[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.589193] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.699109] random: sshd: uninitialized urandom read (32 bytes read) [ 22.952297] random: sshd: uninitialized urandom read (32 bytes read) [ 23.326438] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 28.883669] urandom_read: 1 callbacks suppressed [ 28.883675] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 28.969746] IPVS: ftp: loaded support on port[0] = 21 [ 29.119357] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.125757] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.132680] device bridge_slave_0 entered promiscuous mode [ 29.145967] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.152376] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.159463] device bridge_slave_1 entered promiscuous mode [ 29.172940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 29.186921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 29.219637] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.235242] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.282989] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.290075] team0: Port device team_slave_0 added [ 29.302558] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.309601] team0: Port device team_slave_1 added [ 29.322443] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready RTNETLINK answers: Operation not supported [ 29.334590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.343544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 29.358769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 29.443971] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.450368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.456981] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.463432] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 29.764480] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.770605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.803889] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.835267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.842286] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.871353] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.877463] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 30.068773] ------------[ cut here ]------------ [ 30.073572] kernel BUG at net/ipv6/route.c:1268! [ 30.078361] invalid opcode: 0000 [#1] SMP KASAN [ 30.079890] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.083021] CPU: 1 PID: 4551 Comm: syz-executor315 Not tainted 4.18.0-rc7-next-20180802+ #30 [ 30.083026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.083042] RIP: 0010:ip6_pol_route+0x7a8/0xd20 [ 30.083051] Code: 65 48 03 1d a2 aa 42 7a be 08 00 00 00 48 89 df e8 5d 8e fc fb 31 c0 f0 4c 0f b1 33 48 85 c0 0f 84 ec fb ff ff e8 f8 c5 bd fb <0f> 0b e8 f1 c5 bd fb e8 2c fa a7 fb 31 ff 89 c6 88 85 24 ff ff ff [ 30.083055] RSP: 0018:ffff8801aae8edf0 EFLAGS: 00010293 [ 30.083062] RAX: ffff8801aafea580 RBX: ffffe8ffffd5d998 RCX: ffffffff85bed6a3 [ 30.083067] RDX: 0000000000000000 RSI: ffffffff85bed6b8 RDI: ffffe8ffffd5d998 [ 30.083071] RBP: ffff8801aae8eee0 R08: fffff91ffffabb34 R09: fffff91ffffabb33 [ 30.083076] R10: fffff91ffffabb33 R11: ffffe8ffffd5d99f R12: 0000000000000001 [ 30.083080] R13: ffff8801d07df580 R14: ffff8801acd72a00 R15: 0000000000000003 [ 30.083087] FS: 00007f3d17750700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 30.083092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.083096] CR2: 00000000205fafd2 CR3: 00000001d0652000 CR4: 00000000001406e0 [ 30.083103] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.083107] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.083109] Call Trace: [ 30.083121] ? ip6_pol_route_lookup+0x1130/0x1130 [ 30.083128] ? ip6_finish_output2+0xcb5/0x2820 [ 30.083140] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 30.083149] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 30.083161] ip6_pol_route_output+0x54/0x70 [ 30.234542] fib6_rule_lookup+0x283/0x890 [ 30.238673] ? ip6_pol_route_input+0x80/0x80 [ 30.243061] ? fib6_lookup+0x480/0x480 [ 30.246931] ? __dev_get_by_index+0x1c0/0x1c0 [ 30.251422] ? trace_hardirqs_on+0x10/0x10 [ 30.255635] ? kasan_check_read+0x11/0x20 [ 30.259770] ? do_raw_spin_unlock+0xa7/0x2f0 [ 30.264168] ip6_route_output_flags+0x2c5/0x350 [ 30.268827] ip6_dst_lookup_tail+0x1278/0x1da0 [ 30.273402] ? lock_acquire+0x1e4/0x540 [ 30.277365] ? debug_object_activate+0x41a/0x690 [ 30.282115] ? dst_output+0x180/0x180 [ 30.285913] ? kasan_check_read+0x11/0x20 [ 30.290042] ? do_raw_spin_unlock+0xa7/0x2f0 [ 30.294433] ? lock_acquire+0x1e4/0x540 [ 30.298388] ? debug_object_active_state+0x2f5/0x4d0 [ 30.303475] ? lock_downgrade+0x8f0/0x8f0 [ 30.307605] ? kasan_check_read+0x11/0x20 [ 30.311732] ? lock_acquire+0x1e4/0x540 [ 30.315687] ? inet6_csk_route_socket+0x69d/0x1030 [ 30.320606] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.326128] ? __sk_dst_check+0x1ef/0x410 [ 