[ 60.006547] audit: type=1800 audit(1539243602.051:27): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 61.568162] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 64.591354] random: sshd: uninitialized urandom read (32 bytes read) [ 65.228364] random: sshd: uninitialized urandom read (32 bytes read) [ 67.920372] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. [ 73.692757] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 07:40:17 fuzzer started [ 78.526294] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 07:40:22 dialing manager at 10.128.0.26:39089 2018/10/11 07:40:22 syscalls: 1 2018/10/11 07:40:22 code coverage: enabled 2018/10/11 07:40:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 07:40:22 setuid sandbox: enabled 2018/10/11 07:40:22 namespace sandbox: enabled 2018/10/11 07:40:22 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 07:40:22 fault injection: enabled 2018/10/11 07:40:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 07:40:22 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 07:40:22 net device setup: enabled [ 83.297535] random: crng init done 07:42:18 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x32, &(0x7f0000000140)=@nat={'nat\x00', 0x19, 0x2, 0x90, [0x20000080, 0x0, 0x0, 0x20000188, 0x200001b8], 0x0, &(0x7f0000000040), &(0x7f0000000080)=[{}, {0x0, '\x00', 0x1}, {0x0, '\x00', 0x1}]}, 0x108) [ 197.690531] IPVS: ftp: loaded support on port[0] = 21 [ 199.065144] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.071633] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.080629] device bridge_slave_0 entered promiscuous mode [ 199.241428] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.247996] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.256713] device bridge_slave_1 entered promiscuous mode [ 199.399255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 199.620579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 200.065840] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.216761] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.497961] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.505193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:42:22 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={&(0x7f00003c7ff4), 0xc, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) [ 201.102064] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.110065] team0: Port device team_slave_0 added [ 201.366472] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.374818] team0: Port device team_slave_1 added [ 201.533287] IPVS: ftp: loaded support on port[0] = 21 [ 201.669807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 201.677026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.686233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.000214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.007503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.016666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.275003] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 202.282846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.292261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.557463] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 202.565241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.574677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.703316] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.709951] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.718840] device bridge_slave_0 entered promiscuous mode [ 203.987648] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.994248] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.002988] device bridge_slave_1 entered promiscuous mode [ 204.235985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.381182] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.001352] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.152803] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.159373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.166505] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.173040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.182280] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.209676] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 205.582099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.747424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.754704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:42:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000080)={0x5}) [ 206.386426] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.394966] team0: Port device team_slave_0 added [ 206.633456] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.641976] team0: Port device team_slave_1 added [ 206.938890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 206.946132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.955343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.278062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.285342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.294333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.584742] IPVS: ftp: loaded support on port[0] = 21 [ 207.585007] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.598117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.607151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.962780] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 207.970449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.979663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.389331] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.395909] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.404650] device bridge_slave_0 entered promiscuous mode [ 210.738879] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.745646] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.754218] device bridge_slave_1 entered promiscuous mode [ 