[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 27.886161] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.960203] random: sshd: uninitialized urandom read (32 bytes read) [ 31.427499] random: sshd: uninitialized urandom read (32 bytes read) [ 32.072923] random: sshd: uninitialized urandom read (32 bytes read) [ 95.206402] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. [ 100.808802] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/12 13:10:54 parsed 1 programs [ 102.221451] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/12 13:10:56 executed programs: 0 [ 103.719061] IPVS: ftp: loaded support on port[0] = 21 [ 103.961674] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.968443] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.975899] device bridge_slave_0 entered promiscuous mode [ 103.994513] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.001047] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.008116] device bridge_slave_1 entered promiscuous mode [ 104.026561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 104.044350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 104.093361] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 104.113329] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 104.187259] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 104.194677] team0: Port device team_slave_0 added [ 104.211654] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 104.218784] team0: Port device team_slave_1 added [ 104.236503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 104.255327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.274597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 104.295425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.440294] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.446732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.453540] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.459919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.971829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.022252] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 105.074364] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 105.081305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 105.088269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.142075] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.859747] ================================================================== [ 105.867235] BUG: KASAN: use-after-free in __dev_map_entry_free+0x2ab/0x300 [ 105.874237] Read of size 8 at addr ffff8801c559bb08 by task ksoftirqd/0/9 [ 105.881143] [ 105.882762] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.0-rc2+ #51 [ 105.889495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.898828] Call Trace: [ 105.901406] dump_stack+0x1c4/0x2b4 [ 105.905043] ? dump_stack_print_info.cold.2+0x52/0x52 [ 105.910220] ? printk+0xa7/0xcf [ 105.913487] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 105.918232] print_address_description.cold.8+0x9/0x1ff [ 105.923581] kasan_report.cold.9+0x242/0x309 [ 105.927974] ? __dev_map_entry_free+0x2ab/0x300 [ 105.932634] __asan_report_load8_noabort+0x14/0x20 [ 105.937550] __dev_map_entry_free+0x2ab/0x300 [ 105.942033] ? check_preemption_disabled+0x48/0x200 [ 105.947035] ? dev_map_delete_elem+0x120/0x120 [ 105.951607] rcu_process_callbacks+0xf23/0x2670 [ 105.956266] ? __rcu_read_unlock+0x2f0/0x2f0 [ 105.960664] ? lock_is_held_type+0x210/0x210 [ 105.965067] ? pick_next_task_fair+0x98e/0x17c0 [ 105.969730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.975255] ? check_preemption_disabled+0x48/0x200 [ 105.980258] ? check_preemption_disabled+0x48/0x200 [ 105.985269] ? finish_task_switch+0x1f5/0x900 [ 105.989756] ? _raw_spin_unlock_irq+0x27/0x80 [ 105.994235] ? _raw_spin_unlock_irq+0x27/0x80 [ 105.998714] ? lockdep_hardirqs_on+0x421/0x5c0 [ 106.003302] ? trace_hardirqs_on+0xbd/0x310 [ 106.007649] ? kasan_check_read+0x11/0x20 [ 