[....] Starting OpenBSD Secure Shell server: sshd[   51.852138] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   52.246854] audit: type=1800 audit(1539231414.294:29): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   52.266488] audit: type=1800 audit(1539231414.294:30): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   54.189704] random: sshd: uninitialized urandom read (32 bytes read)
[   54.683498] random: sshd: uninitialized urandom read (32 bytes read)
[   56.388913] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts.
[   62.125983] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/11 04:17:05 fuzzer started
[   66.437469] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/11 04:17:10 dialing manager at 10.128.0.26:39089
2018/10/11 04:17:10 syscalls: 1
2018/10/11 04:17:10 code coverage: enabled
2018/10/11 04:17:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/11 04:17:10 setuid sandbox: enabled
2018/10/11 04:17:10 namespace sandbox: enabled
2018/10/11 04:17:10 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/11 04:17:10 fault injection: enabled
2018/10/11 04:17:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/11 04:17:10 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/11 04:17:10 net device setup: enabled
[   71.429096] random: crng init done
04:18:45 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f00000003c0)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000380)=[{}, {0x3, 0x80}], 0x200000000000035a)
write$P9_RXATTRCREATE(r1, &(0x7f0000000040)={0x7}, 0x7)

[  164.586501] IPVS: ftp: loaded support on port[0] = 21
[  165.679722] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.686381] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.694522] device bridge_slave_0 entered promiscuous mode
[  165.819587] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.826262] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.834584] device bridge_slave_1 entered promiscuous mode
[  165.952527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  166.061412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  166.404094] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  166.526691] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  166.641518] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  166.650693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
04:18:49 executing program 1:
r0 = open(&(0x7f00000009c0)='./file0\x00', 0x40440, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f00000003c0)=0x400100000001, 0x4)
connect$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = dup2(r1, r1)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2002001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff)
accept4$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14, 0x0)

[  167.151296] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  167.159530] team0: Port device team_slave_0 added
[  167.304590] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  167.312641] team0: Port device team_slave_1 added
[  167.526791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  167.534025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  167.542837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  167.744577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  167.752020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  167.760606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  167.977887] IPVS: ftp: loaded support on port[0] = 21
[  167.991035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  168.015778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  168.024936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  168.137258] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  168.144931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  168.153778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  169.853044] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.859610] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.868395] device bridge_slave_0 entered promiscuous mode
[  170.073792] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.080247] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.088772] device bridge_slave_1 entered promiscuous mode
[  170.219933] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.226497] bridge0: port 2(bridge_slave_1) entered forwarding state
[  170.233466] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.239924] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.248660] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  170.262833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  170.271961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  170.451928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  171.193037] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  171.368081] bond0: Enslaving bond_slave_1 as an active interface with an up link
04:18:53 executing program 2:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, <r1=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x2)
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x5)

[  171.617061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  171.624318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  171.837009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  171.844435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  172.472387] IPVS: ftp: loaded support on port[0] = 21
[  172.493494] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  172.501468] team0: Port device team_slave_0 added
[  172.765383] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  172.773565] team0: Port device team_slave_1 added
[  172.926447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  172.935907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.944743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  173.228103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  173.483982] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  173.491793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  173.500663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  173.723349] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  173.731019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  173.739793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  174.764888] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.771363] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.779760] device bridge_slave_0 entered promiscuous mode
[  175.084057] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.090536] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.098826] device bridge_slave_1 entered promiscuous mode
[  175.357552] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  175.594786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  176.335513] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  176.551165] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.557729] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.564724] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.571172] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.579574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  176.633805] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  176.867276] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  176.874600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.132987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  177.140087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.403242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
04:19:00 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000180))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x0, @time={0x0, 0x989680}})
syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0)

[  177.924682] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  177.932789] team0: Port device team_slave_0 added
[  178.173325] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  178.180968] team0: Port device team_slave_1 added
[  178.478441] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  178.485571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.494050] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  178.785717] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  178.792976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.801397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  179.051161] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  179.058888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  179.067805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  179.294488] IPVS: ftp: loaded support on port[0] = 21
[  179.411191] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  179.418886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  179.427701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  180.946400] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.147363] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  182.266791] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.273437] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.281507] device bridge_slave_0 entered promiscuous mode
[  182.590648] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.597316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.604366] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.610919] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.619476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  182.633962] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.640420] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.648826] device bridge_slave_1 entered promiscuous mode
[  182.722008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  182.964440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  183.273398] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  183.343132] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  183.349563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  183.357527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  184.266629] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  184.460672] 8021q: adding VLAN 0 to HW filter on device team0
[  184.573043] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  184.812042] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  184.819211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  185.069027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  185.076271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  185.926809] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  185.935157] team0: Port device team_slave_0 added
04:19:08 executing program 4:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000040)={0x28}, 0x28)

