[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.708483] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.115382] random: sshd: uninitialized urandom read (32 bytes read) [ 21.349362] random: sshd: uninitialized urandom read (32 bytes read) [ 22.156607] random: sshd: uninitialized urandom read (32 bytes read) [ 26.815997] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. [ 32.331629] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/28 09:08:57 parsed 1 programs [ 33.732101] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/28 09:08:59 executed programs: 0 [ 35.036377] IPVS: ftp: loaded support on port[0] = 21 [ 35.039806] IPVS: ftp: loaded support on port[0] = 21 [ 35.054468] IPVS: ftp: loaded support on port[0] = 21 [ 35.060388] IPVS: ftp: loaded support on port[0] = 21 [ 35.079173] IPVS: ftp: loaded support on port[0] = 21 [ 35.099155] IPVS: ftp: loaded support on port[0] = 21 [ 35.102686] IPVS: ftp: loaded support on port[0] = 21 [ 35.106543] IPVS: ftp: loaded support on port[0] = 21 [ 35.762783] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.769241] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.781422] device bridge_slave_0 entered promiscuous mode [ 35.790206] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.796616] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.803756] device bridge_slave_0 entered promiscuous mode [ 35.825123] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.831527] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.845769] device bridge_slave_1 entered promiscuous mode [ 35.875730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 35.884111] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.890604] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.909878] device bridge_slave_1 entered promiscuous mode [ 35.937218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 35.945737] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.952169] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.970416] device bridge_slave_0 entered promiscuous mode [ 35.977406] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.983860] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.990864] device bridge_slave_0 entered promiscuous mode [ 35.998778] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.005243] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.012707] device bridge_slave_0 entered promiscuous mode [ 36.020631] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.027176] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.034739] device bridge_slave_0 entered promiscuous mode [ 36.042748] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.051428] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.057845] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.065717] device bridge_slave_0 entered promiscuous mode [ 36.074159] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.080535] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.087709] device bridge_slave_1 entered promiscuous mode [ 36.095353] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.101704] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.108675] device bridge_slave_1 entered promiscuous mode [ 36.119348] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.125729] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.132770] device bridge_slave_1 entered promiscuous mode [ 36.140373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.148656] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.160643] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.167075] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.178746] device bridge_slave_1 entered promiscuous mode [ 36.189394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.198160] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.204600] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.212499] device bridge_slave_1 entered promiscuous mode [ 36.224261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.232387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.240457] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.248744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.256493] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.262840] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.272570] device bridge_slave_0 entered promiscuous mode [ 36.290203] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.298812] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.308346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.322243] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.328626] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.345666] device bridge_slave_1 entered promiscuous mode [ 36.361379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.374646] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.386758] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.400518] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.412636] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.421622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.429748] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.458619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.485463] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.496602] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.505318] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.528501] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.565548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 36.574589] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.583743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 36.590712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.599171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.611125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 36.618868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.626584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.642169] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 36.650237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 36.663206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.674566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.688605] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.697341] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.706410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 