[   57.195614] audit: type=1800 audit(1539084005.231:27): pid=6148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   58.851234] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.953153] random: sshd: uninitialized urandom read (32 bytes read)
[   60.438154] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   63.057227] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
[   68.838819] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/09 11:20:18 fuzzer started
[   73.527759] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/09 11:20:23 dialing manager at 10.128.0.26:44001
2018/10/09 11:20:24 syscalls: 1
2018/10/09 11:20:24 code coverage: enabled
2018/10/09 11:20:24 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/09 11:20:24 setuid sandbox: enabled
2018/10/09 11:20:24 namespace sandbox: enabled
2018/10/09 11:20:24 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/09 11:20:24 fault injection: enabled
2018/10/09 11:20:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/09 11:20:24 net packed injection: enabled
2018/10/09 11:20:24 net device setup: enabled
[   78.557641] random: crng init done
11:22:14 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000300))
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000))

[  186.800037] IPVS: ftp: loaded support on port[0] = 21
[  189.336730] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.343470] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.352364] device bridge_slave_0 entered promiscuous mode
[  189.495477] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.502306] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.510834] device bridge_slave_1 entered promiscuous mode
[  189.651471] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  189.792010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
11:22:18 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_mr_cache\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000001d2, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x20000, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={0xffffffffffffffff, &(0x7f0000000100)="05221a91f26a4c1afb8b05ee6ba14addcfe583ef", &(0x7f00000001c0)}, 0x18)
syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xc13, 0x0)

[  190.350687] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  190.628143] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  190.696448] IPVS: ftp: loaded support on port[0] = 21
[  190.874373] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  190.881492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  191.135705] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  191.142919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  191.936243] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  191.944579] team0: Port device team_slave_0 added
[  192.256633] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  192.264851] team0: Port device team_slave_1 added
[  192.521020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  192.528158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.537174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.743602] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  192.750647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  192.759600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.955701] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  192.963474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  192.972702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  193.132930] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  193.140498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  193.149712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  194.350191] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.356853] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.365920] device bridge_slave_0 entered promiscuous mode
[  194.660922] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.667599] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.676124] device bridge_slave_1 entered promiscuous mode
[  194.995038] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  195.254549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  195.596727] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.603305] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.610247] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.616900] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.625738] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  195.752163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
11:22:23 executing program 2:

[  195.954130] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  196.290010] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  196.588138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  196.595377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  196.829709] IPVS: ftp: loaded support on port[0] = 21
[  196.930506] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  196.937789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  197.857727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  197.866005] team0: Port device team_slave_0 added
[  198.105326] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  198.113548] team0: Port device team_slave_1 added
[  198.356889] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  198.364180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  198.373266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  198.715050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  198.722209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  198.730891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.994058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  199.002043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  199.011274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  199.358708] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  199.366574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  199.375680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  201.980967] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.987832] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.996839] device bridge_slave_0 entered promiscuous mode
[  202.245149] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.251728] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.260142] device bridge_slave_1 entered promiscuous mode
[  202.476692] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  202.779667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  202.790045] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.796573] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.803609] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.810063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.818748] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  203.544341] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  203.552625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  203.768205] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  204.094858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  204.102082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  204.457323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  204.464652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
11:22:32 executing program 3:

