[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.220491] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.743878] random: sshd: uninitialized urandom read (32 bytes read) [ 29.194518] random: sshd: uninitialized urandom read (32 bytes read) [ 29.794305] random: sshd: uninitialized urandom read (32 bytes read) [ 153.940715] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. [ 159.614224] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/09 14:11:21 parsed 1 programs [ 160.914744] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/09 14:11:23 executed programs: 0 [ 162.308010] IPVS: ftp: loaded support on port[0] = 21 [ 162.309278] IPVS: ftp: loaded support on port[0] = 21 [ 162.343769] IPVS: ftp: loaded support on port[0] = 21 [ 162.363796] IPVS: ftp: loaded support on port[0] = 21 [ 162.389401] IPVS: ftp: loaded support on port[0] = 21 [ 162.395688] IPVS: ftp: loaded support on port[0] = 21 [ 162.407339] IPVS: ftp: loaded support on port[0] = 21 [ 162.442392] IPVS: ftp: loaded support on port[0] = 21 [ 163.132451] ip (5481) used greatest stack depth: 16104 bytes left [ 164.166155] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.174649] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.182613] device bridge_slave_0 entered promiscuous mode [ 164.238966] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.245556] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.278764] device bridge_slave_0 entered promiscuous mode [ 164.289145] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.295575] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.303386] device bridge_slave_1 entered promiscuous mode [ 164.311224] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.323302] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.330712] device bridge_slave_0 entered promiscuous mode [ 164.340000] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.347189] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.355441] device bridge_slave_0 entered promiscuous mode [ 164.365610] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.373297] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.380752] device bridge_slave_0 entered promiscuous mode [ 164.390283] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.397470] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.405509] device bridge_slave_0 entered promiscuous mode [ 164.414810] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.436430] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.448713] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.463123] device bridge_slave_1 entered promiscuous mode [ 164.469395] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.476866] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.484934] device bridge_slave_1 entered promiscuous mode [ 164.493948] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.500312] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.508107] device bridge_slave_1 entered promiscuous mode [ 164.518571] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.527363] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.539487] device bridge_slave_0 entered promiscuous mode [ 164.549171] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.556271] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.564166] device bridge_slave_0 entered promiscuous mode [ 164.573073] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.581905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.592741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.609587] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.617512] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.632469] device bridge_slave_1 entered promiscuous mode [ 164.638986] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.646365] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.654522] device bridge_slave_1 entered promiscuous mode [ 164.661235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.670183] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.681866] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.689205] device bridge_slave_1 entered promiscuous mode [ 164.697664] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.707652] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.721013] device bridge_slave_1 entered promiscuous mode [ 164.729773] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.741688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.770695] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.785706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.798100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.812042] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.830925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.864940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.896641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.913959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.961683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 165.025274] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.094788] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.139686] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.161815] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.182471] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.209948] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.238617] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.255841] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.270347] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.289714] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.307646] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.330414] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.350767] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.377305] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.420817] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.470624] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.718466] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.737644] team0: Port device team_slave_0 added [ 165.795071] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.812453] team0: Port device team_slave_0 added [ 165.819879] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.832155] team0: Port device team_slave_0 added [ 165.841444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.849405] team0: