[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.336564] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.862366] random: sshd: uninitialized urandom read (32 bytes read)
[   23.141160] random: sshd: uninitialized urandom read (32 bytes read)
[   23.898394] random: sshd: uninitialized urandom read (32 bytes read)
[   24.054861] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts.
[   29.523308] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   29.615344] IPVS: ftp: loaded support on port[0] = 21
[   29.702650] ip (4511) used greatest stack depth: 16616 bytes left
[   29.801995] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.808437] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.815795] device bridge_slave_0 entered promiscuous mode
[   29.831140] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.837497] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.844669] device bridge_slave_1 entered promiscuous mode
[   29.859588] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   29.875369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   29.914377] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   29.931351] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   29.988610] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   29.995794] team0: Port device team_slave_0 added
[   30.010835] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   30.017887] team0: Port device team_slave_1 added
[   30.032620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   30.050379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   30.067369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   30.084415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
[   30.160904] ip (4583) used greatest stack depth: 16552 bytes left
[   30.195315] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.201736] bridge0: port 2(bridge_slave_1) entered forwarding state
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   30.208617] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.214966] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   30.593195] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.599294] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.640478] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.680110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.687844] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   30.723043] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   30.729145] 8021q: adding VLAN 0 to HW filter on device team0
[   30.748273] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   30.947432] ------------[ cut here ]------------
[   30.952276] jump to non-chain
[   30.955681] WARNING: CPU: 0 PID: 4495 at net/bridge/netfilter/ebtables.c:283 ebt_do_table+0x1c45/0x2140
[   30.965205] Kernel panic - not syncing: panic_on_warn set ...
[   30.965205] 
[   30.972548] CPU: 0 PID: 4495 Comm: syz-executor989 Not tainted 4.17.0+ #85
[   30.979544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.988872] Call Trace:
[   30.991441]  dump_stack+0x1b9/0x294
[   30.995059]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.000235]  ? ebt_do_table+0x1bb0/0x2140
[   31.004372]  panic+0x22f/0x4de
[   31.007546]  ? add_taint.cold.5+0x16/0x16
[   31.011673]  ? __warn.cold.8+0x148/0x1b3
[   31.015714]  ? __warn.cold.8+0x117/0x1b3
[   31.019758]  ? ebt_do_table+0x1c45/0x2140
[   31.023885]  __warn.cold.8+0x163/0x1b3
[   31.027750]  ? ebt_do_table+0x1c45/0x2140
[   31.031876]  report_bug+0x252/0x2d0
[   31.035485]  do_error_trap+0x1fc/0x4d0
[   31.039351]  ? math_error+0x3f0/0x3f0
[   31.043130]  ? vprintk_default+0x28/0x30
[   31.047171]  ? vprintk_func+0x81/0xe7
[   31.050951]  ? printk+0x9e/0xba
[   31.054215]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.059043]  do_invalid_op+0x1b/0x20
[   31.062741]  invalid_op+0x14/0x20
[   31.066178] RIP: 0010:ebt_do_table+0x1c45/0x2140
[   31.070905] Code: 61 6c 9c fa 0f 0b 48 8b bd 48 fe ff ff 31 db e8 71 16 c7 00 e9 29 fe ff ff e8 87 39 d0 fa 48 c7 c7 c0 d5 57 88 e8 3b 6c 9c fa <0f> 0b 48 8b bd 48 fe ff ff 31 db e8 4b 16 c7 00 e9 03 fe ff ff bb 
[   31.090085] RSP: 0018:ffff8801ac565de8 EFLAGS: 00010282