36.713806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.726160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 36.735564] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.747640] team0: Port device team_slave_0 added [ 36.755390] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.772338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.782148] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 36.796805] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.804709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 36.821269] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.837214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.848201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.862269] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.871008] team0: Port device team_slave_1 added [ 36.878835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 36.898813] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 36.914344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.922948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.941882] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.950099] team0: Port device team_slave_0 added [ 36.972494] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.986186] team0: Port device team_slave_0 added [ 36.997426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.012334] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.020926] team0: Port device team_slave_0 added [ 37.038318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.059619] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.067105] team0: Port device team_slave_1 added [ 37.080239] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.093242] team0: Port device team_slave_1 added [ 37.106201] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.131693] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.141584] team0: Port device team_slave_0 added [ 37.150718] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.160888] team0: Port device team_slave_1 added [ 37.168320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.180943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.188829] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.198694] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.208871] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.223242] team0: Port device team_slave_0 added [ 37.230733] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.239619] team0: Port device team_slave_1 added [ 37.247420] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.254835] team0: Port device team_slave_0 added [ 37.261790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.273466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.282250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.290453] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.300598] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.322256] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.342557] team0: Port device team_slave_1 added [ 37.353604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.371513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.379962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.387884] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.395831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.404095] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.411461] team0: Port device team_slave_1 added [ 37.421335] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.441449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.455956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.472396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.480625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.488351] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.497446] team0: Port device team_slave_0 added [ 37.502864] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.512672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.521445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.533517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.543756] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 37.550636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 37.558602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.568339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.575409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.583860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.596920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.607767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.616645] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 37.625452] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 37.633701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.642763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.653316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.665598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.673560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 37.681327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.688905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 37.696615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.704275] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.711600] team0: Port device team_slave_1 added [ 37.722997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.732770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.739916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.748084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.760381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.770488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.780655] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.788560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.800310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.812242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 37.819268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 37.832575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.843043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.856277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.866651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.882257] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.891864] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.905610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 