[   60.314575] audit: type=1800 audit(1539188353.361:27): pid=6070 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   61.784780] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   63.814273] random: sshd: uninitialized urandom read (32 bytes read)
[   64.182095] random: sshd: uninitialized urandom read (32 bytes read)
[   66.704865] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
[   72.752890] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/10 16:19:27 fuzzer started
[   77.451229] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/10 16:19:32 dialing manager at 10.128.0.26:45337
2018/10/10 16:19:32 syscalls: 1
2018/10/10 16:19:32 code coverage: enabled
2018/10/10 16:19:32 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/10 16:19:32 setuid sandbox: enabled
2018/10/10 16:19:32 namespace sandbox: enabled
2018/10/10 16:19:32 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/10 16:19:32 fault injection: enabled
2018/10/10 16:19:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/10 16:19:32 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/10 16:19:32 net device setup: enabled
[   82.915522] random: crng init done
16:21:35 executing program 0:
ioprio_get$uid(0x3, 0x0)
keyctl$update(0x2, 0x0, &(0x7f0000000440), 0x0)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, &(0x7f0000000500))

[  202.995648] IPVS: ftp: loaded support on port[0] = 21
[  204.451226] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.457805] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.466784] device bridge_slave_0 entered promiscuous mode
[  204.619082] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.625720] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.634544] device bridge_slave_1 entered promiscuous mode
[  204.784774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  204.933958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  205.399446] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  205.554534] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  205.852484] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  205.859633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
16:21:39 executing program 1:
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423)
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000240), &(0x7f0000000280)=0x4)
mount(&(0x7f0000000200)=@nullb='/dew/nullb0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000180)='dax\x00', 0x0, &(0x7f00000001c0)='threaded\x00')
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000140)=0x4)

[  206.326864] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  206.335383] team0: Port device team_slave_0 added
[  206.568937] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  206.577329] team0: Port device team_slave_1 added
[  206.868767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  206.875951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  206.885257] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.033715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  207.040826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.050114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.204574] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  207.212369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.221746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.444816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  207.453013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.462329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.608343] IPVS: ftp: loaded support on port[0] = 21
[  209.979285] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.985925] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.994676] device bridge_slave_0 entered promiscuous mode
[  210.123921] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.130420] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.137547] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.144109] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.153266] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  210.253237] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.259749] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.268510] device bridge_slave_1 entered promiscuous mode
[  210.518713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  210.695354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  210.892082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  211.378889] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  211.616847] bond0: Enslaving bond_slave_1 as an active interface with an up link
16:21:44 executing program 2:
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423)
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
mount(&(0x7f0000000200)=@nullb='/dew/nullb0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000180)='dax\x00', 0x0, &(0x7f00000001c0)='threaded\x00')
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000140)=0x4)

[  211.865854] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  211.877319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.127585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  212.134819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  212.930661] IPVS: ftp: loaded support on port[0] = 21
[  213.080851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  213.089133] team0: Port device team_slave_0 added
[  213.389818] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  213.398396] team0: Port device team_slave_1 added
[  213.676102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  213.683335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  213.692489] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  213.967266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  213.974556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  213.983716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  214.374759] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  214.382532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  214.391868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  214.714122] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  214.722016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  214.731314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  215.864375] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.870856] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.879546] device bridge_slave_0 entered promiscuous mode
[  216.159768] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.166493] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.175309] device bridge_slave_1 entered promiscuous mode
[  216.475527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  216.689170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  217.364149] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  217.684542] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  218.056478] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  218.065410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.098720] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.105270] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.112366] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.118845] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.128094] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  218.286958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  218.294386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  219.133954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  219.223504] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  219.231944] team0: Port device team_slave_0 added
[  219.536318] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  219.544916] team0: Port device team_slave_1 added
[  219.849327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  219.856582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  219.865732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
16:21:53 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket(0x40000000002, 0x3, 0x67)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000300)='bridge0\x00', 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000040)=""/18, 0x12}, {&(0x7f0000000080)=""/4, 0x4}], 0x2, 0x0)
sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0xd0000e0}, 0x63)

