[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.811228] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.079135] random: sshd: uninitialized urandom read (32 bytes read)
[   22.505907] random: sshd: uninitialized urandom read (32 bytes read)
[   23.292332] random: sshd: uninitialized urandom read (32 bytes read)
[   34.703128] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
[   40.155066] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   40.245865] IPVS: ftp: loaded support on port[0] = 21
[   40.421540] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.428052] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.435195] device bridge_slave_0 entered promiscuous mode
[   40.450560] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.456962] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.464160] device bridge_slave_1 entered promiscuous mode
[   40.478829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   40.493482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   40.530977] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   40.547344] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   40.603129] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   40.610394] team0: Port device team_slave_0 added
[   40.624088] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   40.631177] team0: Port device team_slave_1 added
[   40.644966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.661398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.677337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.693241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   40.799212] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.805668] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.812455] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.818801] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   41.194500] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   41.200650] 8021q: adding VLAN 0 to HW filter on device bond0
[   41.238460] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.277199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.284790] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   41.317520] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   41.323614] 8021q: adding VLAN 0 to HW filter on device team0
[   41.376267] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   41.536125] ------------[ cut here ]------------
[   41.541025] jump to non-chain
[   41.544343] WARNING: CPU: 1 PID: 4507 at net/bridge/netfilter/ebtables.c:288 ebt_do_table+0x1c45/0x2140
[   41.553855] Kernel panic - not syncing: panic_on_warn set ...
[   41.553855] 
[   41.561201] CPU: 1 PID: 4507 Comm: syz-executor750 Not tainted 4.17.0-rc7+ #79
[   41.568540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.577873] Call Trace:
[   41.580443]  dump_stack+0x1b9/0x294
[   41.584050]  ? dump_stack_print_info.cold.2+0x52/0x52
[   41.589224]  ? ebt_do_table+0x1c40/0x2140
[   41.593353]  panic+0x22f/0x4de
[   41.596537]  ? add_taint.cold.5+0x16/0x16
[   41.600669]  ? __warn.cold.8+0x148/0x1b3
[   41.604711]  ? __warn.cold.8+0x117/0x1b3
[   41.608767]  ? ebt_do_table+0x1c45/0x2140
[   41.612895]  __warn.cold.8+0x163/0x1b3
[   41.616775]  ? ebt_do_table+0x1c45/0x2140
[   41.620907]  report_bug+0x252/0x2d0
[   41.624517]  do_error_trap+0x1de/0x490
[   41.628387]  ? math_error+0x420/0x420
[   41.632182]  ? vprintk_default+0x28/0x30
[   41.636227]  ? vprintk_func+0x81/0xe7
[   41.640007]  ? printk+0x9e/0xba
[   41.643286]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.648197]  do_invalid_op+0x1b/0x20
[   41.651893]  invalid_op+0x14/0x20
[   41.655346] RIP: 0010:ebt_do_table+0x1c45/0x2140
[   41.660078] RSP: 0018:ffff8801b350dc68 EFLAGS: 00010286
[   41.665420] RAX: 0000000000000011 RBX: 0000000000000200 RCX: ffffffff8160b8ad
[   41.672667] RDX: 0000000000000000 RSI: ffffffff81610561 RDI: ffff8801b350d7c8
[   41.679919] RBP: ffff8801b350de38 R08: ffff8801ad754180 R09: 0000000000000002
[   41.687167] R10: ffff8801ad754180 R11: 0000000000000000 R12: ffffc90001e24000
