[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   30.270252] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   35.140121] random: sshd: uninitialized urandom read (32 bytes read)
[   35.623590] random: sshd: uninitialized urandom read (32 bytes read)
[   36.745517] random: sshd: uninitialized urandom read (32 bytes read)
[   36.955559] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
[   42.409621] random: sshd: uninitialized urandom read (32 bytes read)
[   42.530653] IPVS: ftp: loaded support on port[0] = 21
[   42.678344] ip (4520) used greatest stack depth: 54312 bytes left
[   42.691942] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.698329] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.705617] device bridge_slave_0 entered promiscuous mode
[   42.725832] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.732270] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.739609] device bridge_slave_1 entered promiscuous mode
[   42.759410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   42.779885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   42.834354] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   42.857103] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   42.943058] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   42.950762] team0: Port device team_slave_0 added
[   42.970685] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   42.977909] team0: Port device team_slave_1 added
[   42.998381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   43.016705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   43.040343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.063402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   43.236078] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.242502] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.249262] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.255671] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   43.888908] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.953422] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.017925] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   44.024182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.033744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.091739] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   44.436438] ==================================================================
[   44.443831] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37b0
[   44.450229] CPU: 1 PID: 4503 Comm: syz-executor833 Not tainted 4.17.0-rc5+ #102
[   44.457655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.466986] Call Trace:
[   44.469555]  dump_stack+0x185/0x1d0
[   44.473160]  ? ip_tunnel_xmit+0x5dc/0x37b0
[   44.477375]  kmsan_report+0x149/0x260
[   44.481155]  __msan_warning_32+0x6e/0xc0
[   44.485367]  ip_tunnel_xmit+0x5dc/0x37b0
[   44.489405]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   44.494750]  ? skb_push+0x16b/0x260
[   44.498354]  ? __msan_metadata_ptr_for_store_2+0x13/0x20
[   44.503779]  ? gre_build_header+0x5ab/0xaa0
[   44.508079]  ipgre_xmit+0xe16/0xef0
[   44.511685]  ? ipgre_close+0x230/0x230
[   44.515555]  dev_hard_start_xmit+0x5f1/0xc70
[   44.519955]  __dev_queue_xmit+0x2311/0x3510
[   44.524261]  ? sock_alloc_send_pskb+0x13b/0x1190
[   44.528993]  ? sock_alloc_send_pskb+0xfee/0x1190
[   44.533752]  dev_queue_xmit+0x4b/0x60
[   44.537529]  ? __netdev_pick_tx+0xb50/0xb50
[   44.541831]  packet_sendmsg+0x7d62/0x8ab0
[   44.545963]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[   44.551393]  ? pagevec_lru_move_fn+0x490/0x4e0
[   44.555960]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   44.561388]  ? pgtable_trans_huge_deposit+0x439/0x5d0
[   44.566553]  ? kmsan_set_origin_inline+0x6b/0x120
[   44.571377]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   44.576730]  ? compat_packet_setsockopt+0x360/0x360
[   44.581724]  __sys_sendto+0x6c0/0x7e0
[   44.585506]  __x64_sys_sendto+0x1a1/0x210
[   44.589633]  do_syscall_64+0x152/0x230
[   44.593501]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   44.598679] RIP: 0033:0x441179
[   44.601849] RSP: 002b:00007ffd571e25f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   44.609540] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179
[   44.616787] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   44.624041] RBP: 00000000006cc018 R08: 0000000020000080 R09: 000000000000001c
[   44.631297] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000402080
[   44.638542] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000
[   44.645790] 
[   44.647394] Uninit was created at:
[   44.650915]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   44.656000]  kmsan_kmalloc+0x94/0x100
[   44.659785]  kmsan_slab_alloc+0x10/0x20
[   44.663735]  __kmalloc_node_track_caller+0xb32/0x11b0
[   44.668901]  __alloc_skb+0x2cb/0x9e0
[   44.672593]  alloc_skb_with_frags+0x1e6/0xb80
[   44.677068]  sock_alloc_send_pskb+0xb56/0x1190
[   44.681629]  packet_sendmsg+0x6584/0x8ab0
[   44.685756]  __sys_sendto+0x6c0/0x7e0
[   44.689531]  __x64_sys_sendto+0x1a1/0x210
[   44.693655]  do_syscall_64+0x152/0x230
[   44.697521]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   44.702681] ==================================================================
[   44.710020] Disabling lock debugging due to kernel taint
[   44.715456] Kernel panic - not syncing: panic_on_warn set ...
[   44.715456] 
[   44.722801] CPU: 1 PID: 4503 Comm: syz-executor833 Tainted: G    B             4.17.0-rc5+ #102
[   44.731609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.740938] Call Trace:
[   44.743507]  dump_stack+0x185/0x1d0
[   44.747115]  panic+0x39d/0x940
[   44.750292]  ? ip_tunnel_xmit+0x5dc/0x37b0
[   44.754506]  kmsan_report+0x260/0x260
[   44.758285]  __msan_warning_32+0x6e/0xc0
[   44.762329]  ip_tunnel_xmit+0x5dc/0x37b0
[   44.766366]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   44.771730]  ? skb_push+0x16b/0x260
[   44.775336]  ? __msan_metadata_ptr_for_store_2+0x13/0x20
[   44.780762]  ? gre_build_header+0x5ab/0xaa0
[   44.785068]  ipgre_xmit+0xe16/0xef0
[   44.788676]  ? ipgre_close+0x230/0x230
[   44.792541]  dev_hard_start_xmit+0x5f1/0xc70
[   44.796937]  __dev_queue_xmit+0x2311/0x3510
[   44.801234]  ? sock_alloc_send_pskb+0x13b/0x1190
[   44.805967]  ? sock_alloc_send_pskb+0xfee/0x1190
[   44.810711]  dev_queue_xmit+0x4b/0x60
[   44.814488]  ? __netdev_pick_tx+0xb50/0xb50
[   44.818789]  packet_sendmsg+0x7d62/0x8ab0
[   44.822914]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[   44.828344]  ? pagevec_lru_move_fn+0x490/0x4e0
[   44.832909]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   44.838338]  ? pgtable_trans_huge_deposit+0x439/0x5d0
[   44.843506]  ? kmsan_set_origin_inline+0x6b/0x120
[   44.848418]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   44.853765]  ? compat_packet_setsockopt+0x360/0x360
[   44.858776]  __sys_sendto+0x6c0/0x7e0
[   44.862561]  __x64_sys_sendto+0x1a1/0x210
[   44.866688]  do_syscall_64+0x152/0x230
[   44.870566]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   44.875730] RIP: 0033:0x441179
[   44.878899] RSP: 002b:00007ffd571e25f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   44.886590] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179
[   44.893836] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   44.901088] RBP: 00000000006cc018 R08: 0000000020000080 R09: 000000000000001c
[   44.908336] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000402080
[   44.915582] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000
[   44.923274] Dumping ftrace buffer:
[   44.926792]    (ftrace buffer empty)
[   44.930491] Kernel Offset: disabled
[   44.934094] Rebooting in 86400 seconds..