[  186.263998] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  186.272166] team0: Port device team_slave_1 added
[  186.655491] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  186.663178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  186.672021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.005839] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  187.013102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.022016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  187.358437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  187.366065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  187.374767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  187.719025] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  187.726771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  187.735277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  187.755137] IPVS: ftp: loaded support on port[0] = 21
[  188.741265] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.229378] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  190.954587] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.961121] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.969442] device bridge_slave_0 entered promiscuous mode
[  191.359360] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.366014] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.374194] device bridge_slave_1 entered promiscuous mode
[  191.444279] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  191.450759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.458733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.654805] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.661379] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.668377] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.674853] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.683234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  191.754013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  192.129829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  192.343931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.842610] 8021q: adding VLAN 0 to HW filter on device team0
04:19:15 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0xffffffc3}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000008000a00060000001800120008000100767469000c0002000800050002000000"], 0x1}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)

[  193.315200] bond0: Enslaving bond_slave_0 as an active interface with an up link
04:19:15 executing program 0:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
sched_yield()
r1 = dup3(r0, r0, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000300)={{{@in6, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@ipv4}}, &(0x7f0000000400)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}}, &(0x7f0000000540)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000580)={{{@in6, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@rand_addr}}, &(0x7f0000000680)=0xe8)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000006c0)={0x0, <r6=>0x0}, &(0x7f0000000700)=0xc)
r7 = getuid()
r8 = getuid()
r9 = geteuid()
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000740)={0x0, <r10=>0x0}, &(0x7f0000000780)=0xc)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000007c0)={0x0, <r11=>0x0}, &(0x7f0000000800)=0xc)
getresgid(&(0x7f0000000840)=<r12=>0x0, &(0x7f0000000880), &(0x7f00000008c0))
fstat(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000980)={0x0, 0x0, <r14=>0x0}, &(0x7f00000009c0)=0xc)
getresgid(&(0x7f0000000a00), &(0x7f0000000a40), &(0x7f0000000a80)=<r15=>0x0)
stat(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0})
fsetxattr$system_posix_acl(r0, &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000b80)={{}, {0x1, 0x5}, [{0x2, 0x3, r2}, {0x2, 0x4, r3}, {0x2, 0x4, r4}, {0x2, 0x5, r5}, {0x2, 0x2, r6}, {0x2, 0x4, r7}, {0x2, 0x7, r8}, {0x2, 0x3, r9}, {0x2, 0x4, r10}, {0x2, 0x7, r11}], {0x4, 0x2}, [{0x8, 0x1, r12}, {0x8, 0x4, r13}, {0x8, 0x2, r14}, {0x8, 0x2, r15}, {0x8, 0x2, r16}], {0x10, 0x2}}, 0x9c, 0x2)
r17 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x200)
inotify_rm_watch(r1, r17)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f00000000c0)={0x4}, 0x1)
getsockopt$inet_int(r0, 0x10d, 0x2000000000008d, &(0x7f0000000000), &(0x7f0000000100)=0xfe82)
msgget$private(0x0, 0x424)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="4f904ba6fec1a4da339c9e3e85fd4ead52b0ba244433648cbc04993c37eda1e95582a16ca2151c74c26887e984fd053fb63a76aa075980a4f4518b84f8a685b80e929dd527ed5403f02f51d65c61b168276dd512d49ebf8ced36248192769ad6c3e71bf5647e481b3f0b7cb8000392f53a1ecf28fdf05c7bc97092f12d76961d2cc59ec5c9d79c08a1d57b5164c7ccdd5ef071c529e110eec5c48d9d0c89e0", 0x9f}], 0x1)

