[ 59.943973] audit: type=1800 audit(1539250576.981:27): pid=6078 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 61.533318] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 63.141819] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.654971] random: sshd: uninitialized urandom read (32 bytes read) [ 66.219163] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 71.991255] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 09:36:31 fuzzer started [ 76.579264] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 09:36:35 dialing manager at 10.128.0.26:39089 2018/10/11 09:36:36 syscalls: 1 2018/10/11 09:36:36 code coverage: enabled 2018/10/11 09:36:36 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 09:36:36 setuid sandbox: enabled 2018/10/11 09:36:36 namespace sandbox: enabled 2018/10/11 09:36:36 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 09:36:36 fault injection: enabled 2018/10/11 09:36:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 09:36:36 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 09:36:36 net device setup: enabled [ 81.788234] random: crng init done 09:38:42 executing program 0: [ 206.852670] IPVS: ftp: loaded support on port[0] = 21 [ 207.812851] ip (6255) used greatest stack depth: 53056 bytes left [ 208.260503] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.267072] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.275780] device bridge_slave_0 entered promiscuous mode [ 208.425841] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.432446] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.441134] device bridge_slave_1 entered promiscuous mode [ 208.615365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 208.897065] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.349899] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.495994] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.643386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 209.650490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.795813] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.803006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:38:47 executing program 1: [ 210.292116] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.300455] team0: Port device team_slave_0 added [ 210.455996] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.464229] team0: Port device team_slave_1 added [ 210.725278] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.732457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.741527] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.882256] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.889326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.898444] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.088893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.096675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.105980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.214995] IPVS: ftp: loaded support on port[0] = 21 [ 211.346017] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.353754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.362981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.097767] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.104454] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.113243] device bridge_slave_0 entered promiscuous mode [ 213.318447] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.325028] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.333818] device bridge_slave_1 entered promiscuous mode [ 213.525693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.795273] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.072379] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.078867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.085963] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.092498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.101666] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 214.384106] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.614523] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 214.743548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.836630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.843866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.998412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.005646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.754963] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 215.763392] team0: Port device team_slave_0 added [ 215.979998] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 215.988666] team0: Port device team_slave_1 added [ 216.264866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.272193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.281293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 09:38:53 executing program 2: [ 216.440286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 216.447510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.456688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.762137] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 216.769637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.778633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.075930] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.083703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.093065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.564369] IPVS: ftp: loaded support on port[0] = 21 [ 220.498382] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.505033] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.513813] device bridge_slave_0 entered promiscuous mode [ 220.577161] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.583712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.590693] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.597299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.606581] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.841702] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.848330] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.857141] device bridge_slave_1 entered promiscuous mode [ 221.062178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.177738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.495179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.361184] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.609685] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.916871] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.926588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.233566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 223.240653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.089062] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.097471] team0: Port device team_slave_0 added [ 224.403653] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.412125] team0: Port device team_slave_1 added [ 224.677017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.684237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.693376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 09:39:01 executing program 3: [ 225.064480] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.071556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.080726] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.408840] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.417207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.426397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.746648] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.754439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.763585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.881982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.339266] IPVS: ftp: loaded support on port[0] = 21 [ 