[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   30.124010] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.648132] random: sshd: uninitialized urandom read (32 bytes read)
[   33.087539] random: sshd: uninitialized urandom read (32 bytes read)
[   34.193771] random: sshd: uninitialized urandom read (32 bytes read)
[   34.398092] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts.
[   39.859801] random: sshd: uninitialized urandom read (32 bytes read)
[   39.970978] IPVS: ftp: loaded support on port[0] = 21
[   40.098364] ip (4490) used greatest stack depth: 54344 bytes left
[   40.144974] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.151409] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.158720] device bridge_slave_0 entered promiscuous mode
[   40.179973] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.186410] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.193946] device bridge_slave_1 entered promiscuous mode
[   40.214776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   40.235760] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   40.289685] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   40.311883] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   40.397480] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   40.404710] team0: Port device team_slave_0 added
[   40.425307] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   40.432516] team0: Port device team_slave_1 added
[   40.452280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.474594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.498437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.515919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   40.697125] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.703599] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.710381] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.716860] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   41.377337] 8021q: adding VLAN 0 to HW filter on device bond0
[   41.444455] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.511485] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   41.517714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.525917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.586910] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   41.935395] ==================================================================
[   41.942803] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5e9/0x37c0
[   41.949211] CPU: 0 PID: 4477 Comm: syz-executor440 Not tainted 4.17.0-rc5+ #101
[   41.956651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.965982] Call Trace:
[   41.968553]  dump_stack+0x185/0x1d0
[   41.972188]  ? ip_tunnel_xmit+0x5e9/0x37c0
[   41.976412]  kmsan_report+0x149/0x260
[   41.980193]  __msan_warning_32+0x6e/0xc0
[   41.984238]  ip_tunnel_xmit+0x5e9/0x37c0
[   41.988288]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   41.993637]  ? skb_push+0x16b/0x260
[   41.997249]  ? __msan_metadata_ptr_for_store_2+0x13/0x20
[   42.002682]  ? gre_build_header+0x5ab/0xaa0
[   42.006985]  ipgre_xmit+0xdb7/0xe90
[   42.010597]  ? ipgre_close+0x230/0x230
[   42.014470]  dev_hard_start_xmit+0x5f1/0xc70
[   42.018866]  __dev_queue_xmit+0x27ee/0x3520
[   42.023176]  ? sock_alloc_send_pskb+0x13b/0x1190
[   42.027923]  ? sock_alloc_send_pskb+0xfee/0x1190
[   42.032675]  dev_queue_xmit+0x4b/0x60
[   42.036451]  ? __netdev_pick_tx+0xb60/0xb60
[   42.040752]  packet_sendmsg+0x7cc3/0x8ac0
[   42.044888]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[   42.050321]  ? pagevec_lru_move_fn+0x490/0x4e0
[   42.054884]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   42.060318]  ? __walk_page_range+0x9f0/0x23d0
[   42.064805]  ? lru_cache_add_active_or_unevictable+0x497/0x5f0
[   42.070754]  ? kmsan_set_origin_inline+0x6b/0x120
[   42.075577]  ? __msan_poison_alloca+0x15c/0x1d0
[   42.080235]  ? compat_packet_setsockopt+0x360/0x360
[   42.085234]  __sys_sendto+0x6c0/0x7e0
[   42.089047]  __x64_sys_sendto+0x1a1/0x210
[   42.093178]  do_syscall_64+0x154/0x220
[   42.097064]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.102232] RIP: 0033:0x441179
[   42.105398] RSP: 002b:00007fffe2507098 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   42.113096] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179
[   42.120351] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   42.127600] RBP: 00000000006cc018 R08: 0000000020000080 R09: 000000000000001c
[   42.134855] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000402080
[   42.142105] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000
[   42.149366] 
[   42.151058] Uninit was created at:
[   42.154590]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   42.159671]  kmsan_kmalloc+0x94/0x100
[   42.163451]  kmsan_slab_alloc+0x10/0x20
[   42.167402]  __kmalloc_node_track_caller+0xb32/0x11b0
[   42.172569]  __alloc_skb+0x2cf/0x9f0
[   42.176269]  alloc_skb_with_frags+0x1e6/0xb80
[   42.180741]  sock_alloc_send_pskb+0xb56/0x1190
[   42.185300]  packet_sendmsg+0x648d/0x8ac0
[   42.189427]  __sys_sendto+0x6c0/0x7e0
[   42.193211]  __x64_sys_sendto+0x1a1/0x210
[   42.197349]  do_syscall_64+0x154/0x220
[   42.201220]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.206381] ==================================================================
[   42.213727] Disabling lock debugging due to kernel taint
[   42.219153] Kernel panic - not syncing: panic_on_warn set ...
[   42.219153] 
[   42.226497] CPU: 0 PID: 4477 Comm: syz-executor440 Tainted: G    B             4.17.0-rc5+ #101
[   42.235304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.244635] Call Trace:
[   42.247208]  dump_stack+0x185/0x1d0
[   42.250816]  panic+0x39d/0x940
[   42.254009]  ? ip_tunnel_xmit+0x5e9/0x37c0
[   42.258236]  kmsan_report+0x260/0x260
[   42.262566]  __msan_warning_32+0x6e/0xc0
[   42.266612]  ip_tunnel_xmit+0x5e9/0x37c0
[   42.270650]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   42.275997]  ? skb_push+0x16b/0x260
[   42.279611]  ? __msan_metadata_ptr_for_store_2+0x13/0x20
[   42.285049]  ? gre_build_header+0x5ab/0xaa0
[   42.289359]  ipgre_xmit+0xdb7/0xe90
[   42.292965]  ? ipgre_close+0x230/0x230
[   42.297179]  dev_hard_start_xmit+0x5f1/0xc70
[   42.301583]  __dev_queue_xmit+0x27ee/0x3520
[   42.305881]  ? sock_alloc_send_pskb+0x13b/0x1190
[   42.310703]  ? sock_alloc_send_pskb+0xfee/0x1190
[   42.315443]  dev_queue_xmit+0x4b/0x60
[   42.319237]  ? __netdev_pick_tx+0xb60/0xb60
[   42.323539]  packet_sendmsg+0x7cc3/0x8ac0
[   42.327665]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[   42.333104]  ? pagevec_lru_move_fn+0x490/0x4e0
[   42.337683]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   42.343114]  ? __walk_page_range+0x9f0/0x23d0
[   42.347662]  ? lru_cache_add_active_or_unevictable+0x497/0x5f0
[   42.353615]  ? kmsan_set_origin_inline+0x6b/0x120
[   42.358435]  ? __msan_poison_alloca+0x15c/0x1d0
[   42.363100]  ? compat_packet_setsockopt+0x360/0x360
[   42.368105]  __sys_sendto+0x6c0/0x7e0
[   42.371892]  __x64_sys_sendto+0x1a1/0x210
[   42.376030]  do_syscall_64+0x154/0x220
[   42.379908]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   42.385077] RIP: 0033:0x441179
[   42.388242] RSP: 002b:00007fffe2507098 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   42.395929] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179
[   42.403189] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   42.410450] RBP: 00000000006cc018 R08: 0000000020000080 R09: 000000000000001c
[   42.417713] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000402080
[   42.424961] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000
[   42.432824] Dumping ftrace buffer:
[   42.436353]    (ftrace buffer empty)
[   42.440039] Kernel Offset: disabled
[   42.443670] Rebooting in 86400 seconds..