[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.282124] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.620456] random: sshd: uninitialized urandom read (32 bytes read) [ 34.071249] random: sshd: uninitialized urandom read (32 bytes read) [ 35.192429] random: sshd: uninitialized urandom read (32 bytes read) [ 35.397419] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. [ 40.971948] random: sshd: uninitialized urandom read (32 bytes read) [ 41.076614] IPVS: ftp: loaded support on port[0] = 21 [ 41.211012] ip (4491) used greatest stack depth: 54328 bytes left [ 41.239498] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.245883] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.253155] device bridge_slave_0 entered promiscuous mode [ 41.272173] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.278585] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.285745] device bridge_slave_1 entered promiscuous mode [ 41.304284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.323637] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.374959] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.396399] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.475713] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.482859] team0: Port device team_slave_0 added [ 41.502298] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.509528] team0: Port device team_slave_1 added [ 41.530268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.552136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.574510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.597477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 41.752712] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.759134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.765873] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.772250] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 42.346958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.405297] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.462713] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.468982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.476825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.535348] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 42.857566] ================================================================== [ 42.864954] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 42.871356] CPU: 1 PID: 4475 Comm: syz-executor378 Not tainted 4.17.0+ #9 [ 42.878253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.887582] Call Trace: [ 42.890145] dump_stack+0x185/0x1d0 [ 42.893748] kmsan_report+0x188/0x2a0 [ 42.897527] __msan_warning_32+0x70/0xc0 [ 42.901565] ip_tunnel_xmit+0x5dc/0x37c0 [ 42.905608] ? skb_push+0x16b/0x260 [ 42.909221] ipgre_xmit+0xe16/0xef0 [ 42.912827] ? ipgre_close+0x230/0x230 [ 42.916692] dev_hard_start_xmit+0x5f6/0xc80 [ 42.921084] __dev_queue_xmit+0x2ad2/0x3540 [ 42.925381] ? packet_sendmsg+0x6672/0x8cc0 [ 42.929678] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 42.934415] dev_queue_xmit+0x4b/0x60 [ 42.938192] ? __netdev_pick_tx+0xb50/0xb50 [ 42.942490] packet_sendmsg+0x818b/0x8cc0 [ 42.946617] ? kmsan_set_origin+0x9e/0x160 [ 42.950828] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 42.956172] ? rw_copy_check_uvector+0x5af/0x6c0 [ 42.960908] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 42.966338] ? copy_msghdr_from_user+0x72c/0x830 [ 42.971081] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 42.976436] ? compat_packet_setsockopt+0x360/0x360 [ 42.981441] ___sys_sendmsg+0xec8/0x1320 [ 42.985483] ? __fdget+0x4e/0x60 [ 42.988832] __x64_sys_sendmsg+0x331/0x460 [ 42.993058] ? ___sys_sendmsg+0x1320/0x1320 [ 42.997363] do_syscall_64+0x15b/0x230 [ 43.001229] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.006393] RIP: 0033:0x441179 [ 43.009558] RSP: 002b:00007ffc9c82e768 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 43.017241] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179 [ 43.024486] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 43.031733] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 43.038988] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402080 [ 43.046247] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 43.053494] [ 43.055094] Uninit was created at: [ 43.058612] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 43.063692] kmsan_kmalloc+0x94/0x100 [ 43.067469] kmsan_slab_alloc+0x10/0x20 [ 43.071417] __kmalloc_node_track_caller+0xb35/0x11b0 [ 43.076583] __alloc_skb+0x2cb/0x9e0 [ 43.080270] alloc_skb_with_frags+0x1e6/0xb80 [ 43.084742] sock_alloc_send_pskb+0xb56/0x11a0 [ 43.089301] packet_sendmsg+0x6672/0x8cc0 [ 43.093424] ___sys_sendmsg+0xec8/0x1320 [ 43.097460] __x64_sys_sendmsg+0x331/0x460 [ 43.101669] do_syscall_64+0x15b/0x230 [ 43.105537] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.110699] ================================================================== [ 43.118032] Disabling lock debugging due to kernel taint [ 43.123461] Kernel panic - not syncing: panic_on_warn set ... [ 43.123461] [ 43.130799] CPU: 1 PID: 4475 Comm: syz-executor378 Tainted: G B 4.17.0+ #9 [ 43.139087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.148416] Call Trace: [ 43.150979] dump_stack+0x185/0x1d0 [ 43.154591] panic+0x3d0/0x990 [ 43.157788] kmsan_report+0x29e/0x2a0 [ 43.161585] __msan_warning_32+0x70/0xc0 [ 43.165633] ip_tunnel_xmit+0x5dc/0x37c0 [ 43.169670] ? skb_push+0x16b/0x260 [ 43.173280] ipgre_xmit+0xe16/0xef0 [ 43.176884] ? ipgre_close+0x230/0x230 [ 43.180749] dev_hard_start_xmit+0x5f6/0xc80 [ 43.185136] __dev_queue_xmit+0x2ad2/0x3540 [ 43.189448] ? packet_sendmsg+0x6672/0x8cc0 [ 43.193745] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 43.198492] dev_queue_xmit+0x4b/0x60 [ 43.202268] ? __netdev_pick_tx+0xb50/0xb50 [ 43.206566] packet_sendmsg+0x818b/0x8cc0 [ 43.210692] ? kmsan_set_origin+0x9e/0x160 [ 43.214905] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 43.220244] ? rw_copy_check_uvector+0x5af/0x6c0 [ 43.224980] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 43.230422] ? copy_msghdr_from_user+0x72c/0x830 [ 43.235154] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 43.240495] ? compat_packet_setsockopt+0x360/0x360 [ 43.245486] ___sys_sendmsg+0xec8/0x1320 [ 43.249527] ? __fdget+0x4e/0x60 [ 43.252873] __x64_sys_sendmsg+0x331/0x460 [ 43.257086] ? ___sys_sendmsg+0x1320/0x1320 [ 43.261385] do_syscall_64+0x15b/0x230 [ 43.265251] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.270424] RIP: 0033:0x441179 [ 43.273590] RSP: 002b:00007ffc9c82e768 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 43.281273] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179 [ 43.288518] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 43.295764] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 43.303017] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402080 [ 43.310272] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 43.317951] Dumping ftrace buffer: [ 43.321469] (ftrace buffer empty) [ 43.325161] Kernel Offset: disabled [ 43.328759] Rebooting in 86400 seconds..