[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.788022] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 30.738229] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.120517] random: sshd: uninitialized urandom read (32 bytes read) [ 32.293738] random: sshd: uninitialized urandom read (32 bytes read) [ 32.497531] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. [ 38.067800] random: sshd: uninitialized urandom read (32 bytes read) [ 38.178663] IPVS: ftp: loaded support on port[0] = 21 [ 38.233639] ip (4509) used greatest stack depth: 54232 bytes left [ 38.354923] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.361363] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.368787] device bridge_slave_0 entered promiscuous mode [ 38.389994] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.396426] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.403857] device bridge_slave_1 entered promiscuous mode [ 38.424349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 38.445483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 38.502919] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.526200] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.614818] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.622170] team0: Port device team_slave_0 added [ 38.641862] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.649198] team0: Port device team_slave_1 added [ 38.669674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.692851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.715823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.738691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 38.913625] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.920100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.926859] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.933279] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 39.278930] ip (4632) used greatest stack depth: 54120 bytes left RTNETLINK answers: Invalid argument [ 39.563438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.630139] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.694093] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 39.700378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.708655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.766442] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 40.116679] ================================================================== [ 40.124094] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 40.130484] CPU: 1 PID: 4505 Comm: syz-executor054 Not tainted 4.17.0+ #9 [ 40.137388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.146723] Call Trace: [ 40.149300] dump_stack+0x185/0x1d0 [ 40.152913] kmsan_report+0x188/0x2a0 [ 40.156696] __msan_warning_32+0x70/0xc0 [ 40.160739] ip_tunnel_xmit+0x5dc/0x37c0 [ 40.164791] ? skb_push+0x16b/0x260 [ 40.168407] ipgre_xmit+0xe16/0xef0 [ 40.172040] ? ipgre_close+0x230/0x230 [ 40.175919] dev_hard_start_xmit+0x5f6/0xc80 [ 40.180309] __dev_queue_xmit+0x2ad2/0x3540 [ 40.184622] ? packet_sendmsg+0x6672/0x8cc0 [ 40.188925] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 40.193669] dev_queue_xmit+0x4b/0x60 [ 40.197466] ? __netdev_pick_tx+0xb50/0xb50 [ 40.201768] packet_sendmsg+0x818b/0x8cc0 [ 40.205902] ? kmsan_set_origin+0x9e/0x160 [ 40.210121] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 40.215469] ? rw_copy_check_uvector+0x5af/0x6c0 [ 40.220214] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 40.225650] ? copy_msghdr_from_user+0x72c/0x830 [ 40.230390] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 40.235759] ? compat_packet_setsockopt+0x360/0x360 [ 40.240755] ___sys_sendmsg+0xec8/0x1320 [ 40.244799] ? __fdget+0x4e/0x60 [ 40.248151] __x64_sys_sendmsg+0x331/0x460 [ 40.252367] ? ___sys_sendmsg+0x1320/0x1320 [ 40.256679] do_syscall_64+0x15b/0x230 [ 40.260558] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.265727] RIP: 0033:0x441159 [ 40.268896] RSP: 002b:00007ffcad6783b8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 40.276585] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441159 [ 40.283844] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 40.291095] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 40.298344] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402060 [ 40.305613] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 40.312878] [ 40.314492] Uninit was created at: [ 40.318031] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 40.323125] kmsan_kmalloc+0x94/0x100 [ 40.326909] kmsan_slab_alloc+0x10/0x20 [ 40.330874] __kmalloc_node_track_caller+0xb35/0x11b0 [ 40.336055] __alloc_skb+0x2cb/0x9e0 [ 40.339752] alloc_skb_with_frags+0x1e6/0xb80 [ 40.344228] sock_alloc_send_pskb+0xb56/0x11a0 [ 40.348791] packet_sendmsg+0x6672/0x8cc0 [ 40.352915] ___sys_sendmsg+0xec8/0x1320 [ 40.356954] __x64_sys_sendmsg+0x331/0x460 [ 40.361170] do_syscall_64+0x15b/0x230 [ 40.365047] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.370229] ================================================================== [ 40.377564] Disabling lock debugging due to kernel taint [ 40.382993] Kernel panic - not syncing: panic_on_warn set ... [ 40.382993] [ 40.390339] CPU: 1 PID: 4505 Comm: syz-executor054 Tainted: G B 4.17.0+ #9 [ 40.398628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.407971] Call Trace: [ 40.410549] dump_stack+0x185/0x1d0 [ 40.414159] panic+0x3d0/0x990 [ 40.417343] kmsan_report+0x29e/0x2a0 [ 40.421138] __msan_warning_32+0x70/0xc0 [ 40.425183] ip_tunnel_xmit+0x5dc/0x37c0 [ 40.429240] ? skb_push+0x16b/0x260 [ 40.432856] ipgre_xmit+0xe16/0xef0 [ 40.436475] ? ipgre_close+0x230/0x230 [ 40.440344] dev_hard_start_xmit+0x5f6/0xc80 [ 40.444750] __dev_queue_xmit+0x2ad2/0x3540 [ 40.449058] ? packet_sendmsg+0x6672/0x8cc0 [ 40.453359] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 40.458109] dev_queue_xmit+0x4b/0x60 [ 40.461895] ? __netdev_pick_tx+0xb50/0xb50 [ 40.466196] packet_sendmsg+0x818b/0x8cc0 [ 40.470330] ? kmsan_set_origin+0x9e/0x160 [ 40.474546] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 40.479903] ? rw_copy_check_uvector+0x5af/0x6c0 [ 40.484655] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 40.490101] ? copy_msghdr_from_user+0x72c/0x830 [ 40.494839] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 40.500198] ? compat_packet_setsockopt+0x360/0x360 [ 40.505216] ___sys_sendmsg+0xec8/0x1320 [ 40.509260] ? __fdget+0x4e/0x60 [ 40.512609] __x64_sys_sendmsg+0x331/0x460 [ 40.516827] ? ___sys_sendmsg+0x1320/0x1320 [ 40.521144] do_syscall_64+0x15b/0x230 [ 40.525027] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.530207] RIP: 0033:0x441159 [ 40.533394] RSP: 002b:00007ffcad6783b8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 40.541081] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441159 [ 40.548330] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 40.555592] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 40.562852] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402060 [ 40.570102] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 40.577945] Dumping ftrace buffer: [ 40.581493] (ftrace buffer empty) [ 40.585180] Kernel Offset: disabled [ 40.588788] Rebooting in 86400 seconds..