[ 59.153451] audit: type=1800 audit(1539187700.185:27): pid=6072 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 60.725239] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c[ 61.059206] random: sshd: uninitialized urandom read (32 bytes read) . [ 61.773093] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 64.527430] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. [ 70.296943] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 16:08:33 fuzzer started [ 74.958968] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 16:08:38 dialing manager at 10.128.0.26:45337 2018/10/10 16:08:38 syscalls: 1 2018/10/10 16:08:38 code coverage: enabled 2018/10/10 16:08:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 16:08:38 setuid sandbox: enabled 2018/10/10 16:08:38 namespace sandbox: enabled 2018/10/10 16:08:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 16:08:38 fault injection: enabled 2018/10/10 16:08:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 16:08:38 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 16:08:38 net device setup: enabled [ 80.361901] random: crng init done 16:10:47 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) ppoll(&(0x7f0000000040)=[{r1}], 0x1, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000140), 0x8) [ 206.980960] IPVS: ftp: loaded support on port[0] = 21 [ 208.564421] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.570917] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.579733] device bridge_slave_0 entered promiscuous mode [ 208.724085] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.730573] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.739237] device bridge_slave_1 entered promiscuous mode [ 208.879800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.019555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.458186] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.603321] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.748309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 209.755632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.898098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.905330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:10:51 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x1b, &(0x7f0000000100)="98659a2cd0d6247ba1fb59885776dc32f6153aaa", 0x14) [ 210.405374] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.413709] team0: Port device team_slave_0 added [ 210.677204] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.685519] team0: Port device team_slave_1 added [ 210.927520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.934757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.943979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.093266] IPVS: ftp: loaded support on port[0] = 21 [ 211.120026] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.127250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.136880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.292452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.300137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.309393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.488845] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.496675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.505855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.545803] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.552442] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.560997] device bridge_slave_0 entered promiscuous mode [ 213.789981] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.796612] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.805376] device bridge_slave_1 entered promiscuous mode [ 214.041684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.098777] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.105333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.112394] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.118874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.127938] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 214.336241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.712232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.018633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 215.205334] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 215.380020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 215.389798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:10:56 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000080)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="5500000018007f7000fe01b2a4a280930a60020000a84302910000003900090023000c00020000000d000500fe8042000000c78b80082314e9030b9d566885b16732009b1100b1df136ef75afb000000000b000000", 0x55}], 0x1, &(0x7f0000000400)}, 0x0) [ 216.483035] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.491383] team0: Port device team_slave_0 added [ 216.728157] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.736394] team0: Port device team_slave_1 added [ 216.942177] IPVS: ftp: loaded support on port[0] = 21 [ 217.104016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 217.111092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.120276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.339436] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 217.346750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.355682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.646461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.654219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.663813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.975459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.983277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.992577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.945679] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.952373] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.960956] device bridge_slave_0 entered promiscuous mode [ 220.208170] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.214742] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.223903] device bridge_slave_1 entered promiscuous mode [ 220.590339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.850344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 221.576366] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.582943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.589903] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.596528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.605608] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 221.813167] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 221.863972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.091865] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.356232] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.363466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.612059] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.619157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:11:04 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x100000000000082, 0x0) read(r0, &(0x7f0000000300)=""/182, 0xb6) write$FUSE_ATTR(r0, &(0x7f0000000000)={0x78, 0x0, 0x1, {0x800000000007, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}}, 0x78) [ 223.566447] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.574657] team0: Port device team_slave_0 added [ 223.989534] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.999958] team0: Port device team_slave_1 added [ 