227.127696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.511264] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.517793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.526070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.940896] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.036044] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.042624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.049565] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.056210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.065198] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.081463] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.088164] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.097130] device bridge_slave_0 entered promiscuous mode [ 230.342226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.470493] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.477168] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.485817] device bridge_slave_1 entered promiscuous mode [ 230.907528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.228671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.312602] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.743905] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.996479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 233.003888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.342266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 233.349372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.494542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.502978] team0: Port device team_slave_0 added [ 234.877627] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.886141] team0: Port device team_slave_1 added 09:39:12 executing program 4: [ 235.151568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.302833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.309955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.318922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.789743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 235.797012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.806407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.203274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.210969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.220184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.642321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.662468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.671961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.861470] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 237.230402] IPVS: ftp: loaded support on port[0] = 21 [ 238.563345] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.569761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.578373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:39:17 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800f, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0xff0f]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) [ 240.316253] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.433215] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 09:39:18 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800f, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0xff0f]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) [ 241.450974] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.457658] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.466371] device bridge_slave_0 entered promiscuous mode [ 241.719518] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.726114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.733206] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.739672] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.748334] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 241.956904] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.963498] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.972261] device bridge_slave_1 entered promiscuous mode [ 242.492394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 242.664240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 09:39:19 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800f, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0xff0f]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) [ 242.934854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:39:21 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800f, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0xff0f]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='vegas\x00', 0x6) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) [ 244.364636] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 244.903059] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 245.274727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 245.282081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 09:39:22 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800f, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0xff0f]}, 0x10) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) [ 245.751955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 245.759093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:39:23 executing program 5: r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) signalfd(r0, &(0x7f0000000040)={0x6}, 0x8) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x620102, 0x0) ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f00000000c0)={0xd, 0x7, 0x100000000}) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000100)='ip6gre0\x00') ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0) ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000000140)={0x7f, 0x200, 0x7}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000000280)=0xe8) bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x0, r2, 0x15}, 0x10) r4 = getpgid(0xffffffffffffffff) r5 = syz_open_procfs$namespace(r4, &(0x7f0000000300)='ns/cgroup\x00') lsetxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='trusted.overlay.origin\x00', &(0x7f00000003c0)='y\x00', 0x2, 0x1) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000400)) r6 = socket$pppoe(0x18, 0x1, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0, 0x0}, &(0x7f0000000540)=0xc) mount$fuseblk(&(0x7f0000000440)='/dev/loop0\x00', &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='fuseblk\x00', 0x50800, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x9000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}], [{@subj_user={'subj_user', 0x3d, 'trusted.overlay.origin\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'ns/cgroup\x00'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@permit_directio='permit_directio'}]}}) r9 = accept4(r6, &(0x7f00000006c0)=@alg, &(0x7f0000000740)=0x80, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) write$P9_RLERROR(r1, &(0x7f0000000780)={0x9, 0x7, 0x1}, 0x9) signalfd4(r1, &(0x7f00000007c0)={0x3}, 0x8, 0x80000) fsetxattr$security_evm(r5, &(0x7f0000000800)='security.evm\x00', &(0x7f0000000840)=@ng={0x4, 0x0, "8d76830152b489f2"}, 0xa, 0x2) ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000880)='/dev/vhost-vsock\x00', 0x2, 0x0) r10 = semget(0x2, 0x2, 0x4) semtimedop(r10, &(0x7f00000008c0)=[{0x0, 0x400, 0x1800}, {0x2, 0x8}, {0x0, 0xfffffffffffffffe, 0x1000}, {0x7, 0x4}], 0x4, &(0x7f0000000900)) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r9, 0x84, 0x1e, &(0x7f0000000940), &(0x7f0000000980)=0x4) write$P9_RWRITE(r1, &(0x7f00000009c0)={0xb, 0x77, 0x2, 0xc8}, 0xb) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ac0)={r1, 0x50, &(0x7f0000000a40)={0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000b00)={r7, r1, 0x0, 0x1, &(0x7f0000000a00)='\x00', r11}, 0x30) ioctl$NBD_CLEAR_QUE(r1, 0xab05) 09:39:23 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) 