[....] Starting OpenBSD Secure Shell server: sshd[ 26.363518] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.276526] random: sshd: uninitialized urandom read (32 bytes read) [ 29.642121] random: sshd: uninitialized urandom read (32 bytes read) [ 30.285418] random: sshd: uninitialized urandom read (32 bytes read) [ 118.558303] random: sshd: uninitialized urandom read (32 bytes read) [ 118.682377] sshd (5387) used greatest stack depth: 16520 bytes left Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 124.165235] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/08 19:22:42 parsed 1 programs [ 125.295017] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/08 19:22:44 executed programs: 0 [ 126.960003] IPVS: ftp: loaded support on port[0] = 21 [ 126.964489] IPVS: ftp: loaded support on port[0] = 21 [ 126.987983] IPVS: ftp: loaded support on port[0] = 21 [ 126.992611] IPVS: ftp: loaded support on port[0] = 21 [ 127.021671] IPVS: ftp: loaded support on port[0] = 21 [ 127.032577] IPVS: ftp: loaded support on port[0] = 21 [ 127.056136] IPVS: ftp: loaded support on port[0] = 21 [ 127.087162] IPVS: ftp: loaded support on port[0] = 21 [ 128.835907] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.848348] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.869804] device bridge_slave_0 entered promiscuous mode [ 128.878459] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.885347] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.892815] device bridge_slave_0 entered promiscuous mode [ 128.938382] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.951120] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.973945] device bridge_slave_0 entered promiscuous mode [ 128.985874] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.992264] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.003954] device bridge_slave_1 entered promiscuous mode [ 129.021901] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.031144] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.042839] device bridge_slave_1 entered promiscuous mode [ 129.075270] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.081656] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.092532] device bridge_slave_0 entered promiscuous mode [ 129.102703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.117748] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.128996] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.137453] device bridge_slave_0 entered promiscuous mode [ 129.145530] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.151926] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.162462] device bridge_slave_0 entered promiscuous mode [ 129.172942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.184872] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.191259] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.210675] device bridge_slave_0 entered promiscuous mode [ 129.221390] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.230073] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.238489] device bridge_slave_1 entered promiscuous mode [ 129.245872] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.252245] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.263970] device bridge_slave_0 entered promiscuous mode [ 129.273588] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.280380] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.288461] device bridge_slave_1 entered promiscuous mode [ 129.295481] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.301849] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.309923] device bridge_slave_1 entered promiscuous mode [ 129.319756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.327138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.342967] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.357549] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.363928] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.373297] device bridge_slave_1 entered promiscuous mode [ 129.384153] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.393008] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.403938] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.411643] device bridge_slave_1 entered promiscuous mode [ 129.430234] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.441158] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.456257] device bridge_slave_1 entered promiscuous mode [ 129.465032] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.477406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.486925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.507858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.521059] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.529043] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.592949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.620489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.631913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.644620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.689974] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.766987] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.809069] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.845825] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.880993] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.929049] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.952704] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.988331] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.007962] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 130.017613] ip (5790) used greatest stack depth: 16136 bytes left [ 130.030344] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.046224] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 130.058426] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.106587] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 