106.011785] ? finish_task_switch+0x1f5/0x900 [ 106.016267] ? compat_start_thread+0x80/0x80 [ 106.020664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.026191] ? kasan_check_write+0x14/0x20 [ 106.030440] ? finish_task_switch+0x2f5/0x900 [ 106.034926] ? __switch_to_asm+0x40/0x70 [ 106.038985] ? preempt_notifier_register+0x200/0x200 [ 106.044094] ? __switch_to_asm+0x34/0x70 [ 106.048140] ? __switch_to_asm+0x34/0x70 [ 106.052185] ? __switch_to_asm+0x40/0x70 [ 106.056230] ? __switch_to_asm+0x34/0x70 [ 106.060274] ? __switch_to_asm+0x40/0x70 [ 106.064318] ? __switch_to_asm+0x34/0x70 [ 106.068378] ? __switch_to_asm+0x40/0x70 [ 106.072426] ? __switch_to_asm+0x34/0x70 [ 106.076478] ? pvclock_read_flags+0x160/0x160 [ 106.080982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.086508] ? check_preemption_disabled+0x48/0x200 [ 106.091509] ? check_preemption_disabled+0x48/0x200 [ 106.096516] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 106.102381] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 106.107647] ? rcu_pm_notify+0xc0/0xc0 [ 106.111531] __do_softirq+0x30b/0xad8 [ 106.115323] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 106.120418] ? schedule+0x108/0x460 [ 106.124037] ? trace_hardirqs_off+0xb8/0x300 [ 106.128450] ? ___might_sleep+0x1ed/0x300 [ 106.132583] ? smpboot_thread_fn+0x68b/0xa00 [ 106.136977] ? trace_hardirqs_on+0x310/0x310 [ 106.141390] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.146923] ? check_preemption_disabled+0x48/0x200 [ 106.151956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.157487] ? takeover_tasklets+0xa90/0xa90 [ 106.161900] run_ksoftirqd+0x94/0x100 [ 106.165702] smpboot_thread_fn+0x68b/0xa00 [ 106.169935] ? sort_range+0x30/0x30 [ 106.173552] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 106.178646] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.184170] ? __kthread_parkme+0xfb/0x1a0 [ 106.188391] kthread+0x35a/0x420 [ 106.191744] ? sort_range+0x30/0x30 [ 106.195356] ? kthread_bind+0x40/0x40 [ 106.199144] ret_from_fork+0x3a/0x50 [ 106.202844] [ 106.204455] Allocated by task 5728: [ 106.208065] save_stack+0x43/0xd0 [ 106.211518] kasan_kmalloc+0xc7/0xe0 [ 106.215216] kmem_cache_alloc_trace+0x152/0x750 [ 106.219870] dev_map_alloc+0x210/0x810 [ 106.223754] map_create+0x3bd/0x10f0 [ 106.227452] __x64_sys_bpf+0x303/0x510 [ 106.231324] do_syscall_64+0x1b9/0x820 [ 106.235197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.240363] [ 106.241974] Freed by task 5428: [ 106.245235] save_stack+0x43/0xd0 [ 106.248673] __kasan_slab_free+0x102/0x150 [ 106.252900] kasan_slab_free+0xe/0x10 [ 106.256693] kfree+0xcf/0x230 [ 106.259797] dev_map_free+0x514/0x690 [ 106.263589] bpf_map_free_deferred+0xba/0xf0 [ 106.267983] process_one_work+0xc90/0x1b90 [ 106.272202] worker_thread+0x17f/0x1390 [ 106.276163] kthread+0x35a/0x420 [ 106.279514] ret_from_fork+0x3a/0x50 [ 106.283223] [ 106.284837] The buggy address belongs to the object at ffff8801c559ba00 [ 106.284837] which belongs to the cache kmalloc-512 of size 512 [ 106.297480] The buggy address is located 264 bytes inside of [ 106.297480] 512-byte region [ffff8801c559ba00, ffff8801c559bc00) [ 106.309338] The buggy address belongs to the page: [ 106.314265] page:ffffea00071566c0 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0 [ 106.322397] flags: 0x2fffc0000000100(slab) [ 106.326620] raw: 02fffc0000000100 ffffea00071eb448 ffffea0007141108 ffff8801da800940 [ 106.334490] raw: 0000000000000000 ffff8801c559b000 0000000100000006 0000000000000000 [ 106.342356] page dumped because: kasan: bad access detected [ 106.348049] [ 106.349657] Memory state around the buggy address: [ 106.354570] ffff8801c559ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.361919] ffff8801c559ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.369263] >ffff8801c559bb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.376600] ^ [ 