[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.989282] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.025688] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.347821] random: sshd: uninitialized urandom read (32 bytes read) [ 21.105200] random: sshd: uninitialized urandom read (32 bytes read) [ 21.264123] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. [ 26.744043] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 26.834966] IPVS: ftp: loaded support on port[0] = 21 [ 27.020336] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.026774] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.033989] device bridge_slave_0 entered promiscuous mode [ 27.053764] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.060174] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.067321] device bridge_slave_1 entered promiscuous mode [ 27.081926] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 27.098649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 27.136643] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 27.154168] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.212382] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.219571] team0: Port device team_slave_0 added [ 27.233409] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.240928] team0: Port device team_slave_1 added [ 27.255040] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 27.271155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 27.287644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.303664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 27.412565] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.418999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.425909] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.432257] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 27.809536] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 27.815638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.855758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 27.896669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.904438] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 27.941669] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 27.947764] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.966303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 28.162349] ------------[ cut here ]------------ [ 28.167179] jump to non-chain [ 28.170577] WARNING: CPU: 1 PID: 4490 at net/bridge/netfilter/ebtables.c:283 ebt_do_table+0x1c45/0x2140 [ 28.180104] Kernel panic - not syncing: panic_on_warn set ... [ 28.180104] [ 28.187447] CPU: 1 PID: 4490 Comm: syz-executor851 Not tainted 4.17.0+ #85 [ 28.194447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.203777] Call Trace: [ 28.206346] dump_stack+0x1b9/0x294 [ 28.209956] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.215127] ? ebt_do_table+0x1bb0/0x2140 [ 28.219256] panic+0x22f/0x4de [ 28.222426] ? add_taint.cold.5+0x16/0x16 [ 28.226565] ? __warn.cold.8+0x148/0x1b3 [ 28.230612] ? __warn.cold.8+0x117/0x1b3 [ 28.234654] ? ebt_do_table+0x1c45/0x2140 [ 28.238781] __warn.cold.8+0x163/0x1b3 [ 28.242646] ? ebt_do_table+0x1c45/0x2140 [ 28.246783] report_bug+0x252/0x2d0 [ 28.250395] do_error_trap+0x1fc/0x4d0 [ 28.254261] ? math_error+0x3f0/0x3f0 [ 28.258045] ? vprintk_default+0x28/0x30 [ 28.262087] ? vprintk_func+0x81/0xe7 [ 28.265868] ? printk+0x9e/0xba [ 28.269132] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.273957] do_invalid_op+0x1b/0x20 [ 28.277650] invalid_op+0x14/0x20 [ 28.281085] RIP: 0010:ebt_do_table+0x1c45/0x2140 [ 28.285813] Code: 61 6c 9c fa 0f 0b 48 8b bd 48 fe ff ff 31 db e8 71 16 c7 00 e9 29 fe ff ff e8 87 39 d0 fa 48 c7 c7 c0 d5 57 88 e8 3b 6c 9c fa <0f> 0b 48 8b bd 48 fe ff ff 31 db e8 4b 16 c7 00 e9 03 fe ff ff bb [ 28.304988] RSP: 0018:ffff8801d9bbdde8 EFLAGS: 00010282 [ 28.310333] RAX: 0000000000000011 RBX: 0000000000000200 RCX: