[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.348741] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.692931] random: sshd: uninitialized urandom read (32 bytes read) [ 21.941363] random: sshd: uninitialized urandom read (32 bytes read) [ 22.770452] random: sshd: uninitialized urandom read (32 bytes read) [ 40.243195] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts. [ 45.755367] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 45.848706] IPVS: ftp: loaded support on port[0] = 21 [ 45.937881] ip (4547) used greatest stack depth: 17048 bytes left [ 46.034951] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.041422] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.048821] device bridge_slave_0 entered promiscuous mode [ 46.064488] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.070894] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.077861] device bridge_slave_1 entered promiscuous mode [ 46.092616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.108234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.147723] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.164809] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.223851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.231131] team0: Port device team_slave_0 added [ 46.245820] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.252902] team0: Port device team_slave_1 added [ 46.270541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.286813] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.303625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.320234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 46.434439] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.440933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.447819] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.454182] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 46.898283] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.904452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.951908] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.997440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.005284] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 47.045295] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 47.287111] BUG: unable to handle kernel paging request at ffffc9005c3ea003 [ 47.294255] PGD 1da946067 P4D 1da946067 PUD 0 [ 47.298826] Oops: 0000 [#1] SMP KASAN [ 47.302608] CPU: 0 PID: 4531 Comm: syz-executor543 Not tainted 4.17.0+ #93 [ 47.309600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.319029] RIP: 0010:ebt_do_table+0x1983/0x2140 [ 47.323766] Code: 24 08 48 89 d8 48 89 9d d0 fe ff ff 48 c1 e8 03 42 0f b6 04 38 84 c0 74 08 3c 03 0f 8e 3b 06 00 00 48 8b 85 d0 fe ff ff 31 ff <8b> 18 89 de e8 04 e8 c0 fa 85 db 0f 85 a0 02 00 00 e8 e7 e6 c0 fa [ 47.342883] RSP: 0018:ffff8801d90adc68 EFLAGS: 00010246 [ 47.348275] RAX: ffffc9005c3ea003 RBX: ffffc9005c3ea003 RCX: ffffc90001e3e000 [ 47.355587] RDX: 0000000000000000 RSI: ffffffff86b9558c RDI: 0000000000000000 [ 47.362966] RBP: ffff8801d90ade38 R08: ffff8801d93b21c0 R09: ffffed003b5c46d6 [ 47.370575] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: ffffc90001e3e000 [ 47.377826] R13: ffffc90001e3a130 R14: ffffc90001e3a090 R15: dffffc0000000000 [ 47.385084] FS: 0000000000d92880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 47.393288] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.399149] CR2: ffffc9005c3ea003 CR3: 00000001d8827000 CR4: 00000000001406f0 [ 47.406487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.413734] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.420996] Call Trace: [ 47.423575] ? find_inlist_lock.constprop.16+0x220/0x220 [ 47.429008] ? sock_sendmsg+0xd5/0x120 [ 47.432875] ? __sys_sendto+0x3d7/0x670 [ 47.436842] ? __x64_sys_sendto+0xe1/0x1a0 [ 47.441081] ? do_syscall_64+0x1b1/0x800 [ 47.445122] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.450466] ? kasan_check_read+0x11/0x20 [ 47.454602] ? graph_lock+0x170/0x170 [ 47.458397] ? graph_lock+0x170/0x170 [ 47.462180] ? __br_forward+0x2b3/0xd90 [ 47.466136] ? ebt_in_hook+0x80/0x80 [ 47.469838] ebt_in_hook+0x65/0x80 [ 