[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.605820] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.278702] random: sshd: uninitialized urandom read (32 bytes read)
[   20.522206] random: sshd: uninitialized urandom read (32 bytes read)
[   21.219536] random: sshd: uninitialized urandom read (32 bytes read)
[   27.919306] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
[   33.386010] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   33.466710] IPVS: ftp: loaded support on port[0] = 21
[   33.610464] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.616865] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.623700] device bridge_slave_0 entered promiscuous mode
[   33.636604] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.643010] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.650312] device bridge_slave_1 entered promiscuous mode
[   33.662746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   33.675972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   33.708268] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   33.723528] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   33.768767] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   33.775932] team0: Port device team_slave_0 added
[   33.787782] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   33.794800] team0: Port device team_slave_1 added
[   33.807299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
RTNETLINK answers: Operation not supported
[   33.821231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   33.834996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   33.849620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   33.933925] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.940328] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.946955] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.953295] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   34.249821] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   34.255946] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.288925] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   34.321484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.328565] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   34.356562] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   34.362690] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   34.551581] ------------[ cut here ]------------
[   34.556379] kernel BUG at net/ipv6/route.c:1268!
[   34.561162] invalid opcode: 0000 [#1] SMP KASAN
[   34.565826] CPU: 0 PID: 4577 Comm: syz-executor718 Not tainted 4.18.0-rc6+ #140
[   34.568263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   34.573254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.573272] RIP: 0010:ip6_pol_route+0x9e3/0x1250
[   34.573280] Code: 31 e4 e8 90 62 02 fc 4c 89 e0 f0 4c 0f b1 33 31 ff 49 89 c4 48 89 c6 e8 2b 4c c4 fb 4d 85 e4 0f 84 0d fa ff ff e8 ed 4a c4 fb <0f> 0b e8 e6 4a c4 fb e8 91 b9 ae fb 31 ff 89 c6 88 85 e0 fd ff ff 
[   34.612995] RSP: 0018:ffff8801d8aded48 EFLAGS: 00010293
[   34.618346] RAX: ffff8801d354a340 RBX: ffffe8ffffc5d0d8 RCX: ffffffff85b7ca85
[   34.625607] RDX: 0000000000000000 RSI: ffffffff85b7ca93 RDI: 0000000000000007
[   34.632857] RBP: ffff8801d8adef78 R08: ffff8801d354a340 R09: fffff91ffff8ba1b
[   34.640107] R10: fffff91ffff8ba1b R11: ffffe8ffffc5d0df R12: ffff8801d859a340
[   34.647366] R13: 0000000000000001 R14: ffff8801d859a200 R15: 0000000000000001
[   34.654616] FS:  00007f97e891c700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
[   34.662821] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.668681] CR2: 00000000205fafd2 CR3: 00000001b97b7000 CR4: 00000000001406f0
[   34.675946] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.683197] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.690446] Call Trace:
[   34.693024]  ? ip6_pol_route_lookup+0x1120/0x1120
[   34.697848]  ? __nf_conntrack_find_get.part.43+0xfc3/0x1ac0
[   34.703541]  ? trace_hardirqs_on+0x10/0x10
[   34.707754]  ? ip6_finish_output2+0xcb5/0x2820
[   34.712320]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.717317]  ? trace_hardirqs_on+0x10/0x10
[   34.721533]  ip6_pol_route_output+0x54/0x70
[   34.725837]  fib6_rule_lookup+0x26e/0x700
[   34.729967]  ? ip6_pol_route_input+0x80/0x80
[   34.734357]  ? fib6_lookup+0x480/0x480
[   34.738246]  ? trace_hardirqs_on+0x10/0x10
[   34.742464]  ? kasan_check_read+0x11/0x20
[   34.746591]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.750978]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.755536]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.760101]  ip6_route_output_flags+0x2c5/0x350
[   34.764753]  ip6_dst_lookup_tail+0x1278/0x1da0
[   34.769319]  ? debug_object_activate+0x41a/0x690
[   34.774055]  ? lock_downgrade+0x8f0/0x8f0
[   34.778187]  ? kernel_text_address+0x79/0xf0
[   34.782575]  ? dst_output+0x180/0x180
[   34.786356]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.790744]  ? lock_acquire+0x1e4/0x540
[   34.794698]  ? debug_object_active_state+0x2f5/0x4d0
[   34.799783]  ? lock_downgrade+0x8f0/0x8f0
[   34.803926]  ? kasan_check_read+0x11/0x20
[   34.808054]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.812443]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.817014]  ? lock_acquire+0x1e4/0x540
