[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.640799] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.500771] random: sshd: uninitialized urandom read (32 bytes read)
[   19.963629] random: sshd: uninitialized urandom read (32 bytes read)
[   20.690710] random: sshd: uninitialized urandom read (32 bytes read)
[   20.826222] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts.
[   26.509671] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   26.592081] IPVS: ftp: loaded support on port[0] = 21
executing program
[   26.694863] ------------[ cut here ]------------
[   26.699648] kernel BUG at net/ipv6/route.c:1268!
[   26.704454] invalid opcode: 0000 [#1] SMP KASAN
[   26.709196] CPU: 1 PID: 4340 Comm: syz-executor123 Not tainted 4.18.0-rc6+ #163
[   26.716889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.726772] RIP: 0010:ip6_pol_route+0x9e3/0x1250
[   26.731516] Code: 31 e4 e8 80 4c 02 fc 4c 89 e0 f0 4c 0f b1 33 31 ff 49 89 c4 48 89 c6 e8 1b 36 c4 fb 4d 85 e4 0f 84 0d fa ff ff e8 dd 34 c4 fb <0f> 0b e8 d6 34 c4 fb e8 81 a3 ae fb 31 ff 89 c6 88 85 e0 fd ff ff 
[   26.750727] RSP: 0018:ffff8801ac936d48 EFLAGS: 00010293
[   26.756073] RAX: ffff8801acbc4240 RBX: ffffe8ffffd5d0d8 RCX: ffffffff85b7e095
[   26.763321] RDX: 0000000000000000 RSI: ffffffff85b7e0a3 RDI: 0000000000000007
[   26.770571] RBP: ffff8801ac936f78 R08: ffff8801acbc4240 R09: fffff91ffffaba1b
[   26.777819] R10: fffff91ffffaba1b R11: ffffe8ffffd5d0df R12: ffff8801bbd85e40
[   26.785066] R13: 0000000000000001 R14: ffff8801bbd85d00 R15: 0000000000000001
[   26.792318] FS:  00007f7ce9c97700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   26.800526] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.806386] CR2: 00000000205fafd2 CR3: 00000001bae25000 CR4: 00000000001406e0
[   26.813649] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.820901] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.828249] Call Trace:
[   26.830823]  ? ip6_pol_route_lookup+0x1120/0x1120
[   26.835648]  ? __nf_conntrack_find_get.part.43+0xfc3/0x1ac0
[   26.841361]  ? trace_hardirqs_on+0x10/0x10
[   26.845584]  ? ip6_finish_output2+0xcb5/0x2820
[   26.850151]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.855236]  ? trace_hardirqs_on+0x10/0x10
[   26.859477]  ip6_pol_route_output+0x54/0x70
[   26.863816]  fib6_rule_lookup+0x26e/0x700
[   26.867942]  ? ip6_pol_route_input+0x80/0x80
[   26.872329]  ? fib6_lookup+0x480/0x480
[   26.876205]  ? trace_hardirqs_on+0x10/0x10
[   26.880420]  ? kasan_check_read+0x11/0x20
[   26.884559]  ? do_raw_spin_unlock+0xa7/0x2f0
[   26.888952]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.893519]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.898084]  ip6_route_output_flags+0x2c5/0x350
[   26.902738]  ip6_dst_lookup_tail+0x1278/0x1da0
[   26.907300]  ? debug_object_activate+0x41a/0x690
[   26.912038]  ? lock_downgrade+0x8f0/0x8f0
[   26.916169]  ? kernel_text_address+0x79/0xf0
[   26.920563]  ? dst_output+0x180/0x180
[   26.924344]  ? do_raw_spin_unlock+0xa7/0x2f0
[   26.928733]  ? lock_acquire+0x1e4/0x540
[   26.932691]  ? debug_object_active_state+0x2f5/0x4d0
[   26.937774]  ? lock_downgrade+0x8f0/0x8f0
[   26.942024]  ? kasan_check_read+0x11/0x20
[   26.946173]  ? do_raw_spin_unlock+0xa7/0x2f0
[   26.950591]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.955165]  ? lock_acquire+0x1e4/0x540
[   26.959140]  ? inet6_csk_route_socket+0x69d/0x1030
[   26.964084]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.969615]  ? __sk_dst_check+0x1ef/0x410
[   26.973757]  ip6_dst_lookup_flow+0xc8/0x270
[   26.978062]  ? rcu_is_watching+0x8c/0x150
[   26.982187]  ? ip6_dst_lookup+0x60/0x60
[   26.986140]  ? kasan_kmalloc+0xc4/0xe0
[   26.990010]  inet6_csk_route_socket+0x8cb/0x1030
[   26.994743]  ? ip6_dst_check+0x475/0xaf0
[   26.998793]  ? inet6_csk_route_req+0x820/0x820
[   27.003370]  ? note_gp_changes+0x550/0x550
[   27.007584]  ? __kasan_slab_free+0x131/0x170
[   27.011975]  ? trace_hardirqs_on+0xd/0x10
[   27.016110]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   27.021727]  ? kasan_check_write+0x14/0x20
[   27.026303]  ? pskb_expand_head+0x6b3/0x10e0
[   27.030711]  ? kmem_cache_alloc_node_trace+0x302/0x770
[   27.035977]  ? __pskb_copy_fclone+0xeb0/0xeb0
[   27.040469]  inet6_csk_xmit+0x118/0x630
