[   59.945907] audit: type=1800 audit(1539188758.988:27): pid=6144 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   61.498806] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c[   61.896036] random: sshd: uninitialized urandom read (32 bytes read)
.
[   62.620963] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   64.779350] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
[   70.567796] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/10 16:26:11 fuzzer started
[   75.300661] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/10 16:26:16 dialing manager at 10.128.0.26:45337
2018/10/10 16:26:16 syscalls: 1
2018/10/10 16:26:16 code coverage: enabled
2018/10/10 16:26:16 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/10 16:26:16 setuid sandbox: enabled
2018/10/10 16:26:16 namespace sandbox: enabled
2018/10/10 16:26:16 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/10 16:26:16 fault injection: enabled
2018/10/10 16:26:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/10 16:26:16 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/10 16:26:16 net device setup: enabled
[   81.756609] random: crng init done
16:28:20 executing program 0:
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x0, 0x0)
bind$unix(r0, &(0x7f0000003000)=@abs, 0x8)
rt_sigprocmask(0x0, &(0x7f0000000140)={0xfffffffffffffffa}, 0x0, 0x8)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x7, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x3, &(0x7f0000000040)={{0x0, 0x1}, {0x7, 0xe4c}}, &(0x7f0000040000))
timer_delete(0x0)

[  201.982107] IPVS: ftp: loaded support on port[0] = 21
[  203.412660] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.419160] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.428212] device bridge_slave_0 entered promiscuous mode
[  203.596689] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.603251] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.611801] device bridge_slave_1 entered promiscuous mode
[  203.760381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  203.907678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  204.368236] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  204.520911] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  204.814135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  204.821248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
16:28:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)={0x5, 0x3}, 0x2c)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000680)={&(0x7f00000005c0)='./file0\x00', 0x0, 0x10}, 0x10)
ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000006c0)='syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000300)={0x3, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000840)={r0, &(0x7f0000000740), &(0x7f0000000780)="a39155ee88aced213a84f8076a691507337c9642c468466cb9158e830da0a8543c690547abbeee8927cddc4183c33152f4494c8db0f59a93168f3ae1bda55a0fcdca6eee09ff8265abc2b548e813b36873a3e35f3cced2d2893757be39241bf8ad17c955f4ae4b28fad426d69a7a16bd161a1a60c86d8d708834efab3ad5cfcab049"}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0)
write$cgroup_int(r1, &(0x7f0000000080)=0x1600, 0x297ef)

[  205.277226] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  205.285914] team0: Port device team_slave_0 added
[  205.580891] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  205.589458] team0: Port device team_slave_1 added
[  205.797610] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  205.806161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  205.815772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  205.964004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  205.971092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  205.980276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  206.169531] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  206.177223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  206.186622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  206.234073] IPVS: ftp: loaded support on port[0] = 21
[  206.458346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  206.466266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.475596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.285544] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.292150] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.300617] device bridge_slave_0 entered promiscuous mode
[  208.598964] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.605683] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.614473] device bridge_slave_1 entered promiscuous mode
[  208.851095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  209.050914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  209.242295] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.248796] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.256434] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.263011] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.272223] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  209.871594] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  209.932532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  210.086640] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  210.286327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  210.296012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.485573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  210.492735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  211.169730] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  211.178293] team0: Port device team_slave_0 added
[  211.492232] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  211.500631] team0: Port device team_slave_1 added
16:28:30 executing program 2:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000500)='/dev/uinput\x00', 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
ioctl$TIOCGLCKTRMIOS(r0, 0x405c5503, &(0x7f0000000000)={0x0, 0x0, 0x2})
ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'})