[   34.820974]  ? inet6_csk_route_socket+0x69d/0x1030
[   34.825886]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.831418]  ? __sk_dst_check+0x1ef/0x410
[   34.835554]  ip6_dst_lookup_flow+0xc8/0x270
[   34.839868]  ? rcu_is_watching+0x8c/0x150
[   34.844010]  ? ip6_dst_lookup+0x60/0x60
[   34.847976]  ? kasan_kmalloc+0xc4/0xe0
[   34.851850]  inet6_csk_route_socket+0x8cb/0x1030
[   34.856587]  ? ip6_dst_check+0x475/0xaf0
[   34.860630]  ? inet6_csk_route_req+0x820/0x820
[   34.865191]  ? note_gp_changes+0x550/0x550
[   34.869427]  ? __kasan_slab_free+0x131/0x170
[   34.873819]  ? trace_hardirqs_on+0xd/0x10
[   34.877948]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   34.883480]  ? kasan_check_write+0x14/0x20
[   34.887694]  ? pskb_expand_head+0x6b3/0x10e0
[   34.892084]  ? kmem_cache_alloc_node_trace+0x302/0x770
[   34.897361]  ? __pskb_copy_fclone+0xeb0/0xeb0
[   34.901844]  inet6_csk_xmit+0x118/0x630
[   34.905797]  ? inet6_csk_xmit+0x118/0x630
[   34.909941]  ? call_rcu_sched+0x12/0x20
[   34.913896]  ? inet6_csk_update_pmtu+0x190/0x190
[   34.918630]  ? __sk_dst_check+0x1ef/0x410
[   34.922757]  ? sock_alloc_send_skb+0x40/0x40
[   34.927150]  l2tp_xmit_skb+0x1469/0x1830
[   34.931195]  ? l2tp_session_create+0xb60/0xb60
[   34.935773]  ? iov_iter_advance+0x14e0/0x14e0
[   34.940251]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.945772]  ? _copy_from_user+0xdf/0x150
[   34.949901]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.954898]  ? pppol2tp_sendmsg+0x45a/0x6c0
[   34.959199]  pppol2tp_sendmsg+0x4ae/0x6c0
[   34.963328]  ? move_addr_to_kernel.part.20+0x100/0x100
[   34.968584]  ? pppol2tp_getsockopt+0x950/0x950
[   34.973145]  sock_sendmsg+0xd5/0x120
[   34.976841]  ___sys_sendmsg+0x51d/0x930
[   34.980799]  ? kasan_check_write+0x14/0x20
[   34.985017]  ? copy_msghdr_from_user+0x580/0x580
[   34.989750]  ? __schedule+0x884/0x1ed0
[   34.993617]  ? __sched_text_start+0x8/0x8
[   34.997747]  ? lock_acquire+0x1e4/0x540
[   35.001698]  ? __might_fault+0x12b/0x1e0
[   35.005751]  ? lock_downgrade+0x8f0/0x8f0
[   35.009880]  ? lock_release+0xa30/0xa30
[   35.013836]  ? check_same_owner+0x340/0x340
[   35.018143]  ? rcu_note_context_switch+0x730/0x730
[   35.023063]  ? check_same_owner+0x340/0x340
[   35.027371]  __sys_sendmmsg+0x240/0x6f0
[   35.031341]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   35.035646]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.041171]  ? fput+0x130/0x1a0
[   35.044446]  ? __sys_connect+0x1d1/0x4c0
[   35.048493]  ? __ia32_sys_accept+0xb0/0xb0
[   35.052740]  __x64_sys_sendmmsg+0x9d/0x100
[   35.056969]  do_syscall_64+0x1b9/0x820
[   35.060842]  ? finish_task_switch+0x1d3/0x870
[   35.065327]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.070247]  ? syscall_return_slowpath+0x31d/0x5e0
[   35.075156]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.080165]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.085174]  ? perf_trace_sys_enter+0xb10/0xb10
[   35.089826]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.094668]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.099835] RIP: 0033:0x446e09
[   35.103000] Code: e8 dc bd 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   35.122129] RSP: 002b:00007f97e891bdb8 EFLAGS: 00000297 ORIG_RAX: 0000000000000133
[   35.129824] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000446e09
[   35.137076] RDX: 00000000000003e8 RSI: 0000000020005fc0 RDI: 0000000000000004
[   35.144324] RBP: 00000000006dcc40 R08: 0000000000000000 R09: 0000000000000000
[   35.151570] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dcc4c
[   35.158819] R13: 00007fff65c43f5f R14: 00007f97e891c9c0 R15: 0000000000000000
[   35.166071] Modules linked in:
[   35.169248] Dumping ftrace buffer:
[   35.172787]    (ftrace buffer empty)
[   35.176515] ---[ end trace 3ac4e00f2f3328bc ]---
[   35.181270] RIP: 0010:ip6_pol_route+0x9e3/0x1250
[   35.186039] Code: 31 e4 e8 90 62 02 fc 4c 89 e0 f0 4c 0f b1 33 31 ff 49 89 c4 48 89 c6 e8 2b 4c c4 fb 4d 85 e4 0f 84 0d fa ff ff e8 ed 4a c4 fb <0f> 0b e8 e6 4a c4 fb e8 91 b9 ae fb 31 ff 89 c6 88 85 e0 fd ff ff 
[   35.205195] RSP: 0018:ffff8801d8aded48 EFLAGS: 00010293
[   35.210568] RAX: ffff8801d354a340 RBX: ffffe8ffffc5d0d8 RCX: ffffffff85b7ca85
[   35.217858] RDX: 0000000000000000 RSI: ffffffff85b7ca93 RDI: 0000000000000007
[   35.225143] RBP: ffff8801d8adef78 R08: ffff8801d354a340 R09: fffff91ffff8ba1b
[   35.232420] R10: fffff91ffff8ba1b R11: ffffe8ffffc5d0df R12: ffff8801d859a340
[   35.239704] R13: 0000000000000001 R14: ffff8801d859a200 R15: 0000000000000001
[   35.246991] FS:  00007f97e891c700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
[   35.255237] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.261122] CR2: 00000000205fafd2 CR3: 00000001b97b7000 CR4: 00000000001406f0
[   35.268405] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.275685] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.282975] Kernel panic - not syncing: Fatal exception in interrupt
[   35.290483] Dumping ftrace buffer:
[   35.294007]    (ftrace buffer empty)
[   35.297697] Kernel Offset: disabled
[   35.301304] Rebooting in 86400 seconds..