[ 52.105122] audit: type=1800 audit(1539227872.135:27): pid=6028 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 53.470881] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.290656] random: sshd: uninitialized urandom read (32 bytes read) [ 55.962859] random: sshd: uninitialized urandom read (32 bytes read) [ 57.437563] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. [ 63.290349] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 03:18:05 fuzzer started [ 67.546499] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 03:18:09 dialing manager at 10.128.0.26:39089 2018/10/11 03:18:09 syscalls: 1 2018/10/11 03:18:09 code coverage: enabled 2018/10/11 03:18:09 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 03:18:09 setuid sandbox: enabled 2018/10/11 03:18:09 namespace sandbox: enabled 2018/10/11 03:18:09 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 03:18:09 fault injection: enabled 2018/10/11 03:18:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 03:18:09 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 03:18:09 net device setup: enabled [ 73.530736] random: crng init done 03:19:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000300)=@ipv6_delroute={0x28, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0xc, 0x16, @typed={0x8, 0x0, @pid}}]}, 0x28}}, 0x0) [ 167.344516] IPVS: ftp: loaded support on port[0] = 21 [ 168.721403] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.728194] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.736812] device bridge_slave_0 entered promiscuous mode [ 168.884396] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.890954] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.899504] device bridge_slave_1 entered promiscuous mode [ 169.033082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 169.164770] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 169.562826] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.696418] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:19:50 executing program 1: sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x800000009) perf_event_open(&(0x7f0000001240)={0x0, 0x70, 0x0, 0x0, 0x0, 0xde4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x60000000, 0x0, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xf, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x14}, 0x6}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in, @in6=@ipv4={[], [], @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@local, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x5}}, 0xe8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f0000001580)) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x8000) r2 = getpgrp(0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000001c0)={[], 0xa0c5, 0x800, 0x2, 0x2, 0x7f, r2}) [ 170.443639] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 170.451472] team0: Port device team_slave_0 added [ 170.628050] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 170.636045] team0: Port device team_slave_1 added [ 170.873204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 170.882419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.891391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.069428] IPVS: ftp: loaded support on port[0] = 21 [ 171.085242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.303125] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 171.310777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.320561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.479433] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 171.487457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.496872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.073799] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.080279] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.088996] device bridge_slave_0 entered promiscuous mode [ 173.336578] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.343136] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.351350] device bridge_slave_1 entered promiscuous mode [ 173.604576] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.702026] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.708501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.715567] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.722075] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.730654] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.858916] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.232335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.449648] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.710997] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.886971] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.894299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.162828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.169961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 03:19:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01ab", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xffffffaa) readv(r1, &(0x7f00000007c0)=[{&(0x7f0000000880)=""/44, 0x2c}], 0x1) [ 176.023355] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.031503] team0: Port device team_slave_0 added [ 176.271454] IPVS: ftp: loaded support on port[0] = 21 [ 176.371463] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.379554] team0: Port device team_slave_1 added [ 176.668458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.675714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.684701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.988678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.995986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.004945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.200729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.208460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.217536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.469992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.477768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.486905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.974216] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.980695] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.989559] device