[ 61.187105] audit: type=1800 audit(1539183939.222:27): pid=6236 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 62.761313] random: sshd: uninitialized urandom read (32 bytes read) [ 62.930927] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 63.825067] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 66.347826] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. [ 72.303349] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 15:05:52 fuzzer started [ 77.019587] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 15:05:57 dialing manager at 10.128.0.26:45337 2018/10/10 15:05:57 syscalls: 1 2018/10/10 15:05:57 code coverage: enabled 2018/10/10 15:05:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 15:05:57 setuid sandbox: enabled 2018/10/10 15:05:57 namespace sandbox: enabled 2018/10/10 15:05:57 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 15:05:57 fault injection: enabled 2018/10/10 15:05:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 15:05:57 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 15:05:57 net device setup: enabled [ 82.366051] random: crng init done 15:08:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r3 = dup3(r2, r1, 0x80000) ioctl$EVIOCREVOKE(r3, 0x40044591, &(0x7f0000000140)=0xc9a7) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000180)="86007300000000000000000000", 0x2, 0x0) unshare(0x40000000) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) pipe2(&(0x7f0000000140), 0x0) clock_gettime(0x0, &(0x7f0000000080)) r7 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_SMI(r4, 0xaeb7) ioctl$BLKTRACESTART(r7, 0x1274, 0x0) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x100, 0x279d}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r6) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f00000001c0)) ioctl$BLKTRACESTOP(r7, 0x1275, 0x0) [ 208.628380] IPVS: ftp: loaded support on port[0] = 21 [ 210.029493] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.036090] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.044859] device bridge_slave_0 entered promiscuous mode [ 210.192500] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.198990] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.207765] device bridge_slave_1 entered promiscuous mode [ 210.351424] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.552343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.083695] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.233834] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.379414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.386615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.530719] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.537893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 15:08:10 executing program 1: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x2, 0x0) socket(0x0, 0x0, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_DESTROY(r0, &(0x7f0000000100), 0x4) write(r0, &(0x7f0000000180)="3691bd2d", 0x4) write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000280)={0xe, 0x0, 0x0, 0x0, 0xc6c347426885e8a4}, 0xc) [ 211.981133] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.989435] team0: Port device team_slave_0 added [ 212.285213] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.293566] team0: Port device team_slave_1 added [ 212.605550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.612805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.621473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.720343] IPVS: ftp: loaded support on port[0] = 21 [ 212.913318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.920407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.929547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.115306] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.123041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.132367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.329000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.336852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.346298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.670551] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.677182] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.685939] device bridge_slave_0 entered promiscuous mode [ 214.993987] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.000490] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.009255] device bridge_slave_1 entered promiscuous mode [ 215.281362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.588107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.169698] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.176294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.183360] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.189837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.198936] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 216.375181] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.573085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.608888] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.915648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.923003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.129958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.137197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 15:08:15 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) r2 = getpid() timer_create(0x3, &(0x7f0000000180)={0x0, 0x3e, 0xfffffffffffffffc, @tid=r2}, &(0x7f00000001c0)) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x1141042, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x6a, "a58bad70fe56cabab257c5b2472d12e6ac59bf88b19d6329d784be7767e7db698eb984fd3825bf6b0ab15959b61812255dd5cfe1a333ce05ad68a731028a7a01e301edfbcd07bacdaf799df56a3443e3c7dd2fa6835d300b2a6cab78140216304bff1f59dfaae459fab4"}, &(0x7f0000000100)=0x8e) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x40000000011, r3, 0x0) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0xfffffeb3) [ 217.868290] ip (6535) used greatest stack depth: 53056 bytes left [ 218.120383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.128698] team0: Port device team_slave_0 added [ 218.448410] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.457106] team0: Port device team_slave_1 added [ 218.670740] IPVS: ftp: loaded support on port[0] = 21 [ 218.727363] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.739936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.749238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.017236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.024585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.033845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.326354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.334188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.343455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.699371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.707269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.716668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.348307] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.354993] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.363728] device bridge_slave_0 entered promiscuous mode [ 221.654346] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.660838] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.669982] device bridge_slave_1 entered promiscuous mode [ 221.915436] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.141893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.059460] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 223.200869] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.207466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.214538] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.221020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.230026] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 223.313736] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.496884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 223.508117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.798767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.633686] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.642240] team0: Port device team_slave_0 added [ 224.844495] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.853016] team0: Port device team_slave_1 added [ 225.126218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.133583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.142698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.477184] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.484408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.493417] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 15:08:23 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000080)="0f", 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) [ 