47.473377] ebt_out_hook+0x25/0x30 [ 47.476993] nf_hook_slow+0xc2/0x1c0 [ 47.480695] __br_forward+0x520/0xd90 [ 47.484483] ? br_forward_finish+0x5b0/0x5b0 [ 47.488873] ? skb_clone+0x24c/0x4f0 [ 47.492571] ? __sanitizer_cov_trace_cmp4+0x10/0x20 [ 47.497578] ? skb_split+0x11d0/0x11d0 [ 47.501448] ? br_dev_queue_push_xmit+0x600/0x600 [ 47.506273] ? __lock_is_held+0xb5/0x140 [ 47.510315] deliver_clone+0x61/0xc0 [ 47.514010] br_flood+0x6f3/0x980 [ 47.517452] ? br_forward+0x450/0x450 [ 47.521234] ? br_ip6_multicast_leave_group+0x330/0x330 [ 47.526587] ? __lock_is_held+0xb5/0x140 [ 47.530629] br_dev_xmit+0x1121/0x1810 [ 47.534535] ? br_poll_controller+0x10/0x10 [ 47.538836] ? perf_trace_xdp_redirect_template+0x790/0x910 [ 47.544539] ? lock_downgrade+0x8e0/0x8e0 [ 47.548669] ? graph_lock+0x170/0x170 [ 47.552451] ? __bfs+0xa8/0x790 [ 47.555719] ? __bfs+0xa8/0x790 [ 47.558983] ? __lock_is_held+0xb5/0x140 [ 47.563041] dev_hard_start_xmit+0x264/0xc10 [ 47.567431] ? dev_direct_xmit+0x6a0/0x6a0 [ 47.571646] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.577162] ? netif_skb_features+0x696/0xb40 [ 47.581648] ? validate_xmit_xfrm+0x1ef/0xdc0 [ 47.586136] ? lock_acquire+0x1dc/0x520 [ 47.590101] ? validate_xmit_skb+0x804/0xf20 [ 47.594491] ? netif_skb_features+0xb40/0xb40 [ 47.598981] __dev_queue_xmit+0x29da/0x3900 [ 47.603285] ? netdev_pick_tx+0x2d0/0x2d0 [ 47.607416] ? debug_check_no_locks_freed+0x310/0x310 [ 47.612587] ? lock_downgrade+0x8e0/0x8e0 [ 47.616729] ? print_usage_bug+0xc0/0xc0 [ 47.620771] ? lock_downgrade+0x8e0/0x8e0 [ 47.624899] ? mark_held_locks+0xc9/0x160 [ 47.629027] ? graph_lock+0x170/0x170 [ 47.632806] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 47.637806] ? __neigh_create+0x1447/0x2050 [ 47.642107] ? trace_hardirqs_on+0xd/0x10 [ 47.646247] ? print_usage_bug+0xc0/0xc0 [ 47.650286] ? print_usage_bug+0xc0/0xc0 [ 47.654329] ? lock_downgrade+0x8e0/0x8e0 [ 47.658461] ? lock_release+0xa10/0xa10 [ 47.662417] ? memcpy+0x45/0x50 [ 47.665687] dev_queue_xmit+0x17/0x20 [ 47.669474] ? dev_queue_xmit+0x17/0x20 [ 47.673428] neigh_resolve_output+0x679/0xad0 [ 47.677907] ? __neigh_event_send+0x1240/0x1240 [ 47.682559] ip_finish_output2+0xa5f/0x1840 [ 47.686860] ? ip_copy_metadata+0xa90/0xa90 [ 47.691159] ? netlink_tap_init_net+0x3c0/0x3c0 [ 47.695817] ? graph_lock+0x170/0x170 [ 47.699598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.705114] ? ip_copy_metadata+0x631/0xa90 [ 47.709424] ? dst_output+0x180/0x180 [ 47.713205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.718722] ip_do_fragment+0x218e/0x2ac0 [ 47.722856] ? ip_copy_metadata+0xa90/0xa90 [ 47.727154] ? ip_do_fragment+0x218e/0x2ac0 [ 47.731466] ? ip_copy_metadata+0xa90/0xa90 [ 47.735769] ? ip_finish_output2+0x1840/0x1840 [ 47.740330] ? graph_lock+0x170/0x170 [ 47.744123] ? nf_ct_deliver_cached_events+0x569/0x7b0 [ 47.749375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.754887] ? ipv4_mtu+0x375/0x580 [ 47.758491] ? __build_flow_key.constprop.54+0x5f0/0x5f0 [ 47.763920] ? find_held_lock+0x36/0x1c0 [ 47.767961] ip_fragment.constprop.49+0x179/0x240 [ 47.772784] ip_finish_output+0x6cb/0xf80 [ 47.776922] ? ip_fragment.constprop.49+0x240/0x240 [ 47.781913] ? kasan_check_read+0x11/0x20 [ 47.786040] ? rcu_is_watching+0x85/0x140 [ 47.790167] ? rcu_report_qs_rnp+0x790/0x790 [ 47.794554] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 47.799561] ? nf_hook_slow+0x11e/0x1c0 [ 47.803532] ip_output+0x21b/0x850 [ 47.807065] ? __ip_local_out+0x5cf/0xb20 [ 47.811204] ? ip_mc_output+0x15a0/0x15a0 [ 47.815350] ? ip_fragment.constprop.49+0x240/0x240 [ 47.820347] ? dst_release+0x5d/0xb0 [ 47.824041] ip_local_out+0xc5/0x1b0 [ 47.827734] ip_send_skb+0x40/0xe0 [ 47.831254] udp_send_skb.isra.39+0x6b7/0x11d0 [ 47.835817] udp_push_pending_frames+0x5c/0xf0 [ 47.840381] udp_sendmsg+0x17d1/0x3970 [ 47.844250] ? ip_reply_glue_bits+0xc0/0xc0 [ 47.848560] ? udp_push_pending_frames+0xf0/0xf0 [ 47.853294] ? find_held_lock+0x36/0x1c0 [ 47.857333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.862847] ? print_usage_bug+0xc0/0xc0 [ 47.866900] ? __lock_acquire+0x7f5/0x5140 [ 47.871120] ? graph_lock+0x170/0x170 [ 47.874905] ? print_usage_bug+0xc0/0xc0 [ 47.878965] ? lock_downgrade+0x8e0/0x8e0 [ 47.883108] ? rcu_report_qs_rnp+0x790/0x790 [ 47.887501] ? __lock_acquire+0x7f5/0x5140 [ 47.891718] ? find_held_lock+0x36/0x1c0 [ 47.895762] udpv6_sendmsg+0x28c8/0x35f0 [ 47.899812] ? debug_check_no_locks_freed+0x310/0x310 [ 47.904983] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.910511] ? udpv6_queue_rcv_skb+0x1530/0x1530 [ 47.915247] ? _raw_spin_unlock+0x22/0x30 [ 47.919374] ? do_wp_page+0x42d/0x1990 [ 47.923241] ? finish_mkwrite_fault+0x610/0x610 [ 47.927897] ? debug_check_no_locks_freed+0x310/0x310 [ 47.933065] ? graph_lock+0x170/0x170 [ 47.936844] ? graph_lock+0x170/0x170 [ 47.940622] ? lock_acquire+0x1dc/0x520 [ 47.944575] ? graph_lock+0x170/0x170 [ 47.948352] ? find_held_lock+0x36/0x1c0 [ 47.952393] ? lock_downgrade+0x8e0/0x8e0 [ 47.956529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.962044] ? lock_release+0xa10/0xa10 [ 47.965993] ? check_same_owner+0x320/0x320 [ 47.970309] inet_sendmsg+0x19f/0x690 [ 47.974087] ? udpv6_queue_rcv_skb+0x1530/0x1530 [ 47.978819] ? inet_sendmsg+0x19f/0x690 [ 47.982769] ? __might_sleep+0x95/0x190 [ 47.986718] ? ipip_gro_receive+0x100/0x100 [ 47.991024] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.996544] ? security_socket_sendmsg+0x94/0xc0 [ 48.001279] ? ipip_gro_receive+0x100/0x100 [ 48.005583] sock_sendmsg+0xd5/0x120 [ 48.009273] __sys_sendto+0x3d7/0x670 [ 48.013062] ? __ia32_sys_getpeername+0xb0/0xb0 [ 48.017710] ? lock_downgrade+0x8e0/0x8e0 [ 48.021833] ? handle_mm_fault+0x8c0/0xc70 [ 48.026051] ? handle_mm_fault+0x55a/0xc70 [ 48.030278] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.035806] ? mm_fault_error+0x380/0x380 [ 48.039934] ? move_addr_to_kernel+0x70/0x70 [ 48.044321] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 48.049153] __x64_sys_sendto+0xe1/0x1a0 [ 48.053192] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 48.058196] do_syscall_64+0x1b1/0x800 [ 48.062064] ? syscall_return_slowpath+0x5c0/0x5c0 [ 48.066981] ? syscall_return_slowpath+0x30f/0x5c0 [ 48.071893] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 48.077234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.082058] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.087224] RIP: 0033:0x441af9 [ 48.090388] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.109510] RSP: 002b:00007ffe7c325a28 EFLAGS: 00000213 ORIG_RAX: 000000000000002c [ 48.117199] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441af9 [ 48.124447] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 48.131693] RBP: 00000000006cd018 R08: 0000000020000180 R09: 000000000000001c [ 48.138940] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004027f0 [ 48.146187] R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000 [ 48.153436] Modules linked in: [ 48.156610] Dumping ftrace buffer: [ 48.160122] (ftrace buffer empty) [ 48.163811] CR2: ffffc9005c3ea003 [ 48.167242] ---[ end trace b2856ed83f9c488d ]--- [ 48.171982] RIP: 0010:ebt_do_table+0x1983/0x2140 [ 48.176711] Code: 24 08 48 89 d8 48 89 9d d0 fe ff ff 48 c1 e8 03 42 0f b6 04 38 84 c0 74 08 3c 03 0f 8e 3b 06 00 00 48 8b 85 d0 fe ff ff 31 ff <8b> 18 89 de e8 04 e8 c0 fa 85 db 0f 85 a0 02 00 00 e8 e7 e6 c0 fa [ 48.195822] RSP: 0018:ffff8801d90adc68 EFLAGS: 00010246 [ 48.201163] RAX: ffffc9005c3ea003 RBX: ffffc9005c3ea003 RCX: ffffc90001e3e000 [ 48.208410] RDX: 0000000000000000 RSI: ffffffff86b9558c RDI: 0000000000000000 [ 48.215660] RBP: ffff8801d90ade38 R08: ffff8801d93b21c0 R09: ffffed003b5c46d6 [ 48.222909] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: ffffc90001e3e000 [ 48.230162] R13: ffffc90001e3a130 R14: ffffc90001e3a090 R15: dffffc0000000000 [ 48.237412] FS: 0000000000d92880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 48.245612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.251472] CR2: ffffc9005c3ea003 CR3: 00000001d8827000 CR4: 00000000001406f0 [ 48.258721] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.265969] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.273216] Kernel panic - not syncing: Fatal exception in interrupt [ 48.280202] Dumping ftrace buffer: [ 48.283720] (ftrace buffer empty) [ 48.287407] Kernel Offset: disabled [ 48.291008] Rebooting in 86400 seconds..