[  211.714718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  211.721829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.731300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.086837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  212.094742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.103803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.358106] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  212.365932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.375013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.640694] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  212.648331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.657662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.009403] IPVS: ftp: loaded support on port[0] = 21
[  215.941026] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.947664] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.956293] device bridge_slave_0 entered promiscuous mode
[  216.306809] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.313514] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.322216] device bridge_slave_1 entered promiscuous mode
[  216.335811] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.342337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.349299] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.355933] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.365108] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  216.518212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  216.838037] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  217.213091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  217.756298] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  218.105044] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  218.410845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  218.418062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.677160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  218.684463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  219.478082] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  219.486465] team0: Port device team_slave_0 added
[  219.802377] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  219.810756] team0: Port device team_slave_1 added
16:28:39 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000000)={0x1, 0x7af}, 0x2)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000080), 0x2)

[  220.058131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  220.065461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  220.074426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  220.483589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  220.490772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  220.500234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  220.829304] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  220.837179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  220.846611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  221.210535] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  221.218401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.227757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.687305] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.754535] IPVS: ftp: loaded support on port[0] = 21
[  223.304666] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  224.705870] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  224.712502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  224.720642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  225.240718] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.247631] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.257053] device bridge_slave_0 entered promiscuous mode
[  225.473032] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.479615] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.486715] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.493268] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.502545] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  225.532687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  225.640334] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.647282] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.656220] device bridge_slave_1 entered promiscuous mode
[  226.035628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  226.230454] 8021q: adding VLAN 0 to HW filter on device team0
[  226.420062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  227.546628] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  227.914148] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  228.308322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  228.315788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  228.729346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  228.736722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  229.925600] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  229.934486] team0: Port device team_slave_0 added
[  230.301049] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  230.309673] team0: Port device team_slave_1 added
16:28:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0xaaaaaaaaaaaab7d, 0x0, &(0x7f0000000080), 0x111)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f00000001c0)="650fc75c276766b882000f00d0c4423d3c56eef22ede9a002000000f01cf0f3042802100660f38802afb0f23d4", 0x2d}], 0x1, 0xffffffffffffffff, &(0x7f0000000040), 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  230.768094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  230.775350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  230.784712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  231.248655] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.267542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  231.275143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  231.285002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  231.767107] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  231.775052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  231.784479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  232.247764] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  232.256723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  232.266348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  232.707362] IPVS: ftp: loaded support on port[0] = 21
[  232.961388] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  234.785395] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  234.792154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  234.800345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  236.659828] 8021q: adding VLAN 0 to HW filter on device team0
16:28:56 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)

[  236.965252] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.971744] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.980849] device bridge_slave_0 entered promiscuous mode
[  237.518163] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.524853] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.533551] device bridge_slave_1 entered promiscuous mode
16:28:56 executing program 0:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000140)=0x8)
sendmmsg(0xffffffffffffffff, &(0x7f0000003440)=[{{&(0x7f00000000c0)=@can, 0x80, &(0x7f00000002c0), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="10"], 0x1}}], 0x1, 0x0)
sendmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f0000000040)=@nl=@unspec, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000000380), 0x0, 0xffffffffffffffff}}, {{&(0x7f0000000400)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000240), 0x0, &(0x7f0000000480)}}], 0x2, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x4, 0x400080)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000200)={0x5}, 0x1)
ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000280)={0x4, &(0x7f0000000240)=[{}, {}, {}, {}]})
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f00000001c0)=0x5, 0x4)

[  237.571944] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.578414] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.585494] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.592048] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.600585] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  237.811604] raw_sendmsg: syz-executor0 forgot to set AF_INET. Fix it!
[  237.853653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  237.999630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
16:28:57 executing program 0:
clone(0x103, 0x0, 0xfffffffffffffffe, &(0x7f00000002c0), 0xffffffffffffffff)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000240))
clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
tkill(0x0, 0x0)
wait4(0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140))
mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x8000)

16:28:57 executing program 0:
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x5, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @broadcast, "6c6f0100000068b1cf426c4caaa500"}}, 0x1e)
sendmmsg(r0, &(0x7f00000000c0)=[{{&(0x7f0000002980)=@rc, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000100)}}], 0x69, 0x0)
readv(r0, &(0x7f00000015c0)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1)