[  220.296216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  220.303480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  220.312662] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  220.776437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  220.784336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  220.793554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  221.122953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  221.130620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.140008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.635063] IPVS: ftp: loaded support on port[0] = 21
[  223.262336] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.709938] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  225.082518] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.089014] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.097930] device bridge_slave_0 entered promiscuous mode
[  225.435742] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.442313] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.449278] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.455880] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.464905] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  225.493079] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.499548] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.508336] device bridge_slave_1 entered promiscuous mode
[  225.878114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  226.234998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  226.269000] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  226.275519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  226.283794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  226.383109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  227.439262] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  227.592545] 8021q: adding VLAN 0 to HW filter on device team0
[  227.831403] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  228.206695] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  228.213966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  228.552053] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  228.559206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  229.670735] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  229.679223] team0: Port device team_slave_0 added
[  230.027312] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  230.035780] team0: Port device team_slave_1 added
[  230.400898] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  230.408157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  230.417373] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
16:22:03 executing program 4:
prctl$setname(0xf, &(0x7f0000000600)="cd23330bff00")
syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00')

[  230.794745] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  230.802998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  230.812442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  231.237230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  231.245299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  231.255009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  231.656918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  231.664694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  231.673849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  232.625089] IPVS: ftp: loaded support on port[0] = 21
[  233.461827] 8021q: adding VLAN 0 to HW filter on device bond0
[  235.047329] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  236.470604] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.477191] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.484298] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.490770] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.500533] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  236.652006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  236.723724] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  236.734645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  236.743030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  236.786370] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.793066] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.802518] device bridge_slave_0 entered promiscuous mode
[  237.334888] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.341390] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.350473] device bridge_slave_1 entered promiscuous mode
[  237.780893] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
16:22:11 executing program 0:
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
fcntl$setlease(r0, 0x400, 0x3)

[  238.158216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  238.432940] 8021q: adding VLAN 0 to HW filter on device team0
16:22:11 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
memfd_create(&(0x7f0000000080)='loem1\x00', 0x6)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0)

16:22:12 executing program 0:
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3d, &(0x7f00000000c0), &(0x7f0000000000)=0x4)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/userio\x00', 0x400500, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000180)={0x1, 0x7fffffff}, 0x2)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x10241, 0x0)
fsetxattr$trusted_overlay_opaque(r2, &(0x7f00000001c0)='trusted.overlay.opaque\x00', &(0x7f0000000200)='y\x00', 0x2, 0x3)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000100)={0x3, r2})

16:22:12 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20}, 0xf8)
listen(r0, 0x3)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, &(0x7f0000000280), 0x0, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a0676ffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1)

[  239.516822] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  239.874374] bond0: Enslaving bond_slave_1 as an active interface with an up link
16:22:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x100, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, &(0x7f00000001c0)={'mangle\x00', 0xa6, "9fa5911eb33983f03ae62c259bc99c45241e2525700ead3a3f1adf790fc7b5963394594092547e19dac8b9f150e85115502c1ad60296386a6232837d2e79ab02ba646eb5d5107dbae98e10a7060a4ef23e5373d0ba0d471fbf6426a965b03d95e8f85fcf3b884150978328e25d7044163ffe3dc63af0ebee58748ad8bdebdc2599e917613e54238fd0b58c2bf9bfe071b49edd5d61a3d72877993c51019ce061863bf71b63e1"}, &(0x7f0000000040)=0xca)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

[  240.207278] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  240.440482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  240.448183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
16:22:13 executing program 0:
unshare(0x20400)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
r1 = syz_open_pts(r0, 0x101004)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000698000))

[  240.918139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  240.925363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
16:22:14 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58)
r1 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x4, 0x80000)
ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0)
r2 = accept4(r0, 0x0, &(0x7f0000000000), 0x0)
ftruncate(r0, 0x401)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100), 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r2, r3, &(0x7f00000002c0), 0x10000000000443)
r4 = fcntl$getown(r2, 0x9)
syz_open_procfs(r4, &(0x7f0000000100)='schedstat\x00')
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r3, 0x800442d4, &(0x7f0000000040)=0x9)