[   31.095432] RAX: 0000000000000011 RBX: 0000000000000200 RCX: ffffffff8160d09d
[   31.102684] RDX: 0000000000000000 RSI: ffffffff81611d51 RDI: ffff8801ac565948
[   31.109940] RBP: ffff8801ac565fb8 R08: ffff8801d932a180 R09: 0000000000000002
[   31.117195] R10: ffff8801d932a180 R11: 0000000000000000 R12: ffffc90001e2a000
[   31.124460] R13: ffffc90001e26130 R14: ffffc90001e26090 R15: dffffc0000000000
[   31.131720]  ? console_unlock+0x8ad/0x1100
[   31.135933]  ? vprintk_func+0x81/0xe7
[   31.139715]  ? ebt_do_table+0x1c45/0x2140
[   31.143851]  ? find_inlist_lock.constprop.14+0x220/0x220
[   31.149280]  ? sock_sendmsg+0xd5/0x120
[   31.153156]  ? __sys_sendto+0x3d7/0x670
[   31.157110]  ? __x64_sys_sendto+0xe1/0x1a0
[   31.161323]  ? do_syscall_64+0x1b1/0x800
[   31.165375]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.170720]  ? graph_lock+0x170/0x170
[   31.174509]  ? graph_lock+0x170/0x170
[   31.178292]  ? __br_forward+0x2b3/0xd90
[   31.182246]  ? ebt_in_hook+0x80/0x80
[   31.185939]  ebt_in_hook+0x65/0x80
[   31.189457]  ebt_out_hook+0x25/0x30
[   31.193069]  nf_hook_slow+0xc2/0x1c0
[   31.196765]  __br_forward+0x520/0xd90
[   31.200544]  ? br_forward_finish+0x5b0/0x5b0
[   31.204932]  ? skb_clone+0x24c/0x4f0
[   31.208625]  ? write_comp_data+0x60/0x70
[   31.212664]  ? skb_split+0x11d0/0x11d0
[   31.216531]  ? br_dev_queue_push_xmit+0x600/0x600
[   31.221353]  ? __lock_is_held+0xb5/0x140
[   31.225395]  deliver_clone+0x61/0xc0
[   31.229087]  br_flood+0x781/0x8d0
[   31.232522]  ? br_forward+0x3a0/0x3a0
[   31.236301]  ? br_ip6_multicast_leave_group+0x330/0x330
[   31.241645]  ? __lock_is_held+0xb5/0x140
[   31.245688]  br_dev_xmit+0x1121/0x1810
[   31.249555]  ? br_poll_controller+0x10/0x10
[   31.253853]  ? lock_release+0xa10/0xa10
[   31.257806]  ? graph_lock+0x170/0x170
[   31.261586]  ? __bfs+0xa8/0x790
[   31.264846]  ? check_noncircular+0x20/0x20
[   31.269073]  ? __lock_is_held+0xb5/0x140
[   31.273120]  dev_hard_start_xmit+0x264/0xc10
[   31.277509]  ? validate_xmit_skb_list+0x120/0x120
[   31.282333]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.287854]  ? netif_skb_features+0x696/0xb40
[   31.292331]  ? validate_xmit_xfrm+0x1ef/0xdc0
[   31.296804]  ? lock_acquire+0x1dc/0x520
[   31.300758]  ? validate_xmit_skb+0x704/0xd90
[   31.305147]  ? netif_skb_features+0xb40/0xb40
[   31.309624]  __dev_queue_xmit+0x2724/0x34c0
[   31.313929]  ? netdev_pick_tx+0x2d0/0x2d0
[   31.318061]  ? debug_check_no_locks_freed+0x310/0x310
[   31.323234]  ? lock_downgrade+0x8e0/0x8e0
[   31.327361]  ? print_usage_bug+0xc0/0xc0
[   31.331409]  ? lock_downgrade+0x8e0/0x8e0
[   31.335542]  ? mark_held_locks+0xc9/0x160
[   31.339671]  ? graph_lock+0x170/0x170
[   31.343449]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   31.348444]  ? __neigh_create+0x1447/0x2050
[   31.352744]  ? trace_hardirqs_on+0xd/0x10
[   31.356875]  ? print_usage_bug+0xc0/0xc0
[   31.360925]  ? print_usage_bug+0xc0/0xc0
[   31.364968]  ? lock_downgrade+0x8e0/0x8e0
[   31.369101]  ? lock_release+0xa10/0xa10
[   31.373069]  ? memcpy+0x45/0x50
[   31.376456]  dev_queue_xmit+0x17/0x20
[   31.380235]  ? dev_queue_xmit+0x17/0x20
[   31.384186]  neigh_resolve_output+0x679/0xad0
[   31.388658]  ? graph_lock+0x170/0x170
[   31.392458]  ? __neigh_event_send+0x1240/0x1240
[   31.397118]  ip_finish_output2+0xa5f/0x1840
[   31.401439]  ? ip_copy_metadata+0xa90/0xa90
[   31.405743]  ? check_same_owner+0x320/0x320
[   31.410046]  ? print_usage_bug+0xc0/0xc0
[   31.414092]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.419610]  ? ip_copy_metadata+0x631/0xa90
[   31.423911]  ? dst_output+0x180/0x180
[   31.427696]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.433231]  ip_do_fragment+0x218e/0x2ac0
[   31.437372]  ? ip_copy_metadata+0xa90/0xa90
[   31.441681]  ? ip_do_fragment+0x218e/0x2ac0
[   31.445984]  ? ip_copy_metadata+0xa90/0xa90
[   31.450291]  ? ip_finish_output2+0x1840/0x1840
[   31.454852]  ? graph_lock+0x170/0x170
[   31.458631]  ? graph_lock+0x170/0x170
[   31.462414]  ? debug_check_no_locks_freed+0x310/0x310
[   31.467586]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.473103]  ? ip_generic_getfrag+0x11c/0x2d0
