[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   60.487127] sshd (6135) used greatest stack depth: 53184 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[   60.684462] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   64.344117] random: sshd: uninitialized urandom read (32 bytes read)
[   64.807550] random: sshd: uninitialized urandom read (32 bytes read)
[   67.514309] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
[   73.378870] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/10 16:03:58 fuzzer started
[   78.205399] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/10 16:04:03 dialing manager at 10.128.0.26:45337
2018/10/10 16:04:03 syscalls: 1
2018/10/10 16:04:03 code coverage: enabled
2018/10/10 16:04:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/10 16:04:03 setuid sandbox: enabled
2018/10/10 16:04:03 namespace sandbox: enabled
2018/10/10 16:04:03 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/10 16:04:03 fault injection: enabled
2018/10/10 16:04:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/10 16:04:03 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/10 16:04:03 net device setup: enabled
[   83.732613] random: crng init done
16:06:06 executing program 0:
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0)=<r0=>0x0)
getpgid(r0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
unshare(0x400)
signalfd(r1, &(0x7f00000001c0), 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000300)=0x4, 0x260)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth1_to_bond\x00', 0x2}, 0x18)
ioctl(r3, 0x800000000008982, &(0x7f0000000080))
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000540)=ANY=[@ANYRESHEX=r4], 0x12)
mount(&(0x7f0000000880)=ANY=[], &(0x7f0000000800)='./file0//ile0\x00', &(0x7f0000000200)='cgrQup2\x00', 0x2, 0x0)
ioctl$TIOCNXCL(r2, 0x540d)
r5 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x0, 0x94)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000a80)=ANY=[], &(0x7f0000000100))
ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000400))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f00000002c0), 0x8)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000480)={&(0x7f00000003c0)='./file0//ile0\x00', r4}, 0x190)
ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0xf)
syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x400880)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
io_setup(0x5, &(0x7f0000000000)=<r7=>0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0xbd, &(0x7f00000014c0)}, &(0x7f0000000100)=0x10)
io_submit(r7, 0x1, &(0x7f00000000c0)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x4000000000000, 0x80000000000, r6, &(0x7f0000001000), 0x0, 0x400000000000009, 0x0, 0x2, 0xffffffffffffff9c}])
setsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000001c0)={0xffff, 0x5, 0xc65b, 0x9, 0x80, 0x5, 0x1ff, 0x4, 0x20, 0x5, 0x7}, 0xb)
pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000780)="00bb86859177acfa28242151458bb70f92b0e904381aa083c47facba02eadc564878ff078555608b7f4a2df1b4c659d27ed77a192cd67ed7ffe790345b614b700000000000000000000000000000", 0x4e}], 0x1, 0x81806)
sendmsg(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000140)=@pppoe={0x18, 0x0, {0x0, @local, 'yam0\x00'}}, 0x80, &(0x7f00000007c0), 0x0, &(0x7f0000000e00)=ANY=[], 0x0, 0x840}, 0x0)

[  204.790045] IPVS: ftp: loaded support on port[0] = 21
[  206.211858] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.218363] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.227484] device bridge_slave_0 entered promiscuous mode
[  206.393346] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.399860] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.408685] device bridge_slave_1 entered promiscuous mode
[  206.559977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  206.705335] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  207.160242] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  207.310679] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  207.598803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  207.606008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
16:06:11 executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x3)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070")
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000004c0)={@dev, @empty, @mcast2, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x81000100})

[  208.066483] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  208.074986] team0: Port device team_slave_0 added
[  208.287350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  208.295714] team0: Port device team_slave_1 added
[  208.497961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.757342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  208.764444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.773603] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.935273] IPVS: ftp: loaded support on port[0] = 21
[  209.031977] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  209.067907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  209.077458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  209.256399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  209.264597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  209.273997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.913978] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.920459] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.929247] device bridge_slave_0 entered promiscuous mode
[  211.206837] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.213407] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.222150] device bridge_slave_1 entered promiscuous mode
[  211.512144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  211.773460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.947879] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.954447] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.961444] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.968030] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.977421] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  212.001806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.441935] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  212.625226] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  213.107473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  213.114742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  213.706324] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  213.714749] team0: Port device team_slave_0 added
[  213.904780] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  213.913222] team0: Port device team_slave_1 added
[  214.106212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  214.113407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  214.122579] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  214.310056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  214.317345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  214.326756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
16:06:17 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000000), 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x104, 0x279d})
ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0)