Port device team_slave_0 added [ 165.873240] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.880545] team0: Port device team_slave_0 added [ 165.896744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.908739] team0: Port device team_slave_0 added [ 165.914544] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.924835] team0: Port device team_slave_1 added [ 165.933316] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.948385] team0: Port device team_slave_1 added [ 165.956416] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.967808] team0: Port device team_slave_1 added [ 165.974536] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.986970] team0: Port device team_slave_0 added [ 165.998102] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.006571] team0: Port device team_slave_1 added [ 166.015160] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.023421] team0: Port device team_slave_1 added [ 166.030717] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.040735] team0: Port device team_slave_1 added [ 166.059525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.074395] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.090016] team0: Port device team_slave_1 added [ 166.096336] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.107909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.118109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.133462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.141046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.155706] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.163775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.171656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.183560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.193825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.203091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.217968] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.229428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.238223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.256972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.264956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.272587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.280282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.287915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.295581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.303662] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 166.311095] team0: Port device team_slave_0 added [ 166.316591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.325298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.337172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.354162] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.364946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.378289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.390481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.404074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.416155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.423744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.431510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.438917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.446898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.454639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.462518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.470172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.481127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.493502] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.508787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.524577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.532686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.540703] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.565249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.573276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.580949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.588861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.596627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.604493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.612031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.619707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.628626] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.635854] team0: Port device team_slave_1 added [ 166.644702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.652112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.665285] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.686820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.705853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.714037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.722285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.730012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.738118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.746480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.755750] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.767438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.777500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.797041] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.829849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.844691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.855119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.863315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.870957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.878910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.886634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.894834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.902730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.910392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.926651] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.936090] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.950028] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.968473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.999730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.013463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.021235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.029146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.036957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.046206] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.063862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 