[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   17.713287] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.846602] random: sshd: uninitialized urandom read (32 bytes read)
[   20.117533] random: sshd: uninitialized urandom read (32 bytes read)
[   20.813388] random: sshd: uninitialized urandom read (32 bytes read)
[   32.341109] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts.
[   37.794318] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   37.881535] IPVS: ftp: loaded support on port[0] = 21
[   38.057069] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.063495] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.070516] device bridge_slave_0 entered promiscuous mode
[   38.085176] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.091520] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.098351] device bridge_slave_1 entered promiscuous mode
[   38.111901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.126149] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.162036] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   38.178353] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   38.232402] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   38.239536] team0: Port device team_slave_0 added
[   38.252359] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   38.259364] team0: Port device team_slave_1 added
[   38.273199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   38.288299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   38.302940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.317944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   38.420778] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.427197] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.433898] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.440236] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   38.797563] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   38.803677] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.841891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   38.881124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.888404] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   38.921269] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   38.927368] 8021q: adding VLAN 0 to HW filter on device team0
[   39.008400] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   39.131767] ------------[ cut here ]------------
[   39.136617] ip6tnl0: caps=(0x00000000401d7869, 0x00000000401d7869) len=353 data_len=209 gso_size=6 gso_type=131072 ip_summed=0
[   39.148323] WARNING: CPU: 1 PID: 4481 at net/core/dev.c:2663 skb_warn_bad_offload+0x2bc/0x600
[   39.156964] Kernel panic - not syncing: panic_on_warn set ...
[   39.156964] 
[   39.164320] CPU: 1 PID: 4481 Comm: syz-executor820 Not tainted 4.17.0-rc2+ #23
[   39.171655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.180984] Call Trace:
[   39.183554]  dump_stack+0x1b9/0x294
[   39.187158]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.192329]  ? skb_warn_bad_offload+0x270/0x600
[   39.196976]  panic+0x22f/0x4de
[   39.200145]  ? add_taint.cold.5+0x16/0x16
[   39.204273]  ? __warn.cold.8+0x148/0x1b3
[   39.208312]  ? __warn.cold.8+0x117/0x1b3
[   39.212349]  ? skb_warn_bad_offload+0x2bc/0x600
[   39.216994]  __warn.cold.8+0x163/0x1b3
[   39.220862]  ? skb_warn_bad_offload+0x2bc/0x600
[   39.225511]  report_bug+0x252/0x2d0
[   39.229117]  do_error_trap+0x1de/0x490
[   39.232982]  ? math_error+0x420/0x420
[   39.236766]  ? vprintk_default+0x28/0x30
[   39.240808]  ? vprintk_func+0x81/0xe7
[   39.244586]  ? printk+0x9e/0xba
[   39.247847]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.252668]  do_invalid_op+0x1b/0x20
[   39.256360]  invalid_op+0x14/0x20
[   39.259792] RIP: 0010:skb_warn_bad_offload+0x2bc/0x600
[   39.265041] RSP: 0018:ffff8801b0d5e868 EFLAGS: 00010286
[   39.270381] RAX: 0000000000000072 RBX: ffff8801abd08850 RCX: ffffffff8160a8ad
[   39.277627] RDX: 0000000000000000 RSI: ffffffff8160f561 RDI: ffff8801b0d5e3c8
[   39.284872] RBP: ffff8801b0d5e8c0 R08: ffff8801b4cc6400 R09: 0000000000000002
[   39.292118] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   39.299364] R13: ffff8801d7cdeba0 R14: 0000000000020000 R15: 0000000000000006
[   39.306622]  ? console_unlock+0x8ad/0x1100
[   39.310836]  ? vprintk_func+0x81/0xe7
[   39.314615]  ? skb_warn_bad_offload+0x2bc/0x600
[   39.319264]  __skb_gso_segment+0x6ab/0x870
[   39.323479]  ? skb_mac_gso_segment+0x720/0x720
[   39.328038]  ? lock_acquire+0x1dc/0x520
[   39.331990]  ? __dev_queue_xmit+0x30f/0x34c0
[   39.336376]  validate_xmit_skb+0x54d/0xd90
[   39.340592]  ? netif_skb_features+0xb40/0xb40
[   39.345066]  __dev_queue_xmit+0xbf8/0x34c0
[   39.349284]  ? netdev_pick_tx+0x2d0/0x2d0
[   39.353410]  ? find_held_lock+0x30/0x1c0
[   39.357452]  ? lock_downgrade+0x8e0/0x8e0
[   39.361577]  ? lock_release+0xa10/0xa10
[   39.365531]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.371046]  ? __local_bh_enable_ip+0x161/0x230