[   27.044439]  ? inet6_csk_xmit+0x118/0x630
[   27.048573]  ? call_rcu_sched+0x12/0x20
[   27.052528]  ? inet6_csk_update_pmtu+0x190/0x190
[   27.057266]  ? __sk_dst_check+0x1ef/0x410
[   27.061392]  ? sock_alloc_send_skb+0x40/0x40
[   27.065786]  l2tp_xmit_skb+0x1469/0x1830
[   27.069828]  ? l2tp_session_create+0xae0/0xae0
[   27.074418]  ? iov_iter_advance+0x14e0/0x14e0
[   27.078908]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.084432]  ? _copy_from_user+0xdf/0x150
[   27.088574]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   27.093569]  ? pppol2tp_sendmsg+0x45a/0x6c0
[   27.097870]  pppol2tp_sendmsg+0x4ae/0x6c0
[   27.102002]  ? move_addr_to_kernel.part.18+0x100/0x100
[   27.107271]  ? kasan_check_write+0x14/0x20
[   27.111506]  ? pppol2tp_getsockopt+0x950/0x950
[   27.116069]  sock_sendmsg+0xd5/0x120
[   27.119762]  ___sys_sendmsg+0x51d/0x930
[   27.123721]  ? kasan_check_write+0x14/0x20
[   27.127959]  ? copy_msghdr_from_user+0x580/0x580
[   27.132695]  ? __schedule+0x884/0x1ed0
[   27.136686]  ? __sched_text_start+0x8/0x8
[   27.140959]  ? lock_acquire+0x1e4/0x540
[   27.144932]  ? __might_fault+0x12b/0x1e0
[   27.148985]  ? lock_downgrade+0x8f0/0x8f0
[   27.153122]  ? lock_release+0xa30/0xa30
[   27.157078]  ? check_same_owner+0x340/0x340
[   27.161564]  ? rcu_note_context_switch+0x730/0x730
[   27.166490]  ? check_same_owner+0x340/0x340
[   27.170884]  __sys_sendmmsg+0x240/0x6f0
[   27.174852]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   27.179170]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   27.184689]  ? fput+0x130/0x1a0
[   27.187950]  ? __sys_connect+0x1d1/0x4c0
[   27.191994]  ? __ia32_sys_accept+0xb0/0xb0
[   27.196225]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   27.200789]  __x64_sys_sendmmsg+0x9d/0x100
[   27.205007]  do_syscall_64+0x1b9/0x820
[   27.209049]  ? syscall_return_slowpath+0x5e0/0x5e0
[   27.213967]  ? syscall_return_slowpath+0x31d/0x5e0
[   27.218892]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   27.223990]  ? prepare_exit_to_usermode+0x291/0x3b0
[   27.228999]  ? perf_trace_sys_enter+0xb10/0xb10
[   27.233655]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.238506]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.243687] RIP: 0033:0x4469f9
[   27.246855] Code: e8 ac b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   27.265974] RSP: 002b:00007f7ce9c96db8 EFLAGS: 00000297 ORIG_RAX: 0000000000000133
[   27.273671] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 00000000004469f9
[   27.280937] RDX: 00000000000003e8 RSI: 0000000020005fc0 RDI: 0000000000000004
[   27.288186] RBP: 00000000006dbc40 R08: 0000000000000000 R09: 0000000000000000
[   27.295611] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dbc4c
[   27.302874] R13: 00007ffe2affe7ff R14: 00007f7ce9c979c0 R15: 0000000000000000
[   27.310127] Modules linked in:
[   27.313312] Dumping ftrace buffer:
[   27.316833]    (ftrace buffer empty)
[   27.320595] ---[ end trace 0f7022799dd47a56 ]---
[   27.325375] RIP: 0010:ip6_pol_route+0x9e3/0x1250
[   27.330139] Code: 31 e4 e8 80 4c 02 fc 4c 89 e0 f0 4c 0f b1 33 31 ff 49 89 c4 48 89 c6 e8 1b 36 c4 fb 4d 85 e4 0f 84 0d fa ff ff e8 dd 34 c4 fb <0f> 0b e8 d6 34 c4 fb e8 81 a3 ae fb 31 ff 89 c6 88 85 e0 fd ff ff 
[   27.349848] RSP: 0018:ffff8801ac936d48 EFLAGS: 00010293
[   27.355236] RAX: ffff8801acbc4240 RBX: ffffe8ffffd5d0d8 RCX: ffffffff85b7e095
[   27.362536] RDX: 0000000000000000 RSI: ffffffff85b7e0a3 RDI: 0000000000000007
[   27.369898] RBP: ffff8801ac936f78 R08: ffff8801acbc4240 R09: fffff91ffffaba1b
[   27.377554] R10: fffff91ffffaba1b R11: ffffe8ffffd5d0df R12: ffff8801bbd85e40
[   27.384868] R13: 0000000000000001 R14: ffff8801bbd85d00 R15: 0000000000000001
[   27.392276] FS:  00007f7ce9c97700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   27.400533] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.406473] CR2: 00000000205fafd2 CR3: 00000001bae25000 CR4: 00000000001406e0
[   27.413755] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.421036] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.428424] Kernel panic - not syncing: Fatal exception in interrupt
[   27.435303] Dumping ftrace buffer:
[   27.438827]    (ftrace buffer empty)
[   27.442519] Kernel Offset: disabled
[   27.446127] Rebooting in 86400 seconds..