[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 61.270405] sshd (6144) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 61.529377] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 62.366437] random: sshd: uninitialized urandom read (32 bytes read) [ 62.751331] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 64.447685] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. [ 70.215813] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 10:09:31 fuzzer started [ 74.852667] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 10:09:36 dialing manager at 10.128.0.26:39089 2018/10/11 10:09:36 syscalls: 1 2018/10/11 10:09:36 code coverage: enabled 2018/10/11 10:09:36 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 10:09:36 setuid sandbox: enabled 2018/10/11 10:09:36 namespace sandbox: enabled 2018/10/11 10:09:36 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 10:09:36 fault injection: enabled 2018/10/11 10:09:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 10:09:36 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 10:09:36 net device setup: enabled [ 81.403237] random: crng init done 10:11:37 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x9000000000002, 0x0) ioctl(r0, 0x73, &(0x7f0000000340)="025cd90700145f8f764070") clone(0x0, &(0x7f0000000180), &(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000000080)) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000400)='/dev/zero\x00', 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000600)='fou\x00') ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f0000000640)) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = fcntl$getown(r0, 0x9) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x5, 0x4, 0x4, 0x1e, r5}) write$P9_RRENAME(r2, &(0x7f0000000580)={0x27d, 0x15, 0x1}, 0x7) lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='system.posix_acl_default\x00', &(0x7f0000000200)=""/134, 0x86) getsockopt$sock_buf(r4, 0x1, 0x37, &(0x7f0000000440)=""/244, &(0x7f00000002c0)=0xf4) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f0000000880)={'vcan0\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xf}}}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000300)={0x2, 'team_slave_1\x00'}, 0x18) ioctl$BLKTRACESTART(r1, 0x1274, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r2, 0x0, 0x82, &(0x7f0000000380)={'broute\x00'}, &(0x7f0000000540)=0x78) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000900)=ANY=[@ANYBLOB="080000dcd3e0e71d62c0d221fab849212e4328850da341809b96a5e826a1efa9", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000005c0)=0x9) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f00000007c0)={r6, 0x1}, &(0x7f0000000800)=0x8) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000002c0), 0x4) [ 198.985098] IPVS: ftp: loaded support on port[0] = 21 [ 200.421530] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.428180] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.437051] device bridge_slave_0 entered promiscuous mode [ 200.588666] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.595254] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.604026] device bridge_slave_1 entered promiscuous mode [ 200.752354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.898422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 201.359578] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.514908] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.811412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.818782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 10:11:41 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040)=ANY=[], &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, &(0x7f0000000200)='$keyring$md5sum.\x00') lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)) [ 202.276851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 202.285280] team0: Port device team_slave_0 added [ 202.577112] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 202.585780] team0: Port device team_slave_1 added [ 202.853101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.860228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.869529] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.061178] IPVS: ftp: loaded support on port[0] = 21 [ 203.081248] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.088503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.097680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.367461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 203.375292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.384682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.691550] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 203.699600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.709044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.333202] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.339765] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.348927] device bridge_slave_0 entered promiscuous mode [ 205.624652] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.631312] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.640747] device bridge_slave_1 entered promiscuous mode [ 205.915980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 206.201665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 206.369641] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.376247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.383361] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.389853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.399117] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.852689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.933822] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.149392] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.391393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.398557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.607596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.614812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 10:11:47 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e000000120081aee4050cecff0e00fa108b5bdb4cb90478485e510befccd77f0e00f0758ef9000000b0eba06ac4", 0x2e}], 0x1, &(0x7f00000013c0)}, 0x0) recvmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000300)=@ax25, 