[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 31.264914] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.975403] random: sshd: uninitialized urandom read (32 bytes read) [ 34.270239] random: sshd: uninitialized urandom read (32 bytes read) [ 35.460569] random: sshd: uninitialized urandom read (32 bytes read) [ 35.685705] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. [ 41.239189] random: sshd: uninitialized urandom read (32 bytes read) [ 41.358576] IPVS: ftp: loaded support on port[0] = 21 [ 41.545705] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.552125] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.559554] device bridge_slave_0 entered promiscuous mode [ 41.582186] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.588613] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.596066] device bridge_slave_1 entered promiscuous mode [ 41.618341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.641193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.704158] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.731128] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.828745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.835987] team0: Port device team_slave_0 added [ 41.857619] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.864820] team0: Port device team_slave_1 added [ 41.886591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.911619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.936460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.956278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 42.155361] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.161762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.168503] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.174891] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 42.882530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.952257] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.021661] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.027862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.035666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.105757] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 43.497603] ================================================================== [ 43.504993] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 43.511390] CPU: 0 PID: 4531 Comm: syz-executor780 Not tainted 4.17.0+ #18 [ 43.518374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.527701] Call Trace: [ 43.530267] dump_stack+0x185/0x1d0 [ 43.533872] kmsan_report+0x188/0x2a0 [ 43.537658] __msan_warning_32+0x70/0xc0 [ 43.541696] ip_tunnel_xmit+0x5dc/0x37c0 [ 43.545755] ? skb_push+0x16b/0x260 [ 43.549371] ipgre_xmit+0xe16/0xef0 [ 43.552976] ? ipgre_close+0x230/0x230 [ 43.556838] dev_hard_start_xmit+0x5f6/0xc80 [ 43.561229] __dev_queue_xmit+0x2ad2/0x3540 [ 43.565538] ? packet_sendmsg+0x6672/0x8cc0 [ 43.569840] dev_queue_xmit+0x4b/0x60 [ 43.573617] ? __netdev_pick_tx+0xb50/0xb50 [ 43.577914] packet_sendmsg+0x818b/0x8cc0 [ 43.582045] ? kmsan_set_origin+0x9e/0x160 [ 43.586257] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 43.591605] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 43.597045] ? copy_msghdr_from_user+0x72c/0x830 [ 43.601776] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 43.607118] ? compat_packet_setsockopt+0x360/0x360 [ 43.612118] ___sys_sendmsg+0xec8/0x1320 [ 43.616167] ? __fdget+0x4e/0x60 [ 43.619514] __x64_sys_sendmsg+0x331/0x460 [ 43.623726] ? ___sys_sendmsg+0x1320/0x1320 [ 43.628030] do_syscall_64+0x15b/0x230 [ 43.631903] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 43.637081] RIP: 0033:0x441199 [ 43.640246] RSP: 002b:00007ffe2a0e1658 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 43.647938] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199 [ 43.655191] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 43.662439] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 43.669701] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100 [ 43.676948] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 43.684211] [ 43.685812] Uninit was created at: [ 43.689342] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 43.694420] kmsan_kmalloc+0x94/0x100 [ 43.698200] kmsan_slab_alloc+0x10/0x20 [ 43.702148] __kmalloc_node_track_caller+0xb35/0x11b0 [ 43.707314] __alloc_skb+0x2cb/0x9e0 [ 43.711000] alloc_skb_with_frags+0x1e6/0xb80 [ 43.715480] sock_alloc_send_pskb+0xb56/0x11a0 [ 43.720048] packet_sendmsg+0x6672/0x8cc0 [ 43.724173] ___sys_sendmsg+0xec8/0x1320 [ 43.728216] __x64_sys_sendmsg+0x331/0x460 [ 43.732424] do_syscall_64+0x15b/0x230 [ 43.736288] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 43.741447] ================================================================== [ 43.748794] Disabling lock debugging due to kernel taint [ 43.754215] Kernel panic - not syncing: panic_on_warn set ... [ 43.754215] [ 43.761581] CPU: 0 PID: 4531 Comm: syz-executor780 Tainted: G B 4.17.0+ #18 [ 43.769959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.779289] Call Trace: [ 43.781856] dump_stack+0x185/0x1d0 [ 43.785461] panic+0x3d0/0x990 [ 43.788640] kmsan_report+0x29e/0x2a0 [ 43.792417] __msan_warning_32+0x70/0xc0 [ 43.796455] ip_tunnel_xmit+0x5dc/0x37c0 [ 43.800498] ? skb_push+0x16b/0x260 [ 43.804106] ipgre_xmit+0xe16/0xef0 [ 43.807710] ? ipgre_close+0x230/0x230 [ 43.811572] dev_hard_start_xmit+0x5f6/0xc80 [ 43.815961] __dev_queue_xmit+0x2ad2/0x3540 [ 43.820260] ? packet_sendmsg+0x6672/0x8cc0 [ 43.824565] dev_queue_xmit+0x4b/0x60 [ 43.828349] ? __netdev_pick_tx+0xb50/0xb50 [ 43.832646] packet_sendmsg+0x818b/0x8cc0 [ 43.836771] ? kmsan_set_origin+0x9e/0x160 [ 43.840983] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 43.846329] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 43.851761] ? copy_msghdr_from_user+0x72c/0x830 [ 43.856494] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 43.861844] ? compat_packet_setsockopt+0x360/0x360 [ 43.866838] ___sys_sendmsg+0xec8/0x1320 [ 43.870886] ? __fdget+0x4e/0x60 [ 43.874239] __x64_sys_sendmsg+0x331/0x460 [ 43.878450] ? ___sys_sendmsg+0x1320/0x1320 [ 43.882756] do_syscall_64+0x15b/0x230 [ 43.886621] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 43.891784] RIP: 0033:0x441199 [ 43.894949] RSP: 002b:00007ffe2a0e1658 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 43.902633] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199 [ 43.909897] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 43.917149] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 43.924396] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100 [ 43.931640] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 43.939581] Dumping ftrace buffer: [ 43.943104] (ftrace buffer empty) [ 43.946789] Kernel Offset: disabled [ 43.950397] Rebooting in 86400 seconds..