167.082254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.105763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.128316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.136380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.164993] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.198164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.209302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.286661] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.299855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.310690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.863633] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.870139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.877258] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.883681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.904524] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.927518] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.933938] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.940639] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.947112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.987968] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.019616] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.026043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.032787] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.039184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.054580] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.084043] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.090415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.097113] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.103533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.124403] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.133663] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.140021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.146727] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.153146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.161194] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.260170] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.266620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.273316] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.279675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.289484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.316743] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.323620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.330285] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.336702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.369103] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.510360] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.516789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.523552] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.529930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.549983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.892045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.904026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.918106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.926399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.934759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.942360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.949369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.957075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.798805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.843951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.901501] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.944390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.051699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.065366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.117549] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.154626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.170677] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.237322] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.338732] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.363996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.423909] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.447142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.470128] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.493767] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.513131] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.548655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.562059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.569097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.585064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.595600] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.620106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.630536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.739711] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.780221] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.797672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.805727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.820901] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.830895] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.856474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.868313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.893662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.906440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.926246] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.955153] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.965339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.982021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.990785] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.014286] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.102333] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 173.108665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.118872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.221144] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.232785] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.243912] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.366342] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.435366] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/09 14:11:36 executed programs: 8 2018/09/09 14:11:41 executed programs: 292 2018/09/09 14:11:46 executed programs: 599 2018/09/09 14:11:51 executed programs: 912 2018/09/09 14:11:56 executed programs: 1216 2018/09/09 14:12:01 executed programs: 1524 2018/09/09 14:12:06 executed programs: 1825 [ 207.162502] ================================================================== [ 207.169927] BUG: KASAN: use-after-free in __lock_acquire+0x37c2/0x4ec0 [ 207.176616] Read of size 8 at addr ffff8801cdffcb48 by task syz-executor6/14770 [ 207.184061] [ 207.185701] CPU: 1 PID: 14770 Comm: syz-executor6 Not tainted 4.19.0-rc2+ #229 [ 207.193070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.202423] Call Trace: [ 207.205019] dump_stack+0x1c4/0x2b4 [ 207.208662] ? dump_stack_print_info.cold.2+0x52/0x52 [ 207.213860] ? printk+0xa7/0xcf [ 207.217153] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 207.221926] print_address_description.cold.8+0x9/0x1ff [ 207.227321] kasan_report.cold.9+0x242/0x309 [ 207.231753] ? __lock_acquire+0x37c2/0x4ec0 [ 207.236094] __asan_report_load8_noabort+0x14/0x20 [ 207.241030] __lock_acquire+0x37c2/0x4ec0 [ 207.245196] ? mark_held_locks+0x130/0x130 [ 207.249439] ? is_bpf_text_address+0xac/0x170 [ 207.253944] ? lock_downgrade+0x900/0x900 [ 207.258098] ? check_preemption_disabled+0x48/0x200 [ 207.263126] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 207.268934] ? kasan_check_read+0x11/0x20 [ 207.273112] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 207.278394] ? rcu_bh_qs+0xc0/0xc0 [ 207.281946] ? rcu_bh_qs+0xc0/0xc0 [ 207.285502] ? unwind_dump+0x190/0x190 [ 207.289415] ? is_bpf_text_address+0xd3/0x170 [ 207.293922] ? kernel_text_address+0x79/0xf0 [ 207.298343] ? __kernel_text_address+0xd/0x40 [ 207.302851] ? unwind_get_return_address+0x61/0xa0 [ 207.307792] ? __save_stack_trace+0x8d/0xf0 [ 207.312128] ? save_stack+0xa9/0xd0 [ 207.315758] ? save_stack+0x43/0xd0 [ 207.319908] ? __kasan_slab_free+0x102/0x150 [ 207.324327] lock_acquire+0x1ed/0x520 [ 207.328132] ? psock_map_pop.isra.22+0x93/0x3b0 [ 207.332809] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.338220] ? lock_release+0x970/0x970 [ 207.342201] ? trace_hardirqs_on+0x310/0x310 [ 207.346620] ? kasan_check_write+0x14/0x20 [ 207.350872] _raw_spin_lock_bh+0x31/0x40 [ 207.354938] ? psock_map_pop.isra.22+0x93/0x3b0 [ 207.359619] psock_map_pop.isra.22+0x93/0x3b0 [ 207.364122] ? trace_hardirqs_on+0xbd/0x310 [ 207.368455] ? smap_list_map_remove+0x360/0x360 [ 207.373133] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 207.378593] ? __kasan_slab_free+0x119/0x150 [ 207.383021] ? bpf_tcp_close+0x6c2/0x10c0 [ 207.387197] bpf_tcp_close+0x6ca/0x10c0 [ 207.391179] ? tcp_check_oom+0x530/0x530 [ 207.395285] ? sock_hash_free+0x6a0/0x6a0 [ 207.399455] ? lock_release+0x970/0x970 [ 207.403437] ? arch_local_save_flags+0x40/0x40 [ 207.408030] ? graph_lock+0x170/0x170 [ 207.411850] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.417395] ? ipv6_sock_ac_close+0x34f/0x470 [ 207.417427] ? ipv6_sock_mc_close+0x162/0x1d0 [ 207.417438] ? ip_mc_drop_socket+0x20b/0x270 [ 207.417449] ? down_write+0x8a/0x130 [ 207.427129] inet_release+0x104/0x1f0 [ 207.427143] inet6_release+0x50/0x70 [ 207.427156] __sock_release+0xd7/0x250 [ 207.427168] ? __sock_release+0x250/0x250 [ 207.427183] sock_close+0x19/0x20 [ 207.435301] __fput+0x385/0xa30 [ 207.435315] ? get_max_files+0x20/0x20 [ 207.435329] ? trace_hardirqs_on+0xbd/0x310 [ 207.435343] ? kasan_check_read+0x11/0x20 [ 207.435361] ? task_work_run+0x1af/0x2a0 [ 207.442860] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 207.442877] ? kasan_check_write+0x14/0x20 [ 207.442892] ? do_raw_spin_lock+0xc1/0x200 [ 207.442905] ____fput+0x15/0x20 [ 207.442918] task_work_run+0x1e8/0x2a0 [ 207.442935] ? task_work_cancel+0x240/0x240 [ 207.450948] ? copy_fd_bitmaps+0x210/0x210 [ 207.450963] ? do_syscall_64+0x9a/0x820 [ 207.450979] exit_to_usermode_loop+0x318/0x380 [ 207.450994] ? syscall_slow_exit_work+0x520/0x520 [ 207.451014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.457734] do_syscall_64+0x6be/0x820 [ 207.457750] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 207.457769] ? syscall_return_slowpath+0x5e0/0x5e0 [ 207.457783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.457802] ? trace_hardirqs_on_caller+0x310/0x310 [ 207.466017] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 207.466031] ? prepare_exit_to_usermode+0x291/0x3b0 [ 207.466047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.466083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.466098] RIP: 0033:0x410c51 [ 207.474283] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 207.474290] RSP: 002b:00007fff632a5360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 207.474302] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000410c51 [ 207.474322] RDX: 0000000000000001 RSI: 00000000007305f0 RDI: 0000000000000003 [ 207.474330] RBP: 0000000000000000 R08: 00000000000000a0 R09: ffffffffffffffff [ 207.474338] R10: 0000000000930140 R11: 0000000000000293 R12: 0000000000000004 [ 207.474346] R13: 000000000003287e R14: 00000000000000f2 R15: badc0ffeebadface [ 207.474365] [ 207.484039] Allocated by task 14772: [ 207.484060] save_stack+0x43/0xd0 [ 207.484071] kasan_kmalloc+0xc7/0xe0 [ 207.484085] kmem_cache_alloc_node_trace+0x14c/0x740 [ 207.484099] __sock_map_ctx_update_elem.isra.23+0x7a9/0x12f0 [ 207.484112] sock_map_ctx_update_elem.isra.24+0x1a3/0xbe0 [ 207.484129] sock_map_update_elem+0x22a/0x5a0 [ 207.491640] map_update_elem+0x753/0xd50 [ 207.491651] __x64_sys_bpf+0x32d/0x510 [ 207.491664] do_syscall_64+0x1b9/0x820 [ 207.491678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.491680] [ 207.491692] Freed by task 7451: [ 207.499884] save_stack+0x43/0xd0 [ 207.499900] __kasan_slab_free+0x102/0x150 [ 207.508086] kasan_slab_free+0xe/0x10 [ 207.508099] kfree+0xcf/0x230 [ 207.508111] smap_gc_work+0x910/0xc70 [ 207.508122] process_one_work+0xc90/0x1b90 [ 207.508132] worker_thread+0x17f/0x1390 [ 207.508149] kthread+0x35a/0x420 [ 207.517563] ret_from_fork+0x3a/0x50 [ 207.517567] [ 207.517577] The buggy address belongs to the object at ffff8801cdffc900 [ 