[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   22.034577] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.853602] random: sshd: uninitialized urandom read (32 bytes read)
[   26.326483] random: sshd: uninitialized urandom read (32 bytes read)
[   26.883309] random: sshd: uninitialized urandom read (32 bytes read)
[  146.046520] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts.
[  151.535358] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
[  151.640513] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.router_solicitations = 0
[  151.838693] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.845297] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.852679] device bridge_slave_0 entered promiscuous mode
[  151.868501] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.874924] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.881894] device bridge_slave_1 entered promiscuous mode
[  151.897447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  151.912845] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  151.953517] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  151.971354] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  152.032727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  152.039936] team0: Port device team_slave_0 added
[  152.054068] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  152.061229] team0: Port device team_slave_1 added
[  152.076942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  152.093195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  152.109859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  152.126624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[  152.242686] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.249149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.255941] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.262303] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[  152.676148] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  152.682265] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.725494] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  152.770378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  152.777784] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  152.815315] 8021q: adding VLAN 0 to HW filter on device team0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  189.537572] ------------[ cut here ]------------
[  189.544996] kernel BUG at net/ipv4/ip_output.c:775!
[  189.550063] invalid opcode: 0000 [#1] SMP KASAN
[  189.554739] CPU: 1 PID: 4713 Comm: syz-executor450 Not tainted 4.18.0-rc8+ #182
[  189.562199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  189.571540] RIP: 0010:ip_do_fragment+0x2436/0x2aa0
[  189.576446] Code: 8b 8d 70 fe ff ff e9 99 e8 ff ff 4c 89 ef e8 a1 65 40 fc e9 7b e9 ff ff 4c 89 f7 e8 94 65 40 fc e9 f3 e5 ff ff e8 7a 89 02 fc <0f> 0b 4c 89 e7 e8 80 65 40 fc e9 b7 e8 ff ff 4c 89 f7 89 8d 70 fe 
[  189.595577] RSP: 0018:ffff8801cfe3e880 EFLAGS: 00010293
[  189.600926] RAX: ffff8801af542080 RBX: ffff8801c88eaa00 RCX: ffffffff85797886
[  189.608185] RDX: 0000000000000000 RSI: ffffffff85798ed6 RDI: 0000000000000005
[  189.615439] RBP: ffff8801cfe3ea58 R08: ffff8801af542080 R09: ffffed0039110032
[  189.622685] R10: ffffed0039110034 R11: ffff8801c88801a3 R12: ffff8801c88eaac4
[  189.629944] R13: 00000000fffffff2 R14: ffff8801c88eaad0 R15: dffffc0000000000