ffffffff8160d09d [ 28.317582] RDX: 0000000000000000 RSI: ffffffff81611d51 RDI: ffff8801d9bbd948 [ 28.324831] RBP: ffff8801d9bbdfb8 R08: ffff8801ad170080 R09: 0000000000000002 [ 28.332082] R10: ffff8801ad170080 R11: 0000000000000000 R12: ffffc90001e3c000 [ 28.339332] R13: ffffc90001e36130 R14: ffffc90001e36090 R15: dffffc0000000000 [ 28.346596] ? console_unlock+0x8ad/0x1100 [ 28.350815] ? vprintk_func+0x81/0xe7 [ 28.354612] ? ebt_do_table+0x1c45/0x2140 [ 28.358748] ? find_inlist_lock.constprop.14+0x220/0x220 [ 28.364189] ? sock_sendmsg+0xd5/0x120 [ 28.368077] ? __sys_sendto+0x3d7/0x670 [ 28.372043] ? __x64_sys_sendto+0xe1/0x1a0 [ 28.376269] ? do_syscall_64+0x1b1/0x800 [ 28.380312] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.385661] ? graph_lock+0x170/0x170 [ 28.389443] ? graph_lock+0x170/0x170 [ 28.393226] ? __br_forward+0x2b3/0xd90 [ 28.397185] ? ebt_in_hook+0x80/0x80 [ 28.400889] ebt_in_hook+0x65/0x80 [ 28.404409] ebt_out_hook+0x25/0x30 [ 28.408028] nf_hook_slow+0xc2/0x1c0 [ 28.411739] __br_forward+0x520/0xd90 [ 28.415520] ? br_forward_finish+0x5b0/0x5b0 [ 28.419909] ? skb_clone+0x24c/0x4f0 [ 28.423603] ? write_comp_data+0x60/0x70 [ 28.427643] ? skb_split+0x11d0/0x11d0 [ 28.431512] ? br_dev_queue_push_xmit+0x600/0x600 [ 28.436331] ? __lock_is_held+0xb5/0x140 [ 28.440375] deliver_clone+0x61/0xc0 [ 28.444075] br_flood+0x781/0x8d0 [ 28.447511] ? br_forward+0x3a0/0x3a0 [ 28.451297] ? br_ip6_multicast_leave_group+0x330/0x330 [ 28.456642] ? __lock_is_held+0xb5/0x140 [ 28.460690] br_dev_xmit+0x1121/0x1810 [ 28.464559] ? br_poll_controller+0x10/0x10 [ 28.468871] ? lock_release+0xa10/0xa10 [ 28.472827] ? graph_lock+0x170/0x170 [ 28.476617] ? __bfs+0xa8/0x790 [ 28.479881] ? check_noncircular+0x20/0x20 [ 28.484100] ? __lock_is_held+0xb5/0x140 [ 28.488149] dev_hard_start_xmit+0x264/0xc10 [ 28.492548] ? validate_xmit_skb_list+0x120/0x120 [ 28.497378] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.502896] ? netif_skb_features+0x696/0xb40 [ 28.507372] ? validate_xmit_xfrm+0x1ef/0xdc0 [ 28.511848] ? lock_acquire+0x1dc/0x520 [ 28.515807] ? validate_xmit_skb+0x704/0xd90 [ 28.520211] ? netif_skb_features+0xb40/0xb40 [ 28.524698] __dev_queue_xmit+0x2724/0x34c0 [ 28.529005] ? netdev_pick_tx+0x2d0/0x2d0 [ 28.533143] ? debug_check_no_locks_freed+0x310/0x310 [ 28.538312] ? lock_downgrade+0x8e0/0x8e0 [ 28.542438] ? print_usage_bug+0xc0/0xc0 [ 28.546483] ? lock_downgrade+0x8e0/0x8e0 [ 28.550610] ? mark_held_locks+0xc9/0x160 [ 28.554739] ? graph_lock+0x170/0x170 [ 28.558518] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 28.563511] ? __neigh_create+0x1447/0x2050 [ 28.567812] ? trace_hardirqs_on+0xd/0x10 [ 28.571940] ? print_usage_bug+0xc0/0xc0 [ 28.575980] ? print_usage_bug+0xc0/0xc0 [ 28.580067] ? lock_downgrade+0x8e0/0x8e0 [ 28.584195] ? lock_release+0xa10/0xa10 [ 28.588152] ? memcpy+0x45/0x50 [ 28.591412] dev_queue_xmit+0x17/0x20 [ 28.595190] ? dev_queue_xmit+0x17/0x20 [ 28.599143] neigh_resolve_output+0x679/0xad0 [ 28.603616] ? graph_lock+0x170/0x170 [ 28.607497] ? __neigh_event_send+0x1240/0x1240 [ 28.612148] ip_finish_output2+0xa5f/0x1840 [ 28.616450] ? ip_copy_metadata+0xa90/0xa90 [ 28.620749] ? check_same_owner+0x320/0x320 [ 28.625053] ? print_usage_bug+0xc0/0xc0 [ 28.629101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.634621] ? ip_copy_metadata+0x631/0xa90 [ 28.638932] ? dst_output+0x180/0x180 [ 28.642718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.648247] ip_do_fragment+0x218e/0x2ac0 [ 28.652380] ? ip_copy_metadata+0xa90/0xa90 [ 28.656680] ? ip_do_fragment+0x218e/0x2ac0 [ 28.660979] ? ip_copy_metadata+0xa90/0xa90 [ 28.665283] ? ip_finish_output2+0x1840/0x1840 [ 28.669844] ? graph_lock+0x170/0x170 [ 28.673620] ? graph_lock+0x170/0x170 [ 28.677400] ? debug_check_no_locks_freed+0x310/0x310 [ 28.682573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.688090] ? ip_generic_getfrag+0x11c/0x2d0 [ 