[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 28.253475] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.273167] random: sshd: uninitialized urandom read (32 bytes read) [ 33.675274] random: sshd: uninitialized urandom read (32 bytes read) [ 34.821969] random: sshd: uninitialized urandom read (32 bytes read) [ 35.041801] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 40.606388] random: sshd: uninitialized urandom read (32 bytes read) [ 40.711454] IPVS: ftp: loaded support on port[0] = 21 [ 40.856840] ip (4475) used greatest stack depth: 54328 bytes left [ 40.870203] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.876579] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.883756] device bridge_slave_0 entered promiscuous mode [ 40.903349] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.909733] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.916826] device bridge_slave_1 entered promiscuous mode [ 40.935885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 40.955969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.017351] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.039315] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.119068] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.126657] team0: Port device team_slave_0 added [ 41.144973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.152223] team0: Port device team_slave_1 added [ 41.171270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.192611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.214668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.231224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 41.395238] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.401632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.408355] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.414730] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 41.998440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.059738] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.120020] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.126281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.134450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.190645] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 42.527264] ================================================================== [ 42.534661] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 42.541056] CPU: 0 PID: 4458 Comm: syz-executor381 Not tainted 4.17.0+ #9 [ 42.547964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.557311] Call Trace: [ 42.559879] dump_stack+0x185/0x1d0 [ 42.563483] kmsan_report+0x188/0x2a0 [ 42.567262] __msan_warning_32+0x70/0xc0 [ 42.571302] ip_tunnel_xmit+0x5dc/0x37c0 [ 42.575339] ? skb_push+0x16b/0x260 [ 42.578941] ? packet_rcv+0x2e4/0x2210 [ 42.582813] ipgre_xmit+0xe16/0xef0 [ 42.586419] ? ipgre_close+0x230/0x230 [ 42.590296] dev_hard_start_xmit+0x5f6/0xc80 [ 42.594684] __dev_queue_xmit+0x2ad2/0x3540 [ 42.598983] ? packet_sendmsg+0x6672/0x8cc0 [ 42.603286] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 42.608040] dev_queue_xmit+0x4b/0x60 [ 42.611824] ? __netdev_pick_tx+0xb50/0xb50 [ 42.616143] packet_sendmsg+0x818b/0x8cc0 [ 42.620276] ? kmsan_set_origin+0x9e/0x160 [ 42.624492] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 42.629836] ? rw_copy_check_uvector+0x5af/0x6c0 [ 42.634576] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 42.640012] ? copy_msghdr_from_user+0x72c/0x830 [ 42.644756] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 42.650107] ? compat_packet_setsockopt+0x360/0x360 [ 42.655107] ___sys_sendmsg+0xec8/0x1320 [ 42.659149] ? __fdget+0x4e/0x60 [ 42.662498] __x64_sys_sendmsg+0x331/0x460 [ 42.666710] ? ___sys_sendmsg+0x1320/0x1320 [ 42.671011] do_syscall_64+0x15b/0x230 [ 42.674893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.680061] RIP: 0033:0x441179 [ 42.683226] RSP: 002b:00007ffc87b8c088 EFLAGS: 00000207 ORIG_RAX: 000000000000002e [ 42.690911] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179 [ 42.698156] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 42.705412] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 42.712660] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000402080 [ 42.719915] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 42.727172] [ 42.728796] Uninit was created at: [ 42.732319] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 42.737397] kmsan_kmalloc+0x94/0x100 [ 42.741175] kmsan_slab_alloc+0x10/0x20 [ 42.745126] __kmalloc_node_track_caller+0xb35/0x11b0 [ 42.750292] __alloc_skb+0x2cb/0x9e0 [ 42.753981] alloc_skb_with_frags+0x1e6/0xb80 [ 42.758452] sock_alloc_send_pskb+0xb56/0x11a0 [ 42.763016] packet_sendmsg+0x6672/0x8cc0 [ 42.767146] ___sys_sendmsg+0xec8/0x1320 [ 42.771184] __x64_sys_sendmsg+0x331/0x460 [ 42.775396] do_syscall_64+0x15b/0x230 [ 42.779261] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.784421] ================================================================== [ 42.791750] Disabling lock debugging due to kernel taint [ 42.797171] Kernel panic - not syncing: panic_on_warn set ... [ 42.797171] [ 42.804510] CPU: 0 PID: 4458 Comm: syz-executor381 Tainted: G B 4.17.0+ #9 [ 42.812798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.822125] Call Trace: [ 42.824692] dump_stack+0x185/0x1d0 [ 42.828297] panic+0x3d0/0x990 [ 42.831469] kmsan_report+0x29e/0x2a0 [ 42.835246] __msan_warning_32+0x70/0xc0 [ 42.839284] ip_tunnel_xmit+0x5dc/0x37c0 [ 42.843324] ? skb_push+0x16b/0x260 [ 42.846928] ? packet_rcv+0x2e4/0x2210 [ 42.850797] ipgre_xmit+0xe16/0xef0 [ 42.854402] ? ipgre_close+0x230/0x230 [ 42.858266] dev_hard_start_xmit+0x5f6/0xc80 [ 42.862652] __dev_queue_xmit+0x2ad2/0x3540 [ 42.866946] ? packet_sendmsg+0x6672/0x8cc0 [ 42.871243] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 42.875982] dev_queue_xmit+0x4b/0x60 [ 42.879761] ? __netdev_pick_tx+0xb50/0xb50 [ 42.884060] packet_sendmsg+0x818b/0x8cc0 [ 42.888193] ? kmsan_set_origin+0x9e/0x160 [ 42.892408] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 42.897749] ? rw_copy_check_uvector+0x5af/0x6c0 [ 42.902486] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 42.907916] ? copy_msghdr_from_user+0x72c/0x830 [ 42.912663] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 42.918021] ? compat_packet_setsockopt+0x360/0x360 [ 42.923031] ___sys_sendmsg+0xec8/0x1320 [ 42.927090] ? __fdget+0x4e/0x60 [ 42.930446] __x64_sys_sendmsg+0x331/0x460 [ 42.934659] ? ___sys_sendmsg+0x1320/0x1320 [ 42.938960] do_syscall_64+0x15b/0x230 [ 42.942829] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.947995] RIP: 0033:0x441179 [ 42.951166] RSP: 002b:00007ffc87b8c088 EFLAGS: 00000207 ORIG_RAX: 000000000000002e [ 42.958874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179 [ 42.966120] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 42.973365] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 42.980613] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000402080 [ 42.987858] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 42.995573] Dumping ftrace buffer: [ 42.999091] (ftrace buffer empty) [ 43.002774] Kernel Offset: disabled [ 43.006373] Rebooting in 86400 seconds..