130.127857] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.147203] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.270576] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.353155] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 130.371508] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 130.383039] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.395224] team0: Port device team_slave_0 added [ 130.400348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 130.413469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 130.426578] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.434335] team0: Port device team_slave_0 added [ 130.472303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 130.515876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 130.529943] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.552098] team0: Port device team_slave_1 added [ 130.563707] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.577437] team0: Port device team_slave_0 added [ 130.626116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.637086] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.654856] team0: Port device team_slave_1 added [ 130.673229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.682800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.705823] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.713285] team0: Port device team_slave_0 added [ 130.721479] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.729870] team0: Port device team_slave_1 added [ 130.738492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.768527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.789289] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.799117] team0: Port device team_slave_0 added [ 130.805463] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.812788] team0: Port device team_slave_0 added [ 130.822737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 130.830922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.840123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.848323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.861109] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.868441] team0: Port device team_slave_0 added [ 130.877767] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.886375] team0: Port device team_slave_1 added [ 130.892493] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.902639] team0: Port device team_slave_0 added [ 130.912248] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.925841] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.933263] team0: Port device team_slave_1 added [ 130.965243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.972738] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.985620] team0: Port device team_slave_1 added [ 130.995220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.010932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.025012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.032498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.040532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.051417] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 131.058880] team0: Port device team_slave_1 added [ 131.069526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.085983] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 131.104553] team0: Port device team_slave_1 added [ 131.112453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.129603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.148245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.157705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.165610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.173051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.181239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.191847] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.217283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.243626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.265308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.285080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.293490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.302036] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.309922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.319861] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.355915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.379490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.394800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.403933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.412297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.421563] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.429480] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.446478] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.453685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.472408] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.496413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.505270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.513060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.521134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.529124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.537086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.546714] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.554824] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.562960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.576797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.590908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.600074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.611567] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.621093] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.640410] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.657431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.676771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.702612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.719751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.727921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.735850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.743597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.751646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.759775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.772385] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.798818] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.820449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.840387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.849786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.858162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.870296] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.889606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.914624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 