28.692565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.698092] ? ipv4_mtu+0x375/0x580 [ 28.701705] ? ip_reply_glue_bits+0xc0/0xc0 [ 28.706013] ? __build_flow_key.constprop.55+0x5f0/0x5f0 [ 28.711454] ? find_held_lock+0x36/0x1c0 [ 28.715504] ip_fragment.constprop.49+0x179/0x240 [ 28.720325] ip_finish_output+0x6cb/0xf80 [ 28.724452] ? ip_fragment.constprop.49+0x240/0x240 [ 28.729450] ? kasan_check_read+0x11/0x20 [ 28.733586] ? rcu_is_watching+0x85/0x140 [ 28.737715] ? rcu_report_qs_rnp+0x790/0x790 [ 28.742105] ip_output+0x21b/0x850 [ 28.745623] ? __ip_local_out+0x5cf/0xb20 [ 28.749749] ? ip_mc_output+0x15a0/0x15a0 [ 28.753891] ? ip_append_data.part.48+0x180/0x180 [ 28.758717] ? dst_release+0x5d/0xb0 [ 28.762413] ip_local_out+0xc5/0x1b0 [ 28.766106] ip_send_skb+0x40/0xe0 [ 28.769629] udp_send_skb+0x581/0xcc0 [ 28.773412] udp_push_pending_frames+0x4e/0xe0 [ 28.777975] udp_sendmsg+0x161e/0x35e0 [ 28.781844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.787363] ? ip_reply_glue_bits+0xc0/0xc0 [ 28.791670] ? udp4_lib_lookup2+0x340/0x340 [ 28.795975] ? fib6_rules_seq_read+0x20/0x20 [ 28.800367] ? __lock_acquire+0x7f5/0x5140 [ 28.804579] ? find_held_lock+0x36/0x1c0 [ 28.808624] ? debug_check_no_locks_freed+0x310/0x310 [ 28.813796] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.819315] ? kasan_check_read+0x11/0x20 [ 28.823441] ? do_raw_spin_unlock+0x9e/0x2e0 [ 28.827829] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 28.832400] ? pgd_free+0x410/0x410 [ 28.836043] udpv6_sendmsg+0x2627/0x30f0 [ 28.840096] ? udpv6_queue_rcv_skb+0x1520/0x1520 [ 28.844833] ? debug_check_no_locks_freed+0x310/0x310 [ 28.849999] ? graph_lock+0x170/0x170 [ 28.853792] ? graph_lock+0x170/0x170 [ 28.857573] ? lock_acquire+0x1dc/0x520 [ 28.861529] ? graph_lock+0x170/0x170 [ 28.865307] ? find_held_lock+0x36/0x1c0 [ 28.869351] ? lock_downgrade+0x8e0/0x8e0 [ 28.873480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.878996] ? lock_release+0xa10/0xa10 [ 28.882953] ? check_same_owner+0x320/0x320 [ 28.887255] inet_sendmsg+0x19f/0x690 [ 28.891044] ? udpv6_queue_rcv_skb+0x1520/0x1520 [ 28.895777] ? inet_sendmsg+0x19f/0x690 [ 28.899733] ? __might_sleep+0x95/0x190 [ 28.903694] ? ipip_gro_receive+0x100/0x100 [ 28.908009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.913542] ? security_socket_sendmsg+0x94/0xc0 [ 28.918275] ? ipip_gro_receive+0x100/0x100 [ 28.922579] sock_sendmsg+0xd5/0x120 [ 28.926711] __sys_sendto+0x3d7/0x670 [ 28.930493] ? __ia32_sys_getpeername+0xb0/0xb0 [ 28.935152] ? lock_downgrade+0x8e0/0x8e0 [ 28.939281] ? handle_mm_fault+0x8c0/0xc70 [ 28.943497] ? handle_mm_fault+0x55a/0xc70 [ 28.947719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.953240] ? mm_fault_error+0x380/0x380 [ 28.957378] ? move_addr_to_kernel+0x70/0x70 [ 28.961771] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 28.966596] __x64_sys_sendto+0xe1/0x1a0 [ 28.970638] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.975635] do_syscall_64+0x1b1/0x800 [ 28.979503] ? syscall_return_slowpath+0x5c0/0x5c0 [ 28.984413] ? syscall_return_slowpath+0x30f/0x5c0 [ 28.989323] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 28.994667] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.999507] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.004685] RIP: 0033:0x441ba9 [ 29.007851] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 29.027045] RSP: 002b:00007ffddca95978 EFLAGS: 00000213 ORIG_RAX: 000000000000002c [ 29.034733] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441ba9 [ 29.041982] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 29.049234] RBP: 00000000006cd018 R08: 0000000020000180 R09: 000000000000001c [ 29.056485] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004028a0 [ 29.063732] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 29.071612] Dumping ftrace buffer: [ 29.075226] (ftrace buffer empty) [ 29.078912] Kernel Offset: disabled [ 29.082515] Rebooting in 86400 seconds..