[  242.221079] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  242.229415] team0: Port device team_slave_0 added
16:22:15 executing program 0:
pipe2(&(0x7f0000000040), 0x84000)
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r0, 0x10d, 0xb4, &(0x7f0000000000), &(0x7f00000000c0)=0x4)

[  242.659296] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  242.667735] team0: Port device team_slave_1 added
[  243.223202] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  243.230338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  243.239386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  243.597286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  243.604560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  243.613858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  243.807822] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.011268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  244.019508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  244.028511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  244.371522] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  244.379284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  244.388408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  245.183277] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  246.327932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  246.335610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  246.343656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
16:22:20 executing program 1:

[  247.540981] 8021q: adding VLAN 0 to HW filter on device team0
[  247.726421] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.732982] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.739939] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.746537] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.755265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  247.762099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  250.820529] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.759907] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  252.589993] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  252.596640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  252.604684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  253.463934] 8021q: adding VLAN 0 to HW filter on device team0
16:22:27 executing program 2:
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423)
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
mount(&(0x7f0000000200)=@nullb='/dew/nullb0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000180)='dax\x00', 0x0, &(0x7f00000001c0)='threaded\x00')
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000140)=0x4)

[  256.133157] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.690551] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  257.245068] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  257.251508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  257.259723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  257.500715] raw_sendmsg: syz-executor3 forgot to set AF_INET. Fix it!
16:22:30 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket(0x40000000002, 0x3, 0x67)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000300)='bridge0\x00', 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000040)=""/18, 0x12}, {&(0x7f0000000080)=""/4, 0x4}], 0x2, 0x0)
sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0xd0000e0}, 0x63)

[  257.894659] 8021q: adding VLAN 0 to HW filter on device team0
16:22:33 executing program 4:

16:22:33 executing program 5:
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0})
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
fstat(0xffffffffffffff9c, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0})
setresgid(r1, r2, r4)
r5 = socket$kcm(0x29, 0x2, 0x0)
fsetxattr$system_posix_acl(r5, &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f0000000480)={{}, {0x1, 0x5}, [{0x2, 0x4, r3}, {0x2, 0x3, r3}, {0x2, 0x4, r0}, {0x2, 0x7, r3}, {0x2, 0x7, r3}, {0x2, 0x6, r0}], {0x4, 0x4}, [{0x8, 0x2, r2}, {0x8, 0x5, r4}], {0x10, 0x3}, {0x20, 0x4}}, 0x64, 0x3)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dsp\x00', 0x68000, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000580)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffff9c, 0x0, 0x19, &(0x7f0000000540)='system.posix_acl_default\x00', 0xffffffffffffffff}, 0x30)
write$P9_RGETLOCK(r6, &(0x7f00000005c0)={0x37, 0x37, 0x2, {0x3, 0x9, 0x800, r7, 0x19, 'system.posix_acl_default\x00'}}, 0x37)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f00000006c0)={<r9=>0x0, 0x84, &(0x7f0000000600)=[@in6={0xa, 0x4e23, 0x5, @remote, 0x2588}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [], @rand_addr=0x9}, 0x8001}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xf}}, @in={0x2, 0x4e20, @multicast2}, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e24, 0x3a6, @local, 0x1}]}, &(0x7f0000000700)=0x10)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r6, 0x84, 0x77, &(0x7f0000000740)={r9, 0x4, 0x3, [0xfffffffffffffffa, 0x8, 0x6]}, 0xe)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r6, 0xc1205531, &(0x7f0000000780)={0x2, 0x0, 0x100, 0x41, [], [], [], 0xd989, 0x2, 0x4, 0xfffffffffffffeff, "75d2fc194111054f12fe77573784b0d4"})
fstat(r8, &(0x7f00000008c0))
r10 = syz_open_dev$vcsn(&(0x7f0000000940)='/dev/vcs#\x00', 0x800, 0x14082)
r11 = syz_open_pts(r10, 0x80000)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r11, 0x894b, &(0x7f0000000980))
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f00000009c0)={0xffffffffffffffff}, 0x4)
ioctl$sock_inet_SIOCSIFPFLAGS(r10, 0x8934, &(0x7f0000000a00)={'veth0\x00', 0x3})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000a80)={r6, 0x28, &(0x7f0000000a40)}, 0x10)
prctl$setendian(0x14, 0x1)
getpriority(0x2, r7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000ac0)={<r12=>0xffffffffffffffff})
ioctl$EVIOCGABS20(r5, 0x80184560, &(0x7f0000000b00)=""/82)
write$binfmt_misc(r12, &(0x7f0000000b80)={'syz0', "6551fc2a69c34bc455063631318b45dd6a17b5fba04004db9ef6bff5db5f88b451fee01acc61dd87b0b3ad6b6e7dd16ed7c79844c0c44ce0a7aeb9b4e72fa5da35162cceb4af34b8330d2784fc75181e1994c824b7881b9804da9731f4693c2590246d0f8e820e11cafdf0b2e29e9990107678b33e4bb30803053e0d58cdf28fbbdcb453f5a0f4ef301a62087d2daf2c74382d221810ad1cd5dba6b8f0e1b6f272a9ea94625d"}, 0xaa)
ptrace$getsig(0x4202, r7, 0x6, &(0x7f0000000c40))
ioctl$KDDISABIO(r6, 0x4b37)
ioctl$TCFLSH(r10, 0x540b, 0x61b4)
getsockopt$inet6_mtu(r6, 0x29, 0x17, &(0x7f0000000c80), &(0x7f0000000cc0)=0x4)
getsockopt$inet_sctp6_SCTP_STATUS(r6, 0x84, 0xe, &(0x7f0000000d00)={r9, 0x1, 0x7fff, 0xffffffff, 0x6, 0x33, 0x3, 0x100000001, {r9, @in6={{0xa, 0x4e22, 0x7fffffff, @ipv4, 0x3}}, 0x9, 0x7, 0xb6b, 0x200, 0x800}}, &(0x7f0000000dc0)=0xb0)
write$P9_RLERRORu(r6, &(0x7f0000000e00)={0xd, 0x7, 0x1, {{}, 0x10000}}, 0xd)