[  189.637208] FS:  0000000001479880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[  189.645422] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  189.651291] CR2: ffffffffff600400 CR3: 00000001cf669000 CR4: 00000000001406e0
[  189.658536] Call Trace:
[  189.661127]  ? trace_hardirqs_on+0xd/0x10
[  189.665273]  ? ip_copy_metadata+0xb30/0xb30
[  189.669582]  ? ip_finish_output2+0x1860/0x1860
[  189.674154]  ? graph_lock+0x170/0x170
[  189.677930]  ? graph_lock+0x170/0x170
[  189.681842]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  189.687356]  ? ipv4_mtu+0x37d/0x590
[  189.690974]  ? __build_flow_key.constprop.53+0x5f0/0x5f0
[  189.696404]  ? find_held_lock+0x36/0x1c0
[  189.700445]  ip_fragment.constprop.49+0x179/0x240
[  189.705267]  ip_finish_output+0x6e4/0xfa0
[  189.709394]  ? ip_fragment.constprop.49+0x240/0x240
[  189.714391]  ? kasan_check_read+0x11/0x20
[  189.718516]  ? rcu_is_watching+0x8c/0x150
[  189.729974]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  189.734375]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  189.739382]  ? nf_hook_slow+0x11e/0x1c0
[  189.743339]  ip_output+0x223/0x880
[  189.746856]  ? __ip_local_out+0x5e3/0xb50
[  189.750996]  ? ip_mc_output+0x15d0/0x15d0
[  189.755159]  ? rcu_is_watching+0x8c/0x150
[  189.759289]  ? ip_fragment.constprop.49+0x240/0x240
[  189.764283]  ? __bpf_redirect+0x563/0xa80
[  189.768425]  ? __ip_select_ident+0x170/0x2a0
[  189.772839]  ? ip_idents_reserve+0x310/0x310
[  189.777247]  ip_local_out+0xc5/0x1b0
[  189.780957]  iptunnel_xmit+0x53b/0x800
[  189.784835]  ip_tunnel_xmit+0x1598/0x3af1
[  189.788998]  ? quarantine_put+0x10d/0x1b0
[  189.793140]  ? ip_md_tunnel_xmit+0x1670/0x1670
[  189.797703]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  189.803237]  ? kasan_check_write+0x14/0x20
[  189.807454]  ? pskb_expand_head+0x6b3/0x10e0
[  189.811847]  ? print_usage_bug+0xc0/0xc0
[  189.815897]  ? __pskb_copy_fclone+0xeb0/0xeb0
[  189.820377]  ? print_usage_bug+0xc0/0xc0
[  189.824417]  ? trace_hardirqs_on+0x10/0x10
[  189.828652]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  189.833397]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  189.838932]  __gre_xmit+0x5b7/0x950
[  189.842564]  ipgre_xmit+0x3e8/0xb50
[  189.846188]  ? gre_tap_xmit+0x590/0x590
[  189.850504]  ? __lock_is_held+0xb5/0x140
[  189.854574]  dev_hard_start_xmit+0x26c/0xc30
[  189.858967]  ? dev_direct_xmit+0x6b0/0x6b0
[  189.863206]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  189.868740]  ? netif_skb_features+0x690/0xb70
[  189.873216]  ? validate_xmit_xfrm+0x1ef/0xdc0
[  189.877692]  ? lock_acquire+0x1e4/0x540
[  189.881662]  ? validate_xmit_skb+0x80c/0xf30
[  189.886055]  ? netif_skb_features+0xb70/0xb70
[  189.890535]  __dev_queue_xmit+0x29c2/0x38e0
[  189.894848]  ? skb_ensure_writable+0x3dd/0x640
[  189.899406]  ? bpf_clone_redirect+0x14a/0x490
[  189.903877]  ? bpf_prog_bebbfe2050753572+0xef4/0x1000
[  189.909071]  ? netdev_pick_tx+0x2d0/0x2d0
[  189.913200]  ? check_memory_region+0x150/0x1b0
[  189.917786]  ? do_raw_spin_unlock+0xa7/0x2f0
[  189.922177]  ? __lock_is_held+0xb5/0x140
[  189.926259]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  189.931258]  ? skb_release_data+0x1c4/0x880
[  189.935597]  ? kmem_cache_alloc_node_trace+0x34e/0x770
[  189.940873]  ? kasan_unpoison_shadow+0x35/0x50
[  189.945515]  ? skb_tx_error+0x2f0/0x2f0
[  189.949468]  ? kasan_kmalloc+0xc4/0xe0
[  189.953335]  ? __kmalloc_node_track_caller+0x47/0x70