[  214.662461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  214.669998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  214.679652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  214.955916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  214.963749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  214.973084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  215.581272] IPVS: ftp: loaded support on port[0] = 21
[  218.349327] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.355941] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.363073] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.369569] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.378921] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  218.688587] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.695336] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.704033] device bridge_slave_0 entered promiscuous mode
[  219.081498] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.088202] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.097030] device bridge_slave_1 entered promiscuous mode
[  219.142492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  219.499352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  219.884073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  220.774402] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  221.108070] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  221.417766] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  221.425163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  221.732395] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  221.739544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
16:06:25 executing program 3:
openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=""/108}, 0x18)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000500)={0x10000009, 0xffffffffffffffff, 0x0, <r1=>0xffffffffffffffff})
mmap(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x1, 0x811, r1, 0x0)

[  222.821554] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  222.829946] team0: Port device team_slave_0 added
[  223.098993] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  223.107396] team0: Port device team_slave_1 added
[  223.449537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  223.457241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  223.466259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  223.839354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  223.846621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  223.855876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  224.204640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  224.212541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  224.221864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  224.244025] IPVS: ftp: loaded support on port[0] = 21
[  224.623201] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  224.630915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  224.640238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  224.710048] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.044496] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  227.469489] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  227.476138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  227.484483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  227.910258] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.916928] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.925611] device bridge_slave_0 entered promiscuous mode
[  228.362505] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.368981] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.377656] device bridge_slave_1 entered promiscuous mode
[  228.756002] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.762562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  228.769555] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.776173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  228.785136] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  228.836812] 8021q: adding VLAN 0 to HW filter on device team0
[  228.870217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  229.004468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  229.188313] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  230.348916] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  230.745280] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  231.101146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  231.108347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  231.494244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  231.513424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  232.535944] 8021q: adding VLAN 0 to HW filter on device bond0
[  232.576773] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  232.585027] team0: Port device team_slave_0 added
[  233.043283] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  233.051539] team0: Port device team_slave_1 added
[  233.393998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  233.401134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  233.410499] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
16:06:36 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x801, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc)
listen(r1, 0x0)
accept4(r1, &(0x7f0000b17000)=@generic, &(0x7f0000dbd000)=0x80, 0x0)
dup2(0xffffffffffffffff, r1)
connect(r0, &(0x7f0000931ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc)

[  233.775119] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  233.782899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  233.792118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  234.023832] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  234.173908] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  234.181566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  234.190746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  234.675355] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  234.683073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  234.692274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  235.766341] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  235.772889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  235.778769] IPVS: ftp: loaded support on port[0] = 21
[  235.780915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  237.503606] 8021q: adding VLAN 0 to HW filter on device team0
[  238.384699] hrtimer: interrupt took 44730 ns
16:06:42 executing program 0:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)

16:06:42 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4d}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x20000000000001cc, &(0x7f0000346fc8)=@framed={{}, [@alu={0x201a7f1b, 0x0, 0x201a7fd7, 0xa, 0x0, 0xff00}]}, &(0x7f0000000000)="47504cc000", 0x0, 0xfb, &(0x7f0000000040)=""/251, 0x0, 0x0, [0xff000000]}, 0x48)