225.804190] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.812187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.821050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.216352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.224025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.233145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.224822] IPVS: ftp: loaded support on port[0] = 21 [ 228.953860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.226335] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 230.559065] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.565816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.572926] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.579395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.588442] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.686729] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.693391] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.702271] device bridge_slave_0 entered promiscuous mode [ 230.891981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 231.020165] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.026797] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.035408] device bridge_slave_1 entered promiscuous mode [ 231.353712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.632997] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 231.639406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 231.647640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.719434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.706195] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.072368] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.117897] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.438923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 233.446251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.786850] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 233.794147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.993225] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.001438] team0: Port device team_slave_0 added [ 235.458705] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.466998] team0: Port device team_slave_1 added [ 235.760645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.767876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.777234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 15:08:34 executing program 4: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85b, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) [ 236.207248] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.214701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.223749] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.663372] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.671073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.680356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.097622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.105558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.114780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.881500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.193711] IPVS: ftp: loaded support on port[0] = 21 [ 239.575296] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.198399] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.204990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.213232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.093995] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.100484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.107572] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.114132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.123160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.192084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.602627] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.609126] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.617967] device bridge_slave_0 entered promiscuous mode [ 242.853763] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.039380] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.045988] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.054910] device bridge_slave_1 entered promiscuous mode [ 243.315089] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 243.431434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 243.526052] IPVS: ftp: loaded support on port[0] = 21 [ 243.602244] ================================================================== [ 243.609686] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 243.616829] CPU: 0 PID: 7086 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #66 [ 243.624042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.633411] Call Trace: [ 243.636043] dump_stack+0x306/0x460 [ 243.639700] ? vmap_page_range_noflush+0x975/0xed0 [ 243.644681] kmsan_report+0x1a2/0x2e0 [ 243.648529] __msan_warning+0x7c/0xe0 [ 243.652389] vmap_page_range_noflush+0x975/0xed0 [ 243.657222] map_vm_area+0x17d/0x1f0 [ 243.660979] kmsan_vmap+0xf2/0x180 [ 243.664566] vmap+0x3a1/0x510 [ 243.667719] ? relay_open_buf+0x81e/0x19d0 [ 243.672024] relay_open_buf+0x81e/0x19d0 [ 243.676152] relay_open+0xabb/0x1370 [ 243.679929] do_blk_trace_setup+0xaf7/0x1780 [ 243.684410] __blk_trace_setup+0x20b/0x380 [ 243.688703] blk_trace_setup+0xfb/0x140 [ 243.692745] sg_ioctl+0x10ff/0x58b0 [ 243.696433] ? do_vfs_ioctl+0x18a/0x2810 [ 243.700527] ? __se_sys_ioctl+0x1da/0x270 [ 243.704712] ? sg_poll+0x870/0x870 [ 243.708297] do_vfs_ioctl+0xcf3/0x2810 [ 243.712235] ? security_file_ioctl+0x92/0x200 [ 243.716776] __se_sys_ioctl+0x1da/0x270 [ 243.720802] __x64_sys_ioctl+0x4a/0x70 [ 243.724717] do_syscall_64+0xbe/0x100 [ 243.728562] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 243.733775] RIP: 0033:0x457579 [ 243.736990] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 243.755928] RSP: 002b:00007fd1b15c5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 243.763670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 243.770959] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 000000000000000c [ 243.778257] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 243.785552] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd1b15c66d4 [ 243.792851] R13: 00000000004be9e3 R14: 00000000004ce6e0 R15: 00000000ffffffff [ 243.800179] [ 243.801819] Uninit was created at: [ 243.805393] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 243.810523] kmsan_kmalloc+0xa4/0x120 [ 243.814351] __kmalloc+0x14b/0x440 [ 243.817915] kmsan_vmap+0x9b/0x180 [ 243.821481] vmap+0x3a1/0x510 [ 243.824618] relay_open_buf+0x81e/0x19d0 [ 243.828699] relay_open+0xabb/0x1370 [ 243.832449] do_blk_trace_setup+0xaf7/0x1780 [ 243.836886] __blk_trace_setup+0x20b/0x380 [ 243.841145] blk_trace_setup+0xfb/0x140 [ 243.845148] sg_ioctl+0x10ff/0x58b0 [ 243.848795] do_vfs_ioctl+0xcf3/0x2810 [ 243.852701] __se_sys_ioctl+0x1da/0x270 [ 243.856711] __x64_sys_ioctl+0x4a/0x70 [ 243.860635] do_syscall_64+0xbe/0x100 [ 243.864465] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 243.869664] ================================================================== [ 243.877036] Disabling lock debugging due to kernel taint [ 243.881236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 243.882496] Kernel panic - not syncing: panic_on_warn set ... [ 243.882496] [ 243.882533] CPU: 0 PID: 7086 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #66 [ 243.882547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.882556] Call Trace: [ 243.882591] dump_stack+0x306/0x460 [ 243.882637] panic+0x54c/0xafa [ 243.924306] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 243.929793] kmsan_report+0x2d3/0x2e0 [ 243.933628] __msan_warning+0x7c/0xe0 [ 243.937465] vmap_page_range_noflush+0x975/0xed0 [ 243.942291] map_vm_area+0x17d/0x1f0 [ 243.946054] kmsan_vmap+0xf2/0x180 [ 243.949630] vmap+0x3a1/0x510 [ 243.952771] ? relay_open_buf+0x81e/0x19d0 [ 243.957051] relay_open_buf+0x81e/0x19d0 [ 243.961169] relay_open+0xabb/0x1370 [ 243.964943] do_blk_trace_setup+0xaf7/0x1780 [ 243.969413] __blk_trace_setup+0x20b/0x380 [ 243.973703] blk_trace_setup+0xfb/0x140 [ 243.977729] sg_ioctl+0x10ff/0x58b0 [ 243.981414] ? do_vfs_ioctl+0x18a/0x2810 [ 243.985495] ? __se_sys_ioctl+0x1da/0x270 [ 243.989677] ? sg_poll+0x870/0x870 [ 243.993250] do_vfs_ioctl+0xcf3/0x2810 [ 243.997207] ? security_file_ioctl+0x92/0x200 [ 244.001772] __se_sys_ioctl+0x1da/0x270 [ 244.005810] __x64_sys_ioctl+0x4a/0x70 [ 244.009748] do_syscall_64+0xbe/0x100 [ 244.013590] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 244.018801] RIP: 0033:0x457579 [ 244.022021] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 244.040950] RSP: 002b:00007fd1b15c5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 244.048716] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 244.056029] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 000000000000000c [ 244.063317] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 244.070604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd1b15c66d4 [ 244.077896] R13: 00000000004be9e3 R14: 00000000004ce6e0 R15: 00000000ffffffff [ 244.086357] Kernel Offset: disabled [ 244.089995] Rebooting in 86400 seconds..