[  189.959706]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  189.965227]  ? kasan_check_write+0x14/0x20
[  189.969454]  ? pskb_expand_head+0x6b3/0x10e0
[  189.973869]  ? __pskb_copy_fclone+0xeb0/0xeb0
[  189.978343]  ? memcpy+0x45/0x50
[  189.981618]  ? __copy_skb_header+0x32f/0x550
[  189.986025]  ? sock_spd_release+0x2e0/0x2e0
[  189.990333]  ? __lock_is_held+0xb5/0x140
[  189.994375]  ? kasan_check_write+0x14/0x20
[  189.998605]  ? __skb_clone+0x6c7/0xa00
[  190.002472]  ? __copy_skb_header+0x550/0x550
[  190.006896]  ? do_raw_spin_unlock+0xa7/0x2f0
[  190.011312]  ? skb_ensure_writable+0x15e/0x640
[  190.015886]  dev_queue_xmit+0x17/0x20
[  190.019662]  ? dev_queue_xmit+0x17/0x20
[  190.023620]  __bpf_redirect+0x563/0xa80
[  190.027590]  bpf_clone_redirect+0x2f6/0x490
[  190.031909]  bpf_prog_bebbfe2050753572+0xef4/0x1000
[  190.036905]  ? lock_downgrade+0x8f0/0x8f0
[  190.041043]  ? find_held_lock+0x36/0x1c0
[  190.045163]  ? lock_acquire+0x1e4/0x540
[  190.049115]  ? bpf_test_run+0x1f3/0x3b0
[  190.053081]  ? lock_downgrade+0x8f0/0x8f0
[  190.057226]  ? kasan_check_read+0x11/0x20
[  190.061366]  ? rcu_is_watching+0x8c/0x150
[  190.065489]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  190.069893]  ? bpf_test_run+0xaf/0x3b0
[  190.073770]  ? bpf_prog_test_run_skb+0x62f/0xb40
[  190.078533]  ? bpf_test_finish.isra.8+0x1f0/0x1f0
[  190.083374]  ? bpf_prog_add+0x69/0xd0
[  190.087156]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  190.092701]  ? __bpf_prog_get+0x9b/0x290
[  190.096745]  ? bpf_test_finish.isra.8+0x1f0/0x1f0
[  190.101570]  ? bpf_prog_test_run+0x130/0x1a0
[  190.105962]  ? __x64_sys_bpf+0x3d8/0x510
[  190.110021]  ? bpf_prog_get+0x20/0x20
[  190.113809]  ? do_syscall_64+0x9a/0x820
[  190.117766]  ? do_syscall_64+0x1b9/0x820
[  190.121809]  ? syscall_return_slowpath+0x5e0/0x5e0
[  190.126734]  ? syscall_return_slowpath+0x31d/0x5e0
[  190.131645]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  190.136989]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  190.141832]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  190.147174] Modules linked in:
[  190.150345] Dumping ftrace buffer:
[  190.153855]    (ftrace buffer empty)
[  190.157595] ---[ end trace b3cbe48b5e178b8d ]---
[  190.162373] RIP: 0010:ip_do_fragment+0x2436/0x2aa0
[  190.167323] Code: 8b 8d 70 fe ff ff e9 99 e8 ff ff 4c 89 ef e8 a1 65 40 fc e9 7b e9 ff ff 4c 89 f7 e8 94 65 40 fc e9 f3 e5 ff ff e8 7a 89 02 fc <0f> 0b 4c 89 e7 e8 80 65 40 fc e9 b7 e8 ff ff 4c 89 f7 89 8d 70 fe 
[  190.186591] RSP: 0018:ffff8801cfe3e880 EFLAGS: 00010293
[  190.192049] RAX: ffff8801af542080 RBX: ffff8801c88eaa00 RCX: ffffffff85797886
[  190.200001] RDX: 0000000000000000 RSI: ffffffff85798ed6 RDI: 0000000000000005
[  190.207372] RBP: ffff8801cfe3ea58 R08: ffff8801af542080 R09: ffffed0039110032
[  190.214704] R10: ffffed0039110034 R11: ffff8801c88801a3 R12: ffff8801c88eaac4
[  190.222008] R13: 00000000fffffff2 R14: ffff8801c88eaad0 R15: dffffc0000000000
[  190.229348] FS:  0000000001479880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[  190.237624] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  190.243535] CR2: ffffffffff600400 CR3: 00000001cf669000 CR4: 00000000001406e0
[  190.250857] Kernel panic - not syncing: Fatal exception in interrupt
[  190.258028] Dumping ftrace buffer:
[  190.261586]    (ftrace buffer empty)
[  190.265291] Kernel Offset: disabled
[  190.268899] Rebooting in 86400 seconds..