[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.034577] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.853602] random: sshd: uninitialized urandom read (32 bytes read) [ 26.326483] random: sshd: uninitialized urandom read (32 bytes read) [ 26.883309] random: sshd: uninitialized urandom read (32 bytes read) [ 146.046520] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts. [ 151.535358] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 [ 151.640513] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 151.838693] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.845297] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.852679] device bridge_slave_0 entered promiscuous mode [ 151.868501] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.874924] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.881894] device bridge_slave_1 entered promiscuous mode [ 151.897447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 151.912845] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 151.953517] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 151.971354] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 152.032727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 152.039936] team0: Port device team_slave_0 added [ 152.054068] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 152.061229] team0: Port device team_slave_1 added [ 152.076942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.093195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.109859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.126624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 152.242686] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.249149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.255941] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.262303] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 152.676148] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 152.682265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.725494] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.770378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.777784] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 152.815315] 8021q: adding VLAN 0 to HW filter on device team0 executing program executing program executing program executing program executing program executing program executing program [ 189.537572] ------------[ cut here ]------------ [ 189.544996] kernel BUG at net/ipv4/ip_output.c:775! [ 189.550063] invalid opcode: 0000 [#1] SMP KASAN [ 189.554739] CPU: 1 PID: 4713 Comm: syz-executor450 Not tainted 4.18.0-rc8+ #182 [ 189.562199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.571540] RIP: 0010:ip_do_fragment+0x2436/0x2aa0 [ 189.576446] Code: 8b 8d 70 fe ff ff e9 99 e8 ff ff 4c 89 ef e8 a1 65 40 fc e9 7b e9 ff ff 4c 89 f7 e8 94 65 40 fc e9 f3 e5 ff ff e8 7a 89 02 fc <0f> 0b 4c 89 e7 e8 80 65 40 fc e9 b7 e8 ff ff 4c 89 f7 89 8d 70 fe [ 189.595577] RSP: 0018:ffff8801cfe3e880 EFLAGS: 00010293 [ 189.600926] RAX: ffff8801af542080 RBX: ffff8801c88eaa00 RCX: ffffffff85797886 [ 189.608185] RDX: 0000000000000000 RSI: ffffffff85798ed6 RDI: 0000000000000005 [ 189.615439] RBP: ffff8801cfe3ea58 R08: ffff8801af542080 R09: ffffed0039110032 [ 189.622685] R10: ffffed0039110034 R11: ffff8801c88801a3 R12: ffff8801c88eaac4 [ 189.629944] R13: 00000000fffffff2 R14: ffff8801c88eaad0 R15: dffffc0000000000 [ 189.637208] FS: 0000000001479880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 189.645422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 189.651291] CR2: ffffffffff600400 CR3: 00000001cf669000 CR4: 00000000001406e0 [ 189.658536] Call Trace: [ 189.661127] ? trace_hardirqs_on+0xd/0x10 [ 189.665273] ? ip_copy_metadata+0xb30/0xb30 [ 189.669582] ? ip_finish_output2+0x1860/0x1860 [ 189.674154] ? graph_lock+0x170/0x170 [ 189.677930] ? graph_lock+0x170/0x170 [ 189.681842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.687356] ? ipv4_mtu+0x37d/0x590 [ 189.690974] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 189.696404] ? find_held_lock+0x36/0x1c0 [ 189.700445] ip_fragment.constprop.49+0x179/0x240 [ 189.705267] ip_finish_output+0x6e4/0xfa0 [ 189.709394] ? ip_fragment.constprop.49+0x240/0x240 [ 189.714391] ? kasan_check_read+0x11/0x20 [ 189.718516] ? rcu_is_watching+0x8c/0x150 [ 189.729974] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 189.734375] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 189.739382] ? nf_hook_slow+0x11e/0x1c0 [ 189.743339] ip_output+0x223/0x880 [ 189.746856] ? __ip_local_out+0x5e3/0xb50 [ 189.750996] ? ip_mc_output+0x15d0/0x15d0 [ 189.755159] ? rcu_is_watching+0x8c/0x150 [ 189.759289] ? ip_fragment.constprop.49+0x240/0x240 [ 189.764283] ? __bpf_redirect+0x563/0xa80 [ 189.768425] ? __ip_select_ident+0x170/0x2a0 [ 189.772839] ? ip_idents_reserve+0x310/0x310 [ 189.777247] ip_local_out+0xc5/0x1b0 [ 189.780957] iptunnel_xmit+0x53b/0x800 [ 189.784835] ip_tunnel_xmit+0x1598/0x3af1 [ 189.788998] ? quarantine_put+0x10d/0x1b0 [ 189.793140] ? ip_md_tunnel_xmit+0x1670/0x1670 [ 189.797703] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 189.803237] ? kasan_check_write+0x14/0x20 [ 189.807454] ? pskb_expand_head+0x6b3/0x10e0 [ 189.811847] ? print_usage_bug+0xc0/0xc0 [ 189.815897] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 189.820377] ? print_usage_bug+0xc0/0xc0 [ 189.824417] ? trace_hardirqs_on+0x10/0x10 [ 189.828652] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.833397] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 189.838932] __gre_xmit+0x5b7/0x950 [ 189.842564] ipgre_xmit+0x3e8/0xb50 [ 189.846188] ? gre_tap_xmit+0x590/0x590 [ 189.850504] ? __lock_is_held+0xb5/0x140 [ 189.854574] dev_hard_start_xmit+0x26c/0xc30 [ 189.858967] ? dev_direct_xmit+0x6b0/0x6b0 [ 189.863206] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 189.868740] ? netif_skb_features+0x690/0xb70 [ 189.873216] ? validate_xmit_xfrm+0x1ef/0xdc0 [ 189.877692] ? lock_acquire+0x1e4/0x540 [ 189.881662] ? validate_xmit_skb+0x80c/0xf30 [ 189.886055] ? netif_skb_features+0xb70/0xb70 [ 189.890535] __dev_queue_xmit+0x29c2/0x38e0 [ 189.894848] ? skb_ensure_writable+0x3dd/0x640 [ 189.899406] ? bpf_clone_redirect+0x14a/0x490 [ 189.903877] ? bpf_prog_bebbfe2050753572+0xef4/0x1000 [ 189.909071] ? netdev_pick_tx+0x2d0/0x2d0 [ 189.913200] ? check_memory_region+0x150/0x1b0 [ 189.917786] ? do_raw_spin_unlock+0xa7/0x2f0 [ 189.922177] ? __lock_is_held+0xb5/0x140 [ 189.926259] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 189.931258] ? skb_release_data+0x1c4/0x880 [ 189.935597] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 189.940873] ? kasan_unpoison_shadow+0x35/0x50 [ 189.945515] ? skb_tx_error+0x2f0/0x2f0 [ 189.949468] ? kasan_kmalloc+0xc4/0xe0 [ 189.953335] ? __kmalloc_node_track_caller+0x47/0x70 [ 189.959706] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 189.965227] ? kasan_check_write+0x14/0x20 [ 189.969454] ? pskb_expand_head+0x6b3/0x10e0 [ 189.973869] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 189.978343] ? memcpy+0x45/0x50 [ 189.981618] ? __copy_skb_header+0x32f/0x550 [ 189.986025] ? sock_spd_release+0x2e0/0x2e0 [ 189.990333] ? __lock_is_held+0xb5/0x140 [ 189.994375] ? kasan_check_write+0x14/0x20 [ 189.998605] ? __skb_clone+0x6c7/0xa00 [ 190.002472] ? __copy_skb_header+0x550/0x550 [ 190.006896] ? do_raw_spin_unlock+0xa7/0x2f0 [ 190.011312] ? skb_ensure_writable+0x15e/0x640 [ 190.015886] dev_queue_xmit+0x17/0x20 [ 190.019662] ? dev_queue_xmit+0x17/0x20 [ 190.023620] __bpf_redirect+0x563/0xa80 [ 190.027590] bpf_clone_redirect+0x2f6/0x490 [ 190.031909] bpf_prog_bebbfe2050753572+0xef4/0x1000 [ 190.036905] ? lock_downgrade+0x8f0/0x8f0 [ 190.041043] ? find_held_lock+0x36/0x1c0 [ 190.045163] ? lock_acquire+0x1e4/0x540 [ 190.049115] ? bpf_test_run+0x1f3/0x3b0 [ 190.053081] ? lock_downgrade+0x8f0/0x8f0 [ 190.057226] ? kasan_check_read+0x11/0x20 [ 190.061366] ? rcu_is_watching+0x8c/0x150 [ 190.065489] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 190.069893] ? bpf_test_run+0xaf/0x3b0 [ 190.073770] ? bpf_prog_test_run_skb+0x62f/0xb40 [ 190.078533] ? bpf_test_finish.isra.8+0x1f0/0x1f0 [ 190.083374] ? bpf_prog_add+0x69/0xd0 [ 190.087156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.092701] ? __bpf_prog_get+0x9b/0x290 [ 190.096745] ? bpf_test_finish.isra.8+0x1f0/0x1f0 [ 190.101570] ? bpf_prog_test_run+0x130/0x1a0 [ 190.105962] ? __x64_sys_bpf+0x3d8/0x510 [ 190.110021] ? bpf_prog_get+0x20/0x20 [ 190.113809] ? do_syscall_64+0x9a/0x820 [ 190.117766] ? do_syscall_64+0x1b9/0x820 [ 190.121809] ? syscall_return_slowpath+0x5e0/0x5e0 [ 190.126734] ? syscall_return_slowpath+0x31d/0x5e0 [ 190.131645] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 190.136989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.141832] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.147174] Modules linked in: [ 190.150345] Dumping ftrace buffer: [ 190.153855] (ftrace buffer empty) [ 190.157595] ---[ end trace b3cbe48b5e178b8d ]--- [ 190.162373] RIP: 0010:ip_do_fragment+0x2436/0x2aa0 [ 190.167323] Code: 8b 8d 70 fe ff ff e9 99 e8 ff ff 4c 89 ef e8 a1 65 40 fc e9 7b e9 ff ff 4c 89 f7 e8 94 65 40 fc e9 f3 e5 ff ff e8 7a 89 02 fc <0f> 0b 4c 89 e7 e8 80 65 40 fc e9 b7 e8 ff ff 4c 89 f7 89 8d 70 fe [ 190.186591] RSP: 0018:ffff8801cfe3e880 EFLAGS: 00010293 [ 190.192049] RAX: ffff8801af542080 RBX: ffff8801c88eaa00 RCX: ffffffff85797886 [ 190.200001] RDX: 0000000000000000 RSI: ffffffff85798ed6 RDI: 0000000000000005 [ 190.207372] RBP: ffff8801cfe3ea58 R08: ffff8801af542080 R09: ffffed0039110032 [ 190.214704] R10: ffffed0039110034 R11: ffff8801c88801a3 R12: ffff8801c88eaac4 [ 190.222008] R13: 00000000fffffff2 R14: ffff8801c88eaad0 R15: dffffc0000000000 [ 190.229348] FS: 0000000001479880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 190.237624] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.243535] CR2: ffffffffff600400 CR3: 00000001cf669000 CR4: 00000000001406e0 [ 190.250857] Kernel panic - not syncing: Fatal exception in interrupt [ 190.258028] Dumping ftrace buffer: [ 190.261586] (ftrace buffer empty) [ 190.265291] Kernel Offset: disabled [ 190.268899] Rebooting in 86400 seconds..