 entered promiscuous mode
[  222.851945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  223.083005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  223.756717] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  224.044149] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  224.230174] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  224.237556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  224.469830] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  224.477184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
21:47:35 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x11, 0x4000000000080002, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x80000000014, &(0x7f0000003dc0)=0x4, 0x4)
bind$packet(r1, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
sendmmsg$inet_sctp(r1, &(0x7f0000871fc8)=[{&(0x7f000086c000)=@in6={0xa, 0x0, 0x2}, 0x1c, &(0x7f0000d1e000), 0x0, &(0x7f0000dda000)}], 0x492492492492510, 0x0)

[  224.916559] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.383626] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  225.391612] team0: Port device team_slave_0 added
[  225.684649] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  225.692964] team0: Port device team_slave_1 added
[  225.937934] IPVS: ftp: loaded support on port[0] = 21
[  226.023526] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  226.049171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  226.056368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  226.065375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  226.325030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  226.332300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  226.341065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  226.673777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  226.681366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  226.690506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  226.955184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  226.962960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  226.972241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  227.212857] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  227.219624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  227.227734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  228.342902] 8021q: adding VLAN 0 to HW filter on device team0
[  230.324635] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.331136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.338172] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.344733] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.353270] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  230.742744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  231.307434] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.314068] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.322529] device bridge_slave_0 entered promiscuous mode
[  231.595477] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.602179] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.610634] device bridge_slave_1 entered promiscuous mode
[  231.963301] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  232.275923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  233.337176] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  233.649068] 8021q: adding VLAN 0 to HW filter on device bond0
[  233.706806] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  233.978971] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  233.986611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  234.293389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  234.300617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
21:47:45 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002)
write(r0, &(0x7f0000eaffa7)="530000003d9f5de1e52055bb7c8a326fe46092b68ce864a08c682d9ad789c5d7acad0e771f13cecb59029b011ded54a09c41c6cfcfbcd743cc665c32af223d42438b416a0304891c88697ae707d4a70f330e6fe3a1c9c76f", 0x58)

[  234.847739] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  235.367401] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  235.375482] team0: Port device team_slave_0 added
21:47:46 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x400042, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0)

[  235.759087] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  235.767085] team0: Port device team_slave_1 added
[  235.906995] IPVS: ftp: loaded support on port[0] = 21
21:47:47 executing program 0:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000080)=r0)
fsetxattr$security_capability(r0, &(0x7f0000000000)='security.capability\x00', &(0x7f00000000c0)=@v2={0x2000000, [{0x3, 0xb8c0}, {0x2, 0x3}]}, 0x14, 0x3)
writev(r0, &(0x7f0000001b40), 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v2={0x2000000, [{0x2, 0x5}, {0x2, 0xe73ec74}]}, 0x14, 0x2)

[  236.088109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  236.095973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  236.105007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  236.268007] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  236.274679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  236.282739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  236.476378] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  236.483651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  236.492470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
21:47:47 executing program 0:
r0 = socket$inet6(0xa, 0x8000000080003, 0xff)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@local, @in6=@mcast1}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000000040)=0xe8)
getgid()
sendmmsg(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001180), 0x240, &(0x7f00000011c0)}}], 0x249, 0x0)
listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0)

[  236.926262] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  236.934134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  236.942982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
21:47:48 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f000069a000/0x1000)=nil, 0x1000, 0x200000e, 0x10, r0, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000000), 0x9, 0x2)
openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x800, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
ioctl$TIOCSTI(r1, 0x5412, 0x4)

[  237.312707] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  237.320281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  237.329251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
21:47:48 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f000069a000/0x1000)=nil, 0x1000, 0x200000e, 0x10, r0, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000000), 0x9, 0x2)
openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x800, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
ioctl$TIOCSTI(r1, 0x5412, 0x4)

[  237.801980] 8021q: adding VLAN 0 to HW filter on device team0
21:47:49 executing program 0:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'nr0\x00', 0xffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x1a}, 0x10}, 0x1c)
sendto$inet6(r2, &(0x7f0000000380), 0x0, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c)