[  238.511552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
16:28:57 executing program 0:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x10402, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f00000000c0)={<r1=>0x0, @in={{0x2, 0x4e20, @remote}}, [0x4, 0x800000000, 0xfff, 0x4, 0xff, 0x1, 0x0, 0xffffffffffffffc0, 0x80, 0x3, 0x0, 0x1, 0x6, 0x7, 0x400]}, &(0x7f00000001c0)=0x100)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000240)={r1}, 0x8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x2}, 0x1c)
listen(r3, 0x2000000000)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4)
sendto$inet6(r2, &(0x7f0000000040)="ee", 0x1, 0x200408d4, &(0x7f000072e000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000200)={0xfffffffffffffdd1, 0x0, 0xffff, 0xe90d, 0x6, 0xe7d, 0x2a458920, 0x3, 0x3, 0x2})

[  239.203724] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
16:28:58 executing program 0:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x10402, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f00000000c0)={<r1=>0x0, @in={{0x2, 0x4e20, @remote}}, [0x4, 0x800000000, 0xfff, 0x4, 0xff, 0x1, 0x0, 0xffffffffffffffc0, 0x80, 0x3, 0x0, 0x1, 0x6, 0x7, 0x400]}, &(0x7f00000001c0)=0x100)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000240)={r1}, 0x8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x2}, 0x1c)
listen(r3, 0x2000000000)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4)
sendto$inet6(r2, &(0x7f0000000040)="ee", 0x1, 0x200408d4, &(0x7f000072e000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000200)={0xfffffffffffffdd1, 0x0, 0xffff, 0xe90d, 0x6, 0xe7d, 0x2a458920, 0x3, 0x3, 0x2})

[  239.873155] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  239.979108] bond0: Enslaving bond_slave_0 as an active interface with an up link
16:28:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80200000000002, &(0x7f0000000680)=0x82, 0x4)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000080)=0x1, 0x4)
write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84)
recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0xff9a}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000340)="709e65cd021c68201927d6597b5bc284", 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0xffffffffffffff5e, &(0x7f00000003c0)}, &(0x7f0000000180)=0x10)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@mcast2, @in=@broadcast}}, {{@in6=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000600)=0xe8)

[  240.452770] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  240.816322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  240.823976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  241.180758] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  241.187991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
16:29:00 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80200000000002, &(0x7f0000000680)=0x82, 0x4)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000080)=0x1, 0x4)
write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84)
recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0xff9a}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000340)="709e65cd021c68201927d6597b5bc284", 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0xffffffffffffff5e, &(0x7f00000003c0)}, &(0x7f0000000180)=0x10)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@mcast2, @in=@broadcast}}, {{@in6=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000600)=0xe8)

[  241.679556] ip (7089) used greatest stack depth: 53040 bytes left
[  242.548891] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  242.557526] team0: Port device team_slave_0 added
[  243.047155] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  243.055695] team0: Port device team_slave_1 added
[  243.290366] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.337242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  243.344497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  243.353393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  243.777595] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  243.784846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  243.793884] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  244.125373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  244.133219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  244.142283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  244.413044] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  244.420979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  244.430139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  244.609143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  245.731521] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  245.740307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  245.748683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
16:29:05 executing program 1:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80003, 0x7)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffd, 0x1b, 0x0, <r2=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000100)=0x2)