37.912999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.929355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.944823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.952641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.960623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 37.968453] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.002249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.009386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.021637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.079578] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.086732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.098864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.407088] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.413621] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.420571] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.426945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.434740] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.442659] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.449062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.455716] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.462092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.469567] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.543348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.554514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.633793] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.640206] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.646894] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.653285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.661314] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.669267] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.675662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.682309] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.688674] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.698688] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.706838] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.713192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.719834] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.726194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.738369] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.806643] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.813066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.819709] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.826068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.834252] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.851998] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.858416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.865138] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.871521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.890499] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.968821] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.975235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.981860] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.988229] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.998957] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.583925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.595585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.604163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.611631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.619107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.626368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.266207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.287757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.364278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.421628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.437510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.557915] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.569759] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.581066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.593138] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.641111] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.713942] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.720956] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.743875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.788769] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.816182] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.822414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.832580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.846975] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.855123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.872699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.886668] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.963724] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.971721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.981307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.999924] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.006773] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.012923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.029267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.049512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.057815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.081629] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.109996] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.116215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.124817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.158590] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.175717] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.201777] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.208446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.216550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.291376] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.304078] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.316940] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.341508] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.347741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.365782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.440537] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.451743] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.594141] 8021q: adding VLAN 0 to HW filter on device team0 2018/06/28 09:09:08 executed programs: 8 2018/06/28 09:09:13 executed programs: 196 2018/06/28 09:09:18 executed programs: 393 2018/06/28 09:09:23 executed programs: 586 2018/06/28 09:09:28 executed programs: 783 [ 64.700879] ================================================================== [ 64.708441] BUG: KASAN: use-after-free in bpf_tcp_close+0xd93/0xfa0 [ 64.714848] Read of size 8 at addr ffff8801bf7b4710 by task syz-executor3/12243 [ 64.722285] [ 64.723919] CPU: 1 PID: 12243 Comm: syz-executor3 Not tainted 4.18.0-rc2+ #42 [ 64.731187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.740539] Call Trace: [ 64.743135] dump_stack+0x1c9/0x2b4 [ 64.746777] ? dump_stack_print_info.cold.2+0x52/0x52 [ 64.751973] ? printk+0xa7/0xcf [ 64.755258] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 64.760023] ? bpf_tcp_close+0xd93/0xfa0 [ 64.764092] print_address_description+0x6c/0x20b [ 64.768940] ? bpf_tcp_close+0xd93/0xfa0 [ 64.773003] kasan_report.cold.7+0x242/0x2fe [ 64.777419] __asan_report_load8_noabort+0x14/0x20 [ 64.782352] bpf_tcp_close+0xd93/0xfa0 [ 64.786249] ? tcp_check_oom+0x530/0x530 [ 64.790322] ? sock_hash_free+0x6f0/0x6f0 [ 64.794482] ? lock_release+0xa30/0xa30 [ 64.798456] ? rcu_note_context_switch+0x730/0x730 [ 64.803380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.808922] ? ipv6_sock_ac_close+0x356/0x490 [ 64.813427] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.818966] ? ipv6_sock_mc_close+0x162/0x1d0 [ 64.823464] ? ip_mc_drop_socket+0x20f/0x270 [ 64.827877] ? down_write+0x8f/0x130 [ 64.831603] inet_release+0x104/0x1f0 [ 64.835411] inet6_release+0x50/0x70 [ 64.839128] __sock_release+0xd7/0x260 [ 64.843021] ? __sock_release+0x260/0x260 [ 64.847177] sock_close+0x19/0x20 [ 64.850635] __fput+0x35b/0x8b0 [ 64.854275] ? fput+0x1a0/0x1a0 [ 64.857564] ? check_same_owner+0x340/0x340 [ 64.861892] ? _raw_spin_unlock_irq+0x27/0x70 [ 64.866392] ____fput+0x15/0x20 [ 64.869678] task_work_run+0x1ec/0x2a0 [ 64.873574] ? task_work_cancel+0x250/0x250 [ 64.877901] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 64.883444] ? switch_task_namespaces+0xa2/0xd0 [ 64.888120] do_exit+0x1b08/0x2750 [ 64.891674] ? mm_update_next_owner+0x9a0/0x9a0 [ 64.896348] ? print_usage_bug+0xc0/0xc0 [ 64.900417] ? graph_lock+0x170/0x170 [ 64.904222] ? do_raw_spin_unlock+0xa7/0x2f0 [ 64.908634] ? rcu_note_context_switch+0x730/0x730 [ 64.913570] ? lock_acquire+0x1e4/0x540 [ 64.917562] ? __lock_acquire+0x7fc/0x5020 [ 64.921810] ? trace_hardirqs_on+0x10/0x10 [ 64.926046] ? kasan_check_read+0x11/0x20 [ 64.930197] ? do_raw_spin_unlock+0xa7/0x2f0 [ 64.934616] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 64.939200] ? kasan_check_write+0x14/0x20 [ 64.943435] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 64.948631] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 64.954171] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 64.959280] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.964819] ? futex_wait+0x5d2/0xa20 [ 64.968629] ? perf_trace_lock+0xde/0x920 [ 64.972791] ? zap_class+0x740/0x740 [ 64.976516] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 64.981630] ? graph_lock+0x170/0x170 [ 64.985443] ? memset+0x31/0x40 [ 64.988734] ? find_held_lock+0x36/0x1c0 [ 64.992817] ? lock_downgrade+0x8f0/0x8f0 [ 64.996973] do_group_exit+0x177/0x440 [ 65.000861] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 65.005444] ? __ia32_sys_exit+0x50/0x50 [ 65.009502] ? _raw_spin_unlock_irq+0x27/0x70 [ 65.014000] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 65.019026] get_signal+0x88e/0x1970 [ 65.022761] ? ptrace_notify+0x130/0x130 [ 65.026826] ? find_held_lock+0x36/0x1c0 [ 65.030900] ? lock_downgrade+0x8f0/0x8f0 [ 65.035058] ? rcu_is_watching+0x8c/0x150 [ 65.039210] ? __lock_is_held+0xb5/0x140 [ 65.043280] do_signal+0x9c/0x21c0 [ 65.046828] ? __fd_install+0x2db/0x880 [ 65.050810] ? setup_sigcontext+0x7d0/0x7d0 [ 65.055132] ? get_unused_fd_flags+0x1a0/0x1a0 [ 65.059721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.065265] ? alloc_file+0x44/0x3e0 [ 65.068991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.074534] ? sock_alloc_file+0x2ac/0x500 [ 65.078794] ? exit_to_usermode_loop+0x8c/0x370 [ 65.083474] exit_to_usermode_loop+0x2e0/0x370 [ 65.088064] ? syscall_slow_exit_work+0x500/0x500 [ 65.092917] ? do_syscall_64+0x9a/0x820 [ 65.096908] do_syscall_64+0x6be/0x820 [ 65.100799] ? finish_task_switch+0x1d3/0x890 [ 65.105297] ? syscall_return_slowpath+0x5e0/0x5e0 [ 65.110231] ? syscall_return_slowpath+0x31d/0x5e0 [ 65.115165] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 65.120537] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.125391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.130578] RIP: 0033:0x455a99 [ 65.133763] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.153159] RSP: 002b:00007f2bfb961ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.160871] RAX: fffffffffffffe00 RBX: 000000000072bf68 RCX: 0000000000455a99 [ 65.168142] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf68 [ 65.175412] RBP: 000000000072bf68 R08: 0000000000000000 R09: 000000000072bf48 [ 65.182676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.189945] R13: 00007ffe6497fcbf R14: 00007f2bfb9629c0 R15: 0000000000000001 [ 65.197223] [ 65.198845] Allocated by task 12224: [ 65.202565] save_stack+0x43/0xd0 [ 65.206018] kasan_kmalloc+0xc4/0xe0 [ 65.209736] __kmalloc_node+0x47/0x70 [ 65.213539] sock_hash_ctx_update_elem.isra.24+0xa72/0x1580 [ 65.219251] sock_hash_update_elem+0x157/0x2f0 [ 65.223831] map_update_elem+0x5c4/0xc90 [ 65.227888] __x64_sys_bpf+0x32d/0x510 [ 65.231782] do_syscall_64+0x1b9/0x820 [ 65.235674] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.240855] [ 65.242476] Freed by task 4804: [ 65.245762] save_stack+0x43/0xd0 [ 65.249217] __kasan_slab_free+0x11a/0x170 [ 65.253452] kasan_slab_free+0xe/0x10 [ 65.257252] kfree+0xd9/0x260 [ 65.260363] sock_hash_free+0x256/0x6f0 [ 65.264338] bpf_map_free_deferred+0xba/0xf0 [ 65.268753] process_one_work+0xc73/0x1ba0 [ 65.272988] worker_thread+0x189/0x13c0 [ 65.276953] kthread+0x345/0x410 [ 