0x80, &(0x7f0000002980)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001700)=""/4096, 0x1000}], 0x2}, 0x0) recvmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f00000000c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000200)=""/134, 0x86}, 0x0) [ 208.267240] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.275794] team0: Port device team_slave_0 added [ 208.621984] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.630288] team0: Port device team_slave_1 added [ 208.917209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.924469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.933622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.227435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.234762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.244047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.515498] IPVS: ftp: loaded support on port[0] = 21 [ 209.543971] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.551623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.561088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.869724] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.877631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.886995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.434442] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.440939] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.449923] device bridge_slave_0 entered promiscuous mode [ 212.802758] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.809262] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.817994] device bridge_slave_1 entered promiscuous mode [ 213.155778] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.336472] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.343056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.350051] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.356679] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.365579] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.465174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.082237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.479805] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.756429] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 215.016320] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 215.025155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.345833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.353119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 216.373282] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.381634] team0: Port device team_slave_0 added [ 216.673859] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.682673] team0: Port device team_slave_1 added 10:11:55 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x81000000) [ 216.978556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.985798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.994521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.383775] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 217.390890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.400174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.685348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.693525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.702968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.076464] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.084632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.093780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.388453] IPVS: ftp: loaded support on port[0] = 21 [ 219.195588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.591325] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 221.761709] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.768512] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.777363] device bridge_slave_0 entered promiscuous mode [ 221.851825] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 221.858441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.866749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.104566] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.111069] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.119948] device bridge_slave_1 entered promiscuous mode [ 222.348354] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.354944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.362072] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.368555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.377815] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.458364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.793762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.123198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.242460] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.010156] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.410795] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.887227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 224.894476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.275084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.282399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 226.316561] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.325455] team0: Port device team_slave_0 added [ 226.766836] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.775305] team0: Port device team_slave_1 added 10:12:06 executing program 4: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040)=ANY=[], &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, &(0x7f0000000200)='$keyring$md5sum.