[  193.686572] bond0: Enslaving bond_slave_1 as an active interface with an up link
04:19:16 executing program 0:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000240))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1})
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)={<r2=>0x0, 0x3, 0x3, [0xc1, 0x3, 0x1c4c7254]}, &(0x7f0000000080)=0xe)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000100)={r2, 0x31022c76, 0xc0, "8380a71eb1724db03a1e72e8389c34c72537dc3bdbf21f1d76a9bf7f335a5bca9ce111b3b4cd441e966a66fdf213ca5350e9a32daf7d07f6611b4a6055c8e27328746d8173c942694c69e9533473f6d75739eed710815d7f15899af216490cb32de86e7621b323e745accd0fd8a6ca83bbc5a719c638ab1bed083f16fa2e49036069e0b176d15f6969395811434f80f2845cdebd59a3be17838d813423e96fb5bb33ed7a1797d4b6210167693028591ccf6d47caf4a3d4178e0f5753e96672be"}, 0xc8)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000011000/0x2000)=nil, &(0x7f0000013000/0x2000)=nil, 0x2000})
mlock(&(0x7f0000012000/0x1000)=nil, 0x1000)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000015000/0x2000)=nil, 0x2000})

[  194.133198] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  194.140284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  194.436021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  194.443210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
04:19:17 executing program 0:
execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000200)="7d282c766280786e65743176626f786e65743026656d306e6f64657623776c616e0900696d655f747970652323657468306b657972696e671173797374656d2400"], &(0x7f0000000500), 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffff9c)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000180), &(0x7f0000000140)=0x4)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x9, 0x101800)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$int_out(r0, 0x2, &(0x7f0000000100))
r2 = socket$inet_sctp(0x2, 0x7fffffffffffffe, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000200)={0x0, @in6}, 0x90)

04:19:17 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
fgetxattr(r0, &(0x7f0000000000)=@random={'trusted.', '&cpuset[^)@\x00'}, &(0x7f00000000c0)=""/77, 0x4d)
sendmsg$nl_xfrm(r0, &(0x7f00000005c0)={&(0x7f0000000080), 0xc, &(0x7f0000000580)={&(0x7f00000002c0)=@updpolicy={0xfc, 0x19, 0x301, 0x0, 0x0, {{@in=@dev, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@tmpl={0x44, 0x5, [{{@in=@multicast1}, 0xf0ffff, @in=@multicast2}]}]}, 0xfc}}, 0x0)

[  195.532359] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  195.540148] team0: Port device team_slave_0 added
04:19:17 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x8)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x0, 0x2000000000000001})

[  196.021206] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  196.029481] team0: Port device team_slave_1 added
[  196.056632] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  196.354944] 8021q: adding VLAN 0 to HW filter on device bond0
04:19:18 executing program 0:
r0 = socket(0x40000000015, 0x5, 0x0)
recvfrom(r0, &(0x7f0000000040)=""/141, 0x8d, 0x0, &(0x7f0000000100)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x709000)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000))
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc0000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x81}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
tkill(r1, 0x1000000000013)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000f7db7f), 0x0, 0x0, &(0x7f000069affb)={0x2, 0x0, @loopback}, 0x10)