65.280315] ret_from_fork+0x3a/0x50 [ 65.284014] [ 65.285634] The buggy address belongs to the object at ffff8801bf7b4700 [ 65.285634] which belongs to the cache kmalloc-64 of size 64 [ 65.298097] The buggy address is located 16 bytes inside of [ 65.298097] 64-byte region [ffff8801bf7b4700, ffff8801bf7b4740) [ 65.309778] The buggy address belongs to the page: [ 65.314696] page:ffffea0006fded00 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0 [ 65.322822] flags: 0x2fffc0000000100(slab) [ 65.327045] raw: 02fffc0000000100 ffffea0006b8ff48 ffffea00075cb408 ffff8801da800340 [ 65.334918] raw: 0000000000000000 ffff8801bf7b4000 0000000100000020 0000000000000000 [ 65.342777] page dumped because: kasan: bad access detected [ 65.348463] [ 65.350068] Memory state around the buggy address: [ 65.354979] ffff8801bf7b4600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 65.362328] ffff8801bf7b4680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 65.369683] >ffff8801bf7b4700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 65.377025] ^ [ 65.380907] ffff8801bf7b4780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 65.388249] ffff8801bf7b4800: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 65.395583] ================================================================== [ 65.402915] Disabling lock debugging due to kernel taint [ 65.408415] Kernel panic - not syncing: panic_on_warn set ... [ 65.408415] [ 65.415790] CPU: 1 PID: 12243 Comm: syz-executor3 Tainted: G B 4.18.0-rc2+ #42 [ 65.424443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.433790] Call Trace: [ 65.436378] dump_stack+0x1c9/0x2b4 [ 65.440002] ? dump_stack_print_info.cold.2+0x52/0x52 [ 65.445186] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 65.449928] panic+0x238/0x4e7 [ 65.453106] ? add_taint.cold.5+0x16/0x16 [ 65.457238] ? do_raw_spin_unlock+0xa7/0x2f0 [ 65.461633] ? bpf_tcp_close+0xd93/0xfa0 [ 65.465674] kasan_end_report+0x47/0x4f [ 65.469628] kasan_report.cold.7+0x76/0x2fe [ 65.473930] __asan_report_load8_noabort+0x14/0x20 [ 65.478845] bpf_tcp_close+0xd93/0xfa0 [ 65.482720] ? tcp_check_oom+0x530/0x530 [ 65.486764] ? sock_hash_free+0x6f0/0x6f0 [ 65.490895] ? lock_release+0xa30/0xa30 [ 65.494851] ? rcu_note_context_switch+0x730/0x730 [ 65.499763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.505284] ? ipv6_sock_ac_close+0x356/0x490 [ 65.509763] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.515279] ? ipv6_sock_mc_close+0x162/0x1d0 [ 65.519755] ? ip_mc_drop_socket+0x20f/0x270 [ 65.524147] ? down_write+0x8f/0x130 [ 65.527842] inet_release+0x104/0x1f0 [ 65.531626] inet6_release+0x50/0x70 [ 65.535321] __sock_release+0xd7/0x260 [ 65.539192] ? __sock_release+0x260/0x260 [ 65.543321] sock_close+0x19/0x20 [ 65.546757] __fput+0x35b/0x8b0 [ 65.550026] ? fput+0x1a0/0x1a0 [ 65.553287] ? check_same_owner+0x340/0x340 [ 65.557593] ? _raw_spin_unlock_irq+0x27/0x70 [ 65.562071] ____fput+0x15/0x20 [ 65.565334] task_work_run+0x1ec/0x2a0 [ 65.569205] ? task_work_cancel+0x250/0x250 [ 65.573511] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 65.579034] ? switch_task_namespaces+0xa2/0xd0 [ 65.583685] do_exit+0x1b08/0x2750 [ 65.587212] ? mm_update_next_owner+0x9a0/0x9a0 [ 65.591865] ? print_usage_bug+0xc0/0xc0 [ 65.595907] ? graph_lock+0x170/0x170 [ 65.599687] ? do_raw_spin_unlock+0xa7/0x2f0 [ 65.604083] ? rcu_note_context_switch+0x730/0x730 [ 65.608994] ? lock_acquire+0x1e4/0x540 [ 65.612968] ? __lock_acquire+0x7fc/0x5020 [ 65.617192] ? trace_hardirqs_on+0x10/0x10 [ 65.621409] ? kasan_check_read+0x11/0x20 [ 65.625539] ? do_raw_spin_unlock+0xa7/0x2f0 [ 65.629933] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 65.634496] ? kasan_check_write+0x14/0x20 [ 65.638711] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 65.643883] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 65.649399] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 65.654484] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.659999] ? futex_wait+0x5d2/0xa20 [ 65.663788] ? perf_trace_lock+0xde/0x920 [ 65.667921] ? zap_class+0x740/0x740 [ 65.671617] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 65.676704] ? graph_lock+0x170/0x170 [ 65.680490] ? memset+0x31/0x40 [ 65.683752] ? find_held_lock+0x36/0x1c0 [ 65.687798] ? lock_downgrade+0x8f0/0x8f0 [ 65.691937] do_group_exit+0x177/0x440 [ 65.695807] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 65.700372] ? __ia32_sys_exit+0x50/0x50 [ 65.704417] ? _raw_spin_unlock_irq+0x27/0x70 [ 65.708894] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 65.713891] get_signal+0x88e/0x1970 [ 65.717587] ? ptrace_notify+0x130/0x130 [ 65.721630] ? find_held_lock+0x36/0x1c0 [ 65.725679] ? lock_downgrade+0x8f0/0x8f0 [ 65.729809] ? rcu_is_watching+0x8c/0x150 [ 65.734664] ? __lock_is_held+0xb5/0x140 [ 65.738713] do_signal+0x9c/0x21c0 [ 65.742237] ? __fd_install+0x2db/0x880 [ 65.746198] ? setup_sigcontext+0x7d0/0x7d0 [ 65.750516] ? get_unused_fd_flags+0x1a0/0x1a0 [ 65.755081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.760598] ? alloc_file+0x44/0x3e0 [ 65.764303] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.769821] ? sock_alloc_file+0x2ac/0x500 [ 65.774044] ? exit_to_usermode_loop+0x8c/0x370 [ 65.778701] exit_to_usermode_loop+0x2e0/0x370 [ 65.783266] ? syscall_slow_exit_work+0x500/0x500 [ 65.788092] ? do_syscall_64+0x9a/0x820 [ 65.792054] do_syscall_64+0x6be/0x820 [ 65.795934] ? finish_task_switch+0x1d3/0x890 [ 65.800411] ? syscall_return_slowpath+0x5e0/0x5e0 [ 65.805324] ? syscall_return_slowpath+0x31d/0x5e0 [ 65.810246] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 65.815592] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.820419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.825598] RIP: 0033:0x455a99 [ 65.828763] Code: Bad RIP value. [ 65.832122] RSP: 002b:00007f2bfb961ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.839810] RAX: fffffffffffffe00 RBX: 000000000072bf68 RCX: 0000000000455a99 [ 65.847059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf68 [ 65.854307] RBP: 000000000072bf68 R08: 0000000000000000 R09: 000000000072bf48 [ 65.861564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.868812] R13: 00007ffe6497fcbf R14: 00007f2bfb9629c0 R15: 0000000000000001 [ 65.876516] Dumping ftrace buffer: [ 65.880035] (ftrace buffer empty) [ 65.883718] Kernel Offset: disabled [ 65.887323] Rebooting in 86400 seconds..