09:39:24 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800f, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0xff0f]}, 0x10) recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739e53, 0x120, 0x0, 0x4f) [ 247.213710] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 247.222524] team0: Port device team_slave_0 added [ 247.649847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.751176] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 247.759720] team0: Port device team_slave_1 added [ 248.205203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.212392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.221201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.480979] IPVS: ftp: loaded support on port[0] = 21 [ 248.703225] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 248.710324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.719281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.060170] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.067970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.077079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.413180] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.420803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.429951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.573826] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 250.940087] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 250.952338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.960351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:39:28 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000400)="153f6234488d6d5d766070") r1 = syz_open_dev$ndb(&(0x7f0000000440)='/dev/nbd#\x00', 0xffffffffffffffff, 0x101000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff}, 0x30) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={[], 0x1, 0x80, 0x9, 0x80, 0x1, r2}) r3 = mq_open(&(0x7f0000000100)='/dev/nbd#\x00', 0x1, 0x1, &(0x7f0000000180)={0x1, 0x1, 0x7ff, 0x6, 0x6, 0x5, 0xfffffffffffffffc, 0xfe}) writev(r3, &(0x7f0000000380)=[{&(0x7f0000000300)="9cfefd3ea1b8589cef779af843cb4a0569d6bd282c92d3315dbb5b0a66b0fa6dff2e2d39d1e4db53a17533b3994dd245f2a02578404d020c05e10bb297c49d18ca16ef359d52ceef5f216cc445f3d077067f3329dd58a9ae169274", 0x5b}], 0x1) close(r1) [ 251.207987] ================================================================== [ 251.215451] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 251.222578] CPU: 0 PID: 7146 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66 [ 251.229789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.239162] Call Trace: [ 251.241783] dump_stack+0x306/0x460 [ 251.245445] ? vmap_page_range_noflush+0x975/0xed0 [ 251.250422] kmsan_report+0x1a2/0x2e0 [ 251.254269] __msan_warning+0x7c/0xe0 [ 251.258113] vmap_page_range_noflush+0x975/0xed0 [ 251.262950] map_vm_area+0x17d/0x1f0 [ 251.266705] kmsan_vmap+0xf2/0x180 [ 251.270277] vmap+0x3a1/0x510 [ 251.273417] ? relay_open_buf+0x81e/0x19d0 [ 251.277697] relay_open_buf+0x81e/0x19d0 [ 251.281826] relay_open+0xabb/0x1370 [ 251.285616] do_blk_trace_setup+0xaf7/0x1780 [ 251.290090] __blk_trace_setup+0x20b/0x380 [ 251.294389] blk_trace_ioctl+0x274/0x970 [ 251.298534] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.303413] ? __msan_poison_alloca+0x17a/0x210 [ 251.308145] ? blkdev_ioctl+0x327/0x55e0 [ 251.312235] ? block_ioctl+0x16f/0x1d0 [ 251.316160] blkdev_ioctl+0x1aaa/0x55e0 [ 251.320179] ? do_futex+0xada/0x59c0 [ 251.323936] ? task_kmsan_context_state+0x6b/0x120 [ 251.328908] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 251.334307] ? vmalloc_to_page+0x57d/0x6b0 [ 251.338592] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.343474] block_ioctl+0x16f/0x1d0 [ 251.347223] ? block_llseek+0x190/0x190 [ 251.351244] do_vfs_ioctl+0xcf3/0x2810 [ 251.355179] ? security_file_ioctl+0x92/0x200 [ 251.359712] __se_sys_ioctl+0x1da/0x270 [ 251.363729] __x64_sys_ioctl+0x4a/0x70 [ 251.367648] do_syscall_64+0xbe/0x100 [ 251.371496] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.376710] RIP: 0033:0x457519 [ 251.379931] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.398853] RSP: 002b:00007f1e26e87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.406599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 251.413905] RDX: 0000000020000080 RSI: 00000000c0481273 RDI: 0000000000000004 [ 251.421218] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 251.428509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e26e886d4 [ 251.435814] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 251.443132] [ 251.444792] Uninit was created at: [ 251.448373] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 251.453496] kmsan_kmalloc+0xa4/0x120 [ 251.457323] __kmalloc+0x14b/0x440 [ 251.460900] kmsan_vmap+0x9b/0x180 [ 251.464462] vmap+0x3a1/0x510 [ 251.467588] relay_open_buf+0x81e/0x19d0 [ 251.471672] relay_open+0xabb/0x1370 [ 251.475408] do_blk_trace_setup+0xaf7/0x1780 [ 251.479839] __blk_trace_setup+0x20b/0x380 [ 251.484101] blk_trace_ioctl+0x274/0x970 [ 251.488189] blkdev_ioctl+0x1aaa/0x55e0 [ 251.492184] block_ioctl+0x16f/0x1d0 [ 251.495922] do_vfs_ioctl+0xcf3/0x2810 [ 251.499840] __se_sys_ioctl+0x1da/0x270 [ 251.503860] __x64_sys_ioctl+0x4a/0x70 [ 251.507772] do_syscall_64+0xbe/0x100 [ 251.511611] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.516813] ================================================================== [ 251.524182] Disabling lock debugging due to kernel taint [ 251.529653] Kernel panic - not syncing: panic_on_warn set ... [ 251.529653] [ 251.537076] CPU: 0 PID: 7146 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #66 [ 251.545677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.555047] Call Trace: [ 251.557691] dump_stack+0x306/0x460 [ 251.561394] panic+0x54c/0xafa [ 251.564682] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 251.570171] kmsan_report+0x2d3/0x2e0 [ 251.574020] __msan_warning+0x7c/0xe0 [ 251.577872] vmap_page_range_noflush+0x975/0xed0 [ 251.582742] map_vm_area+0x17d/0x1f0 [ 251.586506] kmsan_vmap+0xf2/0x180 [ 251.590098] vmap+0x3a1/0x510 [ 251.593240] ? relay_open_buf+0x81e/0x19d0 [ 251.597521] relay_open_buf+0x81e/0x19d0 [ 251.601673] relay_open+0xabb/0x1370 [ 251.605441] do_blk_trace_setup+0xaf7/0x1780 [ 251.609919] __blk_trace_setup+0x20b/0x380 [ 251.614208] blk_trace_ioctl+0x274/0x970 [ 251.618334] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.623256] ? __msan_poison_alloca+0x17a/0x210 [ 251.627966] ? blkdev_ioctl+0x327/0x55e0 [ 251.632048] ? block_ioctl+0x16f/0x1d0 [ 251.635976] blkdev_ioctl+0x1aaa/0x55e0 [ 251.639975] ? do_futex+0xada/0x59c0 [ 251.643727] ? task_kmsan_context_state+0x6b/0x120 [ 251.648692] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 251.654094] ? vmalloc_to_page+0x57d/0x6b0 [ 251.658376] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.663262] block_ioctl+0x16f/0x1d0 [ 251.667009] ? block_llseek+0x190/0x190 [ 251.671063] do_vfs_ioctl+0xcf3/0x2810 [ 251.675014] ? security_file_ioctl+0x92/0x200 [ 251.679550] __se_sys_ioctl+0x1da/0x270 [ 251.683569] __x64_sys_ioctl+0x4a/0x70 [ 251.687488] do_syscall_64+0xbe/0x100 [ 251.691320] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.696537] RIP: 0033:0x457519 [ 251.699754] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.718674] RSP: 002b:00007f1e26e87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.726406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 251.733693] RDX: 0000000020000080 RSI: 00000000c0481273 RDI: 0000000000000004 [ 251.740978] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 251.748267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e26e886d4 [ 251.755554] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 251.763884] Kernel Offset: disabled [ 251.767545] Rebooting in 86400 seconds..