[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.201080] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.374283] random: sshd: uninitialized urandom read (32 bytes read)
[   19.641461] random: sshd: uninitialized urandom read (32 bytes read)
[   20.363184] random: sshd: uninitialized urandom read (32 bytes read)
[   20.912056] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts.
[   26.337925] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   26.426137] IPVS: ftp: loaded support on port[0] = 21
[   26.561578] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.567954] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.574748] device bridge_slave_0 entered promiscuous mode
[   26.587256] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.593613] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.600536] device bridge_slave_1 entered promiscuous mode
[   26.612491] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   26.626090] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   26.656977] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   26.671574] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   26.716515] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   26.724025] team0: Port device team_slave_0 added
[   26.736263] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   26.743372] team0: Port device team_slave_1 added
[   26.755432] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
RTNETLINK answers: Operation not supported
[   26.764476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   26.778282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   26.788660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   26.872412] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.878778] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.885348] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.891690] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   27.184240] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   27.190349] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.223416] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   27.256494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.263652] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   27.290934] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   27.297020] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   27.484975] ------------[ cut here ]------------
[   27.489754] kernel BUG at net/ipv6/route.c:1268!
[   27.494525] invalid opcode: 0000 [#1] SMP KASAN
[   27.499176] CPU: 1 PID: 4526 Comm: syz-executor280 Not tainted 4.18.0-rc6-next-20180725+ #18
[   27.507731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.517089] RIP: 0010:ip6_pol_route+0x7b9/0xd30
[   27.521736] Code: 31 e4 e8 3a 13 fd fb 4c 89 e0 f0 4c 0f b1 33 31 ff 49 89 c4 48 89 c6 e8 d5 91 be fb 4d 85 e4 0f 84 db fb ff ff e8 97 90 be fb <0f> 0b e8 90 90 be fb e8 3b c5 a8 fb 31 ff 89 c6 88 85 24 ff ff ff
[   27.540620] RSP: 0018:ffff8801d8646df0 EFLAGS: 00010293
[   27.545966] RAX: ffff8801d702a300 RBX: ffffe8ffffd5d8a8 RCX: ffffffff85be175b
[   27.553234] RDX: 0000000000000000 RSI: ffffffff85be1769 RDI: 0000000000000007
[   27.560494] RBP: ffff8801d8646ee0 R08: ffff8801d702a300 R09: fffff91ffffabb15
[   27.567756] R10: fffff91ffffabb15 R11: ffffe8ffffd5d8af R12: ffff8801d83e4ac0
[   27.575004] R13: ffff8801c29ebac0 R14: ffff8801d83e4840 R15: 0000000000000003
[   27.582263] FS:  00007fa4524f5700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   27.590463] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.596333] CR2: 00000000205fafd2 CR3: 00000001b4193000 CR4: 00000000001406e0
[   27.603584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.610829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.618076] Call Trace:
[   27.621690]  ? ip6_pol_route_lookup+0x1130/0x1130
[   27.626519]  ? ip6_finish_output2+0xcb5/0x2820
[   27.631083]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   27.636079]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[   27.640815]  ip6_pol_route_output+0x54/0x70
[   27.645117]  fib6_rule_lookup+0x283/0x890
[   27.649258]  ? ip6_pol_route_input+0x80/0x80
[   27.653643]  ? fib6_lookup+0x480/0x480
[   27.657517]  ? __dev_get_by_index+0x1c0/0x1c0
[   27.662001]  ? trace_hardirqs_on+0x10/0x10
[   27.666217]  ? kasan_check_read+0x11/0x20
[   27.670344]  ? do_raw_spin_unlock+0xa7/0x2f0
[   27.674746]  ip6_route_output_flags+0x2c5/0x350
[   27.679406]  ip6_dst_lookup_tail+0x1278/0x1da0
[   27.683977]  ? lock_acquire+0x1e4/0x540
[   27.687946]  ? debug_object_activate+0x41a/0x690
[   27.692685]  ? dst_output+0x180/0x180
[   27.696473]  ? kasan_check_read+0x11/0x20
[   27.700599]  ? do_raw_spin_unlock+0xa7/0x2f0
[   27.704997]  ? lock_acquire+0x1e4/0x540
[   27.708949]  ? debug_object_active_state+0x2f5/0x4d0
[   27.714031]  ? lock_downgrade+0x8f0/0x8f0
[   27.718169]  ? kasan_check_read+0x11/0x20
[   27.722297]  ? lock_acquire+0x1e4/0x540
[   27.726253]  ? inet6_csk_route_socket+0x69d/0x1030
[   27.731161]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.736677]  ? __sk_dst_check+0x1ef/0x410