[   41.694417] R13: ffffc90001e1e130 R14: ffffc90001e1e090 R15: dffffc0000000000
[   41.701674]  ? console_unlock+0x8ad/0x1100
[   41.705894]  ? vprintk_func+0x81/0xe7
[   41.709676]  ? ebt_do_table+0x1c45/0x2140
[   41.713812]  ? find_inlist_lock.constprop.16+0x220/0x220
[   41.719243]  ? sock_sendmsg+0xd5/0x120
[   41.723118]  ? __sys_sendto+0x3d7/0x670
[   41.727071]  ? __x64_sys_sendto+0xe1/0x1a0
[   41.731283]  ? do_syscall_64+0x1b1/0x800
[   41.735337]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.740681]  ? graph_lock+0x170/0x170
[   41.744460]  ? graph_lock+0x170/0x170
[   41.748417]  ? __br_forward+0x2b3/0xd90
[   41.752376]  ? ebt_in_hook+0x80/0x80
[   41.756070]  ebt_in_hook+0x65/0x80
[   41.759591]  ebt_out_hook+0x25/0x30
[   41.763199]  nf_hook_slow+0xc2/0x1c0
[   41.766906]  __br_forward+0x520/0xd90
[   41.770689]  ? br_forward_finish+0x5b0/0x5b0
[   41.775080]  ? skb_clone+0x24c/0x4f0
[   41.778785]  ? __sanitizer_cov_trace_pc+0x20/0x50
[   41.783625]  ? skb_split+0x11d0/0x11d0
[   41.787508]  ? br_dev_queue_push_xmit+0x600/0x600
[   41.792329]  ? __lock_is_held+0xb5/0x140
[   41.796374]  deliver_clone+0x61/0xc0
[   41.800068]  br_flood+0x6f3/0x980
[   41.803508]  ? br_forward+0x450/0x450
[   41.807290]  ? br_ip6_multicast_leave_group+0x330/0x330
[   41.812634]  ? __lock_is_held+0xb5/0x140
[   41.816699]  br_dev_xmit+0x1121/0x1810
[   41.820580]  ? br_poll_controller+0x10/0x10
[   41.824881]  ? perf_trace_xdp_cpumap_kthread+0x5a0/0x750
[   41.830310]  ? lock_downgrade+0x8e0/0x8e0
[   41.834442]  ? graph_lock+0x170/0x170
[   41.838222]  ? __bfs+0xa8/0x790
[   41.841480]  ? __bfs+0xa8/0x790
[   41.844742]  ? __lock_is_held+0xb5/0x140
[   41.848790]  dev_hard_start_xmit+0x264/0xc10
[   41.853196]  ? dev_direct_xmit+0x6a0/0x6a0
[   41.857415]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   41.862932]  ? netif_skb_features+0x696/0xb40
[   41.867408]  ? validate_xmit_xfrm+0x1ef/0xdc0
[   41.871883]  ? lock_acquire+0x1dc/0x520
[   41.875838]  ? validate_xmit_skb+0x704/0xd90
[   41.880225]  ? netif_skb_features+0xb40/0xb40
[   41.884706]  __dev_queue_xmit+0x29da/0x3900
[   41.889017]  ? netdev_pick_tx+0x2d0/0x2d0
[   41.893153]  ? debug_check_no_locks_freed+0x310/0x310
[   41.898323]  ? lock_downgrade+0x8e0/0x8e0
[   41.902450]  ? print_usage_bug+0xc0/0xc0
[   41.906495]  ? lock_downgrade+0x8e0/0x8e0
[   41.910632]  ? mark_held_locks+0xc9/0x160
[   41.914760]  ? graph_lock+0x170/0x170
[   41.918538]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   41.923535]  ? __neigh_create+0x1447/0x2050
[   41.927846]  ? trace_hardirqs_on+0xd/0x10
[   41.931976]  ? print_usage_bug+0xc0/0xc0
[   41.936019]  ? print_usage_bug+0xc0/0xc0
[   41.940061]  ? lock_downgrade+0x8e0/0x8e0
[   41.944188]  ? lock_release+0xa10/0xa10
[   41.948143]  ? memcpy+0x45/0x50
[   41.951403]  dev_queue_xmit+0x17/0x20
[   41.955192]  ? dev_queue_xmit+0x17/0x20
[   41.959146]  neigh_resolve_output+0x679/0xad0
[   41.963626]  ? __neigh_event_send+0x1240/0x1240
[   41.968278]  ip_finish_output2+0xa5f/0x1840
[   41.972579]  ? ip_copy_metadata+0xa90/0xa90
[   41.976879]  ? netlink_tap_init_net+0x3c0/0x3c0
[   41.981530]  ? graph_lock+0x170/0x170
[   41.985318]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.990837]  ? ip_copy_metadata+0x631/0xa90
[   41.995149]  ? dst_output+0x180/0x180
[   41.998945]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.004470]  ip_do_fragment+0x218e/0x2ac0
[   42.008598]  ? ip_copy_metadata+0xa90/0xa90
[   42.012894]  ? ip_do_fragment+0x218e/0x2ac0
[   42.017193]  ? ip_copy_metadata+0xa90/0xa90
[   42.021494]  ? ip_finish_output2+0x1840/0x1840
[   42.026054]  ? graph_lock+0x170/0x170
[   42.029838]  ? nf_ct_deliver_cached_events+0x569/0x7b0
[   42.035095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.040611]  ? ipv4_mtu+0x375/0x580
[   42.044219]  ? __build_flow_key.constprop.54+0x5f0/0x5f0
[   42.049648]  ? find_held_lock+0x36/0x1c0
[   42.053691]  ip_fragment.constprop.49+0x179/0x240
[   42.058513]  ip_finish_output+0x6cb/0xf80
[   42.062651]  ? ip_fragment.constprop.49+0x240/0x240
