[   47.571773] audit: type=1800 audit(1538913693.591:28): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   48.910472] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   53.852409] random: sshd: uninitialized urandom read (32 bytes read)
[   54.314279] random: sshd: uninitialized urandom read (32 bytes read)
[   56.244368] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts.
[   62.226722] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/07 12:01:50 fuzzer started
[   66.482266] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/07 12:01:54 dialing manager at 10.128.0.26:36867
2018/10/07 12:01:54 syscalls: 1
2018/10/07 12:01:54 code coverage: enabled
2018/10/07 12:01:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/07 12:01:54 setuid sandbox: enabled
2018/10/07 12:01:54 namespace sandbox: enabled
2018/10/07 12:01:54 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/07 12:01:54 fault injection: enabled
2018/10/07 12:01:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/07 12:01:54 net packed injection: enabled
2018/10/07 12:01:54 net device setup: enabled
[   71.005468] random: crng init done
12:03:37 executing program 0:

[  172.303199] IPVS: ftp: loaded support on port[0] = 21
[  174.279125] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.285710] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.294006] device bridge_slave_0 entered promiscuous mode
[  174.428609] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.435184] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.443378] device bridge_slave_1 entered promiscuous mode
[  174.563136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  174.678895] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  175.040018] bond0: Enslaving bond_slave_0 as an active interface with an up link
12:03:41 executing program 1:

[  175.165111] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  175.758620] IPVS: ftp: loaded support on port[0] = 21
[  176.225648] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  176.233675] team0: Port device team_slave_0 added
[  176.513527] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  176.521289] team0: Port device team_slave_1 added
[  176.763886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  176.988799] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  176.996041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  177.004656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  177.213062] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  177.220517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.229308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.371767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  177.379225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.388217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  178.919945] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.926618] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.934873] device bridge_slave_0 entered promiscuous mode
[  179.104892] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.111337] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.119435] device bridge_slave_1 entered promiscuous mode
[  179.259297] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  179.401083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  179.730569] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.737088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.744043] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.750463] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.758815] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  179.862193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  179.956177] bond0: Enslaving bond_slave_0 as an active interface with an up link
12:03:46 executing program 2:

[  180.159838] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  180.383396] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  180.390449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  180.641246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  180.648410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  180.857275] IPVS: ftp: loaded support on port[0] = 21
[  181.401451] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  181.409506] team0: Port device team_slave_0 added
[  181.579827] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  181.587897] team0: Port device team_slave_1 added
[  181.822828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  182.086098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  182.093234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  182.101907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  182.304164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  182.311821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.320562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.582054] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  182.590186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  182.599060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  185.015452] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.022034] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.030145] device bridge_slave_0 entered promiscuous mode
[  185.309700] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.316459] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.324790] device bridge_slave_1 entered promiscuous mode
[  185.350153] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.356667] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.363622] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.370045] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.378539] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  185.619135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  185.840440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  185.863175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  186.569433] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  186.838780] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  187.029533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  187.036721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
12:03:53 executing program 3:

[  187.392852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  187.399909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  187.955976] IPVS: ftp: loaded support on port[0] = 21
[  188.355272] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  188.363305] team0: Port device team_slave_0 added
[  188.642672] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  188.650533] team0: Port device team_slave_1 added
[  188.995413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  189.002586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  189.011104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  189.265865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  189.273401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  189.282060] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  189.537849] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  189.545531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  189.554370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  189.863132] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  189.870637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  189.879573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.561722] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.845722] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  193.160000] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.166550] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.174862] device bridge_slave_0 entered promiscuous mode
[  193.459013] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.465587] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.472555] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.478973] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.487558] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  193.583705] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.590198] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.598639] device bridge_slave_1 entered promiscuous mode
[  193.623639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  193.874352] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  193.880728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  193.888752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  193.937960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  194.274611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  194.886262] 8021q: adding VLAN 0 to HW filter on device team0
[  195.164487] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  195.438947] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  195.790676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  195.799176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
12:04:02 executing program 4:

[  196.107856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  196.115037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  197.142094] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  197.149998] team0: Port device team_slave_0 added
[  197.306124] IPVS: ftp: loaded support on port[0] = 21
[  197.579035] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  197.587179] team0: Port device team_slave_1 added
[  197.954053] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  197.961118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  197.969988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  198.214653] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.374300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  198.381341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  198.390018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.802528] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  198.810068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  198.818905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  199.155662] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  199.163344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  199.172227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  199.602612] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  200.932381] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  200.938738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  200.946479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  202.328095] 8021q: adding VLAN 0 to HW filter on device team0
[  203.185094] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.191622] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.198469] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.204995] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.213747] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  203.601984] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.608530] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.616810] device bridge_slave_0 entered promiscuous mode
12:04:09 executing program 0:

[  204.018417] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.025125] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.033299] device bridge_slave_1 entered promiscuous mode
[  204.040132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
12:04:10 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="23000000210081ae00060c00000f000000000008000000f28701546fabca1b4e7d06a4", 0x23}], 0x1, &(0x7f0000000080)}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000100)=0x3, 0xfffffec0)

[  204.435859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
12:04:10 executing program 0:
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000289000)={&(0x7f0000000040), 0xc, &(0x7f0000058000)={&(0x7f000023f000)=ANY=[@ANYBLOB="0400080000f4ff5af35e5d0759c328010000dffc0c00000000000000000000005b659a62290ffc380c2dbfdc5e9f13e1a04810d464fbc3f4c1b6e2bf501fb1bb949869c2984d914d9f04005e4fcd4dd3050bc1700612dbc3080c91745fa158cf0d70309f7f1969136edfd73294c0356675ffff000044f2a432a15b4ce56aa166b5040d"], 0x83}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xbb, 0x0)
ioctl$KVM_PPC_GET_PVINFO(r1, 0x4080aea1, &(0x7f00000000c0)=""/34)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f000023f000)=0xa, 0x263)
modify_ldt$read_default(0x2, &(0x7f0000000140)=""/139, 0x8b)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x5, 0x4)
connect$inet6(r0, &(0x7f0000000100), 0x1c)

12:04:10 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x800000000000004)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070")
r1 = memfd_create(&(0x7f0000000300)="046e17", 0x7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xffffffffffffffff, 0x5011, r1, 0x0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000000)=0xffffffffffffffff)
write$binfmt_misc(r1, &(0x7f0000000140)={'syz0'}, 0x4)
ftruncate(r1, 0x0)
fstatfs(r1, &(0x7f0000000040)=""/252)
set_robust_list(&(0x7f00000002c0)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x6d, &(0x7f0000000240)={&(0x7f0000000200)}}, 0x18)

[  204.810431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
12:04:11 executing program 0:
timer_create(0x3, &(0x7f0000000100)={0x0, 0x28, 0x0, @thr={&(0x7f0000000000), &(0x7f0000000080)}}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, &(0x7f0000000000))
timer_gettime(0x0, &(0x7f0000000040))

12:04:11 executing program 0:
timer_create(0x3, &(0x7f0000000100)={0x0, 0x28, 0x0, @thr={&(0x7f0000000000), &(0x7f0000000080)}}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, &(0x7f0000000000))
timer_gettime(0x0, &(0x7f0000000040))

[  205.860166] bond0: Enslaving bond_slave_0 as an active interface with an up link
12:04:12 executing program 0:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x5452, &(0x7f0000000000))
r1 = syz_open_dev$usb(&(0x7f00000006c0)='/dev/bus/usb/00#/00#\x00', 0x20, 0x0)
ioctl$RTC_UIE_ON(r1, 0x7003)
lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
r3 = getgid()
fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=<r5=>0x0)
stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@remote}}, &(0x7f00000004c0)=0xe8)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x1800, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x1f}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x800}}], [{@uid_lt={'uid<', r4}}, {@smackfshat={'smackfshat', 0x3d, "8c70707030"}}, {@euid_lt={'euid<', r5}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/fuse\x00'}}, {@uid_lt={'uid<', r6}}, {@uid_gt={'uid>', r7}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})