bridge_slave_0 entered promiscuous mode [ 179.305994] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.312627] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.320985] device bridge_slave_1 entered promiscuous mode [ 179.600827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.899898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.576458] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.583035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.589955] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.596614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.605266] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.697216] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.005024] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.353161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.368190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.402412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.527411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.536464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 03:20:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="7a0af8ff75257009bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2800000000000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0e64d082778c3938", &(0x7f0000000380)=""/85, 0x700}, 0x28) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f00000004c0)=@pppol2tpv3={0x18, 0x1, {0x0, r1}}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000680), 0x0, 0x20000000}, 0x0) [ 182.233431] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.241495] team0: Port device team_slave_0 added [ 182.551313] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.559669] team0: Port device team_slave_1 added [ 182.873521] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.880698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.889553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.139841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.147082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.156041] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.466726] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.474516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.483526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.720580] IPVS: ftp: loaded support on port[0] = 21 [ 183.812519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.820164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.829179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.886369] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.089827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.834347] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.840820] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.849455] device bridge_slave_0 entered promiscuous mode [ 187.167697] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.174317] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.182982] device bridge_slave_1 entered promiscuous mode [ 187.235791] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.242337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.250280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.579880] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.635027] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.641529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.648625] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.655175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.663796] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.930318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.242011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.435755] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.996313] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.327429] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.723234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.730363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.984964] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.992257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.785557] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.793756] team0: Port device team_slave_0 added [ 191.059007] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.067274] team0: Port device team_slave_1 added [ 191.407661] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.414926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.423724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.743147] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.750297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.759158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 03:20:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) recvmsg(r0, &(0x7f0000001940)={&(0x7f0000001500)=@un=@abs, 0x80, &(0x7f0000001840)=[{&(0x7f00000000c0)=""/140, 0x8c}, {&(0x7f0000001a80)=""/4096, 0xfcf}, {&(0x7f0000000000)=""/113, 0x5d}], 0x3, &(0x7f0000001880)=""/168, 0xa8}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f0000000080), 0x1b8, &(0x7f00000001c0)={&(0x7f0000000400)={0x14, 0x42, 0x3ff}, 0x14}}, 0x0) [ 192.088630] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.096721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.105682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.508133] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.516532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.525614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.720508] IPVS: ftp: loaded support on port[0] = 21 [ 194.131488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.597731] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.961053] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.967667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.974831] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.981309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.989721] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.083893] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.090471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.098490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.246335] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.253008] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.261390] device