30.330279] ip6_dst_lookup_flow+0xc8/0x270 [ 30.334580] ? ip6_dst_lookup+0x60/0x60 [ 30.338541] ? rcu_is_watching+0x8c/0x150 [ 30.342671] inet6_csk_route_socket+0x8cb/0x1030 [ 30.347407] ? inet6_csk_route_req+0x820/0x820 [ 30.351973] ? note_gp_changes+0x420/0x420 [ 30.356197] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 30.361723] ? kasan_check_write+0x14/0x20 [ 30.365938] ? pskb_expand_head+0x6b3/0x10e0 [ 30.370327] ? kasan_unpoison_shadow+0x35/0x50 [ 30.374887] ? kasan_kmalloc+0xc4/0xe0 [ 30.378759] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 30.383233] inet6_csk_xmit+0x118/0x630 [ 30.387187] ? inet6_csk_xmit+0x118/0x630 [ 30.391316] ? call_rcu_sched+0x12/0x20 [ 30.395271] ? inet6_csk_update_pmtu+0x190/0x190 [ 30.400004] ? __sk_dst_check+0x1ef/0x410 [ 30.404132] ? sock_alloc_send_skb+0x40/0x40 [ 30.408526] l2tp_xmit_skb+0x15bc/0x1960 [ 30.412571] ? l2tp_session_create+0xae0/0xae0 [ 30.417133] ? _copy_from_iter_full+0x2bc/0xd20 [ 30.421779] ? skb_set_owner_w+0x24e/0x360 [ 30.426003] ? usercopy_warn+0x120/0x120 [ 30.430044] ? iov_iter_advance+0x14e0/0x14e0 [ 30.434518] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.440034] ? _copy_from_user+0xdf/0x150 [ 30.444160] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 30.449151] ? pppol2tp_sendmsg+0x45a/0x6c0 [ 30.453463] pppol2tp_sendmsg+0x4ae/0x6c0 [ 30.457589] ? move_addr_to_kernel.part.18+0x100/0x100 [ 30.462844] ? kasan_check_write+0x14/0x20 [ 30.467070] ? pppol2tp_getsockopt+0x950/0x950 [ 30.471632] sock_sendmsg+0xd5/0x120 [ 30.475325] ___sys_sendmsg+0x51d/0x930 [ 30.479276] ? __switch_to_asm+0x34/0x70 [ 30.483320] ? __switch_to_asm+0x40/0x70 [ 30.487362] ? __switch_to_asm+0x34/0x70 [ 30.491404] ? copy_msghdr_from_user+0x580/0x580 [ 30.496139] ? __schedule+0x884/0x1ec0 [ 30.500005] ? __sched_text_start+0x8/0x8 [ 30.504135] ? lock_acquire+0x1e4/0x540 [ 30.508092] ? __might_fault+0x12b/0x1e0 [ 30.512133] ? lock_downgrade+0x8f0/0x8f0 [ 30.516267] ? lock_release+0xa30/0xa30 [ 30.520220] ? check_same_owner+0x340/0x340 [ 30.524522] ? rcu_note_context_switch+0x730/0x730 [ 30.529429] ? check_same_owner+0x340/0x340 [ 30.533734] __sys_sendmmsg+0x240/0x6f0 [ 30.537702] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 30.542014] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.547532] ? fput+0x130/0x1a0 [ 30.550789] ? __sys_connect+0x1d1/0x4c0 [ 30.554828] ? __ia32_sys_accept+0xb0/0xb0 [ 30.559052] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 30.563616] __x64_sys_sendmmsg+0x9d/0x100 [ 30.567830] do_syscall_64+0x1b9/0x820 [ 30.571697] ? finish_task_switch+0x1d3/0x870 [ 30.576172] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.581086] ? syscall_return_slowpath+0x31d/0x5e0 [ 30.585994] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 30.590995] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.596009] ? perf_trace_sys_enter+0xb10/0xb10 [ 30.600660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.605491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.610660] RIP: 0033:0x447ac9 [ 30.613844] Code: e8 9c b9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 30.632724] RSP: 002b:00007f3d1774fce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 30.640420] RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000447ac9 [ 30.647686] RDX: 00000000000003e8 RSI: 0000000020005fc0 RDI: 0000000000000004 [ 30.654935] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000 [ 30.662183] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c [ 30.669443] R13: 00007ffea8559c9f R14: 00007f3d177509c0 R15: 0000000000000000 [ 30.676695] Modules linked in: [ 30.679886] Dumping ftrace buffer: [ 30.683407] (ftrace buffer empty) [ 30.687144] ---[ end trace 442688eec02d1caa ]--- [ 30.691911] RIP: 0010:ip6_pol_route+0x7a8/0xd20 [ 30.696588] Code: 65 48 03 1d a2 aa 42 7a be 08 00 00 00 48 89 df e8 5d 8e fc fb 31 c0 f0 4c 0f b1 33 48 85 c0 0f 84 ec fb ff ff e8 f8 c5 bd fb <0f> 0b e8 f1 c5 bd fb e8 2c fa a7 fb 31 ff 89 c6 88 85 24 ff ff ff [ 30.715489] RSP: 0018:ffff8801aae8edf0 EFLAGS: 00010293 [ 30.720853] RAX: ffff8801aafea580 RBX: ffffe8ffffd5d998 RCX: ffffffff85bed6a3 [ 30.728116] RDX: 0000000000000000 RSI: ffffffff85bed6b8 RDI: ffffe8ffffd5d998 [ 30.735393] RBP: ffff8801aae8eee0 R08: fffff91ffffabb34 R09: fffff91ffffabb33 [ 30.742661] R10: fffff91ffffabb33 R11: ffffe8ffffd5d99f R12: 0000000000000001 [ 30.749933] R13: ffff8801d07df580 R14: ffff8801acd72a00 R15: 0000000000000003 [ 30.757197] FS: 00007f3d17750700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 30.765423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.771298] CR2: 00000000205fafd2 CR3: 00000001d0652000 CR4: 00000000001406e0 [ 30.778568] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.785831] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.793101] Kernel panic - not syncing: Fatal exception in interrupt [ 30.799974] Dumping ftrace buffer: [ 30.803504] (ftrace buffer empty) [ 30.807200] Kernel Offset: disabled [ 30.810814] Rebooting in 86400 seconds..