[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 17.946417] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 18.861851] random: sshd: uninitialized urandom read (32 bytes read) [ 19.138976] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.897007] random: sshd: uninitialized urandom read (32 bytes read) [ 20.050580] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. [ 25.484634] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 25.575550] IPVS: ftp: loaded support on port[0] = 21 [ 25.663613] ip (4531) used greatest stack depth: 15928 bytes left [ 25.760910] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.767358] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.774722] device bridge_slave_0 entered promiscuous mode [ 25.790402] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.796747] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.803723] device bridge_slave_1 entered promiscuous mode [ 25.817884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 25.832788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 25.870896] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 25.887614] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 25.944354] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 25.951590] team0: Port device team_slave_0 added [ 25.964915] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 25.971963] team0: Port device team_slave_1 added [ 25.987020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 26.003157] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 26.018562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.035572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 26.142599] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.149056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.155924] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.162270] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 26.539629] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 26.545725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.584652] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 26.625450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.633558] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 26.668762] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 26.674969] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.711281] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 26.890390] BUG: unable to handle kernel paging request at ffffc9005c3c2003 [ 26.897514] PGD 1da946067 P4D 1da946067 PUD 0 [ 26.902082] Oops: 0000 [#1] SMP KASAN [ 26.905861] CPU: 1 PID: 4515 Comm: syz-executor287 Not tainted 4.17.0+ #83 [ 26.912844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.922179] RIP: 0010:ebt_do_table+0x1983/0x2140 [ 26.926906] Code: 24 08 48 89 d8 48 89 9d d0 fe ff ff 48 c1 e8 03 42 0f b6 04 38 84 c0 74 08 3c 03 0f 8e 3b 06 00 00 48 8b 85 d0 fe ff ff 31 ff <8b> 18 89 de e8 94 25 c1 fa 85 db 0f 85 a0 02 00 00 e8 77 24 c1 fa [ 26.946030] RSP: 0018:ffff8801b30d5c68 EFLAGS: 00010246 [ 26.951372] RAX: ffffc9005c3c2003 RBX: ffffc9005c3c2003 RCX: ffffc90001e18000 [ 26.958616] RDX: 0000000000000000 RSI: ffffffff86b9158c RDI: 0000000000000000 [ 26.965861] RBP: ffff8801b30d5e38 R08: ffff8801ac5a2700 R09: ffffed003b5e46d6 [ 26.973106] R10: ffffed003b5e46d6 R11: ffff8801daf236b3 R12: ffffc90001e18000 [ 26.980351] R13: ffffc90001e12130 R14: ffffc90001e12090 R15: dffffc0000000000 [ 26.987597] FS: 00000000021f0880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 26.995797] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.001654] CR2: ffffc9005c3c2003 CR3: 00000001ac5f4000 CR4: 00000000001406e0 [ 27.008902] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.016145] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.023387] Call Trace: [ 27.025958] ? find_inlist_lock.constprop.16+0x220/0x220 [ 27.031383] ? sock_sendmsg+0xd5/0x120 [ 27.035253] ? __sys_sendto+0x3d7/0x670 [ 27.039202] ? __x64_sys_sendto+0xe1/0x1a0 [ 27.043417] ? do_syscall_64+0x1b1/0x800 [ 27.047453] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.052795] ? graph_lock+0x170/0x170 [ 27.056571] ? graph_lock+0x170/0x170 [ 27.060349] ? __br_forward+0x2b3/0xd90 [ 