[   42.067649]  ? kasan_check_read+0x11/0x20
[   42.071774]  ? rcu_is_watching+0x85/0x140
[   42.075904]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   42.081073]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   42.086069]  ? nf_hook_slow+0x11e/0x1c0
[   42.090023]  ip_output+0x21b/0x850
[   42.093543]  ? __ip_local_out+0x5cf/0xb20
[   42.097669]  ? ip_mc_output+0x15a0/0x15a0
[   42.101818]  ? ip_fragment.constprop.49+0x240/0x240
[   42.106827]  ? dst_release+0x5d/0xb0
[   42.110529]  ip_local_out+0xc5/0x1b0
[   42.114222]  ip_send_skb+0x40/0xe0
[   42.117742]  udp_send_skb.isra.38+0x6b7/0x11d0
[   42.122307]  udp_push_pending_frames+0x5c/0xf0
[   42.126870]  udp_sendmsg+0x17d1/0x3970
[   42.130738]  ? ip_reply_glue_bits+0xc0/0xc0
[   42.135053]  ? udp_push_pending_frames+0xf0/0xf0
[   42.139794]  ? find_held_lock+0x36/0x1c0
[   42.143847]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.149366]  ? print_usage_bug+0xc0/0xc0
[   42.153405]  ? __lock_acquire+0x7f5/0x5140
[   42.157620]  ? graph_lock+0x170/0x170
[   42.161400]  ? print_usage_bug+0xc0/0xc0
[   42.165439]  ? lock_downgrade+0x8e0/0x8e0
[   42.169564]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   42.174736]  ? __lock_acquire+0x7f5/0x5140
[   42.178957]  ? find_held_lock+0x36/0x1c0
[   42.183009]  udpv6_sendmsg+0x28c8/0x35f0
[   42.187047]  ? debug_check_no_locks_freed+0x310/0x310
[   42.192218]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   42.197751]  ? udpv6_queue_rcv_skb+0x1530/0x1530
[   42.202487]  ? _raw_spin_unlock+0x22/0x30
[   42.206615]  ? do_wp_page+0x42d/0x1990
[   42.210496]  ? finish_mkwrite_fault+0x610/0x610
[   42.215144]  ? debug_check_no_locks_freed+0x310/0x310
[   42.220312]  ? graph_lock+0x170/0x170
[   42.224092]  ? graph_lock+0x170/0x170
[   42.227872]  ? lock_acquire+0x1dc/0x520
[   42.231830]  ? graph_lock+0x170/0x170
[   42.235610]  ? find_held_lock+0x36/0x1c0
[   42.239653]  ? lock_downgrade+0x8e0/0x8e0
[   42.243783]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.249309]  ? lock_release+0xa10/0xa10
[   42.253263]  ? check_same_owner+0x320/0x320
[   42.257568]  inet_sendmsg+0x19f/0x690
[   42.261347]  ? udpv6_queue_rcv_skb+0x1530/0x1530
[   42.266079]  ? inet_sendmsg+0x19f/0x690
[   42.270032]  ? __might_sleep+0x95/0x190
[   42.273987]  ? ipip_gro_receive+0x100/0x100
[   42.278290]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   42.283806]  ? security_socket_sendmsg+0x94/0xc0
[   42.288540]  ? ipip_gro_receive+0x100/0x100
[   42.292842]  sock_sendmsg+0xd5/0x120
[   42.296536]  __sys_sendto+0x3d7/0x670
[   42.300319]  ? __ia32_sys_getpeername+0xb0/0xb0
[   42.304970]  ? lock_downgrade+0x8e0/0x8e0
[   42.309097]  ? handle_mm_fault+0x8c0/0xc70
[   42.313314]  ? handle_mm_fault+0x55a/0xc70
[   42.317535]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.323057]  ? mm_fault_error+0x380/0x380
[   42.327184]  ? move_addr_to_kernel+0x70/0x70
[   42.331575]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   42.336408]  __x64_sys_sendto+0xe1/0x1a0
[   42.340447]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   42.345457]  do_syscall_64+0x1b1/0x800
[   42.349325]  ? syscall_return_slowpath+0x5c0/0x5c0
[   42.354235]  ? syscall_return_slowpath+0x30f/0x5c0
[   42.359147]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   42.364508]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.369332]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   42.374497] RIP: 0033:0x441ba9
[   42.377668] RSP: 002b:00007fff4c9b3f28 EFLAGS: 00000213 ORIG_RAX: 000000000000002c
[   42.385353] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441ba9
[   42.392601] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
[   42.399859] RBP: 00000000006cd018 R08: 0000000020000180 R09: 000000000000001c
[   42.407105] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004028a0
[   42.414353] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000
[   42.422104] Dumping ftrace buffer:
[   42.425724]    (ftrace buffer empty)
[   42.429414] Kernel Offset: disabled
[   42.433033] Rebooting in 86400 seconds..