[  239.969474] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.976206] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.984865] device bridge_slave_0 entered promiscuous mode
16:06:43 executing program 0:
r0 = socket$inet6(0xa, 0x4000000000000002, 0x0)
sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x8002, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @empty, 0x80000001}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x800000018, &(0x7f0000001280)=0x503, 0x4)
sendto(r0, &(0x7f0000000800)="fd1a15d153a01fed011a749fb855c7e1af1d669de97965f1ad8e2eb3c1f51399e4b94244412e1c1726136551b9b9a1c7a3fd194089a027df7cfa454a3a225dd3a3aa56e3e52f1c19186a1cd29620dd3ad8402a45be80da8dcf716d485d8362f3da5b1fbdeb2eee91f7e5819f0503497d60c92f1c156cbfb193d5ba494c9a1a0f03b02d53272b0f2ccfcfb78a9e1a9ae7c11ef14a817adea4113395301e20a874ac1c70dea4bddf6edeb78b5bc32c1ab70fe858277474b95ed33bccd6ab03a817e7a145d22384f49feaa103786337251213c0b1633f5bfac396e6", 0xda, 0x8000, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x2, @broadcast, 'vcan0\x00'}}, 0x80)
sendmsg(r0, &(0x7f0000000200)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000240)="e694446313bf3fbb7da9fb7044d8d6bb7449171c7a0931f0465c2412cf80f5d557ceb62420f506ae868cac9ead69705ec96964f2ec4effd0c769d94debe11981cdf2a8a7994841b3bfa645b1cfa3879d6e3b1eacf164664d692f951d2d2f323df5c384294c059b4824ef9e3559e0ca12b114d17007978d7427d2427722cbd55690b6d2c53b43731d5eefeecdaf5b00f06fcb1bf690843fbc1e68cc725d256da47e593beb1f00328f79adc639bf9f8ff7a9dad39f52e0d12a1d074bd08969c4077fbc4be4a6d06f545cdea6d3024988b688bb7fe8a543e710684a830c2092d506f7a8c70b970c424e04722358f032204af7de5a7ee2fa11d17c00385fd95432ea5b4d93678dcdf0f09aca1a4e842c1570d8d53e481362d0e9f661ad20db9f7b0409c862be90feccad089349ca6bdd09b957006b3b22b62f13c721396efba767cecadb5a9bcf18f093b0e0aaa42e479b397ce0db2bf0efeb2435742523a5a2ffc4c3dc1e86162eab1431665eeecc098e7ad859d6f859b3d41bf32362699172f88a58560eb4cd837443363dd6c5d93aa3818d7b549a206040e781807d95f0dd810ab475a5007e2d6178180d3cdda9896aa51236451bffe19de27f73eb1b671f097cc2dba1bc0f4b7c51b7452f6e570b0152fb853c157f86d6a733942aa72a440f52dab3978ae8ee73147d9fa9b7a164ea737dc6b0e0eb8bbef9aa67288d38aa1274a22510b1dfa5bdf4016c6fcaa243f9b02912332397272c535f4603aef9c77f16f34b048e3df04b32eb83375cf9b740e6b6d51963499173b565ebe3856090c2e9df95e5f52ef2068a09365f0f241ce18356aca0b08888f1188205135ddd9d9781cec144eeeb30ab68cd31e46afc7c5d730edbf9988f481ff17055782d6ec1dee6488f7ef6ed60615aa8a0c10fd201d0c1f3bc48fb03cd533bac108ac1a7f3bc71743622eee36213008ec7314d39787aef46d3229765e57acba8ae2b6a0ddbc75f68976092219a29c2d11ea845fb3232ba90934ba9549dbfa323fabd51392c619109ce4b7759f2a335972262d9032b357f1df5aa280e27aa917c4a1107dd0e0968ccb9b1d0e11d1a38a670a1e82dc7a2bc4f75c46292b0d0dbfb4d3df934674a786c75f6d9f4067c8832061a06f7827e07d17334a9d12400b37d6f8f58eecfbe388e7ee1b1708bdf78288844d4b780dab9c83914c7ef40c4828a4296386356073cd0ea142d7e78798ce39c53978af30d6f570c0a5850bb19a1ca7b51c0097780673c719a89975bf52884ba20e30b777a36e6b3cba1ad1c73297ce20ebcb739d09b9c4e581713f461041c57b4b909422d38514f6112ddce864975b4ead6ef383d3ecb645938c611f9ac32069cf8749b559fb93f8fb945f5b51de634873ab7f4bc8b119f48192dc8e1f5e0f9c0978cddadef0d5e686bd89ada25b514b753b78436eaf4c3f6295570a0c39fb927ba9147b41b9f12d4b0b17f009aab928c080837436498f131d4ad0e0187212bbb940435b946fea98a755fcaadb01d5cae454b06d459bb69fd1d9745397d52262630bcd8423bfe3f5fcc3c2e8589e050167c7fcaf57cdfd9eaf36dad34c6effa0d387c5d06314e030eab55aacbd8d3e74a4d5f0a0901bb5b9b47489bed052401d74b774a5d373d55d4e31a0b115a13683f8174ce6159cccba8fa93b3a77d5fdbf132d998bc26483dfee0a0050ce30a30b49156a0c4fbfa963d4d428937537b591fe6524dac4b19c4fde980e5036902ab340bb953819d2f38357c1aa74f5ebda7435a3c88b5af48599b4ce781048e056abb678a484e21252f4c4ccdeb9b69ece762f1cc32737dbd175a5c0ed03c4872cb24349658a61cb2ffa5f54bdb41d2b854d8873b3af1d4f8e39a85716db12581de7df4c065c7c3144921e467030045d28036b1718186f24e66910c4542d6b5c8642e033fc6410ff4b00f40ea57662bfa81394344218744f1a33b7ca43d8930132cf3419fc7d673a644dd02b1d133fedfeded41d0de12db74f0056c6c484f6a74b459c51a3683ecb51e07456efa8339e2573cf701", 0x5ad}], 0x1, &(0x7f00000036c0)}, 0x0)
r1 = dup2(r0, r0)
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000900)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000000000001b00000005000000b006000000000000a00400000004000000000000030000e0050000e0050000e0050000e0050000e022a9636a00000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB="0000000000000000000000000000d415000000000000a474a34e000000000000000000000000000000000000000000000000170000000000000000000000000000000000000010000000000000000000"], @ANYBLOB="fe80000000000000000000000000000c00000000000000000000000000000000ffffffffffffffff000000ffffffff00ffffffff000000ff000000ff0000000064756d6d79300000000000000000000065716c00000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000200150000000000000000000000000000005801a001000000000000000000000000000000000000000000000000480068626800000000000000000000000000000000000000000000000000000001000000060100808000ff0707000000ffff80000400ff7ff28c0400490c07000001a4000300030048006473740000000000000000000000000000000000000000000000000000002debd55802010800000003000101090000000200ffffff0101000180010039ab0200f20d01000e0048004e45544d41500000000000000000000000000000000000000000000000000100000000000000000000000000000000000000ff02000000000000000000000000000100644e23000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001801600100000000000000000000000000000000000000000000000028006c656e67746800000000000000000000000000000000000000000000000000003f0000000000280069636d70360000000000000000000000000000000000000000000000000011f609000000000048004d415351554552414445000000000000000000000000000000000000000008000000000000000000000000000000000000010000000000000000000000000000000000664e230000000000000000000000000000000100000000000000000000ffffac14140dffffffff0000000000000000ffffffffffffff00000000ffff000000ffffffff7465616d5f736c6176655f310000000076657468305f746f5f62726964676500000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c007f0342000000000000000000000000000000400188010000000000000000000000000000000000000000000000003000616800000000000000000000000000000000000000000000000000000000000004d6000004d6e7000000070100004800647374000000000000000000000000000000000000000000000000000000000000000401080005000300ffff000007000500000007000800ffff840007000000080007000800480052454449524543540000000000000000000000000000000000000000000019000000ac1414bb000000000000000000000000ac14142100000000000000000000000004005c0400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100158010000000000000000000000000000000000000000000000004800686268000000000000000000000000000000000000000000000000000000ff000000070105005d4b000204000400ffff000131060900030004000500010000022c00fcff050048004e45544d415000000000000000000000000000000000000000000000000010000000ff020000000000000000000000000001ff0200000000000000000000000000014e2301000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x710)