[  205.638221] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  205.646439] team0: Port device team_slave_0 added
[  205.657197] IPVS: ftp: loaded support on port[0] = 21
[  205.979054] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  205.987200] team0: Port device team_slave_1 added
[  206.335721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  206.343070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  206.352086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  206.683811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  206.702858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  206.711923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.018554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  207.026365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.035458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.356421] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.369383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  207.377022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.386181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.866537] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  210.371945] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  210.378292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.386586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.285628] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.292177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.299086] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.305674] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.314383] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  211.712556] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.719030] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.727621] device bridge_slave_0 entered promiscuous mode
[  211.789005] 8021q: adding VLAN 0 to HW filter on device team0
[  212.101978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.154194] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.160664] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.169320] device bridge_slave_1 entered promiscuous mode
[  212.608797] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  212.979123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  214.120832] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  214.545625] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  214.889315] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  214.896557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
11:22:43 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000000)="f20fbcbd0080000066b81f008ec8c4e205bcab27000000b8d13200000f23d80f21f835000000900f23f8c4e2fdb80d0b00000066baf80cb8bc068586ef66bafc0cec660f38820265f2af0fd2c9b8000001000f23c80f21f8350000b0000f23f8", 0x60}], 0x1, 0x0, &(0x7f0000000180), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000001000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000140)="f043812d63000000009000000f0648b800300000000000000f23c80f21f835040090000f23f8b96e080000b800000000ba008000000f3066642e0f0174b0db66b878000f00d8c7442400de000000c7442402bc02ddb3c7442406000000000f011424643ef00fba3fd13e430f060f30", 0x6f}], 0x1, 0x0, &(0x7f0000000240), 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000100))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  215.365596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  215.372772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.528996] IPVS: ftp: loaded support on port[0] = 21
[  216.671380] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  216.679528] team0: Port device team_slave_0 added
[  217.128978] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  217.137534] team0: Port device team_slave_1 added
[  217.598294] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  217.605624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  217.614615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  217.995171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  218.002330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  218.011213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  218.332284] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  218.339872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.349043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.649565] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.739812] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  218.748138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  218.757091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  220.547460] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
11:22:49 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000000)='./file1\x00', 0x0)
syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0000000000000d0000000000004dbcb3a97f063ef3000004000000000000000000000000000000009a1a2f9b142b98afd03d67037b1eb6e99e4ffe92a5f144e790"], 0x41)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x7fffffff})
fdatasync(r1)
keyctl$set_timeout(0xf, 0x0, 0x9)