[   27.740806]  ip6_dst_lookup_flow+0xc8/0x270
[   27.745112]  ? ip6_dst_lookup+0x60/0x60
[   27.749063]  ? rcu_is_watching+0x8c/0x150
[   27.753199]  inet6_csk_route_socket+0x8cb/0x1030
[   27.757947]  ? inet6_csk_route_req+0x820/0x820
[   27.762506]  ? note_gp_changes+0x420/0x420
[   27.766720]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   27.772243]  ? kasan_check_write+0x14/0x20
[   27.776476]  ? pskb_expand_head+0x6b3/0x10e0
[   27.780877]  ? kasan_unpoison_shadow+0x35/0x50
[   27.785440]  ? kasan_kmalloc+0xc4/0xe0
[   27.789315]  ? __pskb_copy_fclone+0xeb0/0xeb0
[   27.793878]  inet6_csk_xmit+0x118/0x630
[   27.797828]  ? inet6_csk_xmit+0x118/0x630
[   27.801954]  ? call_rcu_sched+0x12/0x20
[   27.805913]  ? inet6_csk_update_pmtu+0x190/0x190
[   27.810648]  ? __sk_dst_check+0x1ef/0x410
[   27.814777]  ? sock_alloc_send_skb+0x40/0x40
[   27.819169]  l2tp_xmit_skb+0x15bc/0x1960
[   27.823213]  ? l2tp_session_create+0xb60/0xb60
[   27.827788]  ? _copy_from_iter_full+0x2bc/0xd20
[   27.832442]  ? skb_set_owner_w+0x24e/0x360
[   27.836669]  ? usercopy_warn+0x120/0x120
[   27.840716]  ? iov_iter_advance+0x14e0/0x14e0
[   27.845192]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.850722]  ? _copy_from_user+0xdf/0x150
[   27.854892]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   27.859890]  ? pppol2tp_sendmsg+0x45a/0x6c0
[   27.865239]  pppol2tp_sendmsg+0x4ae/0x6c0
[   27.869365]  ? move_addr_to_kernel.part.20+0x100/0x100
[   27.874632]  ? kasan_check_write+0x14/0x20
[   27.878846]  ? pppol2tp_getsockopt+0x950/0x950
[   27.883406]  sock_sendmsg+0xd5/0x120
[   27.887102]  ___sys_sendmsg+0x51d/0x930
[   27.891141]  ? kasan_check_write+0x14/0x20
[   27.896401]  ? copy_msghdr_from_user+0x580/0x580
[   27.901220]  ? __schedule+0x884/0x1ed0
[   27.905095]  ? __sched_text_start+0x8/0x8
[   27.909223]  ? lock_acquire+0x1e4/0x540
[   27.913177]  ? __might_fault+0x12b/0x1e0
[   27.917230]  ? lock_downgrade+0x8f0/0x8f0
[   27.921362]  ? lock_release+0xa30/0xa30
[   27.925320]  ? check_same_owner+0x340/0x340
[   27.929628]  ? rcu_note_context_switch+0x730/0x730
[   27.934533]  ? check_same_owner+0x340/0x340
[   27.938920]  __sys_sendmmsg+0x240/0x6f0
[   27.942874]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   27.947183]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   27.952694]  ? fput+0x130/0x1a0
[   27.955955]  ? __sys_connect+0x1d1/0x4c0
[   27.959994]  ? __ia32_sys_accept+0xb0/0xb0
[   27.964227]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   27.968802]  __x64_sys_sendmmsg+0x9d/0x100
[   27.973017]  do_syscall_64+0x1b9/0x820
[   27.976880]  ? finish_task_switch+0x1d3/0x870
[   27.981350]  ? syscall_return_slowpath+0x5e0/0x5e0
[   27.986260]  ? syscall_return_slowpath+0x31d/0x5e0
[   27.991167]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   27.996170]  ? prepare_exit_to_usermode+0x291/0x3b0
[   28.001162]  ? perf_trace_sys_enter+0xb10/0xb10
[   28.005808]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.010628]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.015792] RIP: 0033:0x446df9
[   28.019058] Code: e8 dc bd 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   28.037936] RSP: 002b:00007fa4524f4db8 EFLAGS: 00000297 ORIG_RAX: 0000000000000133
[   28.045627] RAX: ffffffffffffffda RBX: 00000000006dcc48 RCX: 0000000000446df9
[   28.052877] RDX: 00000000000003e8 RSI: 0000000020005fc0 RDI: 0000000000000004
[   28.060122] RBP: 00000000006dcc40 R08: 0000000000000000 R09: 0000000000000000
[   28.067365] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dcc4c
[   28.074613] R13: 00007fff00578e1f R14: 00007fa4524f59c0 R15: 0000000000000000
[   28.081956] Modules linked in:
[   28.085127] Dumping ftrace buffer:
[   28.088640]    (ftrace buffer empty)
[   28.092359] ---[ end trace c567fbe2f3e8c99e ]---
[   28.097133] RIP: 0010:ip6_pol_route+0x7b9/0xd30
[   28.101805] Code: 31 e4 e8 3a 13 fd fb 4c 89 e0 f0 4c 0f b1 33 31 ff 49 89 c4 48 89 c6 e8 d5 91 be fb 4d 85 e4 0f 84 db fb ff ff e8 97 90 be fb <0f> 0b e8 90 90 be fb e8 3b c5 a8 fb 31 ff 89 c6 88 85 24 ff ff ff
[   28.120709] RSP: 0018:ffff8801d8646df0 EFLAGS: 00010293
[   28.126089] RAX: ffff8801d702a300 RBX: ffffe8ffffd5d8a8 RCX: ffffffff85be175b
[   28.133347] RDX: 0000000000000000 RSI: ffffffff85be1769 RDI: 0000000000000007
[   28.140612] RBP: ffff8801d8646ee0 R08: ffff8801d702a300 R09: fffff91ffffabb15
[   28.147872] R10: fffff91ffffabb15 R11: ffffe8ffffd5d8af R12: ffff8801d83e4ac0
[   28.155140] R13: ffff8801c29ebac0 R14: ffff8801d83e4840 R15: 0000000000000003
[   28.162578] FS:  00007fa4524f5700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   28.170817] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.176697] CR2: 00000000205fafd2 CR3: 00000001b4193000 CR4: 00000000001406e0
[   28.183970] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.191344] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.198702] Kernel panic - not syncing: Fatal exception in interrupt
[   28.205531] Dumping ftrace buffer:
[   28.209047]    (ftrace buffer empty)
[   28.212736] Kernel Offset: disabled
[   28.216345] Rebooting in 86400 seconds..