[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.250912] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.127691] random: sshd: uninitialized urandom read (32 bytes read) [ 22.398792] random: sshd: uninitialized urandom read (32 bytes read) [ 23.217658] random: sshd: uninitialized urandom read (32 bytes read) [ 37.770464] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts. [ 43.294183] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 43.385612] IPVS: ftp: loaded support on port[0] = 21 [ 43.565356] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.571853] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.579193] device bridge_slave_0 entered promiscuous mode [ 43.595047] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.601415] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.608377] device bridge_slave_1 entered promiscuous mode [ 43.623593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.638562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.677468] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.694594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.751908] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.759147] team0: Port device team_slave_0 added [ 43.772654] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.779699] team0: Port device team_slave_1 added [ 43.793811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.810141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.825461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.841775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 43.950298] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.956733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.963556] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.969929] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 44.347955] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 44.354077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.393419] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.433736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.441169] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 44.474808] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.481071] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.520506] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 44.698785] BUG: unable to handle kernel paging request at ffffc9005c3ca003 [ 44.705907] PGD 1da946067 P4D 1da946067 PUD 0 [ 44.710485] Oops: 0000 [#1] SMP KASAN [ 44.714263] CPU: 0 PID: 4498 Comm: syz-executor667 Not tainted 4.17.0+ #92 [ 44.721252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.730593] RIP: 0010:ebt_do_table+0x1983/0x2140 [ 44.735320] Code: 24 08 48 89 d8 48 89 9d d0 fe ff ff 48 c1 e8 03 42 0f b6 04 38 84 c0 74 08 3c 03 0f 8e 3b 06 00 00 48 8b 85 d0 fe ff ff 31 ff <8b> 18 89 de e8 04 e8 c0 fa 85 db 0f 85 a0 02 00 00 e8 e7 e6 c0 fa [ 44.754433] RSP: 0018:ffff8801b2e15c68 EFLAGS: 00010246 [ 44.759776] RAX: ffffc9005c3ca003 RBX: ffffc9005c3ca003 RCX: ffffc90001e1e000 [ 44.767021] RDX: 0000000000000000 RSI: ffffffff86b9558c RDI: 0000000000000000 [ 44.774267] RBP: ffff8801b2e15e38 R08: ffff8801b2588380 R09: ffffed003b5c46d6 [ 44.781520] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: ffffc90001e1e000 [ 44.788773] R13: ffffc90001e1a130 R14: ffffc90001e1a090 R15: dffffc0000000000 [ 44.796024] FS: 00000000006ed880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 44.804227] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.810083] CR2: ffffc9005c3ca003 CR3: 00000001b3ba1000 CR4: 00000000001406f0 [ 44.817334] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.824581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.831826] Call Trace: [ 44.834398] ? find_inlist_lock.constprop.16+0x220/0x220 [ 44.839824] ? sock_sendmsg+0xd5/0x120 [ 44.843689] ? __sys_sendto+0x3d7/0x670 [ 44.847642] ? __x64_sys_sendto+0xe1/0x1a0 [ 44.851856] ? do_syscall_64+0x1b1/0x800 [ 44.855896] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.861241] ? graph_lock+0x170/0x170 [ 44.865019] ? graph_lock+0x170/0x170 [ 44.868808] ? __br_forward+0x2b3/0xd90 [ 44.872796] ? ebt_in_hook+0x80/0x80 [ 44.876487] ebt_in_hook+0x65/0x80 [ 