21:47:49 executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket(0x10, 0x20000000802, 0x0)
sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f00000000c0)={@ipv4={[], [], @dev}, <r2=>0x0}, &(0x7f0000000100)=0x14)
connect(r1, &(0x7f0000000140)=@hci={0x1f, r2, 0x2}, 0x80)
write(r1, &(0x7f0000000000)="240000001a0025f00018000400edfc0e8000000000000000000000000800020048050000", 0x24)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000240)='/dev/snd/pcmC#D#p\x00', 0x2b7f, 0x0)
write$P9_RSYMLINK(r3, &(0x7f0000000280)={0x14, 0x11, 0x2, {0x8, 0x2, 0x8}}, 0x14)
ioctl$ION_IOC_HEAP_QUERY(r3, 0xc0184908, &(0x7f0000000300)={0x34, 0x0, &(0x7f00000002c0)})
r4 = open(&(0x7f0000000040)='./file0\x00', 0x20000, 0x20)
ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f0000000080))

21:47:49 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000080)=0xc0e, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_getlink={0x2c, 0x12, 0x88b1dc089af64ad5, 0x0, 0x0, {}, [@IFLA_ADDRESS={0xc, 0x1, @dev}]}, 0xfffffff3}}, 0x0)

[  241.488791] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.495549] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.502565] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.509026] bridge0: port 1(bridge_slave_0) entered forwarding state
[  241.517507] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  241.572952] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.579575] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.588136] device bridge_slave_0 entered promiscuous mode
[  241.929494] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.936573] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.944937] device bridge_slave_1 entered promiscuous mode
[  242.182223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  242.268669] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  242.572422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  243.379795] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  243.722047] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  243.799630] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.993885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  244.001000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  244.249088] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  244.256693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  244.968602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  245.203226] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  245.211194] team0: Port device team_slave_0 added
[  245.521071] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  245.529135] team0: Port device team_slave_1 added
21:47:56 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

[  245.761774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  245.769171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  245.777915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  246.043597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  246.050799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  246.059687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  246.075550] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  246.133043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  246.140963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  246.251119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  246.259010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  246.268936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  246.467577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  246.475410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  246.484299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  246.745587] 8021q: adding VLAN 0 to HW filter on device team0
[  248.631455] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.638076] bridge0: port 2(bridge_slave_1) entered forwarding state
[  248.645258] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.651734] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.660164] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  248.667176] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  250.855852] 8021q: adding VLAN 0 to HW filter on device bond0
21:48:02 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

[  251.469846] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  251.931587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  251.938119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  251.946985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  252.421199] 8021q: adding VLAN 0 to HW filter on device team0
[  254.614303] 8021q: adding VLAN 0 to HW filter on device bond0
[  255.081382] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  255.527227] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  255.533867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  255.541701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
21:48:06 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x100000b)

[  255.968217] 8021q: adding VLAN 0 to HW filter on device team0
21:48:08 executing program 4:
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x88, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x8, 0x8, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x70}, @dev}}}}}}, &(0x7f0000000000))

21:48:08 executing program 0:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ftruncate(r0, 0x28c5)
r1 = socket$inet6(0xa, 0x805, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x0, 0x2b}}}, 0xe8)
sendto$inet6(r1, &(0x7f00000001c0), 0x3000, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
dup3(r0, r0, 0x80000)