[  240.047412] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.053995] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.060975] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.067612] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.076286] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
16:06:43 executing program 0:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net\x00')
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0xfffffffffffffffc, 0x10000)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000000c0)={<r2=>0x0, 0x74, "72881b66899f00dde9516220cc1e1503e1a74cbfdb05558cc80ced0d8291e9cb236c267920a729bd18053c92c2a10cf42b27d9fd7f7678c9e21567280cc9f11e65647e32a954fcb3037f82c9f3929563da4e6173bcfc9f2042836741ef0d4f83f250efc61ec47c6dcdeb39c70eda6f99cfc7b1c7"}, &(0x7f0000000180)=0x7c)
setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000200)={r2, 0x1, 0x200, 0x2}, 0x10)
exit(0x1)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000080))
exit(0x0)
utimensat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={{0x0, 0x7530}, {0x0, 0x2710}}, 0x0)
fcntl$getown(r0, 0x9)

[  240.510913] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.518539] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.527361] device bridge_slave_1 entered promiscuous mode
[  240.822434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  241.012124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  241.356130] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
16:06:44 executing program 0:
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000180), 0x16b)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000040)=""/220)

16:06:45 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0xff, 0x4000)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(r1, 0x2)
ioctl(r0, 0x4000000008912, &(0x7f0000000000)="153f6234488dd25d766070")
getsockopt$inet6_dccp_int(r0, 0x21, 0xa, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000080)={'bcsf0\x00', @ifru_names='ip6gre0\x00'})

16:06:45 executing program 0:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000500)={<r1=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000140)={<r2=>0x0, r1, 0x6})
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000480)={0x0, r2})
lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
lsetxattr$trusted_overlay_origin(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='trusted.overlay.origin\x00', &(0x7f0000000200)='y\x00', 0x2, 0x1)
r3 = add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)="77705007d3a274cbddb751dd3e7c99fcaa6a7afc989fcfbf371d5743cb0afffbff4c253c47d644d890bb396904fb438ce4aad3fdf6abbb69a09c834d10f559619f7950f98189d4cce0830d7624b771f4d48bdbc34aea70c3379dc8e274533e48e6f5be4d72b9f3e290894b22cfecd98d3c91878b6464200cfaf505c85f193dca83954c3a33f4cfc405112dab1d3d1b50da1c4194628ba85f78233aa2", 0x9c, 0xfffffffffffffffb)
r4 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r3, &(0x7f0000000380)='cifs.spnego\x00', &(0x7f00000003c0)={'syz', 0x2}, r4)
request_key(&(0x7f000000aff5)='user\x00', &(0x7f00000004c0), &(0x7f0000001fee)="520972697374e363757367725669643a4465", r4)

[  242.728051] bond0: Enslaving bond_slave_0 as an active interface with an up link
16:06:46 executing program 0:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000006000)='/dev/ppp\x00', 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000001000)=[{&(0x7f0000000080)="ea08", 0x2}], 0x1, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000001c0)=""/246)
ioctl$EVIOCGREP(r0, 0x4010744d, &(0x7f0000001000)=""/174)
syslog(0x0, &(0x7f00000002c0)=""/227, 0xe3)
mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='ubifs\x00', 0x800008, &(0x7f0000000100)='\x00')
getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000003c0)=0x4)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x1, 0xffffffffffffffc1, 0xfffffffffffff800, 0x100000001, 0x30, 0x6, 0xf3, 0x70f, 0x9, 0xffffffff, 0x68be, 0xb3cd})

[  243.258146] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  243.741795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  243.748977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  244.070464] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  244.077857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  245.280403] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  245.289285] team0: Port device team_slave_0 added
[  245.660620] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  245.669176] team0: Port device team_slave_1 added
[  246.036418] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  246.043698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  246.052755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  246.157370] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.458868] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  246.466180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  246.475194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  246.676704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  246.684866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  246.694072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  246.946211] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  246.954135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  246.963547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  247.269680] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
16:06:50 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000100)={{}, {0xa, 0x0, 0x0, @mcast2}, 0x0, [0x7f]}, 0x5c)