44.880003] ebt_out_hook+0x25/0x30 [ 44.883618] nf_hook_slow+0xc2/0x1c0 [ 44.887310] __br_forward+0x520/0xd90 [ 44.891097] ? br_forward_finish+0x5b0/0x5b0 [ 44.895489] ? skb_clone+0x24c/0x4f0 [ 44.899180] ? __sanitizer_cov_trace_cmp4+0x10/0x20 [ 44.904184] ? skb_split+0x11d0/0x11d0 [ 44.908054] ? br_dev_queue_push_xmit+0x600/0x600 [ 44.912873] ? __lock_is_held+0xb5/0x140 [ 44.916912] deliver_clone+0x61/0xc0 [ 44.920615] br_flood+0x6f3/0x980 [ 44.924059] ? br_forward+0x450/0x450 [ 44.927858] ? br_ip6_multicast_leave_group+0x330/0x330 [ 44.933198] ? __lock_is_held+0xb5/0x140 [ 44.937237] br_dev_xmit+0x1121/0x1810 [ 44.941108] ? br_poll_controller+0x10/0x10 [ 44.945408] ? perf_trace_xdp_redirect_template+0x790/0x910 [ 44.951097] ? lock_downgrade+0x8e0/0x8e0 [ 44.955230] ? graph_lock+0x170/0x170 [ 44.959007] ? __bfs+0xa8/0x790 [ 44.962263] ? __bfs+0xa8/0x790 [ 44.965522] ? __lock_is_held+0xb5/0x140 [ 44.969562] dev_hard_start_xmit+0x264/0xc10 [ 44.973952] ? dev_direct_xmit+0x6a0/0x6a0 [ 44.978165] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 44.983681] ? netif_skb_features+0x696/0xb40 [ 44.988167] ? validate_xmit_xfrm+0x1ef/0xdc0 [ 44.992640] ? lock_acquire+0x1dc/0x520 [ 44.996595] ? validate_xmit_skb+0x804/0xf20 [ 45.001001] ? netif_skb_features+0xb40/0xb40 [ 45.005484] __dev_queue_xmit+0x29da/0x3900 [ 45.009787] ? netdev_pick_tx+0x2d0/0x2d0 [ 45.013924] ? debug_check_no_locks_freed+0x310/0x310 [ 45.019091] ? lock_downgrade+0x8e0/0x8e0 [ 45.023219] ? print_usage_bug+0xc0/0xc0 [ 45.027260] ? lock_downgrade+0x8e0/0x8e0 [ 45.031386] ? mark_held_locks+0xc9/0x160 [ 45.035513] ? graph_lock+0x170/0x170 [ 45.039289] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 45.044282] ? __neigh_create+0x1447/0x2050 [ 45.048582] ? trace_hardirqs_on+0xd/0x10 [ 45.052721] ? print_usage_bug+0xc0/0xc0 [ 45.056771] ? print_usage_bug+0xc0/0xc0 [ 45.060821] ? lock_downgrade+0x8e0/0x8e0 [ 45.064946] ? lock_release+0xa10/0xa10 [ 45.068898] ? memcpy+0x45/0x50 [ 45.072156] dev_queue_xmit+0x17/0x20 [ 45.075935] ? dev_queue_xmit+0x17/0x20 [ 45.079886] neigh_resolve_output+0x679/0xad0 [ 45.084377] ? __neigh_event_send+0x1240/0x1240 [ 45.089030] ip_finish_output2+0xa5f/0x1840 [ 45.093331] ? ip_copy_metadata+0xa90/0xa90 [ 45.097631] ? netlink_tap_init_net+0x3c0/0x3c0 [ 45.102278] ? graph_lock+0x170/0x170 [ 45.106059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.111575] ? ip_copy_metadata+0x631/0xa90 [ 45.115874] ? dst_output+0x180/0x180 [ 45.119653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.125167] ip_do_fragment+0x218e/0x2ac0 [ 45.129290] ? ip_copy_metadata+0xa90/0xa90 [ 45.133590] ? ip_do_fragment+0x218e/0x2ac0 [ 45.137888] ? ip_copy_metadata+0xa90/0xa90 [ 45.142188] ? ip_finish_output2+0x1840/0x1840 [ 45.146748] ? graph_lock+0x170/0x170 [ 45.150530] ? nf_ct_deliver_cached_events+0x569/0x7b0 [ 45.155786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.161300] ? ipv4_mtu+0x375/0x580 [ 45.164907] ? __build_flow_key.constprop.54+0x5f0/0x5f0 [ 45.170333] ? find_held_lock+0x36/0x1c0 [ 45.174372] ip_fragment.constprop.49+0x179/0x240 [ 45.179190] ip_finish_output+0x6cb/0xf80 [ 45.183318] ? ip_fragment.constprop.49+0x240/0x240 [ 45.188310] ? kasan_check_read+0x11/0x20 [ 45.192437] ? rcu_is_watching+0x85/0x140 [ 45.196561] ? rcu_report_qs_rnp+0x790/0x790 [ 45.200946] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 45.205939] ? nf_hook_slow+0x11e/0x1c0 [ 45.209902] ip_output+0x21b/0x850 [ 45.213418] ? __ip_local_out+0x5cf/0xb20 [ 45.217545] ? ip_mc_output+0x15a0/0x15a0 [ 45.221675] ? ip_fragment.constprop.49+0x240/0x240 [ 45.226667] ? dst_release+0x5d/0xb0 [ 45.230359] ip_local_out+0xc5/0x1b0 [ 45.234052] ip_send_skb+0x40/0xe0 [ 45.237573] udp_send_skb.isra.39+0x6b7/0x11d0 [ 45.242135] udp_push_pending_frames+0x5c/0xf0 [ 45.246697] udp_sendmsg+0x17d1/0x3970 [ 45.250565] ? ip_reply_glue_bits+0xc0/0xc0 [ 45.254868] ? udp_push_pending_frames+0xf0/0xf0 [ 45.259603] ? find_held_lock+0x36/0x1c0 [ 45.263643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.269158] ? print_usage_bug+0xc0/0xc0 [ 45.273196] ? __lock_acquire+0x7f5/0x5140 [ 45.277408] ? graph_lock+0x170/0x170 [ 45.281185] ? print_usage_bug+0xc0/0xc0 [ 45.285225] ? lock_downgrade+0x8e0/0x8e0 [ 45.289349] ? rcu_report_qs_rnp+0x790/0x790 [ 45.293737] ? __lock_acquire+0x7f5/0x5140 [ 45.297949] ? find_held_lock+0x36/0x1c0 [ 45.301994] udpv6_sendmsg+0x28c8/0x35f0 [ 45.306034] ? debug_check_no_locks_freed+0x310/0x310 [ 45.311200] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 45.316719] ? udpv6_queue_rcv_skb+0x1530/0x1530 [ 45.321454] ? _raw_spin_unlock+0x22/0x30 [ 45.325580] ? do_wp_page+0x42d/0x1990 [ 45.329446] ? finish_mkwrite_fault+0x610/0x610 [ 45.334093] ? debug_check_no_locks_freed+0x310/0x310 [ 45.339259] ? graph_lock+0x170/0x170 [ 45.343036] ? graph_lock+0x170/0x170 [ 45.346813] ? lock_acquire+0x1dc/0x520 [ 45.350781] ? graph_lock+0x170/0x170 [ 45.354562] ? find_held_lock+0x36/0x1c0 [ 45.358604] ? lock_downgrade+0x8e0/0x8e0 [ 45.362731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.368245] ? lock_release+0xa10/0xa10 [ 45.372196] ? check_same_owner+0x320/0x320 [ 45.376496] inet_sendmsg+0x19f/0x690 [ 45.380272] ? udpv6_queue_rcv_skb+0x1530/0x1530 [ 45.385005] ? inet_sendmsg+0x19f/0x690 [ 45.388953] ? __might_sleep+0x95/0x190 [ 45.392908] ? ipip_gro_receive+0x100/0x100 [ 45.397208] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.402723] ? security_socket_sendmsg+0x94/0xc0 [ 45.407456] ? ipip_gro_receive+0x100/0x100 [ 45.411759] sock_sendmsg+0xd5/0x120 [ 45.415462] __sys_sendto+0x3d7/0x670 [ 45.419241] ? __ia32_sys_getpeername+0xb0/0xb0 [ 45.423890] ? lock_downgrade+0x8e0/0x8e0 [ 45.428016] ? handle_mm_fault+0x8c0/0xc70 [ 45.432226] ? handle_mm_fault+0x55a/0xc70 [ 45.436452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.441970] ? mm_fault_error+0x380/0x380 [ 45.446093] ? move_addr_to_kernel+0x70/0x70 [ 45.450478] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 45.455296] __x64_sys_sendto+0xe1/0x1a0 [ 45.459336] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 45.464328] do_syscall_64+0x1b1/0x800 [ 45.468195] ? syscall_return_slowpath+0x5c0/0x5c0 [ 45.473100] ? syscall_return_slowpath+0x30f/0x5c0 [ 45.478010] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 45.483790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.488617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.493785] RIP: 0033:0x441af9 [ 45.496951] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.516075] RSP: 002b:00007ffeebd76c18 EFLAGS: 00000213 ORIG_RAX: 000000000000002c [ 45.523772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441af9 [ 45.531032] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 45.538280] RBP: 00000000006cd018 R08: 0000000020000180 R09: 000000000000001c [ 45.545527] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004027f0 [ 45.552786] R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000 [ 45.560036] Modules linked in: [ 45.563210] Dumping ftrace buffer: [ 45.566723] (ftrace buffer empty) [ 45.570411] CR2: ffffc9005c3ca003 [ 45.573853] ---[ end trace b04e96b1e335c4f5 ]--- [ 45.578591] RIP: 0010:ebt_do_table+0x1983/0x2140 [ 45.583317] Code: 24 08 48 89 d8 48 89 9d d0 fe ff ff 48 c1 e8 03 42 0f b6 04 38 84 c0 74 08 3c 03 0f 8e 3b 06 00 00 48 8b 85 d0 fe ff ff 31 ff <8b> 18 89 de e8 04 e8 c0 fa 85 db 0f 85 a0 02 00 00 e8 e7 e6 c0 fa [ 45.602424] RSP: 0018:ffff8801b2e15c68 EFLAGS: 00010246 [ 45.607762] RAX: ffffc9005c3ca003 RBX: ffffc9005c3ca003 RCX: ffffc90001e1e000 [ 45.615012] RDX: 0000000000000000 RSI: ffffffff86b9558c RDI: 0000000000000000 [ 45.622264] RBP: ffff8801b2e15e38 R08: ffff8801b2588380 R09: ffffed003b5c46d6 [ 45.629510] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: ffffc90001e1e000 [ 45.636757] R13: ffffc90001e1a130 R14: ffffc90001e1a090 R15: dffffc0000000000 [ 45.644009] FS: 00000000006ed880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 45.652217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.658082] CR2: ffffc9005c3ca003 CR3: 00000001b3ba1000 CR4: 00000000001406f0 [ 45.665800] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.673051] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.680297] Kernel panic - not syncing: Fatal exception in interrupt [ 45.687220] Dumping ftrace buffer: [ 45.690736] (ftrace buffer empty) [ 45.694421] Kernel Offset: disabled [ 45.698026] Rebooting in 86400 seconds..