bridge_slave_0 entered promiscuous mode 03:20:17 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)={[{0x2b, 'rdma'}]}, 0x6) [ 197.332953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 03:20:17 executing program 0: request_key(&(0x7f0000022ff5)='asymmetric\x00', &(0x7f000030fffb), &(0x7f000030fff3)='/dev/dmmid:#\x00', 0x0) r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0x1) r1 = fcntl$getown(r0, 0x9) ptrace$setregs(0xffffffffffffffff, r1, 0x9, &(0x7f0000000080)="4efbb08a7841fdbda648d6e573bbae7c10bda035a824b34a082aaf9f80e9d55978b4704e4200a312cc9b63a2850413266d7fa39829557c464733cdf414fbeacb5ff915c2b2e006c00573feea0aa212454a1803148c84503257ef784bbb9481e10b05aed1ccd064662afc53d66d090cc96b6228d8c1d1f241ba41890df412aebeafb90c31a0b4b75f4750da012d122e03d1fad9986a0aed2fe753069209ce089af6e1516e725637ecea7575ddbaf5b4b8b62f807cdf1ebf1d3a1f480a9c17b63efa041d4b82b2aa290340") ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000000040)) [ 197.719030] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.725729] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.734181] device bridge_slave_1 entered promiscuous mode 03:20:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @dev={0xac, 0x14, 0x14, 0xa}, @dev}, 0xc) sendto$inet(r0, &(0x7f00000001c0), 0xfffffdf5, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) sendto$inet(r0, &(0x7f00000005c0)="1a8c443d3a568c81cc096aa87ddab0f1b182da383fd71795f41053261e63b0b9f1283f7431b6146106716c21b43625f9194bf4b6a5dba53c46b82862a2f804121cda7e6be8fd507bb1545de629746d878f10be8036e98a270c42d6458f97b342303464e94ccb6d6f4f81941e3f3fa371596cdf17e160c992140c9dc81362f019f017", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='schedstat\x00') setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000280)=r1, 0x4) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/226, 0xfffffd85}], 0x1) recvfrom(r0, &(0x7f0000000480)=""/239, 0xef, 0x0, 0x0, 0xf7) close(r0) r2 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x900000000, 0x2002) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000200)={0x2, {0x10001, 0x8e, 0x100, 0x2, 0x2, 0xab}}) [ 198.162683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.630079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 198.661844] 8021q: adding VLAN 0 to HW filter on device team0 03:20:18 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x400000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x2, 0x7, 0x1, 0x29fa}, 0x0, 0xfffffffffffffffc, 'id1\x00', 'timer0\x00', 0x0, 0xffffffff, 0x8, 0xbc7, 0x5}) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="021d00000200000000000000040000001c00000010000000000000002000000000000000"], 0x24, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) 03:20:19 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x400000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x2, 0x7, 0x1, 0x29fa}, 0x0, 0xfffffffffffffffc, 'id1\x00', 'timer0\x00', 0x0, 0xffffffff, 0x8, 0xbc7, 0x5}) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="021d00000200000000000000040000001c00000010000000000000002000000000000000"], 0x24, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) 03:20:19 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x400000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x2, 0x7, 0x1, 0x29fa}, 0x0, 0xfffffffffffffffc, 'id1\x00', 'timer0\x00', 0x0, 0xffffffff, 0x8, 0xbc7, 0x5}) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="021d00000200000000000000040000001c00000010000000000000002000000000000000"], 0x24, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 199.923304] bond0: Enslaving bond_slave_0 as an active interface with an up link 03:20:20 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x400000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x2, 0x7, 0x1, 0x29fa}, 0x0, 0xfffffffffffffffc, 'id1\x00', 'timer0\x00', 0x0, 0xffffffff, 0x8, 0xbc7, 0x5}) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="021d00000200000000000000040000001c00000010000000000000002000000000000000"], 0x24, 0x0) read$FUSE(r0, &(0x7f0000000200), 0x1000) [ 200.312882] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:20:20 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x400000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x2, 0x7, 0x1, 0x29fa}, 0x0, 0xfffffffffffffffc, 'id1\x00', 'timer0\x00', 0x0, 0xffffffff, 0x8, 0xbc7, 0x5}) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="021d00000200000000000000040000001c00000010000000000000002000000000000000"], 0x24, 0x0) [ 200.734380] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.741541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.164742] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.172055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.190156] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 202.198474] team0: Port device team_slave_0 added [ 202.538103] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 202.546491] team0: Port device team_slave_1 added [ 202.845975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.853205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.861994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.236146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.243451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.252296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.303743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.442230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 203.449854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.458754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.691040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 203.698924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.707885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.365054] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 