16:22:33 executing program 2:

16:22:33 executing program 1:

16:22:33 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@local, @rand_addr}, 0xc)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x4, &(0x7f0000001280)=0x2000, 0x4)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup3(r0, r1, 0x0)
setsockopt$inet6_MRT6_DEL_MFC(r4, 0x29, 0xcd, &(0x7f0000000140)={{0xa, 0x4e21, 0x7, @mcast1, 0x10001}, {0xa, 0x4e22, 0x3ff, @remote, 0xff}, 0xfffffffffffffe00, [0x9, 0xab0, 0x4, 0xfffffffffffffff7, 0x3ff0000, 0x7f, 0x5, 0x8001]}, 0x5c)

16:22:33 executing program 3:

16:22:33 executing program 1:

16:22:33 executing program 2:

16:22:33 executing program 3:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)

16:22:33 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, <r1=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x2)

16:22:33 executing program 0:
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)=""/252, &(0x7f0000000200)=0xfc)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x400000000005, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
dup2(r0, r2)
recvmmsg(r1, &(0x7f0000000b80)=[{{&(0x7f0000000200)=@l2, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000600)=""/84, 0x54}}, {{&(0x7f0000000680)=@l2, 0x80, &(0x7f0000000a40), 0x0, &(0x7f0000000ac0)=""/147, 0x93}}], 0x4000000000002ce, 0x0, 0x0)