[  248.298097] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  248.304742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  248.312796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  249.156408] 8021q: adding VLAN 0 to HW filter on device team0
[  249.882271] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.888818] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.895980] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.902526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  249.910997] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  249.917798] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  253.489316] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.412572] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  254.675725] ==================================================================
[  254.683165] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0
[  254.690306] CPU: 0 PID: 7307 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66
[  254.697511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  254.706875] Call Trace:
[  254.709488]  dump_stack+0x306/0x460
[  254.713143]  ? vmap_page_range_noflush+0x975/0xed0
[  254.718113]  kmsan_report+0x1a2/0x2e0
[  254.721945]  __msan_warning+0x7c/0xe0
[  254.725775]  vmap_page_range_noflush+0x975/0xed0
[  254.730596]  map_vm_area+0x17d/0x1f0
[  254.734346]  kmsan_vmap+0xf2/0x180
[  254.737918]  vmap+0x3a1/0x510
[  254.741047]  ? relay_open_buf+0x81e/0x19d0
[  254.745319]  relay_open_buf+0x81e/0x19d0
[  254.749429]  relay_open+0xabb/0x1370
[  254.753197]  do_blk_trace_setup+0xaf7/0x1780
[  254.757663]  __blk_trace_setup+0x20b/0x380
[  254.761952]  blk_trace_setup+0xfb/0x140
[  254.765958]  sg_ioctl+0x10ff/0x58b0
[  254.769629]  ? do_vfs_ioctl+0x18a/0x2810
[  254.773745]  ? __se_sys_ioctl+0x1da/0x270
[  254.777928]  ? sg_poll+0x870/0x870
[  254.781495]  do_vfs_ioctl+0xcf3/0x2810
[  254.785420]  ? security_file_ioctl+0x92/0x200
[  254.789949]  __se_sys_ioctl+0x1da/0x270
[  254.793963]  __x64_sys_ioctl+0x4a/0x70
[  254.797870]  do_syscall_64+0xbe/0x100
[  254.801698]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  254.806906] RIP: 0033:0x457579
[  254.810111] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  254.829029] RSP: 002b:00007f5b1c53cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  254.836762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  254.844047] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000003
[  254.851324] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  254.858604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b1c53d6d4
[  254.865883] R13: 00000000004be9e3 R14: 00000000004ce6e0 R15: 00000000ffffffff
[  254.873185] 
[  254.874820] Uninit was created at:
[  254.878380]  kmsan_internal_poison_shadow+0xc8/0x1d0
[  254.883498]  kmsan_kmalloc+0xa4/0x120
[  254.887318]  __kmalloc+0x14b/0x440
[  254.890875]  kmsan_vmap+0x9b/0x180
[  254.894430]  vmap+0x3a1/0x510
[  254.897548]  relay_open_buf+0x81e/0x19d0
[  254.901624]  relay_open+0xabb/0x1370
[  254.905362]  do_blk_trace_setup+0xaf7/0x1780
[  254.909792]  __blk_trace_setup+0x20b/0x380
[  254.914046]  blk_trace_setup+0xfb/0x140
[  254.918040]  sg_ioctl+0x10ff/0x58b0
[  254.921689]  do_vfs_ioctl+0xcf3/0x2810
[  254.925600]  __se_sys_ioctl+0x1da/0x270
[  254.929585]  __x64_sys_ioctl+0x4a/0x70
[  254.933493]  do_syscall_64+0xbe/0x100
[  254.937312]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  254.942504] ==================================================================
[  254.949871] Disabling lock debugging due to kernel taint
[  254.955332] Kernel panic - not syncing: panic_on_warn set ...
[  254.955332] 
[  254.962721] CPU: 0 PID: 7307 Comm: syz-executor2 Tainted: G    B             4.19.0-rc4+ #66
[  254.971304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  254.980663] Call Trace:
[  254.983276]  dump_stack+0x306/0x460
[  254.986941]  panic+0x54c/0xafa
[  254.990200]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  254.995678]  kmsan_report+0x2d3/0x2e0
[  254.999535]  __msan_warning+0x7c/0xe0
[  255.003364]  vmap_page_range_noflush+0x975/0xed0
[  255.008191]  map_vm_area+0x17d/0x1f0
[  255.011944]  kmsan_vmap+0xf2/0x180
[  255.015509]  vmap+0x3a1/0x510
[  255.018638]  ? relay_open_buf+0x81e/0x19d0
[  255.022908]  relay_open_buf+0x81e/0x19d0
[  255.027020]  relay_open+0xabb/0x1370
[  255.030782]  do_blk_trace_setup+0xaf7/0x1780
[  255.035245]  __blk_trace_setup+0x20b/0x380
[  255.039529]  blk_trace_setup+0xfb/0x140
[  255.043542]  sg_ioctl+0x10ff/0x58b0
[  255.047225]  ? do_vfs_ioctl+0x18a/0x2810
[  255.051302]  ? __se_sys_ioctl+0x1da/0x270
[  255.055999]  ? sg_poll+0x870/0x870
[  255.059560]  do_vfs_ioctl+0xcf3/0x2810
[  255.063484]  ? security_file_ioctl+0x92/0x200
[  255.068012]  __se_sys_ioctl+0x1da/0x270
[  255.072025]  __x64_sys_ioctl+0x4a/0x70
[  255.075931]  do_syscall_64+0xbe/0x100
[  255.079754]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  255.084957] RIP: 0033:0x457579
[  255.088173] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  255.107096] RSP: 002b:00007f5b1c53cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  255.114829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  255.122139] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000003
[  255.129437] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  255.136723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b1c53d6d4
[  255.144007] R13: 00000000004be9e3 R14: 00000000004ce6e0 R15: 00000000ffffffff
[  255.152302] Kernel Offset: disabled
[  255.155942] Rebooting in 86400 seconds..