[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   33.720085] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.192000] random: sshd: uninitialized urandom read (32 bytes read)
[   37.564781] random: sshd: uninitialized urandom read (32 bytes read)
[   38.476645] random: sshd: uninitialized urandom read (32 bytes read)
[   38.744150] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.218' (ECDSA) to the list of known hosts.
[   44.596637] random: sshd: uninitialized urandom read (32 bytes read)
[   44.741501] IPVS: ftp: loaded support on port[0] = 21
[   44.958856] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.965276] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.972951] device bridge_slave_0 entered promiscuous mode
[   44.999262] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.005772] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.013378] device bridge_slave_1 entered promiscuous mode
[   45.037941] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.063319] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.133504] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   45.162082] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   45.272778] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   45.280565] team0: Port device team_slave_0 added
[   45.304749] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   45.312465] team0: Port device team_slave_1 added
[   45.336873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   45.365804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   45.393474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.421058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[   45.657625] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.664092] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.670976] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.677397] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   46.526337] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.608215] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.688941] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.695133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.703649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.782840] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   47.259493] ==================================================================
[   47.266897] BUG: KMSAN: uninit-value in ip_rcv_core+0xabd/0x1160
[   47.273042] CPU: 1 PID: 4270 Comm: syz-executor158 Not tainted 4.19.0-rc1+ #42
[   47.280415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.289770] Call Trace:
[   47.292403]  <IRQ>
[   47.294554]  dump_stack+0x14b/0x190
[   47.298189]  kmsan_report+0x183/0x2b0
[   47.302010]  __msan_warning+0x70/0xc0
[   47.305811]  ip_rcv_core+0xabd/0x1160
[   47.309623]  ip_rcv+0xbb/0x6d0
[   47.312819]  process_backlog+0x752/0x10b0
[   47.317011]  ? ip_local_deliver_finish+0xea0/0xea0
[   47.321936]  ? rps_trigger_softirq+0x2e0/0x2e0
[   47.326513]  net_rx_action+0x723/0x19d0
[   47.330536]  ? net_tx_action+0xc40/0xc40
[   47.334590]  __do_softirq+0x562/0x948
[   47.338394]  do_softirq_own_stack+0x49/0x80
[   47.342720]  </IRQ>
[   47.344964]  __local_bh_enable_ip+0x119/0x150
[   47.349458]  local_bh_enable+0x36/0x40
[   47.353340]  __dev_queue_xmit+0x35a8/0x3ab0
[   47.357655]  ? kmsan_memcpy_origins+0x111/0x1b0
[   47.362363]  dev_queue_xmit+0x4b/0x60
[   47.366154]  ? __netdev_pick_tx+0x12e0/0x12e0
[   47.370655]  packet_sendmsg+0x80ff/0x8c60
[   47.374814]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   47.380259]  ___sys_sendmsg+0xe70/0x1290
[   47.384339]  ? compat_packet_setsockopt+0x360/0x360
[   47.389386]  __se_sys_sendmsg+0x2a3/0x3d0
[   47.393542]  __x64_sys_sendmsg+0x4a/0x70
[   47.397598]  do_syscall_64+0xb8/0x100
[   47.401412]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   47.406593] RIP: 0033:0x441149
[   47.409789] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.428720] RSP: 002b:00007ffebf721a18 EFLAGS: 00000286 ORIG_RAX: 000000000000002e
[   47.436439] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441149