224.445987] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.453471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.462549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.866555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.873831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.882773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.268843] IPVS: ftp: loaded support on port[0] = 21 [ 225.300303] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.308027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.317668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.671206] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.678924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.688062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.679090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.999142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.990608] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.997357] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.006324] device bridge_slave_0 entered promiscuous mode [ 229.367914] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 229.375552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.383855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.407204] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.413799] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.422538] device bridge_slave_1 entered promiscuous mode [ 229.770090] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.776656] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.783775] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.790243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.799852] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 229.819940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 230.151951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.237178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.697042] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.306305] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.683377] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.015631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 232.022962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 232.447574] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 232.454756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 233.537482] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 233.545866] team0: Port device team_slave_0 added [ 233.966790] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 233.975138] team0: Port device team_slave_1 added 16:11:15 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x0, &(0x7f0000000040)) [ 234.406673] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 234.414001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 234.423256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.827324] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 234.836722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.846218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.210656] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.218560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.227785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.629857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.637647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.646772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.024299] IPVS: ftp: loaded support on port[0] = 21 [ 236.888166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.529184] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.219401] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.226050] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.234686] device bridge_slave_0 entered promiscuous mode [ 240.335656] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.342377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.350610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.561102] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.567746] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.576554] device bridge_slave_1 entered promiscuous mode [ 240.687322] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.693953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.700938] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.707526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.716137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 16:11:21 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) ppoll(&(0x7f0000000040)=[{r1}], 0x1, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000140), 0x8) [ 240.990362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.141931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.325288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 16:11:22 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x811, r2, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) 16:11:23 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x811, r2, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) [ 242.093324] 8021q: adding VLAN 0 to HW filter on device team0 16:11:23 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x811, r2, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) [ 242.653271] bond0: Enslaving bond_slave_0 as an active interface with an up link 16:11:23 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x811, r2, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) 16:11:24 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) [ 243.112549] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 243.565755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 243.573129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:11:24 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) 16:11:25 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) [ 244.075868] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 244.083116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.406490] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 245.414967] team0: Port device team_slave_0 added [ 245.777058] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 245.785418] team0: Port device team_slave_1 added [ 246.152199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 246.159277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.168659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.530225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.602141] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.609364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.619042] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.906976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 246.914822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.923823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.213569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 247.221226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.230590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.739509] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.926442] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.933021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.940909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.203873] 8021q: adding VLAN 0 to HW filter on device team0 16:11:31 executing program 1: syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x0) io_setup(0x40000000000f193, &(0x7f00000014c0)) io_setup(0x8001, &(0x7f0000001480)) [ 250.492871] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.499369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.506460] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.512998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.521797] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 