[   39.375692]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   39.380688]  ? __neigh_create+0x1447/0x2050
[   39.384988]  ? trace_hardirqs_on+0xd/0x10
[   39.389113]  ? __local_bh_enable_ip+0x161/0x230
[   39.393763]  ? _raw_write_unlock_bh+0x30/0x40
[   39.398233]  ? __neigh_create+0xd2c/0x2050
[   39.402452]  ? rcu_is_watching+0x85/0x140
[   39.406580]  ? neigh_hash_alloc+0x1e0/0x1e0
[   39.410878]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.415873]  ? trace_hardirqs_on+0xd/0x10
[   39.419999]  ? do_softirq+0x19/0x20
[   39.423602]  ? netif_rx_ni+0xe4/0x440
[   39.427383]  ? lock_acquire+0x1dc/0x520
[   39.431340]  ? ip6_finish_output2+0x253/0x2800
[   39.435899]  ? lock_downgrade+0x8e0/0x8e0
[   39.440029]  ? kasan_check_read+0x11/0x20
[   39.444154]  ? rcu_is_watching+0x85/0x140
[   39.448278]  ? rcu_pm_notify+0xc0/0xc0
[   39.452145]  dev_queue_xmit+0x17/0x20
[   39.455923]  ? dev_queue_xmit+0x17/0x20
[   39.459872]  neigh_direct_output+0x15/0x20
[   39.464095]  ip6_finish_output2+0xc93/0x2800
[   39.468487]  ? ip6_flush_pending_frames+0xc0/0xc0
[   39.473310]  ? lock_downgrade+0x8e0/0x8e0
[   39.477439]  ? kasan_check_read+0x11/0x20
[   39.481564]  ? rcu_is_watching+0x85/0x140
[   39.485691]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   39.490861]  ? ip6_mtu+0x159/0x510
[   39.494378]  ? ip6_dst_ifdown+0x4c0/0x4c0
[   39.498504]  ? kasan_check_read+0x11/0x20
[   39.502629]  ? rcu_is_watching+0x85/0x140
[   39.506758]  ip6_finish_output+0x5fe/0xbc0
[   39.510969]  ? ip6_finish_output+0x5fe/0xbc0
[   39.515356]  ip6_output+0x227/0x9b0
[   39.518961]  ? ip6_finish_output+0xbc0/0xbc0
[   39.523351]  ? ip6_dst_hoplimit+0x4c0/0x4c0
[   39.527653]  ip6_local_out+0xc5/0x1b0
[   39.531434]  ip6_send_skb+0xba/0x340
[   39.535129]  udp_v6_send_skb.isra.24+0xa42/0x1250
[   39.539961]  udpv6_sendmsg+0x2a7c/0x32a0
[   39.543999]  ? ip_reply_glue_bits+0xc0/0xc0
[   39.548302]  ? udpv6_queue_rcv_skb+0x1520/0x1520
[   39.553035]  ? find_held_lock+0x36/0x1c0
[   39.557077]  ? lock_downgrade+0x8e0/0x8e0
[   39.561204]  ? lock_release+0xa10/0xa10
[   39.565156]  ? check_same_owner+0x320/0x320
[   39.569456]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   39.574464]  ? __check_object_size+0x95/0x5d9
[   39.578940]  ? __might_sleep+0x95/0x190
[   39.582896]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   39.587888]  ? rw_copy_check_uvector+0x2d3/0x3a0
[   39.592626]  ? dup_iter+0x270/0x270
[   39.596233]  inet_sendmsg+0x19f/0x690
[   39.600009]  ? udpv6_queue_rcv_skb+0x1520/0x1520
[   39.604742]  ? inet_sendmsg+0x19f/0x690
[   39.608692]  ? copy_msghdr_from_user+0x3bc/0x560
[   39.613423]  ? ipip_gro_receive+0x100/0x100
[   39.617721]  ? move_addr_to_kernel.part.18+0x100/0x100
[   39.622979]  ? security_socket_sendmsg+0x94/0xc0
[   39.627710]  ? ipip_gro_receive+0x100/0x100
[   39.632012]  sock_sendmsg+0xd5/0x120
[   39.635703]  ___sys_sendmsg+0x525/0x940
[   39.639658]  ? graph_lock+0x170/0x170
[   39.643437]  ? copy_msghdr_from_user+0x560/0x560
[   39.648171]  ? find_held_lock+0x36/0x1c0
[   39.652207]  ? graph_lock+0x170/0x170
[   39.655986]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.661499]  ? __fget_light+0x2ef/0x430
[   39.665451]  ? fget_raw+0x20/0x20
[   39.668884]  ? find_held_lock+0x36/0x1c0
[   39.672932]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.678447]  ? sockfd_lookup_light+0xc5/0x160
[   39.682919]  __sys_sendmmsg+0x240/0x6f0
[   39.686875]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   39.691176]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.696689]  ? udp_lib_setsockopt+0xfa/0x600
[   39.701081]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.706596]  ? __sys_setsockopt+0x24f/0x390
[   39.710896]  ? kernel_accept+0x310/0x310
[   39.714934]  ? mm_fault_error+0x380/0x380
[   39.719063]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   39.723883]  __x64_sys_sendmmsg+0x9d/0x100
[   39.728096]  do_syscall_64+0x1b1/0x800
[   39.731961]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   39.736783]  ? syscall_return_slowpath+0x5c0/0x5c0
[   39.741690]  ? syscall_return_slowpath+0x30f/0x5c0
[   39.746598]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   39.751940]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.756761]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.761926] RIP: 0033:0x441829
[   39.765091] RSP: 002b:00007ffd0f219308 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
[   39.772776] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441829
[   39.780021] RDX: 040000000000011d RSI: 0000000020001c40 RDI: 0000000000000003
[   39.787266] RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000
[   39.794510] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000402520
[   39.801754] R13: 00000000004025b0 R14: 0000000000000000 R15: 0000000000000000
[   39.809460] Dumping ftrace buffer:
[   39.813042]    (ftrace buffer empty)
[   39.816729] Kernel Offset: disabled
[   39.820336] Rebooting in 86400 seconds..