210.931569] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.938190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.945251] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.951801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.960817] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.972932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.055317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.321539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.368902] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.658452] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.962282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.994682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.328203] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.335495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:42:36 executing program 3: socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x21) wait4(0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001340)) [ 214.339142] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 214.347361] team0: Port device team_slave_0 added [ 214.716500] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.724912] team0: Port device team_slave_1 added [ 215.093287] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 215.100405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.109665] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.476450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 215.483668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.492968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.814762] IPVS: ftp: loaded support on port[0] = 21 [ 215.824884] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.832623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.841783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.181627] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 216.190345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.199529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.412693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.333113] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.339593] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.348210] device bridge_slave_0 entered promiscuous mode [ 219.648993] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.655588] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.664306] device bridge_slave_1 entered promiscuous mode [ 219.831469] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.941089] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.058348] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.064958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.072020] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.078490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.087316] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.304426] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 220.622490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.217776] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 221.224313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.232599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.446369] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 221.790687] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.106368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.113581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.373128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.401841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.677679] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.413377] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.422371] team0: Port device team_slave_0 added [ 223.686020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.694568] team0: Port device team_slave_1 added [ 224.106452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.113689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.122842] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.553673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.560772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.569835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.898164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.906366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.915670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.096822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.212450] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.220101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.229209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 07:42:47 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="000000000c00000000000000080001007366710048020200000000000000000000000000bb4e000000000000000000000000000000000000000000000000000000010000004aa836066ca556564f4f1edc3e00000000000000000000000000000000000000000000008844fce4e6dc782a35cab645744d5fdca223aeacc1b75b579ecf3e2ea1248976246aa3af3c3d147c9d1bbe6863def2bb98da9cd81ba33b9b6a72ea6d5eca18325c26a67e03586effb7636d35c0eef1a8322c6ff10a155dac8815289215944244fe4abc9adc3e782d39ed82d511ff7b2f80b8b7372c0f735e00bd10b1d2dd7cfc70a99e22c6baa8780ace03abf1f07d"], 0x1}}, 0x0) [ 226.788056] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.165497] IPVS: ftp: loaded support on port[0] = 21 [ 228.606531] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.613070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.621464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 230.231017] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.308661] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.315262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.322428] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.328909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.337921] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.652364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 231.273810] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.280464] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.289246] device bridge_slave_0 entered promiscuous mode [ 231.763985] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.770479] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.779231] device bridge_slave_1 entered promiscuous mode [ 232.225021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.630880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 