[  206.262501] bond0: Enslaving bond_slave_1 as an active interface with an up link
12:04:12 executing program 0:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234418dd25d766070")
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000000c0)={{0x2, 0x0, @remote}, {0x0, @random="930dab9df1aa"}, 0x0, {0x2, 0x0, @rand_addr}, 'rose0\x00'})
r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0xfffffffffffffff9, 0x8000)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000200)=<r3=>0x0)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000240)={{{@in, @in6=@ipv4={[], [], @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{}, 0x0, @in=@local}}, &(0x7f0000000340)=0xe8)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=<r5=>0x0)
sendmsg$nl_generic(r2, &(0x7f0000000640)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x804000}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x240, 0x1a, 0x720, 0x70bd26, 0x25dfdbfd, {0xb}, [@generic="b053fb8796e3ab45", @typed={0x8, 0x60, @pid=r3}, @nested={0x1a0, 0x76, [@typed={0xc, 0x68, @str='rose0\x00'}, @typed={0x14, 0x0, @ipv6=@ipv4={[], [], @rand_addr=0x8}}, @generic="827bd5dafd5d566f4f80080edb1543855005eea2d0bbf93001f3caeb077db719d2cc9497731ff21a7dff581a9d0331f63fe1a0379840a5fb3e95d168ff59f467c03b9335934364ce77eeec4be1b8f9a017c1ccc6d8eefc81b3d5995f1278c8c05db110d60aabb78bff59f7648e7e1b717e8cae3a8293847740a376b76f21a4885a052823c100b5115236ed75f8e4cb4419bcc0f61b093a267ea4b93ec71d59c5e92b222e2c446f29ca0deb1c4e90aaa905578f930ae67bd8e3d6966d4fe00a3fe291d63a7eb800ffbcfb111ced28c65f982728e19359cb51721722bd6a922d3490ab45751ed39ce8ad2ae83237787964c039bb097ebc975bd5b21a019056", @typed={0x8, 0x2e, @uid=r4}, @generic="65a138923b126c0239ff3422fbf7ae0eb431eb47b36d3c917ec4e121260a6a3433eb3ca5f2adde8e84bd0790be745352a6dc662cc2bb5f8e99844555bf4c279300bbfa4d9ae32de76572780247bcd02ea46ba0a3f4baa97cde1d6a477c580a3d7d3c826a01f5dddfb2775905512461b97ec9f5d1a994"]}, @nested={0x8, 0x38, [@typed={0x4, 0x7e}]}, @nested={0x10, 0x7b, [@typed={0xc, 0x4c, @u64=0x8001}]}, @typed={0x14, 0x6a, @ipv6=@local}, @generic="f3b2bf985478450188e04875fecc92ff394a9a5bc0daf638848273e37a0a9a66f1049342a7630161578f51a9ea394316d2fd4c8d7682650f105fb4e85c5eac0a8d17731603ac8209", @typed={0x8, 0x8, @pid=r5}]}, 0x240}, 0x1, 0x0, 0x0, 0x400c000}, 0x10)

[  206.588944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  206.596067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  206.774748] syz-executor0 uses obsolete (PF_INET,SOCK_PACKET)
[  206.991717] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  206.998747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.870191] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  207.878304] team0: Port device team_slave_0 added
[  208.169104] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  208.177090] team0: Port device team_slave_1 added
[  208.207422] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.445381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  208.452515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.461025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.725800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  208.732980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.741441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.972134] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  208.980961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  208.989876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  209.300162] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  209.321144] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  209.329455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  209.338263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
12:04:15 executing program 1:
r0 = memfd_create(&(0x7f00000004c0)='/dev/loop#\x00', 0x2)
ioctl$BLKTRACESTOP(r0, 0x1275, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x1, 0x0)
open_by_handle_at(r0, &(0x7f0000000380)={0x8, 0x101}, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x200, 0x0)
syz_open_dev$sndtimer(&(0x7f0000000200)='/dev/snd/timer\x00', 0x0, 0x400040)
ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000140)=""/183)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x2000800007, 0x4})
ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4068aea3, &(0x7f0000000280)={0x0, 0x0, [0xe6c, 0x5, 0x3, 0xfffffffffffffff7]})
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
readv(r0, &(0x7f0000000540)=[{&(0x7f0000000240)=""/61, 0x3d}], 0x1)
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)