21:48:08 executing program 5:
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
r1 = accept(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80)
sendmsg$nl_netfilter(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20008}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x11, 0x4, 0x4, 0x70bd2b, 0x25dfdbfb, {0x1}, [@typed={0x8, 0x6, @ipv4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x11)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer\x00', 0x40300, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000300)={<r4=>0x0, <r5=>0x0}, &(0x7f0000000340)=0xc)
stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
r7 = getuid()
mount$fuseblk(&(0x7f0000000200)='/dev/loop0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x208008, &(0x7f0000000440)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize={'blksize'}}], [{@uid_lt={'uid<', r7}}, {@measure='measure'}, {@fsmagic={'fsmagic', 0x3d, 0x3}}, {@audit='audit'}, {@obj_role={'obj_role', 0x3d, '.'}}]}})
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000540)=0x4, 0x4)
getsockopt$inet6_buf(r3, 0x29, 0xff, &(0x7f0000000580)=""/90, &(0x7f0000000600)=0x5a)
getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000640), &(0x7f0000000680)=0x4)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000800)={0x81, 0x9, 0x2, {0x6, @win={{0x80b3, 0xf41, 0x0, 0x1}, 0x1, 0x2, &(0x7f00000006c0)={{0x4, 0x8, 0x400, 0x101}}, 0x100, &(0x7f0000000700)="03582da0b65198b506cf5ffa4df0d19df6aba22157e55b78b4c1fc4d8e51dfc4d4d5c28b70566da34226beff3614d91377ef2813b0e44784ec5ee849bdaa5b10b3cb5231834aa2ab52dae0fa247606893bc2646603b028b66eb829241243e3a6e8293e4ea7aa0530c33e98318f48b390c678d9be49ec13ec8d6c6c0a05ee00ff8a8e27118aefb094b1920c42f501e6db86a6b80df9625bded8d6ba56dd362ee6ede6419d7b0c6d74dda24ce3b50c4059928fe4bae2610ad9dca67cd2f5bfa9418fe820bc6263", 0x20}}})
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000900)=[@in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e20, 0x2, @remote, 0x8001}, @in={0x2, 0x4e21}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x12}}, @in6={0xa, 0x4e23, 0x3ff, @remote, 0x5}, @in={0x2, 0x4e20, @remote}], 0x78)
getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000980), &(0x7f00000009c0)=0x8)
r8 = syz_open_dev$midi(&(0x7f0000000a00)='/dev/midi#\x00', 0xffffffff, 0x40000)
setfsgid(r6)
ioctl$EVIOCGKEY(r8, 0x80404518, &(0x7f0000000a40)=""/179)
r9 = add_key$keyring(&(0x7f0000000b00)='keyring\x00', &(0x7f0000000b40)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$setperm(0x5, r9, 0x4000000)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x5, 0x30, r0, 0x0)
ioctl$FIDEDUPERANGE(r8, 0xc0189436, &(0x7f0000000b80)={0x1, 0x8, 0x2, 0x0, 0x0, [{r3, 0x0, 0x4}, {r0, 0x0, 0x80}]})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000c00)={@empty, 0x6, 0x3, 0x0, 0x2, 0x4, 0x74, 0x3}, 0x20)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r8, 0x114, 0xa, &(0x7f0000000c40)={0x3, "d8ba64"}, 0x4)
sched_rr_get_interval(r4, &(0x7f0000000c80))
ioctl$EVIOCGKEY(r3, 0x80404518, &(0x7f0000000cc0)=""/207)
setsockopt$sock_int(r8, 0x1, 0x3c, &(0x7f0000000dc0)=0x3f, 0x4)
ioctl$TIOCLINUX4(r8, 0x541c, &(0x7f0000000e00))
recvmsg$kcm(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000e40)=""/14, 0xe}, {&(0x7f0000000e80)=""/193, 0xc1}], 0x2, &(0x7f0000000fc0)=""/174, 0xae, 0xfa4}, 0x120)
ioctl$sock_inet6_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f00000010c0))
dup3(r1, r3, 0x80000)

21:48:08 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

21:48:08 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

21:48:08 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080))

[  257.897073] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
21:48:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
setxattr$trusted_overlay_origin(0x0, &(0x7f0000000180)='trusted.overlay.origin\x00', 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f000001b000/0x18000)=nil, 0x0, 0xfffffffffffffe19, 0x0, 0x0, 0x0)

21:48:09 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

21:48:09 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000f6fff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f000051c000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560284470080ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1)
r2 = socket$inet_sctp(0x2, 0x100000001, 0x84)
sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
recvmmsg(r1, &(0x7f0000001b00)=[{{&(0x7f00000002c0)=@alg, 0x80, &(0x7f0000001300)=[{&(0x7f0000001140)=""/48, 0x30}, {&(0x7f0000002bc0)=""/4096, 0x1000}, {&(0x7f0000001180)=""/128, 0x80}, {&(0x7f0000001200)=""/195, 0xc3}], 0x4, &(0x7f0000000480)=""/158, 0x9e}}], 0x1, 0x0, &(0x7f0000001b80)={0x77359400})