07:42:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000d80)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000340)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xfff, 0x5, 0x3, 0xffffffffffffffff}) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_mr_vif\x00') dup(r1) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)) dup3(r0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) close(0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) [ 233.281958] ================================================================== [ 233.289418] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 233.296556] CPU: 0 PID: 6974 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #66 [ 233.303767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.313141] Call Trace: [ 233.315774] dump_stack+0x306/0x460 [ 233.319447] ? vmap_page_range_noflush+0x975/0xed0 [ 233.324437] kmsan_report+0x1a2/0x2e0 [ 233.328327] __msan_warning+0x7c/0xe0 [ 233.332195] vmap_page_range_noflush+0x975/0xed0 [ 233.337047] map_vm_area+0x17d/0x1f0 [ 233.340819] kmsan_vmap+0xf2/0x180 [ 233.344414] vmap+0x3a1/0x510 [ 233.347558] ? relay_open_buf+0x81e/0x19d0 [ 233.351845] relay_open_buf+0x81e/0x19d0 [ 233.355976] relay_open+0xabb/0x1370 [ 233.359759] do_blk_trace_setup+0xaf7/0x1780 [ 233.364250] __blk_trace_setup+0x20b/0x380 [ 233.368578] blk_trace_ioctl+0x274/0x970 [ 233.372698] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 233.378188] ? alloc_set_pte+0x95d/0x2530 [ 233.382507] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.387401] ? __msan_poison_alloca+0x17a/0x210 [ 233.392135] ? blkdev_ioctl+0x327/0x55e0 [ 233.396239] ? block_ioctl+0x16f/0x1d0 [ 233.400210] blkdev_ioctl+0x1aaa/0x55e0 [ 233.404249] ? task_kmsan_context_state+0x6b/0x120 [ 233.409259] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.414700] ? vmalloc_to_page+0x57d/0x6b0 [ 233.419438] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.424373] block_ioctl+0x16f/0x1d0 [ 233.428140] ? block_llseek+0x190/0x190 [ 233.432160] do_vfs_ioctl+0xcf3/0x2810 [ 233.436113] ? security_file_ioctl+0x92/0x200 [ 233.440664] __se_sys_ioctl+0x1da/0x270 [ 233.444694] __x64_sys_ioctl+0x4a/0x70 [ 233.448622] do_syscall_64+0xbe/0x100 [ 233.452467] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.457704] RIP: 0033:0x457519 [ 233.460934] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.479869] RSP: 002b:00007faa89863c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.487615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 233.494913] RDX: 0000000020000340 RSI: 00000000c0481273 RDI: 0000000000000005 [ 233.502213] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 233.509510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faa898646d4 [ 233.516811] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 233.524129] [ 233.525785] Uninit was created at: [ 233.529370] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 233.534509] kmsan_kmalloc+0xa4/0x120 [ 233.538361] __kmalloc+0x14b/0x440 [ 233.541939] kmsan_vmap+0x9b/0x180 [ 233.545527] vmap+0x3a1/0x510 [ 233.548672] relay_open_buf+0x81e/0x19d0 [ 233.552777] relay_open+0xabb/0x1370 [ 233.556531] do_blk_trace_setup+0xaf7/0x1780 [ 233.560980] __blk_trace_setup+0x20b/0x380 [ 233.565254] blk_trace_ioctl+0x274/0x970 [ 233.569383] blkdev_ioctl+0x1aaa/0x55e0 [ 233.573393] block_ioctl+0x16f/0x1d0 [ 233.577140] do_vfs_ioctl+0xcf3/0x2810 [ 233.581053] __se_sys_ioctl+0x1da/0x270 [ 233.585056] __x64_sys_ioctl+0x4a/0x70 [ 233.588972] do_syscall_64+0xbe/0x100 [ 233.592813] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.598018] ================================================================== [ 233.605394] Disabling lock debugging due to kernel taint [ 233.610865] Kernel panic - not syncing: panic_on_warn set ... [ 233.610865] [ 233.618263] CPU: 0 PID: 6974 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #66 [ 233.626866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.636228] Call Trace: [ 233.638843] dump_stack+0x306/0x460 [ 233.642512] panic+0x54c/0xafa [ 233.645779] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 233.651265] kmsan_report+0x2d3/0x2e0 [ 233.655119] __msan_warning+0x7c/0xe0 [ 233.658965] vmap_page_range_noflush+0x975/0xed0 [ 233.663795] map_vm_area+0x17d/0x1f0 [ 233.667553] kmsan_vmap+0xf2/0x180 [ 233.671134] vmap+0x3a1/0x510 [ 233.674288] ? relay_open_buf+0x81e/0x19d0 [ 233.678576] relay_open_buf+0x81e/0x19d0 [ 233.682701] relay_open+0xabb/0x1370 [ 233.686473] do_blk_trace_setup+0xaf7/0x1780 [ 233.690957] __blk_trace_setup+0x20b/0x380 [ 233.695245] blk_trace_ioctl+0x274/0x970 [ 233.699361] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 233.704834] ? alloc_set_pte+0x95d/0x2530 [ 233.709015] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.713898] ? __msan_poison_alloca+0x17a/0x210 [ 233.718611] ? blkdev_ioctl+0x327/0x55e0 [ 233.722701] ? block_ioctl+0x16f/0x1d0 [ 233.726626] blkdev_ioctl+0x1aaa/0x55e0 [ 233.730649] ? task_kmsan_context_state+0x6b/0x120 [ 233.735609] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.740998] ? vmalloc_to_page+0x57d/0x6b0 [ 233.745268] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.750151] block_ioctl+0x16f/0x1d0 [ 233.753894] ? block_llseek+0x190/0x190 [ 233.757894] do_vfs_ioctl+0xcf3/0x2810 [ 233.761829] ? security_file_ioctl+0x92/0x200 [ 233.766368] __se_sys_ioctl+0x1da/0x270 [ 233.770389] __x64_sys_ioctl+0x4a/0x70 [ 233.774320] do_syscall_64+0xbe/0x100 [ 233.778168] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.783379] RIP: 0033:0x457519 [ 233.786600] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.805529] RSP: 002b:00007faa89863c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.813269] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 233.820574] RDX: 0000000020000340 RSI: 00000000c0481273 RDI: 0000000000000005 [ 233.827866] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 233.835161] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faa898646d4 [ 233.842456] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 233.850856] Kernel Offset: disabled [ 233.854535] Rebooting in 86400 seconds..