\x00') umount2(&(0x7f0000000080)='./file0\x00', 0x3) [ 227.218183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 227.225411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.234509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.689863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.697131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.706454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.172042] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 228.179696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.189157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.647114] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.654984] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.664282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.778151] IPVS: ftp: loaded support on port[0] = 21 [ 228.983364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.634902] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 232.268649] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 232.275179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 232.284232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.093608] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.100192] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.108911] device bridge_slave_0 entered promiscuous mode [ 233.269058] ================================================================== [ 233.276511] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 233.283646] CPU: 1 PID: 6899 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #66 [ 233.290854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.300221] Call Trace: [ 233.302848] dump_stack+0x306/0x460 [ 233.306508] ? vmap_page_range_noflush+0x975/0xed0 [ 233.311483] kmsan_report+0x1a2/0x2e0 [ 233.315325] __msan_warning+0x7c/0xe0 [ 233.319180] vmap_page_range_noflush+0x975/0xed0 [ 233.324028] map_vm_area+0x17d/0x1f0 [ 233.327790] kmsan_vmap+0xf2/0x180 [ 233.331380] vmap+0x3a1/0x510 [ 233.334517] ? relay_open_buf+0x81e/0x19d0 [ 233.338803] relay_open_buf+0x81e/0x19d0 [ 233.342934] relay_open+0xabb/0x1370 [ 233.346713] do_blk_trace_setup+0xaf7/0x1780 [ 233.351204] __blk_trace_setup+0x20b/0x380 [ 233.355505] blk_trace_ioctl+0x274/0x970 [ 233.359628] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.364513] ? __msan_poison_alloca+0x17a/0x210 [ 233.369223] ? blkdev_ioctl+0x327/0x55e0 [ 233.373311] ? block_ioctl+0x16f/0x1d0 [ 233.377252] blkdev_ioctl+0x1aaa/0x55e0 [ 233.381277] ? task_kmsan_context_state+0x6b/0x120 [ 233.386242] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.391656] ? vmalloc_to_page+0x57d/0x6b0 [ 233.395986] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.400907] block_ioctl+0x16f/0x1d0 [ 233.404650] ? block_llseek+0x190/0x190 [ 233.408669] do_vfs_ioctl+0xcf3/0x2810 [ 233.412607] ? security_file_ioctl+0x92/0x200 [ 233.417181] __se_sys_ioctl+0x1da/0x270 [ 233.421205] __x64_sys_ioctl+0x4a/0x70 [ 233.425140] do_syscall_64+0xbe/0x100 [ 233.428996] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.434219] RIP: 0033:0x457519 [ 233.437441] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.456372] RSP: 002b:00007f2a15dbbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.464116] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 233.471424] RDX: 0000000020000040 RSI: 00000000c0481273 RDI: 0000000000000004 [ 233.478718] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 233.486024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a15dbc6d4 [ 233.488835] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.493314] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 233.493349] [ 233.493358] Uninit was created at: [ 233.493387] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 233.493423] kmsan_kmalloc+0xa4/0x120 [ 233.499829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.507048] __kmalloc+0x14b/0x440 [ 233.507068] kmsan_vmap+0x9b/0x180 [ 233.507088] vmap+0x3a1/0x510 [ 233.507108] relay_open_buf+0x81e/0x19d0 [ 233.507126] relay_open+0xabb/0x1370 [ 233.507157] do_blk_trace_setup+0xaf7/0x1780 [ 233.507179] __blk_trace_setup+0x20b/0x380 [ 233.507211] blk_trace_ioctl+0x274/0x970 [ 233.509269] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.512394] blkdev_ioctl+0x1aaa/0x55e0 [ 233.512414] block_ioctl+0x16f/0x1d0 [ 233.512435] do_vfs_ioctl+0xcf3/0x2810 [ 233.512454] __se_sys_ioctl+0x1da/0x270 [ 233.512489] __x64_sys_ioctl+0x4a/0x70 [ 233.517694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.521390] do_syscall_64+0xbe/0x100 [ 233.521427] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.529888] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.531434] ================================================================== [ 233.531456] Disabling lock debugging due to kernel taint [ 233.619502] Kernel panic - not syncing: panic_on_warn set ... [ 233.619502] [ 233.626902] CPU: 1 PID: 6899 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #66 [ 233.635494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.644861] Call Trace: [ 233.647486] dump_stack+0x306/0x460 [ 233.651190] panic+0x54c/0xafa [ 233.654467] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 233.659952] kmsan_report+0x2d3/0x2e0 [ 233.663796] __msan_warning+0x7c/0xe0 [ 233.667635] vmap_page_range_noflush+0x975/0xed0 [ 233.672475] map_vm_area+0x17d/0x1f0 [ 233.676235] kmsan_vmap+0xf2/0x180 [ 233.679810] vmap+0x3a1/0x510 [ 233.682950] ? relay_open_buf+0x81e/0x19d0 [ 233.687231] relay_open_buf+0x81e/0x19d0 [ 233.691355] relay_open+0xabb/0x1370 [ 233.695129] do_blk_trace_setup+0xaf7/0x1780 [ 233.699621] __blk_trace_setup+0x20b/0x380 [ 233.703917] blk_trace_ioctl+0x274/0x970 [ 233.708047] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.712932] ? __msan_poison_alloca+0x17a/0x210 [ 233.717663] ? blkdev_ioctl+0x327/0x55e0 [ 233.721762] ? block_ioctl+0x16f/0x1d0 [ 233.725702] blkdev_ioctl+0x1aaa/0x55e0 [ 233.729735] ? task_kmsan_context_state+0x6b/0x120 [ 233.734708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.740116] ? vmalloc_to_page+0x57d/0x6b0 [ 233.744410] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.749304] block_ioctl+0x16f/0x1d0 [ 233.753069] ? block_llseek+0x190/0x190 [ 233.757079] do_vfs_ioctl+0xcf3/0x2810 [ 233.761051] ? security_file_ioctl+0x92/0x200 [ 233.765609] __se_sys_ioctl+0x1da/0x270 [ 233.769648] __x64_sys_ioctl+0x4a/0x70 [ 233.773585] do_syscall_64+0xbe/0x100 [ 233.777425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.782638] RIP: 0033:0x457519 [ 233.785876] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.804810] RSP: 002b:00007f2a15dbbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.812560] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 233.819854] RDX: 0000000020000040 RSI: 00000000c0481273 RDI: 0000000000000004 [ 233.827159] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 233.829086] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.834466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a15dbc6d4 [ 233.834482] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 233.835557] Kernel Offset: disabled [ 233.860008] Rebooting in 86400 seconds..