132.543734] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.550301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.557300] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.563675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.586114] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.592680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 132.607478] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.613848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.620568] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.626994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.644721] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.829717] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.836161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.842755] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.849185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.863046] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.969236] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.975735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.982487] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.988936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.008268] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.017174] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.023548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.030270] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.036686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.045759] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.059426] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.065861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.072549] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.078991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.093918] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.109462] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.115883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.122558] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.128992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.139422] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.152907] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.159329] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.166043] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.172417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.189823] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.604313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.612239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.639262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.652523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.659825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.667275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.674998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 136.525056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.671511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.880747] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 136.899596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.922053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.945583] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.052324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.080346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.112798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.227542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.241493] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.263225] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.286340] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.296860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.305323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.363776] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.383286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.399574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.427045] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.487585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.521124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.584973] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.594581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.601759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.627398] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.706310] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.712600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.720702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.732845] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.760588] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.813566] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.838244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.847873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.862777] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.891617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.911356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.012390] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.025161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.035823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.053547] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.065172] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.083201] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.096948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.111144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.224205] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.270246] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.363737] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.391059] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/08 19:22:57 executed programs: 8 [ 140.005842] hrtimer: interrupt took 33775 ns 2018/09/08 19:23:02 executed programs: 318 2018/09/08 19:23:07 executed programs: 637 2018/09/08 19:23:12 executed programs: 963 2018/09/08 19:23:17 executed programs: 1282 [ 163.065700] ================================================================== [ 163.073295] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4421/0x4630 [ 163.079898] Read of size 8 at addr ffff8801d845eb30 by task syz-executor6/9856 [ 163.087396] [ 163.089045] CPU: 1 PID: 9856 Comm: syz-executor6 Not tainted 4.19.0-rc2+ #51 [ 163.096421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.105781] Call Trace: [ 163.108398] dump_stack+0x1c4/0x2b4 [ 163.112045] ? dump_stack_print_info.cold.2+0x52/0x52 [ 163.117248] ? printk+0xa7/0xcf [ 163.120545] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 163.125324] print_address_description.cold.8+0x9/0x1ff [ 163.130706] kasan_report.cold.9+0x242/0x309 [ 163.135129] ? rawv6_sendmsg+0x4421/0x4630 [ 163.139403] __asan_report_load8_noabort+0x14/0x20 [ 163.144368] rawv6_sendmsg+0x4421/0x4630 [ 163.148455] ? find_held_lock+0x36/0x1c0 [ 163.152551] ? rawv6_getsockopt+0x140/0x140 [ 163.156888] ? percpu_ref_put_many+0x11c/0x260 [ 163.161493] ? print_usage_bug+0xc0/0xc0 [ 163.165580] ? find_held_lock+0x36/0x1c0 [ 163.169669] ? __might_fault+0x12b/0x1e0 [ 163.173751] ? rawv6_recvmsg+0xea0/0xea0 [ 163.177838] ? aa_profile_af_perm+0x410/0x410 [ 163.182372] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.187944] ? _copy_from_user+0xdf/0x150 [ 163.192132] ? aa_af_perm+0x5a0/0x5a0 [ 163.195970] inet_sendmsg+0x1a1/0x690 [ 163.199790] ? rawv6_getsockopt+0x140/0x140 [ 163.204126] ? inet_sendmsg+0x1a1/0x690 [ 163.208136] ? ipip_gro_receive+0x100/0x100 [ 163.212488] ? apparmor_socket_sendmsg+0x29/0x30 [ 163.217265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.222814] ? security_socket_sendmsg+0x94/0xc0 [ 163.227592] ? ipip_gro_receive+0x100/0x100 [ 163.231938] sock_sendmsg+0xd5/0x120 [ 163.235671] ___sys_sendmsg+0x7fd/0x930 [ 163.239664] ? copy_msghdr_from_user+0x580/0x580 [ 163.244442] ? find_held_lock+0x36/0x1c0 [ 163.248531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.254086] ? __fget_light+0x2e9/0x430 [ 163.258077] ? fget_raw+0x20/0x20 [ 163.261573] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.267125] ? sockfd_lookup_light+0xc5/0x160 [ 163.271646] __sys_sendmsg+0x11d/0x280 [ 163.275554] ? __ia32_sys_shutdown+0x80/0x80 [ 163.279989] ? __x64_sys_futex+0x47f/0x6a0 [ 163.284239] ? do_syscall_64+0x9a/0x820 [ 163.288221] ? do_syscall_64+0x9a/0x820 [ 163.292215] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 163.292234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.292257] __x64_sys_sendmsg+0x78/0xb0 [ 163.292275] do_syscall_64+0x1b9/0x820 [ 163.307444] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 163.307465] ? syscall_return_slowpath+0x5e0/0x5e0 [ 163.307481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.307500] ? trace_hardirqs_off+0x300/0x300 [ 163.316751] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 163.316771] ? prepare_exit_to_usermode+0x291/0x3b0 [ 163.316794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.316818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.316835] RIP: 0033:0x457099 [ 163.326605] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 163.326615] RSP: 002b:00007ffc8ffc8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.326632] RAX: ffffffffffffffda RBX: 0000000000ef5914 RCX: 0000000000457099 [ 163.326641] RDX: 0000000000000000 RSI: 0000000020003840 RDI: 0000000000000004 [ 163.326651] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 163.326660] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 163.326669] R13: 00000000004d4b30 R14: 00000000004c90b1 R15: 0000000000000000 [ 163.326693] [ 163.336189] Allocated by task 9856: [ 163.336206] save_stack+0x43/0xd0 [ 163.336217] kasan_kmalloc+0xc7/0xe0 [ 163.336229] kasan_slab_alloc+0x12/0x20 [ 163.336242] kmem_cache_alloc+0x12e/0x730 [ 163.336256] dst_alloc+0xbb/0x1d0 [ 163.336276] ip6_dst_alloc+0x35/0xa0 [ 163.346121] ip6_rt_cache_alloc+0x247/0x7b0 [ 163.346134] ip6_pol_route+0x8f8/0xd90 [ 163.346147] ip6_pol_route_output+0x54/0x70 [ 163.346177] fib6_rule_lookup+0x13a/0x860 [ 163.354533] ip6_route_output_flags+0x2c5/0x350 [ 163.354547] ip6_dst_lookup_tail+0xe27/0x1d60 [ 163.354560] ip6_dst_lookup_flow+0xc8/0x270 [ 163.354572] rawv6_sendmsg+0x12d9/0x4630 [ 163.354586] inet_sendmsg+0x1a1/0x690 [ 163.354600] sock_sendmsg+0xd5/0x120 [ 163.354618] ___sys_sendmsg+0x7fd/0x930 [ 163.381229] __sys_sendmsg+0x11d/0x280 [ 163.381243] __x64_sys_sendmsg+0x78/0xb0 [ 163.381258] do_syscall_64+0x1b9/0x820 [ 163.381274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.381283] [ 163.395821] Freed by task 9859: [ 163.395835] save_stack+0x43/0xd0 [ 163.395848] __kasan_slab_free+0x102/0x150 [ 163.395860] kasan_slab_free+0xe/0x10 [ 163.395874] kmem_cache_free+0x83/0x290 [ 163.395889] dst_destroy+0x267/0x3c0 [ 163.395907] dst_destroy_rcu+0x16/0x19 [ 163.410452] rcu_process_callbacks+0xf23/0x2670 [ 163.410467] __do_softirq+0x30b/0xad8 [ 163.410471] [ 163.410483] The buggy address belongs to the object at ffff8801d845ea80 [ 163.410483] which belongs to the cache ip6_dst_cache of size 240 [ 163.410496] The buggy address is located 176 bytes inside