[  260.825803] ==================================================================
[  260.833277] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0
[  260.840414] CPU: 0 PID: 7521 Comm: syz-executor4 Not tainted 4.19.0-rc4+ #66
[  260.847652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.857045] Call Trace:
[  260.859690]  dump_stack+0x306/0x460
[  260.863358]  ? vmap_page_range_noflush+0x975/0xed0
[  260.868332]  kmsan_report+0x1a2/0x2e0
[  260.872175]  __msan_warning+0x7c/0xe0
[  260.876022]  vmap_page_range_noflush+0x975/0xed0
[  260.880855]  map_vm_area+0x17d/0x1f0
[  260.884619]  kmsan_vmap+0xf2/0x180
[  260.888221]  vmap+0x3a1/0x510
[  260.891368]  ? ion_heap_map_kernel+0xa33/0xad0
[  260.896008]  ion_heap_map_kernel+0xa33/0xad0
[  260.900479]  ? ion_ioctl+0x690/0x690
[  260.904258]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  260.909502]  ? ion_dma_buf_release+0x430/0x430
[  260.914130]  dma_buf_ioctl+0x376/0x630
[  260.918068]  ? dma_buf_poll+0x1690/0x1690
[  260.922246]  do_vfs_ioctl+0xcf3/0x2810
[  260.926177]  ? security_file_ioctl+0x92/0x200
[  260.930727]  __se_sys_ioctl+0x1da/0x270
[  260.934756]  __x64_sys_ioctl+0x4a/0x70
[  260.938692]  do_syscall_64+0xbe/0x100
[  260.942531]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  260.947752] RIP: 0033:0x457579
[  260.950971] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  260.969895] RSP: 002b:00007f0c728b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.977674] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  260.984974] RDX: 0000000020000040 RSI: 0000000040086200 RDI: 0000000000000004
[  260.992274] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  260.999573] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c728b56d4
[  261.006895] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff
[  261.014222] 
[  261.015875] Uninit was created at:
[  261.019463]  kmsan_internal_poison_shadow+0xc8/0x1d0
[  261.024607]  kmsan_kmalloc+0xa4/0x120
[  261.028468]  __kmalloc+0x14b/0x440
[  261.032035]  kmsan_vmap+0x9b/0x180
[  261.035601]  vmap+0x3a1/0x510
[  261.038760]  ion_heap_map_kernel+0xa33/0xad0
[  261.043219]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  261.048440]  dma_buf_ioctl+0x376/0x630
[  261.052349]  do_vfs_ioctl+0xcf3/0x2810
[  261.056267]  __se_sys_ioctl+0x1da/0x270
[  261.060275]  __x64_sys_ioctl+0x4a/0x70
[  261.064192]  do_syscall_64+0xbe/0x100
[  261.068027]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.073229] ==================================================================
[  261.080612] Disabling lock debugging due to kernel taint
[  261.086106] Kernel panic - not syncing: panic_on_warn set ...
[  261.086106] 
[  261.093515] CPU: 0 PID: 7521 Comm: syz-executor4 Tainted: G    B             4.19.0-rc4+ #66
[  261.102119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.111503] Call Trace:
[  261.114123]  dump_stack+0x306/0x460
[  261.117807]  panic+0x54c/0xafa
[  261.121079]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
16:22:34 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, <r1=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x2)

16:22:34 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
sendfile(r1, r1, &(0x7f0000000040), 0x1)

[  261.126569]  kmsan_report+0x2d3/0x2e0
[  261.130409]  __msan_warning+0x7c/0xe0
[  261.134252]  vmap_page_range_noflush+0x975/0xed0
[  261.139092]  map_vm_area+0x17d/0x1f0
[  261.142856]  kmsan_vmap+0xf2/0x180
[  261.146435]  vmap+0x3a1/0x510
[  261.149571]  ? ion_heap_map_kernel+0xa33/0xad0
[  261.154182]  ion_heap_map_kernel+0xa33/0xad0
[  261.158653]  ? ion_ioctl+0x690/0x690
[  261.162489]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  261.167731]  ? ion_dma_buf_release+0x430/0x430
[  261.172346]  dma_buf_ioctl+0x376/0x630
[  261.176279]  ? dma_buf_poll+0x1690/0x1690
[  261.180465]  do_vfs_ioctl+0xcf3/0x2810
[  261.184407]  ? security_file_ioctl+0x92/0x200
[  261.188948]  __se_sys_ioctl+0x1da/0x270
[  261.192971]  __x64_sys_ioctl+0x4a/0x70
[  261.196892]  do_syscall_64+0xbe/0x100
[  261.200738]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.205967] RIP: 0033:0x457579
[  261.209189] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  261.228112] RSP: 002b:00007f0c728b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  261.235854] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  261.243615] RDX: 0000000020000040 RSI: 0000000040086200 RDI: 0000000000000004
[  261.250932] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  261.258227] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c728b56d4
[  261.265520] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff
[  261.273835] Kernel Offset: disabled
[  261.277474] Rebooting in 86400 seconds..