[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 33.506691] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.566011] random: sshd: uninitialized urandom read (32 bytes read) [ 38.949660] random: sshd: uninitialized urandom read (32 bytes read) [ 40.207933] random: sshd: uninitialized urandom read (32 bytes read) [ 43.979000] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. [ 49.516775] random: sshd: uninitialized urandom read (32 bytes read) [ 49.639553] IPVS: ftp: loaded support on port[0] = 21 [ 49.740618] ip (4595) used greatest stack depth: 54328 bytes left [ 49.824250] ip (4604) used greatest stack depth: 54056 bytes left [ 49.840938] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.847395] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.854808] device bridge_slave_0 entered promiscuous mode [ 49.878300] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.884712] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.892177] device bridge_slave_1 entered promiscuous mode [ 49.915299] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.938817] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.005320] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.031614] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.133311] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.140619] team0: Port device team_slave_0 added [ 50.163315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.170595] team0: Port device team_slave_1 added [ 50.193716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.219983] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.245799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.272423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 50.480840] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.487258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.494061] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.500475] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 51.258921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.332298] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.404814] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.411134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.418904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.489098] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 51.904816] ================================================================== [ 51.912208] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 51.918603] CPU: 1 PID: 4587 Comm: syz-executor330 Not tainted 4.17.0+ #22 [ 51.925600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.934934] Call Trace: [ 51.937516] dump_stack+0x185/0x1d0 [ 51.941142] kmsan_report+0x188/0x2a0 [ 51.944949] __msan_warning_32+0x70/0xc0 [ 51.948996] ip_tunnel_xmit+0x5dc/0x37c0 [ 51.953054] ? skb_push+0x16b/0x260 [ 51.956665] ? packet_rcv+0x2e4/0x2210 [ 51.960554] ipgre_xmit+0xe16/0xef0 [ 51.964169] ? ipgre_close+0x230/0x230 [ 51.968048] dev_hard_start_xmit+0x5f6/0xc80 [ 51.972461] __dev_queue_xmit+0x2ad2/0x3540 [ 51.976769] ? packet_sendmsg+0x6672/0x8cc0 [ 51.981085] dev_queue_xmit+0x4b/0x60 [ 51.984867] ? __netdev_pick_tx+0xb50/0xb50 [ 51.989170] packet_sendmsg+0x818b/0x8cc0 [ 51.993308] ? kmsan_set_origin+0x9e/0x160 [ 51.997523] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 52.002878] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 52.008332] ? copy_msghdr_from_user+0x72c/0x830 [ 52.013074] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 52.018425] ? compat_packet_setsockopt+0x360/0x360 [ 52.023424] ___sys_sendmsg+0xec8/0x1320 [ 52.027495] ? __fdget+0x4e/0x60 [ 52.030864] __x64_sys_sendmsg+0x331/0x460 [ 52.035088] ? ___sys_sendmsg+0x1320/0x1320 [ 52.039479] do_syscall_64+0x15b/0x230 [ 52.043351] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.048528] RIP: 0033:0x4411b9 [ 52.051714] RSP: 002b:00007ffdd7605358 EFLAGS: 00000207 ORIG_RAX: 000000000000002e [ 52.059403] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004411b9 [ 52.066660] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 52.073917] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 52.081167] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000402120 [ 52.088416] R13: 00000000004021b0 R14: 0000000000000000 R15: 0000000000000000 [ 52.095674] [ 52.097281] Uninit was created at: [ 52.100807] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 52.105890] kmsan_kmalloc+0x94/0x100 [ 52.109680] kmsan_slab_alloc+0x10/0x20 [ 52.113639] __kmalloc_node_track_caller+0xb35/0x11b0 [ 52.118815] __alloc_skb+0x2cb/0x9e0 [ 52.122513] alloc_skb_with_frags+0x1e6/0xb80 [ 52.126997] sock_alloc_send_pskb+0xb56/0x11a0 [ 52.131565] packet_sendmsg+0x6672/0x8cc0 [ 52.135702] ___sys_sendmsg+0xec8/0x1320 [ 52.139750] __x64_sys_sendmsg+0x331/0x460 [ 52.143966] do_syscall_64+0x15b/0x230 [ 52.147840] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.153007] ================================================================== [ 52.160351] Disabling lock debugging due to kernel taint [ 52.165782] Kernel panic - not syncing: panic_on_warn set ... [ 52.165782] [ 52.173138] CPU: 1 PID: 4587 Comm: syz-executor330 Tainted: G B 4.17.0+ #22 [ 52.181517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.190856] Call Trace: [ 52.193439] dump_stack+0x185/0x1d0 [ 52.197058] panic+0x3d0/0x9b0 [ 52.200245] kmsan_report+0x29e/0x2a0 [ 52.204051] __msan_warning_32+0x70/0xc0 [ 52.208098] ip_tunnel_xmit+0x5dc/0x37c0 [ 52.212147] ? skb_push+0x16b/0x260 [ 52.215757] ? packet_rcv+0x2e4/0x2210 [ 52.219642] ipgre_xmit+0xe16/0xef0 [ 52.223264] ? ipgre_close+0x230/0x230 [ 52.227232] dev_hard_start_xmit+0x5f6/0xc80 [ 52.231643] __dev_queue_xmit+0x2ad2/0x3540 [ 52.235957] ? packet_sendmsg+0x6672/0x8cc0 [ 52.240272] dev_queue_xmit+0x4b/0x60 [ 52.244063] ? __netdev_pick_tx+0xb50/0xb50 [ 52.248377] packet_sendmsg+0x818b/0x8cc0 [ 52.252511] ? kmsan_set_origin+0x9e/0x160 [ 52.256727] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 52.262083] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 52.267522] ? copy_msghdr_from_user+0x72c/0x830 [ 52.272270] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 52.277622] ? compat_packet_setsockopt+0x360/0x360 [ 52.282625] ___sys_sendmsg+0xec8/0x1320 [ 52.286678] ? __fdget+0x4e/0x60 [ 52.290070] __x64_sys_sendmsg+0x331/0x460 [ 52.294303] ? ___sys_sendmsg+0x1320/0x1320 [ 52.298613] do_syscall_64+0x15b/0x230 [ 52.302486] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.307669] RIP: 0033:0x4411b9 [ 52.310840] RSP: 002b:00007ffdd7605358 EFLAGS: 00000207 ORIG_RAX: 000000000000002e [ 52.318528] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004411b9 [ 52.325782] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 52.333047] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 52.340307] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000402120 [ 52.347559] R13: 00000000004021b0 R14: 0000000000000000 R15: 0000000000000000 [ 52.355292] Dumping ftrace buffer: [ 52.358810] (ftrace buffer empty) [ 52.362500] Kernel Offset: disabled [ 52.366110] Rebooting in 86400 seconds..