250.528499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 253.880614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.719694] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 255.608971] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 255.615621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.623677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:11:37 executing program 2: r0 = socket(0x1e, 0x4, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'team_slave_1\x00', &(0x7f0000000100)=@ethtool_channels={0x9}}) [ 256.445028] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.538149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.087091] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 259.676864] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.683459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.691328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.909666] CUSE: info not properly terminated [ 259.917083] CUSE: info not properly terminated 16:11:41 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x100000000000082, 0x0) read(r0, &(0x7f0000000300)=""/182, 0xb6) write$FUSE_ATTR(r0, &(0x7f0000000000)={0x78, 0x0, 0x1, {0x800000000007, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}}, 0x78) [ 260.052378] CUSE: info not properly terminated [ 260.244159] 8021q: adding VLAN 0 to HW filter on device team0 16:11:43 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000180)=[{&(0x7f0000000240)="b7", 0x1}], 0x1, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000280)="1f668fe8b1149a93bf4c640555a62ed91effcb8346ae02bf070a2e5b54", 0x1d}], 0x1) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000007, 0x0) 16:11:43 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) 16:11:43 executing program 1: syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x0) io_setup(0x40000000000f193, &(0x7f00000014c0)) io_setup(0x8001, &(0x7f0000001480)) 16:11:43 executing program 2: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) dup3(r0, r1, 0x0) 16:11:43 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x100000000000082, 0x0) read(r0, &(0x7f0000000300)=""/182, 0xb6) write$FUSE_ATTR(r0, &(0x7f0000000000)={0x78, 0x0, 0x1, {0x800000000007, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}}, 0x78) 16:11:43 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x811, 0xffffffffffffffff, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) [ 262.411159] CUSE: info not properly terminated 16:11:43 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') close(r0) 16:11:43 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x100000000000082, 0x0) read(r0, &(0x7f0000000300)=""/182, 0xb6) write$FUSE_ATTR(r0, &(0x7f0000000000)={0x78, 0x0, 0x1, {0x800000000007, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}}, 0x78) 16:11:43 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x1b, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x811, 0xffffffffffffffff, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)) 16:11:43 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x8, 0x1b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000100)=0x2) [ 263.043823] ================================================================== [ 263.051254] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 263.058383] CPU: 0 PID: 7520 Comm: syz-executor4 Not tainted 4.19.0-rc4+ #66 [ 263.065581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.074949] Call Trace: [ 263.077571] dump_stack+0x306/0x460 [ 263.081229] ? vmap_page_range_noflush+0x975/0xed0 [ 263.086207] kmsan_report+0x1a2/0x2e0 [ 263.090061] __msan_warning+0x7c/0xe0 [ 263.093904] vmap_page_range_noflush+0x975/0xed0 [ 263.098749] map_vm_area+0x17d/0x1f0 [ 263.102526] kmsan_vmap+0xf2/0x180 [ 263.106112] vmap+0x3a1/0x510 [ 263.109253] ? ion_heap_map_kernel+0xa33/0xad0 [ 263.113885] ion_heap_map_kernel+0xa33/0xad0 [ 263.118363] ? ion_ioctl+0x690/0x690 [ 263.122118] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 263.127363] ? ion_dma_buf_release+0x430/0x430 [ 263.132042] dma_buf_ioctl+0x376/0x630 [ 263.135985] ? dma_buf_poll+0x1690/0x1690 [ 263.140373] do_vfs_ioctl+0xcf3/0x2810 [ 263.144328] ? security_file_ioctl+0x92/0x200 [ 263.148867] __se_sys_ioctl+0x1da/0x270 [ 263.152886] __x64_sys_ioctl+0x4a/0x70 [ 263.156814] do_syscall_64+0xbe/0x100 [ 263.160655] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.165963] RIP: 0033:0x457579 [ 263.169188] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.188111] RSP: 002b:00007f2a1e222c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.195848] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 263.203151] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 263.210437] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.217731] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a1e2236d4 [ 263.225045] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 263.232351] [ 263.233991] Uninit was created at: [ 263.237571] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 263.242702] kmsan_kmalloc+0xa4/0x120 [ 263.246535] __kmalloc+0x14b/0x440 [ 263.250095] kmsan_vmap+0x9b/0x180 [ 263.253656] vmap+0x3a1/0x510 [ 263.256789] ion_heap_map_kernel+0xa33/0xad0 [ 263.261230] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 263.266451] dma_buf_ioctl+0x376/0x630 [ 263.270363] do_vfs_ioctl+0xcf3/0x2810 [ 263.274303] __se_sys_ioctl+0x1da/0x270 [ 263.278325] __x64_sys_ioctl+0x4a/0x70 [ 263.282239] do_syscall_64+0xbe/0x100 [ 263.286087] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.291286] ================================================================== [ 263.298653] Disabling lock debugging due to kernel taint [ 263.304120] Kernel panic - not syncing: panic_on_warn set ... [ 263.304120] [ 263.311516] CPU: 0 PID: 7520 Comm: syz-executor4 Tainted: G B 4.19.0-rc4+ #66 [ 263.320110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.329477] Call Trace: [ 263.332100] dump_stack+0x306/0x460 [ 263.335792] panic+0x54c/0xafa [ 263.339094] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 263.344584] kmsan_report+0x2d3/0x2e0 [ 263.348437] __msan_warning+0x7c/0xe0 [ 263.352288] vmap_page_range_noflush+0x975/0xed0 [ 263.357133] map_vm_area+0x17d/0x1f0 [ 263.360890] kmsan_vmap+0xf2/0x180 [ 263.364465] vmap+0x3a1/0x510 [ 263.367602] ? ion_heap_map_kernel+0xa33/0xad0 [ 263.372226] ion_heap_map_kernel+0xa33/0xad0 [ 263.376683] ? ion_ioctl+0x690/0x690 [ 263.380432] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 263.385668] ? ion_dma_buf_release+0x430/0x430 [ 263.390279] dma_buf_ioctl+0x376/0x630 [ 263.394203] ? dma_buf_poll+0x1690/0x1690 [ 263.398381] do_vfs_ioctl+0xcf3/0x2810 [ 263.402321] ? security_file_ioctl+0x92/0x200 [ 263.406857] __se_sys_ioctl+0x1da/0x270 [ 263.410875] __x64_sys_ioctl+0x4a/0x70 [ 263.414796] do_syscall_64+0xbe/0x100 [ 263.418623] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.423833] RIP: 0033:0x457579 [ 263.427058] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.445984] RSP: 002b:00007f2a1e222c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.453725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 263.461029] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 263.468313] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.475603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a1e2236d4 [ 263.482892] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 263.491182] Kernel Offset: disabled [ 263.494823] Rebooting in 86400 seconds..