27.064301] ? ebt_in_hook+0x80/0x80 [ 27.067988] ebt_in_hook+0x65/0x80 [ 27.071505] ebt_out_hook+0x25/0x30 [ 27.075108] nf_hook_slow+0xc2/0x1c0 [ 27.078798] __br_forward+0x520/0xd90 [ 27.082576] ? br_forward_finish+0x5b0/0x5b0 [ 27.086961] ? skb_clone+0x24c/0x4f0 [ 27.090652] ? __sanitizer_cov_trace_pc+0x10/0x50 [ 27.095476] ? skb_split+0x11d0/0x11d0 [ 27.099356] ? br_dev_queue_push_xmit+0x600/0x600 [ 27.104174] ? __lock_is_held+0xb5/0x140 [ 27.108212] deliver_clone+0x61/0xc0 [ 27.111900] br_flood+0x6f3/0x980 [ 27.115330] ? br_forward+0x450/0x450 [ 27.119107] ? br_ip6_multicast_leave_group+0x330/0x330 [ 27.124453] ? __lock_is_held+0xb5/0x140 [ 27.128498] br_dev_xmit+0x1121/0x1810 [ 27.132364] ? br_poll_controller+0x10/0x10 [ 27.136662] ? perf_trace_xdp_cpumap_kthread+0x100/0x750 [ 27.142087] ? lock_downgrade+0x8e0/0x8e0 [ 27.146210] ? graph_lock+0x170/0x170 [ 27.149987] ? __bfs+0xa8/0x790 [ 27.153244] ? __bfs+0xa8/0x790 [ 27.156499] ? __lock_is_held+0xb5/0x140 [ 27.160541] dev_hard_start_xmit+0x264/0xc10 [ 27.164924] ? dev_direct_xmit+0x6a0/0x6a0 [ 27.169133] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.174646] ? netif_skb_features+0x696/0xb40 [ 27.179119] ? validate_xmit_xfrm+0x1ef/0xdc0 [ 27.183590] ? lock_acquire+0x1dc/0x520 [ 27.187543] ? validate_xmit_skb+0x804/0xf20 [ 27.191929] ? netif_skb_features+0xb40/0xb40 [ 27.196405] __dev_queue_xmit+0x29da/0x3900 [ 27.200704] ? netdev_pick_tx+0x2d0/0x2d0 [ 27.204831] ? debug_check_no_locks_freed+0x310/0x310 [ 27.209996] ? lock_downgrade+0x8e0/0x8e0 [ 27.214134] ? print_usage_bug+0xc0/0xc0 [ 27.218174] ? lock_downgrade+0x8e0/0x8e0 [ 27.222299] ? mark_held_locks+0xc9/0x160 [ 27.226425] ? graph_lock+0x170/0x170 [ 27.230202] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 27.235192] ? __neigh_create+0x1447/0x2050 [ 27.239496] ? trace_hardirqs_on+0xd/0x10 [ 27.243621] ? print_usage_bug+0xc0/0xc0 [ 27.247659] ? print_usage_bug+0xc0/0xc0 [ 27.251698] ? lock_downgrade+0x8e0/0x8e0 [ 27.255822] ? lock_release+0xa10/0xa10 [ 27.259775] ? memcpy+0x45/0x50 [ 27.263033] dev_queue_xmit+0x17/0x20 [ 27.266810] ? dev_queue_xmit+0x17/0x20 [ 27.270761] neigh_resolve_output+0x679/0xad0 [ 27.275233] ? __neigh_event_send+0x1240/0x1240 [ 27.279880] ip_finish_output2+0xa5f/0x1840 [ 27.284177] ? ip_copy_metadata+0xa90/0xa90 [ 27.288474] ? netlink_tap_init_net+0x3c0/0x3c0 [ 27.293118] ? graph_lock+0x170/0x170 [ 27.296897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.302409] ? ip_copy_metadata+0x631/0xa90 [ 27.306707] ? dst_output+0x180/0x180 [ 27.310490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.316003] ip_do_fragment+0x218e/0x2ac0 [ 27.320141] ? ip_copy_metadata+0xa90/0xa90 [ 27.324438] ? ip_do_fragment+0x218e/0x2ac0 [ 27.328735] ? ip_copy_metadata+0xa90/0xa90 [ 27.333035] ? ip_finish_output2+0x1840/0x1840 [ 27.337593] ? graph_lock+0x170/0x170 [ 27.341372] ? nf_ct_deliver_cached_events+0x569/0x7b0 [ 27.346624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.352134] ? ipv4_mtu+0x375/0x580 [ 27.355737] ? __build_flow_key.constprop.54+0x5f0/0x5f0 [ 27.361163] ? find_held_lock+0x36/0x1c0 [ 27.365202] ip_fragment.constprop.49+0x179/0x240 [ 27.370034] ip_finish_output+0x6cb/0xf80 [ 27.374159] ? ip_fragment.constprop.49+0x240/0x240 [ 27.379150] ? kasan_check_read+0x11/0x20 [ 27.383284] ? rcu_is_watching+0x85/0x140 [ 27.387415] ? rcu_report_qs_rnp+0x790/0x790 [ 27.391799] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 27.396787] ? nf_hook_slow+0x11e/0x1c0 [ 27.400739] ip_output+0x21b/0x850 [ 27.404254] ? __ip_local_out+0x5cf/0xb20 [ 27.408383] ? ip_mc_output+0x15a0/0x15a0 [ 27.412508] ? ip_fragment.constprop.49+0x240/0x240 [ 27.417499] ? dst_release+0x5d/0xb0 [ 27.421191] ip_local_out+0xc5/0x1b0 [ 27.424881] ip_send_skb+0x40/0xe0 [ 27.428405] udp_send_skb.isra.39+0x6b7/0x11d0 [ 27.432973] udp_push_pending_frames+0x5c/0xf0 [ 27.437532] udp_sendmsg+0x17d1/0x3970 [ 27.441399] ? ip_reply_glue_bits+0xc0/0xc0 [ 27.445700] ? udp_push_pending_frames+0xf0/0xf0 [ 27.450438] ? find_held_lock+0x36/0x1c0 [ 27.454474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.459988] ? print_usage_bug+0xc0/0xc0 [ 27.464031] ? __lock_acquire+0x7f5/0x5140 [ 27.468243] ? graph_lock+0x170/0x170 [ 27.472027] ? print_usage_bug+0xc0/0xc0 [ 27.476063] ? lock_downgrade+0x8e0/0x8e0 [ 27.480189] ? rcu_report_qs_rnp+0x790/0x790 [ 27.484575] ? __lock_acquire+0x7f5/0x5140 [ 27.488786] ? find_held_lock+0x36/0x1c0 [ 27.492825] udpv6_sendmsg+0x28c8/0x35f0 [ 27.496861] ? debug_check_no_locks_freed+0x310/0x310 [ 27.502031] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.507547] ? udpv6_queue_rcv_skb+0x1530/0x1530 [ 27.512280] ? _raw_spin_unlock+0x22/0x30 [ 27.516405] ? do_wp_page+0x42d/0x1990 [ 27.520268] ? finish_mkwrite_fault+0x610/0x610 [ 27.524914] ? debug_check_no_locks_freed+0x310/0x310 [ 27.530078] ? graph_lock+0x170/0x170 [ 27.533856] ? graph_lock+0x170/0x170 [ 27.537633] ? lock_acquire+0x1dc/0x520 [ 27.541584] ? graph_lock+0x170/0x170 [ 27.545361] ? find_held_lock+0x36/0x1c0 [ 27.549405] ? lock_downgrade+0x8e0/0x8e0 [ 27.553530] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.559046] ? lock_release+0xa10/0xa10 [ 27.562994] ? check_same_owner+0x320/0x320 [ 27.567298] inet_sendmsg+0x19f/0x690 [ 27.571073] ? udpv6_queue_rcv_skb+0x1530/0x1530 [ 27.575803] ? inet_sendmsg+0x19f/0x690 [ 27.579751] ? __might_sleep+0x95/0x190 [ 27.583701] ? ipip_gro_receive+0x100/0x100 [ 27.587998] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 27.593527] ? security_socket_sendmsg+0x94/0xc0 [ 27.598259] ? ipip_gro_receive+0x100/0x100 [ 27.602556] sock_sendmsg+0xd5/0x120 [ 27.606245] __sys_sendto+0x3d7/0x670 [ 27.610027] ? __ia32_sys_getpeername+0xb0/0xb0 [ 27.614673] ? lock_downgrade+0x8e0/0x8e0 [ 27.618795] ? handle_mm_fault+0x8c0/0xc70 [ 27.623009] ? handle_mm_fault+0x55a/0xc70 [ 27.627229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.632745] ? mm_fault_error+0x380/0x380 [ 27.636868] ? move_addr_to_kernel+0x70/0x70 [ 27.641253] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 27.646069] __x64_sys_sendto+0xe1/0x1a0 [ 27.650104] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.655104] do_syscall_64+0x1b1/0x800 [ 27.658971] ? syscall_return_slowpath+0x5c0/0x5c0 [ 27.663876] ? syscall_return_slowpath+0x30f/0x5c0 [ 27.668781] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 27.674122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.678941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.684116] RIP: 0033:0x441af9 [ 27.687279] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.706399] RSP: 002b:00007fff1261c6a8 EFLAGS: 00000213 ORIG_RAX: 000000000000002c [ 27.714087] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441af9 [ 27.721330] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 27.728575] RBP: 00000000006cd018 R08: 0000000020000180 R09: 000000000000001c [ 27.735822] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004027f0 [ 27.743066] R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000 [ 27.750312] Modules linked in: [ 27.753481] Dumping ftrace buffer: [ 27.756990] (ftrace buffer empty) [ 27.760678] CR2: ffffc9005c3c2003 [ 27.764110] ---[ end trace 6881d7df845451ff ]--- [ 27.768843] RIP: 0010:ebt_do_table+0x1983/0x2140 [ 27.773568] Code: 24 08 48 89 d8 48 89 9d d0 fe ff ff 48 c1 e8 03 42 0f b6 04 38 84 c0 74 08 3c 03 0f 8e 3b 06 00 00 48 8b 85 d0 fe ff ff 31 ff <8b> 18 89 de e8 94 25 c1 fa 85 db 0f 85 a0 02 00 00 e8 77 24 c1 fa [ 27.792675] RSP: 0018:ffff8801b30d5c68 EFLAGS: 00010246 [ 27.798019] RAX: ffffc9005c3c2003 RBX: ffffc9005c3c2003 RCX: ffffc90001e18000 [ 27.805265] RDX: 0000000000000000 RSI: ffffffff86b9158c RDI: 0000000000000000 [ 27.812509] RBP: ffff8801b30d5e38 R08: ffff8801ac5a2700 R09: ffffed003b5e46d6 [ 27.819756] R10: ffffed003b5e46d6 R11: ffff8801daf236b3 R12: ffffc90001e18000 [ 27.827003] R13: ffffc90001e12130 R14: ffffc90001e12090 R15: dffffc0000000000 [ 27.834257] FS: 00000000021f0880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 27.842457] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.848314] CR2: ffffc9005c3c2003 CR3: 00000001ac5f4000 CR4: 00000000001406e0 [ 27.855566] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.862813] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.870057] Kernel panic - not syncing: Fatal exception in interrupt [ 27.877013] Dumping ftrace buffer: [ 27.880529] (ftrace buffer empty) [ 27.884213] Kernel Offset: disabled [ 27.887818] Rebooting in 86400 seconds..