[  222.180772] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  222.187301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  222.195150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
11:22:50 executing program 0:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff)
openat$cgroup_type(r0, &(0x7f0000000100)='cgroup.type\x00', 0x2, 0x0)
clone(0x1000000, &(0x7f0000000200), &(0x7f0000001800), &(0x7f0000000280), &(0x7f0000001700)="05280c220620c4e6bd8e6a24874054b4e5a1146999e20c8c4332af9c2130d3d6827f2b1ba8b4ebdd53a87f2d35ad98e3deb14aeb1a98917568a39acc8fd62dcc8ab6616b4f1561f2a927ff70aa541a0b70e51bdd283e7a0a2a86cd10868dea9434eb6fd2bff3f9e8d209bf439c3c5488796544605b01f5fa794fb3d7885ef23350786eb31ebe9873dee4003719b283c152a9a4cdccbe9892f07f5db48e0e1a1819bc314466afb1f097bc03db5f65cf948a6ed2d9972a6c2925cae831a5150deab78245ab764abb62e8e5b0")
mknod(&(0x7f0000000540)='./file0\x00', 0x103a, 0x39)
clock_gettime(0x0, &(0x7f0000000340)={<r1=>0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000380)={{r1, r2+10000000}}, &(0x7f00000003c0))
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000027000)='./file0\x00', 0x0)
mount(&(0x7f0000000580)=ANY=[@ANYBLOB="fe18fe8ba1d0f8ffffffff7fffffa3fa6d081850e47c7c88b28cd9a4c8af2ac6150db78e7587e2882e03da3b183663ae282a49266e0500000000000000fc6baf440000000000000000"], &(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)="616673005a4f9b8a47a49738fd2d8cf7c70c3bba41b3ab96045acde2340a9c216a5c1a4888213bc9f89931302d515941403c4cded10cb5d2f55625410d469ace86afa6df25a4c022c73ccc6ce2cf6fe8e3d51951c401fcf16733abf74453c253575e2ebadc92c8ae219d35da4b8eba37da2653bd1a6bda1161b3f3c4cd649d4a8f5669fdd8bc612a4f9b7c762be6724b1017935c5c43b30360950a02a2d29c2950387a2273379b26d07cfdfe8c4030171a962efdf4788419a44b1a8c5f1445d0c7bdc92a9089ee01bc2f81c4229cfce9fb5d9b13fa2a8457ac161969450618ac2ef52fa976247df9d9a199fdf69ff55b6bd5fefb15aff62fa430211b0e17f73b28cd304c81a054fa3762fb1c81b6c0d92ebdb72a8706605c323c0317f9cd527088197d944d3c73ce5cfb310000000000000000000000000000", 0x248001, &(0x7f0000000480)="e1fb76c3860f81bef9d4aeb257a3b11475c4c532976c5d67863a33c4d35ff3f7f7e0b114170f8b6e08002e5f08783b6eae45dddc37237ec6b534f42392dea4128ec010324f1dd744a33492cff40469735e786cc79807f7d6c63073a0573204f9cb2df8066cb2b72e7b0fa2141c29c6c88e83463243a5c090e7323822475a91345e3c34c019772375df194c357611efbda31af1487fe3c549fc163e0045a8f192d830268f4ae86ce0a8aba73458e93c19")
open$dir(&(0x7f0000000600)='./file0/bus\x00', 0x44, 0x0)
ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000140)=<r5=>0x0)
mount(&(0x7f0000000940)=ANY=[@ANYBLOB="3998148687e609e661a854c8ad1b2cccf20f71931047e27fdc0e0801925eb380cab9c70fcde50801be97154845b55bec5e714a0b206e7326abe4dc94acd897122878866d5dae08962e311206a6547b20b1b15a56bbcaf41ca5337bc3c022b81cae96ecb444563a9cefcdd3b258c501c621b314803158c31b10c46cabf5beb2078f007791ed9971f3a78fadd1c3746963ff4da79600e637fb3f7ee73e090edd6111ceaf24037492d68a8c5782bfeedce835b62ff2451491d794092d73409e88dbf7f8eb27826990a67b2b5e4b320b93873aa513fc13831a6ac6021fbdcbb37a5293751d040e4160abbac855af856030e61f728351835f40ed066b77c7948646b51f3e33da79e25e6963a0a976d6d00a15e310fbff3c37c0c80f7c0a87bb0df63b0019fb92"], &(0x7f000000fff8)='./file0\x00', &(0x7f0000032ffb)='fuse\x00', 0x7ffbf, &(0x7f0000032000))
open$dir(&(0x7f0000000640)='./file0/bus\x00', 0x40, 0x0)
socket$inet6(0xa, 0x80007, 0x7ffffffffffffc00)
ioctl(r3, 0x1ff, &(0x7f0000000800)="2957e1311f16f47767107011a81617f45c61093586afc722babfd2a0a660c87f515cdb1827018d999a5834339d3a8179b8b9927a9b4db8317177af718e6cb42a6041c20e804d0888777c4e050f311bf539d53ec66408000000000000002eef9c1231a2d92b86d76d734491ae7f9fe8504e1a147ccda57209ce77af4df09d819d633dec2e9a01a4daa747f6af513d995c09ea2d4bc40800000000000049cd0301586c9358831a77bd109389188534a9bcb75532a0c8d26067434666b447d6b75499c34525afd52e37750dae67a1749cba05c0ef0c0e9762cc43a33a3c0d0e904d187daf2921fa3bac10479c0a8dfd215b6c442b1076cdd4a968e96bdad9dc4565361c6cd9985c75ca1e9ee869c06f157a59a3b83feb041463e3a297922de2748fee5a055c9ba2d71e9f80")
r6 = socket(0x0, 0x0, 0x0)
fcntl$getown(r4, 0x9)
timer_create(0x6, &(0x7f0000000240)={0x0, 0x1d, 0x2, @thr={&(0x7f0000000200)="0aa21a865c", &(0x7f00000002c0)="507db1f329182e4faebb3f9d72113f879274ac21c7b49ee56b44ad6d0073aab6f7365505049ffe7c15580009a5ef715f9bec649ff3e10878cf49cd1ebd14a1d4c663a2da694d6da20cc2b7bd80d4a921d170c29ee5ae6193aecfde851adf6ddb4903d316"}}, &(0x7f0000000400)=<r7=>0x0)
timer_gettime(r7, &(0x7f0000000440))
getsockopt$sock_buf(r6, 0x1, 0x0, &(0x7f0000b56f40)=""/192, &(0x7f0000000040)=0xfe9d)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000040)={[], 0xfffffffffffffffe, 0x1, 0xed33, 0x0, 0x180000000, r5})
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)
dup(r4)
ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000180))

