[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 33.263058] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 34.110830] random: sshd: uninitialized urandom read (32 bytes read) [ 34.519394] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.787796] random: sshd: uninitialized urandom read (32 bytes read) [ 36.025477] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. [ 41.554646] random: sshd: uninitialized urandom read (32 bytes read) [ 41.676992] IPVS: ftp: loaded support on port[0] = 21 [ 41.721388] ip (4580) used greatest stack depth: 54152 bytes left [ 41.880170] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.886601] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.894102] device bridge_slave_0 entered promiscuous mode [ 41.918179] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.924599] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.932010] device bridge_slave_1 entered promiscuous mode [ 41.955443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.978791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.045694] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.072114] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.179615] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.186942] team0: Port device team_slave_0 added [ 42.212365] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.220115] team0: Port device team_slave_1 added [ 42.244441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.265900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.292205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.318673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 42.531564] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.538000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.544831] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.551261] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 43.326155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.401631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.477105] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.483363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.491894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.562995] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 43.993266] ================================================================== [ 44.000678] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 44.007087] CPU: 0 PID: 4578 Comm: syz-executor270 Not tainted 4.17.0+ #22 [ 44.014092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.023439] Call Trace: [ 44.026034] dump_stack+0x185/0x1d0 [ 44.029664] kmsan_report+0x188/0x2a0 [ 44.033485] __msan_warning_32+0x70/0xc0 [ 44.037549] ip_tunnel_xmit+0x5dc/0x37c0 [ 44.041611] ? skb_push+0x16b/0x260 [ 44.045257] ipgre_xmit+0xe16/0xef0 [ 44.048876] ? ipgre_close+0x230/0x230 [ 44.052760] dev_hard_start_xmit+0x5f6/0xc80 [ 44.057193] __dev_queue_xmit+0x2ad2/0x3540 [ 44.061514] ? packet_sendmsg+0x6672/0x8cc0 [ 44.065859] dev_queue_xmit+0x4b/0x60 [ 44.069648] ? __netdev_pick_tx+0xb50/0xb50 [ 44.073957] packet_sendmsg+0x818b/0x8cc0 [ 44.078105] ? kmsan_set_origin+0x9e/0x160 [ 44.082346] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 44.087708] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 44.093152] ? copy_msghdr_from_user+0x72c/0x830 [ 44.097987] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 44.103355] ? compat_packet_setsockopt+0x360/0x360 [ 44.108371] ___sys_sendmsg+0xec8/0x1320 [ 44.112435] ? __fdget+0x4e/0x60 [ 44.115823] __x64_sys_sendmsg+0x331/0x460 [ 44.120070] ? ___sys_sendmsg+0x1320/0x1320 [ 44.124380] do_syscall_64+0x15b/0x230 [ 44.128260] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.133438] RIP: 0033:0x441199 [ 44.136611] RSP: 002b:00007ffc73cd6248 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 44.144302] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199 [ 44.151569] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 44.158849] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 44.166129] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100 [ 44.173563] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 44.181003] [ 44.182648] Uninit was created at: [ 44.186183] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 44.191294] kmsan_kmalloc+0x94/0x100 [ 44.195100] kmsan_slab_alloc+0x10/0x20 [ 44.199065] __kmalloc_node_track_caller+0xb35/0x11b0 [ 44.204251] __alloc_skb+0x2cb/0x9e0 [ 44.207956] alloc_skb_with_frags+0x1e6/0xb80 [ 44.212446] sock_alloc_send_pskb+0xb56/0x11a0 [ 44.217037] packet_sendmsg+0x6672/0x8cc0 [ 44.221184] ___sys_sendmsg+0xec8/0x1320 [ 44.225232] __x64_sys_sendmsg+0x331/0x460 [ 44.229461] do_syscall_64+0x15b/0x230 [ 44.233334] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.238500] ================================================================== [ 44.245838] Disabling lock debugging due to kernel taint [ 44.251274] Kernel panic - not syncing: panic_on_warn set ... [ 44.251274] [ 44.258625] CPU: 0 PID: 4578 Comm: syz-executor270 Tainted: G B 4.17.0+ #22 [ 44.267795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.277151] Call Trace: [ 44.279738] dump_stack+0x185/0x1d0 [ 44.283356] panic+0x3d0/0x9b0 [ 44.286544] kmsan_report+0x29e/0x2a0 [ 44.290336] __msan_warning_32+0x70/0xc0 [ 44.294384] ip_tunnel_xmit+0x5dc/0x37c0 [ 44.298429] ? skb_push+0x16b/0x260 [ 44.302079] ipgre_xmit+0xe16/0xef0 [ 44.305700] ? ipgre_close+0x230/0x230 [ 44.309572] dev_hard_start_xmit+0x5f6/0xc80 [ 44.313974] __dev_queue_xmit+0x2ad2/0x3540 [ 44.318279] ? packet_sendmsg+0x6672/0x8cc0 [ 44.322598] dev_queue_xmit+0x4b/0x60 [ 44.326395] ? __netdev_pick_tx+0xb50/0xb50 [ 44.330704] packet_sendmsg+0x818b/0x8cc0 [ 44.334842] ? kmsan_set_origin+0x9e/0x160 [ 44.339163] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 44.344530] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 44.349973] ? copy_msghdr_from_user+0x72c/0x830 [ 44.354900] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 44.360271] ? compat_packet_setsockopt+0x360/0x360 [ 44.365280] ___sys_sendmsg+0xec8/0x1320 [ 44.369347] ? __fdget+0x4e/0x60 [ 44.372726] __x64_sys_sendmsg+0x331/0x460 [ 44.376952] ? ___sys_sendmsg+0x1320/0x1320 [ 44.381259] do_syscall_64+0x15b/0x230 [ 44.385136] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.390310] RIP: 0033:0x441199 [ 44.393480] RSP: 002b:00007ffc73cd6248 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 44.401173] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199 [ 44.408427] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 44.415685] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 44.422941] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100 [ 44.430208] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 44.437935] Dumping ftrace buffer: [ 44.441467] (ftrace buffer empty) [ 44.445159] Kernel Offset: disabled [ 44.448780] Rebooting in 86400 seconds..