205.250127] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 205.256767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.264811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.136124] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.505863] ================================================================== [ 206.513343] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 206.520814] CPU: 0 PID: 7114 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66 [ 206.528017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.537386] Call Trace: [ 206.539996] dump_stack+0x306/0x460 [ 206.543673] ? vmap_page_range_noflush+0x975/0xed0 [ 206.548639] kmsan_report+0x1a2/0x2e0 [ 206.552478] __msan_warning+0x7c/0xe0 [ 206.556312] vmap_page_range_noflush+0x975/0xed0 [ 206.561125] map_vm_area+0x17d/0x1f0 [ 206.564871] kmsan_vmap+0xf2/0x180 [ 206.568445] vmap+0x3a1/0x510 [ 206.571587] ? relay_open_buf+0x81e/0x19d0 [ 206.575859] relay_open_buf+0x81e/0x19d0 [ 206.578447] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.579956] relay_open+0xabb/0x1370 [ 206.586429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.589986] do_blk_trace_setup+0xaf7/0x1780 [ 206.596972] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.600892] __blk_trace_setup+0x20b/0x380 [ 206.607349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.611431] blk_trace_ioctl+0x274/0x970 [ 206.619448] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.621980] ? kmsan_set_origin_inline+0x6b/0x120 [ 206.621999] ? __msan_poison_alloca+0x17a/0x210 [ 206.622024] ? blkdev_ioctl+0x327/0x55e0 [ 206.622051] ? block_ioctl+0x16f/0x1d0 [ 206.628626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.633113] blkdev_ioctl+0x1aaa/0x55e0 [ 206.633142] ? task_kmsan_context_state+0x6b/0x120 [ 206.633163] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 206.633179] ? vmalloc_to_page+0x57d/0x6b0 [ 206.633207] ? kmsan_set_origin_inline+0x6b/0x120 [ 206.675850] block_ioctl+0x16f/0x1d0 [ 206.679593] ? block_llseek+0x190/0x190 [ 206.683594] do_vfs_ioctl+0xcf3/0x2810 [ 206.687522] ? security_file_ioctl+0x92/0x200 [ 206.692038] __se_sys_ioctl+0x1da/0x270 [ 206.696035] __x64_sys_ioctl+0x4a/0x70 [ 206.699942] do_syscall_64+0xbe/0x100 [ 206.703761] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 206.708965] RIP: 0033:0x457519 [ 206.712168] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.731095] RSP: 002b:00007fb535dd1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 206.738841] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 206.746142] RDX: 00000000200001c0 RSI: 00000000c0481273 RDI: 0000000000000004 [ 206.753439] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 206.760731] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb535dd26d4 [ 206.768023] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 206.775351] [ 206.776987] Uninit was created at: [ 206.780544] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 206.785671] kmsan_kmalloc+0xa4/0x120 [ 206.789482] __kmalloc+0x14b/0x440 [ 206.793029] kmsan_vmap+0x9b/0x180 [ 206.796608] vmap+0x3a1/0x510 [ 206.799729] relay_open_buf+0x81e/0x19d0 [ 206.803798] relay_open+0xabb/0x1370 [ 206.807519] do_blk_trace_setup+0xaf7/0x1780 [ 206.811945] __blk_trace_setup+0x20b/0x380 [ 206.816192] blk_trace_ioctl+0x274/0x970 [ 206.820265] blkdev_ioctl+0x1aaa/0x55e0 [ 206.824248] block_ioctl+0x16f/0x1d0 [ 206.828242] do_vfs_ioctl+0xcf3/0x2810 [ 206.832149] __se_sys_ioctl+0x1da/0x270 [ 206.836152] __x64_sys_ioctl+0x4a/0x70 [ 206.840066] do_syscall_64+0xbe/0x100 [ 206.843897] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 206.849103] ================================================================== [ 206.856484] Disabling lock debugging due to kernel taint [ 206.861959] Kernel panic - not syncing: panic_on_warn set ... [ 206.861959] [ 206.869362] CPU: 0 PID: 7114 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #66 [ 206.877975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.887353] Call Trace: [ 206.889981] dump_stack+0x306/0x460 [ 206.893647] panic+0x54c/0xafa [ 206.896887] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 206.902357] kmsan_report+0x2d3/0x2e0 [ 206.906182] __msan_warning+0x7c/0xe0 [ 206.910091] vmap_page_range_noflush+0x975/0xed0 [ 206.914897] map_vm_area+0x17d/0x1f0 [ 206.918640] kmsan_vmap+0xf2/0x180 [ 206.922203] vmap+0x3a1/0x510 [ 206.925326] ? relay_open_buf+0x81e/0x19d0 [ 206.929593] relay_open_buf+0x81e/0x19d0 [ 206.933688] relay_open+0xabb/0x1370 [ 206.937432] do_blk_trace_setup+0xaf7/0x1780 [ 206.942261] __blk_trace_setup+0x20b/0x380 [ 206.946538] blk_trace_ioctl+0x274/0x970 [ 206.950743] ? kmsan_set_origin_inline+0x6b/0x120 [ 206.955630] ? __msan_poison_alloca+0x17a/0x210 [ 206.960342] ? blkdev_ioctl+0x327/0x55e0 [ 206.964436] ? block_ioctl+0x16f/0x1d0 [ 206.968363] blkdev_ioctl+0x1aaa/0x55e0 [ 206.972382] ? task_kmsan_context_state+0x6b/0x120 [ 206.977373] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 206.982767] ? vmalloc_to_page+0x57d/0x6b0 [ 206.987041] ? kmsan_set_origin_inline+0x6b/0x120 [ 206.991919] block_ioctl+0x16f/0x1d0 [ 206.995664] ? block_llseek+0x190/0x190 [ 206.999668] do_vfs_ioctl+0xcf3/0x2810 [ 207.003605] ? security_file_ioctl+0x92/0x200 [ 207.008132] __se_sys_ioctl+0x1da/0x270 [ 207.012127] __x64_sys_ioctl+0x4a/0x70 [ 207.016029] do_syscall_64+0xbe/0x100 [ 207.019847] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 207.025056] RIP: 0033:0x457519 [ 207.028262] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.047182] RSP: 002b:00007fb535dd1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.055002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 207.062297] RDX: 00000000200001c0 RSI: 00000000c0481273 RDI: 0000000000000004 [ 207.069603] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 207.076899] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb535dd26d4 [ 207.084200] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 207.092888] Kernel Offset: disabled [ 207.096585] Rebooting in 86400 seconds..