106.380210] ffff8801c559bb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.387550] ffff8801c559bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.394885] ================================================================== [ 106.402231] Disabling lock debugging due to kernel taint [ 106.407726] Kernel panic - not syncing: panic_on_warn set ... [ 106.407726] [ 106.415106] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 4.19.0-rc2+ #51 [ 106.421015] kobject: 'loop0' (000000009cdf4a8e): kobject_uevent_env [ 106.423254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.439000] Call Trace: [ 106.441593] dump_stack+0x1c4/0x2b4 [ 106.445219] ? dump_stack_print_info.cold.2+0x52/0x52 [ 106.450413] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 106.455174] panic+0x238/0x4e7 [ 106.458365] ? add_taint.cold.5+0x16/0x16 [ 106.462517] ? trace_hardirqs_on+0xb4/0x310 [ 106.466842] kasan_end_report+0x47/0x4f [ 106.470816] kasan_report.cold.9+0x76/0x309 [ 106.475138] ? __dev_map_entry_free+0x2ab/0x300 [ 106.479809] __asan_report_load8_noabort+0x14/0x20 [ 106.484737] __dev_map_entry_free+0x2ab/0x300 [ 106.489233] ? check_preemption_disabled+0x48/0x200 [ 106.494249] ? dev_map_delete_elem+0x120/0x120 [ 106.498835] rcu_process_callbacks+0xf23/0x2670 [ 106.503510] ? __rcu_read_unlock+0x2f0/0x2f0 [ 106.507929] ? lock_is_held_type+0x210/0x210 [ 106.512520] ? pick_next_task_fair+0x98e/0x17c0 [ 106.517192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.522731] ? check_preemption_disabled+0x48/0x200 [ 106.527747] ? check_preemption_disabled+0x48/0x200 [ 106.532772] ? finish_task_switch+0x1f5/0x900 [ 106.537267] ? _raw_spin_unlock_irq+0x27/0x80 [ 106.541760] ? _raw_spin_unlock_irq+0x27/0x80 [ 106.546254] ? lockdep_hardirqs_on+0x421/0x5c0 [ 106.550837] ? trace_hardirqs_on+0xbd/0x310 [ 106.555156] ? kasan_check_read+0x11/0x20 [ 106.559305] ? finish_task_switch+0x1f5/0x900 [ 106.563798] ? compat_start_thread+0x80/0x80 [ 106.568206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.573749] ? kasan_check_write+0x14/0x20 [ 106.577988] ? finish_task_switch+0x2f5/0x900 [ 106.582482] ? __switch_to_asm+0x40/0x70 [ 106.586543] ? preempt_notifier_register+0x200/0x200 [ 106.591642] ? __switch_to_asm+0x34/0x70 [ 106.595706] ? __switch_to_asm+0x34/0x70 [ 106.599765] ? __switch_to_asm+0x40/0x70 [ 106.603824] ? __switch_to_asm+0x34/0x70 [ 106.607881] ? __switch_to_asm+0x40/0x70 [ 106.611954] ? __switch_to_asm+0x34/0x70 [ 106.616008] ? __switch_to_asm+0x40/0x70 [ 106.620064] ? __switch_to_asm+0x34/0x70 [ 106.624132] ? pvclock_read_flags+0x160/0x160 [ 106.628628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.634166] ? check_preemption_disabled+0x48/0x200 [ 106.639184] ? check_preemption_disabled+0x48/0x200 [ 106.644202] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 106.649737] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 106.655011] ? rcu_pm_notify+0xc0/0xc0 [ 106.658919] __do_softirq+0x30b/0xad8 [ 106.662728] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 106.667837] ? schedule+0x108/0x460 [ 106.671472] ? trace_hardirqs_off+0xb8/0x300 [ 106.675881] ? ___might_sleep+0x1ed/0x300 [ 106.680041] ? smpboot_thread_fn+0x68b/0xa00 [ 106.684449] ? trace_hardirqs_on+0x310/0x310 [ 106.688858] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.694401] ? check_preemption_disabled+0x48/0x200 [ 106.699420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.704961] ? takeover_tasklets+0xa90/0xa90 [ 106.709369] run_ksoftirqd+0x94/0x100 [ 106.713166] smpboot_thread_fn+0x68b/0xa00 [ 106.717408] ? sort_range+0x30/0x30 [ 106.721036] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 106.726135] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.731670] ? __kthread_parkme+0xfb/0x1a0 [ 106.735918] kthread+0x35a/0x420 [ 106.739287] ? sort_range+0x30/0x30 [ 106.742924] ? kthread_bind+0x40/0x40 [ 106.746726] ret_from_fork+0x3a/0x50 [ 106.750727] Dumping ftrace buffer: [ 106.754254] (ftrace buffer empty) [ 106.758530] Kernel Offset: disabled [ 106.762153] Rebooting in 86400 seconds..