[  223.536200] Not allocated shadow for addr ffff88014b354218 (page ffffea0007c33f80)
[  223.543970] Attempted to access 8 bytes
[  223.547996] ------------[ cut here ]------------
[  223.552766] kernel BUG at mm/kmsan/kmsan.c:1091!
[  223.557568] invalid opcode: 0000 [#1] SMP
[  223.561740] CPU: 0 PID: 6312 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #65
[  223.568939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  223.578358] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0
[  223.584001] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c
[  223.602925] RSP: 0018:ffff880170e1f780 EFLAGS: 00010046
[  223.608311] RAX: 000000000000001b RBX: 0000000000000000 RCX: 0bbf8794490d1900
[  223.615607] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[  223.622898] RBP: ffff880170e1f7b0 R08: 0000000000000000 R09: ffff88021fc38f50
11:22:51 executing program 0:
syz_emit_ethernet(0x0, &(0x7f0000000100)=ANY=[], &(0x7f0000000080)={0x2, 0x0, [0x0, 0x16f, 0x0, 0xfffffffffffffffc]})

[  223.630194] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001
[  223.637481] R13: ffff88014b354218 R14: 0000000000000001 R15: 0000000000000008
[  223.644772] FS:  00000000020ef940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  223.653018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  223.658916] CR2: 0000000000706158 CR3: 00000001ac1e1000 CR4: 00000000001406f0
[  223.666223] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  223.673510] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  223.681970] Call Trace:
[  223.684608]  kmsan_internal_unpoison_shadow+0x5c/0xe0
[  223.689832]  kmsan_unpoison_shadow+0x72/0xd0
[  223.694276]  vunmap_page_range+0x828/0xc20
[  223.698608]  remove_vm_area+0x39b/0x450
[  223.702629]  __vunmap+0x34c/0x5d0
[  223.706124]  vfree+0x79/0x170
[  223.709265]  do_arpt_get_ctl+0xddb/0xe80
[  223.713421]  ? compat_do_arpt_set_ctl+0x2e90/0x2e90
[  223.718469]  nf_getsockopt+0x481/0x4e0
[  223.722400]  ip_getsockopt+0x2b1/0x470
[  223.726326]  ? compat_ip_setsockopt+0x380/0x380
[  223.731020]  tcp_getsockopt+0x1c6/0x1f0
[  223.734065] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.735031]  ? tcp_get_timestamping_opt_stats+0x1810/0x1810
[  223.741419] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.747068]  sock_common_getsockopt+0x13f/0x180
[  223.747100]  ? sock_recv_errqueue+0x990/0x990
[  223.747128]  __sys_getsockopt+0x48c/0x550
[  223.747172]  __se_sys_getsockopt+0xe1/0x100
[  223.747233]  __x64_sys_getsockopt+0x62/0x80
[  223.755656] device bridge_slave_0 entered promiscuous mode
[  223.758243]  do_syscall_64+0xbe/0x100
[  223.785147]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  223.790362] RIP: 0033:0x45a0aa
[  223.793588] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 88 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 88 fb ff c3 66 0f 1f 84 00 00 00 00 00
[  223.801520] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.812507] RSP: 002b:0000000000a3f648 EFLAGS: 00000212 ORIG_RAX: 0000000000000037
[  223.812532] RAX: ffffffffffffffda RBX: 0000000000a3f750 RCX: 000000000045a0aa
[  223.812559] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003
[  223.812571] RBP: 0000000000000003 R08: 0000000000a3f65c R09: 000000000000000a
[  223.812583] R10: 0000000000a3f750 R11: 0000000000000212 R12: 0000000000000000
[  223.812596] R13: 000000000003654f R14: 0000000000000003 R15: 0000000000000000
[  223.812627] Modules linked in:
[  223.812661] ---[ end trace 3211ca72490cb1ac ]---
[  223.819084] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.826722] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0
[  223.826743] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c
[  223.826755] RSP: 0018:ffff880170e1f780 EFLAGS: 00010046
[  223.826774] RAX: 000000000000001b RBX: 0000000000000000 RCX: 0bbf8794490d1900
[  223.826787] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[  223.826800] RBP: ffff880170e1f7b0 R08: 0000000000000000 R09: ffff88021fc38f50
[  223.826812] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001
[  223.826833] R13: ffff88014b354218 R14: 0000000000000001 R15: 0000000000000008
[  223.826850] FS:  00000000020ef940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  223.826863] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  223.826875] CR2: 0000000000706158 CR3: 00000001ac1e1000 CR4: 00000000001406f0
[  223.826908] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  223.834704] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.841465] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  223.841489] Kernel panic - not syncing: Fatal exception
[  223.849008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.857146] Kernel Offset: disabled
[  224.002707] Rebooting in 86400 seconds..