[   31.477581]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.483101]  ? ipv4_mtu+0x375/0x580
[   31.486706]  ? ip_reply_glue_bits+0xc0/0xc0
[   31.491016]  ? __build_flow_key.constprop.55+0x5f0/0x5f0
[   31.496457]  ? find_held_lock+0x36/0x1c0
[   31.500500]  ip_fragment.constprop.49+0x179/0x240
[   31.505326]  ip_finish_output+0x6cb/0xf80
[   31.509453]  ? ip_fragment.constprop.49+0x240/0x240
[   31.514449]  ? kasan_check_read+0x11/0x20
[   31.518579]  ? rcu_is_watching+0x85/0x140
[   31.522712]  ? rcu_report_qs_rnp+0x790/0x790
[   31.527107]  ip_output+0x21b/0x850
[   31.530627]  ? __ip_local_out+0x5cf/0xb20
[   31.534754]  ? ip_mc_output+0x15a0/0x15a0
[   31.538885]  ? ip_append_data.part.48+0x180/0x180
[   31.543709]  ? dst_release+0x5d/0xb0
[   31.547410]  ip_local_out+0xc5/0x1b0
[   31.551104]  ip_send_skb+0x40/0xe0
[   31.554625]  udp_send_skb+0x581/0xcc0
[   31.558415]  udp_push_pending_frames+0x4e/0xe0
[   31.562982]  udp_sendmsg+0x161e/0x35e0
[   31.566858]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.572379]  ? ip_reply_glue_bits+0xc0/0xc0
[   31.576688]  ? udp4_lib_lookup2+0x340/0x340
[   31.580995]  ? fib6_rules_seq_read+0x20/0x20
[   31.585397]  ? __lock_acquire+0x7f5/0x5140
[   31.589617]  ? find_held_lock+0x36/0x1c0
[   31.593665]  ? debug_check_no_locks_freed+0x310/0x310
[   31.598836]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.604354]  ? kasan_check_read+0x11/0x20
[   31.608481]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.612868]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   31.617433]  ? pgd_free+0x410/0x410
[   31.621052]  udpv6_sendmsg+0x2627/0x30f0
[   31.625103]  ? udpv6_queue_rcv_skb+0x1520/0x1520
[   31.629840]  ? debug_check_no_locks_freed+0x310/0x310
[   31.635025]  ? graph_lock+0x170/0x170
[   31.638810]  ? graph_lock+0x170/0x170
[   31.642592]  ? lock_acquire+0x1dc/0x520
[   31.646547]  ? graph_lock+0x170/0x170
[   31.650336]  ? find_held_lock+0x36/0x1c0
[   31.654385]  ? lock_downgrade+0x8e0/0x8e0
[   31.658516]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.664039]  ? lock_release+0xa10/0xa10
[   31.667992]  ? check_same_owner+0x320/0x320
[   31.672301]  inet_sendmsg+0x19f/0x690
[   31.676083]  ? udpv6_queue_rcv_skb+0x1520/0x1520
[   31.680816]  ? inet_sendmsg+0x19f/0x690
[   31.684770]  ? __might_sleep+0x95/0x190
[   31.688737]  ? ipip_gro_receive+0x100/0x100
[   31.693061]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.698582]  ? security_socket_sendmsg+0x94/0xc0
[   31.703318]  ? ipip_gro_receive+0x100/0x100
[   31.707621]  sock_sendmsg+0xd5/0x120
[   31.711327]  __sys_sendto+0x3d7/0x670
[   31.715112]  ? __ia32_sys_getpeername+0xb0/0xb0
[   31.719763]  ? lock_downgrade+0x8e0/0x8e0
[   31.723892]  ? handle_mm_fault+0x8c0/0xc70
[   31.728111]  ? handle_mm_fault+0x55a/0xc70
[   31.732330]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.737850]  ? mm_fault_error+0x380/0x380
[   31.741977]  ? move_addr_to_kernel+0x70/0x70
[   31.746364]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   31.751187]  __x64_sys_sendto+0xe1/0x1a0
[   31.755227]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.760224]  do_syscall_64+0x1b1/0x800
[   31.764092]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.769000]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.773917]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.779265]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.784094]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.789261] RIP: 0033:0x441ba9
[   31.792433] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.811594] RSP: 002b:00007ffdf98d0d78 EFLAGS: 00000213 ORIG_RAX: 000000000000002c
[   31.819290] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441ba9
[   31.826537] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
[   31.833784] RBP: 00000000006cd018 R08: 0000000020000180 R09: 000000000000001c
[   31.841040] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004028a0
[   31.848295] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000
[   31.856101] Dumping ftrace buffer:
[   31.859709]    (ftrace buffer empty)
[   31.863394] Kernel Offset: disabled
[   31.867000] Rebooting in 86400 seconds..