[  196.475623] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  196.482866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  196.491318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  196.817676] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  196.825011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  196.833725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
04:19:19 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x82000)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0)
write$P9_RWALK(r1, &(0x7f0000000080)={0x16, 0x6f, 0x1, {0x1, [{0x4, 0x1, 0x8}]}}, 0x16)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000000c0)={0x1, 0x0, @pic={0x0, 0x5, 0xb05a, 0x7f, 0x71a, 0x800, 0x8, 0x9, 0x3d, 0x9, 0x42b, 0xfff, 0xfffffffffffeffff, 0x800, 0x3, 0x6}})
r2 = geteuid()
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f00000001c0)=""/15, &(0x7f0000000200)=0xf)
r3 = semget$private(0x0, 0x3, 0x40)
lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getgroups(0x6, &(0x7f0000000300)=[0xee00, 0xee01, 0x0, 0xffffffffffffffff, 0xee00, <r5=>0xee00])
semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000340)={{0x7, r2, r4, r2, r5, 0x80, 0x4}, 0x71, 0x8, 0xd76f})
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000003c0))
getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000400), &(0x7f0000000440)=0xb)
getpeername$inet6(r1, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000004c0)=0x1c)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000580)={0x17, 0x6e, &(0x7f0000000500)="93a442b75302e9ad745731527bb3d7e8a673ab8dd2461261968c3834d3a19d37df0ad09caf953c166f499e65f325844a7cff78d5cbe9691199208e6521c28448bdff2c79accfe83f3fdd3d4098ef92355983bff42f734fd596a4b6accaf09cf0d3303e02271a7d4c2b065491c3c1"})
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f00000005c0)=0x8)
geteuid()
r6 = socket$packet(0x11, 0x2, 0x300)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000600)={<r7=>0x0}, &(0x7f0000000640)=0xc)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f00000006c0)={{0x3, 0x1, 0x30000000, 0x5, '\x00', 0x3f}, 0x6, 0x3, 0x401, r7, 0x3, 0x7, 'syz1\x00', &(0x7f0000000680)=['/proc/sys/net/ipv4/vs/sync_retries\x00', 'eth1', '^)bdevlo,%\x00'], 0x32, [], [0x1f, 0x0, 0x6]})
ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x2)
mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x11, r1, 0x80000000)
getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000800), &(0x7f0000000840)=0x4)
munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
write$P9_RREADDIR(r1, &(0x7f0000000880)={0xe4, 0x29, 0x2, {0x7ff, [{{0x20, 0x3, 0x8}, 0x8, 0x80000001, 0x7, './file0'}, {{0xaa, 0x1, 0x7}, 0x5, 0x10000, 0x7, './file1'}, {{0xb, 0x4, 0x1}, 0xffffffffffff5d8a, 0x7, 0x7, './file0'}, {{0x80, 0x1, 0x2}, 0xfffffffffffffff7, 0x1, 0x7, './file0'}, {{0x64, 0x2, 0x3}, 0x2, 0xfffffffffffffff8, 0x7, './file0'}, {{0x7, 0x2, 0x6}, 0xfffffffffffff801, 0x2a53, 0x7, './file0'}, {{0x3, 0x4, 0x8}, 0x12, 0x3, 0x7, './file0'}]}}, 0xe4)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000980)={<r8=>0x0}, &(0x7f00000009c0)=0xc)
r9 = add_key$keyring(&(0x7f0000000a80)='keyring\x00', &(0x7f0000000ac0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000a00)='keyring\x00', &(0x7f0000000a40)={'syz', 0x2}, 0x0, 0x0, r9)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000b00)={'filter\x00', 0x4}, 0x68)
get_robust_list(r8, &(0x7f0000000c40)=&(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b80)}}, &(0x7f0000000c80)=0x18)
connect$vsock_stream(r1, &(0x7f0000000cc0)={0x28, 0x0, 0x2710}, 0x10)

[  197.192456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  197.200432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  197.209188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  197.451421] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  197.459177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  197.467939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  197.781180] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  198.421415] IPVS: ftp: loaded support on port[0] = 21
[  198.928690] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  198.935171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  198.942973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  200.055914] 8021q: adding VLAN 0 to HW filter on device team0
[  200.452405] ip (7036) used greatest stack depth: 53056 bytes left
[  201.082154] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.088680] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.095714] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.102231] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.110568] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  201.393673] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.400225] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.408653] device bridge_slave_0 entered promiscuous mode
04:19:23 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f00000003c0)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000380)=[{}, {0x3, 0x80}], 0x200000000000035a)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000600), 0x14)