[   47.443800] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[   47.451083] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   47.458364] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004020b0
[   47.465626] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000
[   47.472895] 
[   47.474509] Uninit was stored to memory at:
[   47.478830]  kmsan_internal_chain_origin+0x128/0x210
[   47.483933]  __msan_chain_origin+0x69/0xc0
[   47.488180]  iptunnel_xmit+0xa3c/0xd50
[   47.492062]  ip_tunnel_xmit+0x33e1/0x3750
[   47.496202]  ipgre_xmit+0xdcf/0xeb0
[   47.499822]  dev_hard_start_xmit+0x5df/0xc20
[   47.504221]  __dev_queue_xmit+0x2f35/0x3ab0
[   47.508549]  dev_queue_xmit+0x4b/0x60
[   47.512357]  packet_sendmsg+0x80ff/0x8c60
[   47.516499]  ___sys_sendmsg+0xe70/0x1290
[   47.520549]  __se_sys_sendmsg+0x2a3/0x3d0
[   47.524696]  __x64_sys_sendmsg+0x4a/0x70
[   47.528771]  do_syscall_64+0xb8/0x100
[   47.532579]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   47.537757] 
[   47.539384] Uninit was created at:
[   47.542916]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   47.548006]  kmsan_kmalloc+0x98/0x100
[   47.551794]  kmsan_slab_alloc+0x10/0x20
[   47.555761]  __kmalloc_node_track_caller+0x9e7/0x1160
[   47.560963]  __alloc_skb+0x2f5/0x9e0
[   47.564673]  alloc_skb_with_frags+0x1d0/0xac0
[   47.569184]  sock_alloc_send_pskb+0xb47/0x1170
[   47.573780]  packet_sendmsg+0x6599/0x8c60
[   47.577936]  ___sys_sendmsg+0xe70/0x1290
[   47.581988]  __se_sys_sendmsg+0x2a3/0x3d0
[   47.586125]  __x64_sys_sendmsg+0x4a/0x70
[   47.590185]  do_syscall_64+0xb8/0x100
[   47.593999]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   47.599179] ==================================================================
[   47.606526] Disabling lock debugging due to kernel taint
[   47.611968] Kernel panic - not syncing: panic_on_warn set ...
[   47.611968] 
[   47.619344] CPU: 1 PID: 4270 Comm: syz-executor158 Tainted: G    B             4.19.0-rc1+ #42
[   47.628079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.637423] Call Trace:
[   47.639998]  <IRQ>
[   47.642147]  dump_stack+0x14b/0x190
[   47.645796]  panic+0x35d/0x8cb
[   47.649015]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[   47.654466]  kmsan_report+0x2a8/0x2b0
[   47.658269]  __msan_warning+0x70/0xc0
[   47.662067]  ip_rcv_core+0xabd/0x1160
[   47.665873]  ip_rcv+0xbb/0x6d0
[   47.669071]  process_backlog+0x752/0x10b0
[   47.673225]  ? ip_local_deliver_finish+0xea0/0xea0
[   47.678154]  ? rps_trigger_softirq+0x2e0/0x2e0
[   47.682748]  net_rx_action+0x723/0x19d0
[   47.686750]  ? net_tx_action+0xc40/0xc40
[   47.690810]  __do_softirq+0x562/0x948
[   47.694612]  do_softirq_own_stack+0x49/0x80
[   47.698922]  </IRQ>
[   47.701155]  __local_bh_enable_ip+0x119/0x150
[   47.705657]  local_bh_enable+0x36/0x40
[   47.709547]  __dev_queue_xmit+0x35a8/0x3ab0
[   47.713866]  ? kmsan_memcpy_origins+0x111/0x1b0
[   47.718552]  dev_queue_xmit+0x4b/0x60
[   47.722348]  ? __netdev_pick_tx+0x12e0/0x12e0
[   47.726837]  packet_sendmsg+0x80ff/0x8c60
[   47.731003]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   47.736402]  ___sys_sendmsg+0xe70/0x1290
[   47.740468]  ? compat_packet_setsockopt+0x360/0x360
[   47.745514]  __se_sys_sendmsg+0x2a3/0x3d0
[   47.749677]  __x64_sys_sendmsg+0x4a/0x70
[   47.753766]  do_syscall_64+0xb8/0x100
[   47.757577]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   47.762762] RIP: 0033:0x441149
[   47.765946] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.784842] RSP: 002b:00007ffebf721a18 EFLAGS: 00000286 ORIG_RAX: 000000000000002e
[   47.792546] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441149
[   47.799803] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[   47.807063] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   47.814323] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004020b0
[   47.821579] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000
[   47.829251] Dumping ftrace buffer:
[   47.832788]    (ftrace buffer empty)
[   47.836482] Kernel Offset: disabled
[   47.840100] Rebooting in 86400 seconds..