[  210.382297] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  210.388650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.396391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.074951] 8021q: adding VLAN 0 to HW filter on device team0
[  211.323253] Not allocated shadow for addr ffff8801409cd858 (page ffffea000783ace0)
[  211.331011] Attempted to access 8 bytes
[  211.335047] ------------[ cut here ]------------
[  211.339812] kernel BUG at mm/kmsan/kmsan.c:1075!
[  211.344581] invalid opcode: 0000 [#1] SMP
[  211.348749] CPU: 1 PID: 7027 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63
[  211.355941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  211.365334] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0
[  211.370971] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c
[  211.389884] RSP: 0018:ffff880144a2f510 EFLAGS: 00010046
[  211.395260] RAX: 000000000000001b RBX: 0000000000000000 RCX: 4115f1d5fccfe700
[  211.402541] RDX: 0000000000000000 RSI: 000000000001c671 RDI: 000000000001c672
[  211.409830] RBP: ffff880144a2f540 R08: 0000000000000000 R09: ffff88021fd38f50
[  211.417112] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001
[  211.424392] R13: ffff8801409cd858 R14: 0000000000000001 R15: 0000000000000008
[  211.431681] FS:  00007fee7311f700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  211.439914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.445801] CR2: 00007fee730dcdb8 CR3: 00000001a193e000 CR4: 00000000001406e0
[  211.453080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  211.460450] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  211.467718] Call Trace:
[  211.470322]  kmsan_internal_unpoison_shadow+0x5c/0xe0
[  211.475543]  kmsan_unpoison_shadow+0x72/0xd0
[  211.479966]  vunmap_page_range+0x828/0xc20
[  211.484237]  remove_vm_area+0x39b/0x450
[  211.488344]  __vunmap+0x34c/0x5d0
[  211.491813]  vunmap+0x69/0xb0
[  211.494937]  relay_destroy_buf+0xac/0x430
[  211.499097]  relay_close+0x470/0xa20
[  211.502833]  __blk_trace_remove+0x256/0x320
[  211.507171]  blk_trace_ioctl+0x2e5/0x970
[  211.511263]  ? kmsan_set_origin_inline+0x6b/0x120
[  211.516123]  ? __msan_poison_alloca+0x17a/0x210
[  211.520827]  ? blkdev_ioctl+0x327/0x55e0
[  211.524910]  ? block_ioctl+0x16f/0x1d0
[  211.528820]  blkdev_ioctl+0x1aaa/0x55e0
[  211.532810]  ? kmsan_set_origin_inline+0x6b/0x120
[  211.537687]  ? INIT_INT+0xc/0x30
[  211.541081]  ? kmsan_set_origin_inline+0x6b/0x120
[  211.545947]  block_ioctl+0x16f/0x1d0
[  211.549681]  ? block_llseek+0x190/0x190
[  211.553669]  do_vfs_ioctl+0xcf3/0x2810
[  211.557584]  ? security_file_ioctl+0x92/0x200
[  211.562097]  __se_sys_ioctl+0x1da/0x270
[  211.566092]  __x64_sys_ioctl+0x4a/0x70
[  211.569988]  do_syscall_64+0xbe/0x100
[  211.573800]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  211.578997] RIP: 0033:0x457579
[  211.582196] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  211.601109] RSP: 002b:00007fee7311ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  211.608833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  211.616109] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000004
[  211.623386] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  211.630668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee7311f6d4
[  211.637949] R13: 00000000004bea1e R14: 00000000004ce728 R15: 00000000ffffffff
[  211.645242] Modules linked in:
[  211.648473] ---[ end trace 551f1ec41c866eb5 ]---
[  211.653248] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0
[  211.658882] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c
[  211.677793] RSP: 0018:ffff880144a2f510 EFLAGS: 00010046
[  211.683163] RAX: 000000000000001b RBX: 0000000000000000 RCX: 4115f1d5fccfe700
[  211.690432] RDX: 0000000000000000 RSI: 000000000001c671 RDI: 000000000001c672
[  211.697716] RBP: ffff880144a2f540 R08: 0000000000000000 R09: ffff88021fd38f50
[  211.704990] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001
[  211.714925] R13: ffff8801409cd858 R14: 0000000000000001 R15: 0000000000000008
[  211.722826] FS:  00007fee7311f700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  211.731062] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.736950] CR2: 00007fee730dcdb8 CR3: 00000001a193e000 CR4: 00000000001406e0
[  211.744230] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  211.751508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  211.758787] Kernel panic - not syncing: Fatal exception
[  211.765715] Kernel Offset: disabled
[  211.769342] Rebooting in 86400 seconds..