of [ 163.410496] 240-byte region [ffff8801d845ea80, ffff8801d845eb70) [ 163.410501] The buggy address belongs to the page: [ 163.410514] page:ffffea0007611780 count:1 mapcount:0 mapping:ffff8801cb5bd800 index:0x0 [ 163.419419] flags: 0x2fffc0000000100(slab) [ 163.419439] raw: 02fffc0000000100 ffffea0006f2fb08 ffffea0006e60388 ffff8801cb5bd800 [ 163.419457] raw: 0000000000000000 ffff8801d845e080 000000010000000c 0000000000000000 [ 163.419463] page dumped because: kasan: bad access detected [ 163.419472] [ 163.426538] Memory state around the buggy address: [ 163.426551] ffff8801d845ea00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 163.426563] ffff8801d845ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.426574] >ffff8801d845eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 163.426580] ^ [ 163.426591] ffff8801d845eb80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 163.426602] ffff8801d845ec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.426607] ================================================================== [ 163.426612] Disabling lock debugging due to kernel taint [ 163.490188] Kernel panic - not syncing: panic_on_warn set ... [ 163.490188] [ 163.499529] kobject: 'loop0' (00000000f797c3f0): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 163.500439] CPU: 1 PID: 9856 Comm: syz-executor6 Tainted: G B 4.19.0-rc2+ #51 [ 163.504926] kobject: 'loop4' (00000000296ec2ea): kobject_uevent_env [ 163.509495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.509501] Call Trace: [ 163.509520] dump_stack+0x1c4/0x2b4 [ 163.509537] ? dump_stack_print_info.cold.2+0x52/0x52 [ 163.509556] panic+0x238/0x4e7 [ 163.511278] kobject: 'loop4' (00000000296ec2ea): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 163.514452] ? add_taint.cold.5+0x16/0x16 [ 163.514467] ? retint_kernel+0x2d/0x2d [ 163.514485] ? trace_hardirqs_on+0xb4/0x310 [ 163.514504] kasan_end_report+0x47/0x4f [ 163.519840] kobject: 'loop2' (000000005d12eae6): kobject_uevent_env [ 163.522184] kasan_report.cold.9+0x76/0x309 [ 163.522198] ? rawv6_sendmsg+0x4421/0x4630 [ 163.522221] __asan_report_load8_noabort+0x14/0x20 [ 163.526128] kobject: 'loop2' (000000005d12eae6): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 163.529981] rawv6_sendmsg+0x4421/0x4630 [ 163.529996] ? find_held_lock+0x36/0x1c0 [ 163.530018] ? rawv6_getsockopt+0x140/0x140 [ 163.538588] kobject: 'loop7' (0000000035db73be): kobject_uevent_env [ 163.542266] ? percpu_ref_put_many+0x11c/0x260 [ 163.542282] ? print_usage_bug+0xc0/0xc0 [ 163.542304] ? find_held_lock+0x36/0x1c0 [ 163.552917] kobject: 'loop7' (0000000035db73be): fill_kobj_path: path = '/devices/virtual/block/loop7' [ 163.560554] ? __might_fault+0x12b/0x1e0 [ 163.560578] ? rawv6_recvmsg+0xea0/0xea0 [ 163.560603] ? aa_profile_af_perm+0x410/0x410 [ 163.576666] kobject: 'loop3' (00000000fed92e6e): kobject_uevent_env [ 163.577418] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.577433] ? _copy_from_user+0xdf/0x150 [ 163.577458] ? aa_af_perm+0x5a0/0x5a0 [ 163.585705] kobject: 'loop3' (00000000fed92e6e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 163.589814] inet_sendmsg+0x1a1/0x690 [ 163.589828] ? rawv6_getsockopt+0x140/0x140 [ 163.589846] ? inet_sendmsg+0x1a1/0x690 [ 163.598246] kobject: 'loop5' (00000000d146761a): kobject_uevent_env [ 163.605607] ? ipip_gro_receive+0x100/0x100 [ 163.605624] ? apparmor_socket_sendmsg+0x29/0x30 [ 163.605640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.605661] ? security_socket_sendmsg+0x94/0xc0 [ 163.611473] kobject: 'loop5' (00000000d146761a): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 163.612994] ? ipip_gro_receive+0x100/0x100 [ 163.613011] sock_sendmsg+0xd5/0x120 [ 163.613030] ___sys_sendmsg+0x7fd/0x930 [ 163.757075] kobject: 'loop4' (00000000296ec2ea): kobject_uevent_env [ 163.760202] ? copy_msghdr_from_user+0x580/0x580 [ 163.760225] ? find_held_lock+0x36/0x1c0 [ 163.770128] kobject: 'loop4' (00000000296ec2ea): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 163.773693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.773713] ? __fget_light+0x2e9/0x430 [ 163.809204] kobject: 'loop2' (000000005d12eae6): kobject_uevent_env [ 163.810591] ? fget_raw+0x20/0x20 [ 163.814695] kobject: 'loop2' (000000005d12eae6): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 163.824100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.824120] ? sockfd_lookup_light+0xc5/0x160 [ 163.988399] __sys_sendmsg+0x11d/0x280 [ 163.992272] ? __ia32_sys_shutdown+0x80/0x80 [ 163.996693] ? __x64_sys_futex+0x47f/0x6a0 [ 164.000915] ? do_syscall_64+0x9a/0x820 [ 164.004874] ? do_syscall_64+0x9a/0x820 [ 164.008835] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 164.014270] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.019789] __x64_sys_sendmsg+0x78/0xb0 [ 164.023834] do_syscall_64+0x1b9/0x820 [ 164.027708] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 164.033056] ? syscall_return_slowpath+0x5e0/0x5e0 [ 164.037971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 164.042824] ? trace_hardirqs_off+0x300/0x300 [ 164.047319] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 164.052333] ? prepare_exit_to_usermode+0x291/0x3b0 [ 164.057347] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 164.062176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.067362] RIP: 0033:0x457099 [ 164.070545] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 164.089445] RSP: 002b:00007ffc8ffc8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.097136] RAX: ffffffffffffffda RBX: 0000000000ef5914 RCX: 0000000000457099 [ 164.104416] RDX: 0000000000000000 RSI: 0000000020003840 RDI: 0000000000000004 [ 164.111673] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 164.118926] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 164.126178] R13: 00000000004d4b30 R14: 00000000004c90b1 R15: 0000000000000000 [ 164.133776] Dumping ftrace buffer: [ 164.137307] (ftrace buffer empty) [ 164.141733] Kernel Offset: disabled [ 164.145374] Rebooting in 86400 seconds..