21:48:09 executing program 3:
io_setup(0x11f, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={"0000000000000000000000000200", 0x20000004fdd})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f0000000240), 0xc, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000100)="8d", 0x1}])

21:48:09 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read(r1, &(0x7f0000001140)=""/4096, 0x1000)
syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)

[  258.522420] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  258.529237] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  258.608407] ==================================================================
[  258.615991] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x1a85/0x2700
[  258.622675] CPU: 0 PID: 8056 Comm: syz-executor4 Not tainted 4.20.0-rc3+ #93
[  258.629870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  258.639234] Call Trace:
[  258.641845]  dump_stack+0x32d/0x480
[  258.645496]  ? _copy_to_iter+0x1a85/0x2700
[  258.649760]  kmsan_report+0x19f/0x300
[  258.653595]  kmsan_internal_check_memory+0x331/0xa60
21:48:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
setxattr$trusted_overlay_origin(0x0, &(0x7f0000000180)='trusted.overlay.origin\x00', 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f000001b000/0x18000)=nil, 0x0, 0xfffffffffffffe19, 0x0, 0x0, 0x0)

[  258.658736]  kmsan_copy_to_user+0x7c/0xe0
[  258.662924]  _copy_to_iter+0x1a85/0x2700
[  258.667037]  skb_copy_datagram_iter+0x4e2/0x1070
[  258.671831]  netlink_recvmsg+0x6f9/0x19d0
[  258.676021]  sock_recvmsg+0x1d1/0x230
[  258.679839]  ? netlink_sendmsg+0x1440/0x1440
[  258.684271]  ___sys_recvmsg+0x444/0xae0
[  258.688263]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  258.693674]  ? __fdget+0x329/0x440
[  258.697242]  __sys_recvmmsg+0x65d/0x1170
[  258.701346]  __se_sys_recvmmsg+0x253/0x350
[  258.705617]  __x64_sys_recvmmsg+0x62/0x80
[  258.709794]  do_syscall_64+0xcf/0x110
[  258.713633]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  258.718835] RIP: 0033:0x457569
[  258.722042] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  258.740962] RSP: 002b:00007fcad443bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  258.748696] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569
21:48:09 executing program 1:
unshare(0x600)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000))
r1 = eventfd2(0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000000c0))