207.517577] which belongs to the cache kmalloc-1024 of size 1024 [ 207.517588] The buggy address is located 584 bytes inside of [ 207.517588] 1024-byte region [ffff8801cdffc900, ffff8801cdffcd00) [ 207.517592] The buggy address belongs to the page: [ 207.517604] page:ffffea000737ff00 count:1 mapcount:0 mapping:ffff8801da800ac0 index:0xffff8801cdffd200 compound_mapcount: 0 [ 207.527038] flags: 0x2fffc0000008100(slab|head) [ 207.527062] raw: 02fffc0000008100 ffffea00071c2908 ffffea00071e4588 ffff8801da800ac0 [ 207.527077] raw: ffff8801cdffd200 ffff8801cdffc000 0000000100000006 0000000000000000 [ 207.527088] page dumped because: kasan: bad access detected [ 207.537360] [ 207.537364] Memory state around the buggy address: [ 207.537375] ffff8801cdffca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 207.537385] ffff8801cdffca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 207.537395] >ffff8801cdffcb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 207.537400] ^ [ 207.537409] ffff8801cdffcb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 207.537422] ffff8801cdffcc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 207.547259] ================================================================== [ 207.547263] Disabling lock debugging due to kernel taint [ 207.547270] Kernel panic - not syncing: panic_on_warn set ... [ 207.547270] [ 207.547286] CPU: 1 PID: 14770 Comm: syz-executor6 Tainted: G B 4.19.0-rc2+ #229 [ 207.547298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.552774] kobject: 'loop2' (00000000a5095847): kobject_uevent_env [ 207.557501] Call Trace: [ 207.557517] dump_stack+0x1c4/0x2b4 [ 207.557540] ? dump_stack_print_info.cold.2+0x52/0x52 [ 207.557559] ? lock_downgrade+0x900/0x900 [ 207.562497] kobject: 'loop2' (00000000a5095847): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 207.567572] panic+0x238/0x4e7 [ 207.567585] ? add_taint.cold.5+0x16/0x16 [ 207.567626] ? add_taint.cold.5+0x5/0x16 [ 207.922815] ? trace_hardirqs_off+0xaf/0x310 [ 207.927222] kasan_end_report+0x47/0x4f [ 207.931199] kasan_report.cold.9+0x76/0x309 [ 207.935504] ? __lock_acquire+0x37c2/0x4ec0 [ 207.939810] __asan_report_load8_noabort+0x14/0x20 [ 207.944744] __lock_acquire+0x37c2/0x4ec0 [ 207.948878] ? mark_held_locks+0x130/0x130 [ 207.953099] ? is_bpf_text_address+0xac/0x170 [ 207.957592] ? lock_downgrade+0x900/0x900 [ 207.961725] ? check_preemption_disabled+0x48/0x200 [ 207.966728] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 207.972509] ? kasan_check_read+0x11/0x20 [ 207.976647] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 207.981906] ? rcu_bh_qs+0xc0/0xc0 [ 207.985439] ? rcu_bh_qs+0xc0/0xc0 [ 207.988964] ? unwind_dump+0x190/0x190 [ 207.992835] ? is_bpf_text_address+0xd3/0x170 [ 207.997333] ? kernel_text_address+0x79/0xf0 [ 208.001727] ? __kernel_text_address+0xd/0x40 [ 208.006213] ? unwind_get_return_address+0x61/0xa0 [ 208.011122] ? __save_stack_trace+0x8d/0xf0 [ 208.015430] ? save_stack+0xa9/0xd0 [ 208.019038] ? save_stack+0x43/0xd0 [ 208.022652] ? __kasan_slab_free+0x102/0x150 [ 208.027047] lock_acquire+0x1ed/0x520 [ 208.030842] ? psock_map_pop.isra.22+0x93/0x3b0 [ 208.035494] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.040860] ? lock_release+0x970/0x970 [ 208.044817] ? trace_hardirqs_on+0x310/0x310 [ 208.049223] ? kasan_check_write+0x14/0x20 [ 208.053442] _raw_spin_lock_bh+0x31/0x40 [ 208.057486] ? psock_map_pop.isra.22+0x93/0x3b0 [ 208.062137] psock_map_pop.isra.22+0x93/0x3b0 [ 208.066617] ? trace_hardirqs_on+0xbd/0x310 [ 208.070921] ? smap_list_map_remove+0x360/0x360 [ 208.075585] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 208.081018] ? __kasan_slab_free+0x119/0x150 [ 208.085408] ? bpf_tcp_close+0x6c2/0x10c0 [ 208.089541] bpf_tcp_close+0x6ca/0x10c0 [ 208.093503] ? tcp_check_oom+0x530/0x530 [ 208.097552] ? sock_hash_free+0x6a0/0x6a0 [ 208.101686] ? lock_release+0x970/0x970 [ 208.105643] ? arch_local_save_flags+0x40/0x40 [ 208.110206] ? graph_lock+0x170/0x170 [ 208.113993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.119512] ? ipv6_sock_ac_close+0x34f/0x470 [ 208.123993] ? ipv6_sock_mc_close+0x162/0x1d0 [ 208.128474] ? ip_mc_drop_socket+0x20b/0x270 [ 208.132884] ? down_write+0x8a/0x130 [ 208.136604] inet_release+0x104/0x1f0 [ 208.140389] inet6_release+0x50/0x70 [ 208.144088] __sock_release+0xd7/0x250 [ 208.147958] ? __sock_release+0x250/0x250 [ 208.152086] sock_close+0x19/0x20 [ 208.155523] __fput+0x385/0xa30 [ 208.158785] ? get_max_files+0x20/0x20 [ 208.162662] ? trace_hardirqs_on+0xbd/0x310 [ 208.167004] ? kasan_check_read+0x11/0x20 [ 208.171138] ? task_work_run+0x1af/0x2a0 [ 208.175179] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 208.180617] ? kasan_check_write+0x14/0x20 [ 208.184837] ? do_raw_spin_lock+0xc1/0x200 [ 208.189070] ____fput+0x15/0x20 [ 208.192363] task_work_run+0x1e8/0x2a0 [ 208.196267] ? task_work_cancel+0x240/0x240 [ 208.200571] ? copy_fd_bitmaps+0x210/0x210 [ 208.204789] ? do_syscall_64+0x9a/0x820 [ 208.208748] exit_to_usermode_loop+0x318/0x380 [ 208.213324] ? syscall_slow_exit_work+0x520/0x520 [ 208.218183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.223706] do_syscall_64+0x6be/0x820 [ 208.227578] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 208.232939] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.237851] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.242682] ? trace_hardirqs_on_caller+0x310/0x310 [ 208.247700] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.252720] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.257723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.262552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.267727] RIP: 0033:0x410c51 [ 208.270904] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 208.289790] RSP: 002b:00007fff632a5360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 208.297478] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000410c51 [ 208.304731] RDX: 0000000000000001 RSI: 00000000007305f0 RDI: 0000000000000003 [ 208.311979] RBP: 0000000000000000 R08: 00000000000000a0 R09: ffffffffffffffff [ 208.319244] R10: 0000000000930140 R11: 0000000000000293 R12: 0000000000000004 [ 208.326500] R13: 000000000003287e R14: 00000000000000f2 R15: badc0ffeebadface [ 208.334089] Dumping ftrace buffer: [ 208.337622] (ftrace buffer empty) [ 208.341941] Kernel Offset: disabled [ 208.345566] Rebooting in 86400 seconds..