[  246.526550] ==================================================================
[  246.534496] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0
[  246.542061] CPU: 0 PID: 7214 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66
[  246.549267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.558646] Call Trace:
[  246.561275]  dump_stack+0x306/0x460
[  246.564945]  ? vmap_page_range_noflush+0x975/0xed0
[  246.569927]  kmsan_report+0x1a2/0x2e0
[  246.573787]  __msan_warning+0x7c/0xe0
[  246.577633]  vmap_page_range_noflush+0x975/0xed0
[  246.582473]  map_vm_area+0x17d/0x1f0
[  246.586236]  kmsan_vmap+0xf2/0x180
[  246.589833]  vmap+0x3a1/0x510
[  246.592976]  ? ion_heap_map_kernel+0xa33/0xad0
[  246.597603]  ion_heap_map_kernel+0xa33/0xad0
[  246.602066]  ? ion_ioctl+0x690/0x690
[  246.605814]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  246.611060]  ? ion_dma_buf_release+0x430/0x430
[  246.615674]  dma_buf_ioctl+0x376/0x630
[  246.619605]  ? dma_buf_poll+0x1690/0x1690
[  246.623793]  do_vfs_ioctl+0xcf3/0x2810
[  246.627736]  ? security_file_ioctl+0x92/0x200
[  246.632296]  __se_sys_ioctl+0x1da/0x270
[  246.636496]  __x64_sys_ioctl+0x4a/0x70
[  246.641208]  do_syscall_64+0xbe/0x100
[  246.645675]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  246.651526] RIP: 0033:0x457579
[  246.655443] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  246.676481] RSP: 002b:00007f2d4668cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.684232] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  246.691529] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000005
[  246.698832] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  246.706129] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d4668d6d4
[  246.713423] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff
[  246.720741] 
[  246.722394] Uninit was created at:
[  246.725971]  kmsan_internal_poison_shadow+0xc8/0x1d0
[  246.731105]  kmsan_kmalloc+0xa4/0x120
[  246.734930]  __kmalloc+0x14b/0x440
[  246.738506]  kmsan_vmap+0x9b/0x180
[  246.742074]  vmap+0x3a1/0x510
[  246.745734]  ion_heap_map_kernel+0xa33/0xad0
[  246.750347]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  246.755567]  dma_buf_ioctl+0x376/0x630
[  246.759480]  do_vfs_ioctl+0xcf3/0x2810
[  246.763396]  __se_sys_ioctl+0x1da/0x270
[  246.767394]  __x64_sys_ioctl+0x4a/0x70
[  246.771304]  do_syscall_64+0xbe/0x100
[  246.775136]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  246.780686] ==================================================================
[  246.788756] Disabling lock debugging due to kernel taint
[  246.794219] Kernel panic - not syncing: panic_on_warn set ...
[  246.794219] 
[  246.801621] CPU: 0 PID: 7214 Comm: syz-executor1 Tainted: G    B             4.19.0-rc4+ #66
[  246.810211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.819580] Call Trace:
[  246.822211]  dump_stack+0x306/0x460
[  246.825897]  panic+0x54c/0xafa
[  246.829177]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  246.834672]  kmsan_report+0x2d3/0x2e0
[  246.838517]  __msan_warning+0x7c/0xe0
[  246.842374]  vmap_page_range_noflush+0x975/0xed0
[  246.847219]  map_vm_area+0x17d/0x1f0
[  246.850989]  kmsan_vmap+0xf2/0x180
[  246.854577]  vmap+0x3a1/0x510
[  246.857717]  ? ion_heap_map_kernel+0xa33/0xad0
[  246.862350]  ion_heap_map_kernel+0xa33/0xad0
[  246.866827]  ? ion_ioctl+0x690/0x690
[  246.870584]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  246.876785]  ? ion_dma_buf_release+0x430/0x430
[  246.882270]  dma_buf_ioctl+0x376/0x630
[  246.886197]  ? dma_buf_poll+0x1690/0x1690
[  246.890386]  do_vfs_ioctl+0xcf3/0x2810
[  246.894319]  ? security_file_ioctl+0x92/0x200
[  246.898864]  __se_sys_ioctl+0x1da/0x270
[  246.902890]  __x64_sys_ioctl+0x4a/0x70
[  246.906815]  do_syscall_64+0xbe/0x100
[  246.910659]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  246.915871] RIP: 0033:0x457579
[  246.919092] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  246.938013] RSP: 002b:00007f2d4668cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.945749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  246.953039] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000005
[  246.960332] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  246.967618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d4668d6d4
[  246.974907] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff
[  246.983151] Kernel Offset: disabled
[  246.986794] Rebooting in 86400 seconds..