[  258.755986] RDX: 0000000000000001 RSI: 0000000020001b00 RDI: 0000000000000004
[  258.763274] RBP: 000000000072c040 R08: 0000000020001b80 R09: 0000000000000000
[  258.770565] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcad443c6d4
[  258.777851] R13: 00000000004c3996 R14: 00000000004d5f20 R15: 00000000ffffffff
[  258.785146] 
[  258.786800] Uninit was stored to memory at:
[  258.791148]  kmsan_internal_chain_origin+0x13d/0x240
[  258.796272]  kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  258.801571]  kmsan_memcpy_metadata+0xb/0x10
[  258.805919]  __msan_memcpy+0x61/0x70
[  258.809652]  inet_sctp_diag_fill+0x1e70/0x2680
[  258.814254]  sctp_sock_dump+0x7bf/0xe90
[  258.818248]  sctp_for_each_transport+0x82d/0x9a0
[  258.823019]  sctp_diag_dump+0x532/0x6a0
[  258.827016]  inet_diag_dump+0x3e3/0x480
[  258.831008]  netlink_dump+0xc79/0x1c90
[  258.834926]  __netlink_dump_start+0x10c4/0x11d0
[  258.839616]  inet_diag_handler_cmd+0x74e/0x7f0
[  258.844223]  sock_diag_rcv_msg+0x221/0x5f0
[  258.848484]  netlink_rcv_skb+0x394/0x640
[  258.852564]  sock_diag_rcv+0x63/0x80
[  258.856297]  netlink_unicast+0x1699/0x1740
[  258.860553]  netlink_sendmsg+0x13c7/0x1440
[  258.864807]  sock_write_iter+0x3f4/0x4f0
[  258.868886]  do_iter_readv_writev+0x822/0xac0
[  258.873391]  do_iter_write+0x302/0xd80
[  258.877277]  do_writev+0x3d0/0x870
[  258.880814]  __se_sys_writev+0x9b/0xb0
[  258.884703]  __x64_sys_writev+0x4a/0x70
[  258.888674]  do_syscall_64+0xcf/0x110
[  258.892484]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  258.897660] 
[  258.899278] Uninit was stored to memory at:
[  258.903604]  kmsan_internal_chain_origin+0x13d/0x240
[  258.908707]  kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  258.913982]  kmsan_memcpy_metadata+0xb/0x10
[  258.918301]  __msan_memcpy+0x61/0x70
[  258.922016]  sctp_add_bind_addr+0xfb/0x590
[  258.926249]  sctp_do_bind+0xc16/0xdc0
[  258.930047]  __sctp_connect+0x10a4/0x1c30
[  258.934193]  sctp_inet_connect+0x402/0x520
[  258.938441]  __sys_connect+0x745/0x860
[  258.942337]  __se_sys_connect+0x8d/0xb0
[  258.946306]  __x64_sys_connect+0x4a/0x70
[  258.950361]  do_syscall_64+0xcf/0x110
[  258.954157]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  258.959335] 
[  258.960956] Local variable description: ----autoaddr.i@__sctp_connect
[  258.967521] Variable was created at:
[  258.971229]  __sctp_connect+0xc2/0x1c30
[  258.975197]  sctp_inet_connect+0x402/0x520
[  258.979415] 
[  258.981036] Bytes 480-487 of 600 are uninitialized
[  258.985954] Memory access of size 600 starts at ffff88812433c030
[  258.992091] Data copied to user address 0000000020002bc0
[  258.997531] ==================================================================
[  259.004881] Disabling lock debugging due to kernel taint
[  259.010326] Kernel panic - not syncing: panic_on_warn set ...
[  259.016219] CPU: 0 PID: 8056 Comm: syz-executor4 Tainted: G    B             4.20.0-rc3+ #93
[  259.024784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  259.034130] Call Trace:
[  259.036723]  dump_stack+0x32d/0x480
[  259.040359]  panic+0x624/0xc08
[  259.043574]  kmsan_report+0x300/0x300
[  259.047382]  kmsan_internal_check_memory+0x331/0xa60
[  259.052504]  kmsan_copy_to_user+0x7c/0xe0
[  259.056652]  _copy_to_iter+0x1a85/0x2700
[  259.060741]  skb_copy_datagram_iter+0x4e2/0x1070
[  259.065518]  netlink_recvmsg+0x6f9/0x19d0
[  259.069681]  sock_recvmsg+0x1d1/0x230
[  259.073488]  ? netlink_sendmsg+0x1440/0x1440
[  259.077894]  ___sys_recvmsg+0x444/0xae0
[  259.081887]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  259.087780]  ? __fdget+0x329/0x440
[  259.091325]  __sys_recvmmsg+0x65d/0x1170
[  259.095408]  __se_sys_recvmmsg+0x253/0x350
[  259.099647]  __x64_sys_recvmmsg+0x62/0x80
[  259.103794]  do_syscall_64+0xcf/0x110
[  259.107596]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.112782] RIP: 0033:0x457569
[  259.115974] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  259.134880] RSP: 002b:00007fcad443bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  259.142599] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569
[  259.149863] RDX: 0000000000000001 RSI: 0000000020001b00 RDI: 0000000000000004
[  259.157129] RBP: 000000000072c040 R08: 0000000020001b80 R09: 0000000000000000
[  259.164395] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcad443c6d4
[  259.171658] R13: 00000000004c3996 R14: 00000000004d5f20 R15: 00000000ffffffff
[  259.180469] Kernel Offset: disabled
[  259.184102] Rebooting in 86400 seconds..