[  201.757769] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.764483] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.772876] device bridge_slave_1 entered promiscuous mode
[  202.024657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  202.154586] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  202.440509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  203.113374] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  203.388132] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  203.650812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  203.658265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  203.930781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  203.938225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  204.459492] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.662149] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  204.670126] team0: Port device team_slave_0 added
[  204.972136] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  204.979968] team0: Port device team_slave_1 added
[  205.229948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  205.237090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  205.245869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  205.291546] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  205.614974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  205.622266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  205.630750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  205.888927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  205.896643] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  205.905492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  205.921546] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  205.928185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  205.935988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  206.163796] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  206.171363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.180378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  206.552554] ==================================================================
[  206.560071] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0
[  206.567179] CPU: 1 PID: 7250 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66
[  206.574362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  206.583720] Call Trace:
[  206.586419]  dump_stack+0x306/0x460
[  206.590045]  ? vmap_page_range_noflush+0x975/0xed0
[  206.594972]  kmsan_report+0x1a2/0x2e0
[  206.598764]  __msan_warning+0x7c/0xe0
[  206.602556]  vmap_page_range_noflush+0x975/0xed0
[  206.607320]  map_vm_area+0x17d/0x1f0
[  206.611049]  kmsan_vmap+0xf2/0x180
[  206.614624]  vmap+0x3a1/0x510
[  206.617718]  ? ion_heap_map_kernel+0xa33/0xad0
[  206.622292]  ion_heap_map_kernel+0xa33/0xad0
[  206.626714]  ? ion_ioctl+0x690/0x690
[  206.630423]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  206.635609]  ? ion_dma_buf_release+0x430/0x430
[  206.640183]  dma_buf_ioctl+0x376/0x630
[  206.644075]  ? dma_buf_poll+0x1690/0x1690
[  206.648213]  do_vfs_ioctl+0xcf3/0x2810
[  206.652099]  ? security_file_ioctl+0x92/0x200
[  206.656608]  __se_sys_ioctl+0x1da/0x270
[  206.660581]  __x64_sys_ioctl+0x4a/0x70
[  206.664460]  do_syscall_64+0xbe/0x100
[  206.668252]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  206.673427] RIP: 0033:0x457519
[  206.676611] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  206.695588] RSP: 002b:00007f9b7cb5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.703699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[  206.710959] RDX: 0000000020000040 RSI: 0000000040086200 RDI: 0000000000000004
[  206.718213] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  206.725469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b7cb606d4
[  206.732812] R13: 00000000004bed50 R14: 00000000004cead0 R15: 00000000ffffffff
[  206.740078] 
[  206.741695] Uninit was created at:
[  206.745231]  kmsan_internal_poison_shadow+0xc8/0x1d0
[  206.750338]  kmsan_kmalloc+0xa4/0x120
[  206.754131]  __kmalloc+0x14b/0x440
[  206.757669]  kmsan_vmap+0x9b/0x180
[  206.761212]  vmap+0x3a1/0x510
[  206.764393]  ion_heap_map_kernel+0xa33/0xad0
[  206.768793]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  206.773978]  dma_buf_ioctl+0x376/0x630
[  206.777851]  do_vfs_ioctl+0xcf3/0x2810
[  206.781725]  __se_sys_ioctl+0x1da/0x270
[  206.785707]  __x64_sys_ioctl+0x4a/0x70
[  206.789584]  do_syscall_64+0xbe/0x100
[  206.793377]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  206.798552] ==================================================================
[  206.805892] Disabling lock debugging due to kernel taint
[  206.811348] Kernel panic - not syncing: panic_on_warn set ...
[  206.811348] 
[  206.818710] CPU: 1 PID: 7250 Comm: syz-executor2 Tainted: G    B             4.19.0-rc4+ #66
[  206.827276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  206.836619] Call Trace:
[  206.839211]  dump_stack+0x306/0x460
[  206.842845]  panic+0x54c/0xafa
[  206.846066]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  206.851510]  kmsan_report+0x2d3/0x2e0
[  206.855314]  __msan_warning+0x7c/0xe0
[  206.859116]  vmap_page_range_noflush+0x975/0xed0
[  206.863894]  map_vm_area+0x17d/0x1f0
[  206.868146]  kmsan_vmap+0xf2/0x180
[  206.871694]  vmap+0x3a1/0x510
[  206.874798]  ? ion_heap_map_kernel+0xa33/0xad0
[  206.879385]  ion_heap_map_kernel+0xa33/0xad0
[  206.883804]  ? ion_ioctl+0x690/0x690
[  206.887517]  ion_dma_buf_begin_cpu_access+0x2ba/0x9b0
[  206.892712]  ? ion_dma_buf_release+0x430/0x430
[  206.897290]  dma_buf_ioctl+0x376/0x630
[  206.901180]  ? dma_buf_poll+0x1690/0x1690
[  206.905324]  do_vfs_ioctl+0xcf3/0x2810
[  206.909725]  ? security_file_ioctl+0x92/0x200
[  206.914217]  __se_sys_ioctl+0x1da/0x270
[  206.918206]  __x64_sys_ioctl+0x4a/0x70
[  206.922085]  do_syscall_64+0xbe/0x100
[  206.925879]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  206.931069] RIP: 0033:0x457519
[  206.934259] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  206.953153] RSP: 002b:00007f9b7cb5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.960868] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[  206.968128] RDX: 0000000020000040 RSI: 0000000040086200 RDI: 0000000000000004
[  206.975385] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  206.982645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b7cb606d4
[  206.989898] R13: 00000000004bed50 R14: 00000000004cead0 R15: 00000000ffffffff
[  206.998434] Kernel Offset: disabled
[  207.002065] Rebooting in 86400 seconds..