[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   27.635702] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.481485] random: sshd: uninitialized urandom read (32 bytes read)
[   32.974223] random: sshd: uninitialized urandom read (32 bytes read)
[   34.119750] random: sshd: uninitialized urandom read (32 bytes read)
[   51.961399] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts.
[   57.768703] random: sshd: uninitialized urandom read (32 bytes read)
[   57.871578] IPVS: ftp: loaded support on port[0] = 21
[   58.021527] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.027971] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.035166] device bridge_slave_0 entered promiscuous mode
[   58.054506] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.060924] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.067972] device bridge_slave_1 entered promiscuous mode
[   58.086398] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   58.105723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   58.155831] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.177262] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.253838] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   58.261009] team0: Port device team_slave_0 added
[   58.279245] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   58.286475] team0: Port device team_slave_1 added
[   58.304681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   58.325901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   58.347384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   58.361406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   58.520110] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.526489] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.533181] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.539536] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   58.905706] ip (4595) used greatest stack depth: 54120 bytes left
[   59.006920] ip (4611) used greatest stack depth: 54096 bytes left
[   59.108489] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.165115] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   59.221392] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.227596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.234573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.289377] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   59.608010] ==================================================================
[   59.615402] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0
[   59.621785] CPU: 0 PID: 4462 Comm: syz-executor410 Not tainted 4.17.0+ #9
[   59.628693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.638024] Call Trace:
[   59.640603]  dump_stack+0x185/0x1d0
[   59.644211]  kmsan_report+0x188/0x2a0
[   59.647990]  __msan_warning_32+0x70/0xc0
[   59.652031]  ip_tunnel_xmit+0x5dc/0x37c0
[   59.656069]  ? skb_push+0x16b/0x260
[   59.659678]  ? packet_rcv+0x2e4/0x2210
[   59.663564]  ipgre_xmit+0xe16/0xef0
[   59.667168]  ? ipgre_close+0x230/0x230
[   59.671037]  dev_hard_start_xmit+0x5f6/0xc80
[   59.675442]  __dev_queue_xmit+0x2ad2/0x3540
[   59.679742]  ? packet_sendmsg+0x6672/0x8cc0
[   59.684041]  ? sock_alloc_send_pskb+0xff3/0x11a0
[   59.688778]  dev_queue_xmit+0x4b/0x60
[   59.692562]  ? __netdev_pick_tx+0xb50/0xb50
[   59.696869]  packet_sendmsg+0x818b/0x8cc0
[   59.700998]  ? kmsan_set_origin+0x9e/0x160
[   59.705210]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   59.710550]  ? rw_copy_check_uvector+0x5af/0x6c0
[   59.715285]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   59.720715]  ? copy_msghdr_from_user+0x72c/0x830
[   59.725447]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   59.730790]  ? compat_packet_setsockopt+0x360/0x360
[   59.735780]  ___sys_sendmsg+0xec8/0x1320
[   59.739831]  ? __fdget+0x4e/0x60
[   59.743194]  __x64_sys_sendmsg+0x331/0x460
[   59.747407]  ? ___sys_sendmsg+0x1320/0x1320
[   59.751702]  do_syscall_64+0x15b/0x230
[   59.755566]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   59.760730] RIP: 0033:0x441179
[   59.763895] RSP: 002b:00007ffd1d39a708 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   59.771592] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179
[   59.778847] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000004
[   59.786091] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000
[   59.793337] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000402080
[   59.800582] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000
[   59.807843] 
[   59.809446] Uninit was created at:
[   59.813053]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   59.818132]  kmsan_kmalloc+0x94/0x100
[   59.821910]  kmsan_slab_alloc+0x10/0x20
[   59.825862]  __kmalloc_node_track_caller+0xb35/0x11b0
[   59.831031]  __alloc_skb+0x2cb/0x9e0
[   59.834719]  alloc_skb_with_frags+0x1e6/0xb80
[   59.839190]  sock_alloc_send_pskb+0xb56/0x11a0
[   59.843758]  packet_sendmsg+0x6672/0x8cc0
[   59.847890]  ___sys_sendmsg+0xec8/0x1320
[   59.851923]  __x64_sys_sendmsg+0x331/0x460
[   59.856141]  do_syscall_64+0x15b/0x230
[   59.860005]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   59.865167] ==================================================================
[   59.872507] Disabling lock debugging due to kernel taint
[   59.877928] Kernel panic - not syncing: panic_on_warn set ...
[   59.877928] 
[   59.885266] CPU: 0 PID: 4462 Comm: syz-executor410 Tainted: G    B             4.17.0+ #9
[   59.893553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.902883] Call Trace:
[   59.905449]  dump_stack+0x185/0x1d0
[   59.909056]  panic+0x3d0/0x990
[   59.912238]  kmsan_report+0x29e/0x2a0
[   59.916034]  __msan_warning_32+0x70/0xc0
[   59.920075]  ip_tunnel_xmit+0x5dc/0x37c0
[   59.924114]  ? skb_push+0x16b/0x260
[   59.927716]  ? packet_rcv+0x2e4/0x2210
[   59.931586]  ipgre_xmit+0xe16/0xef0
[   59.935202]  ? ipgre_close+0x230/0x230
[   59.939076]  dev_hard_start_xmit+0x5f6/0xc80
[   59.943462]  __dev_queue_xmit+0x2ad2/0x3540
[   59.947758]  ? packet_sendmsg+0x6672/0x8cc0
[   59.952064]  ? sock_alloc_send_pskb+0xff3/0x11a0
[   59.956822]  dev_queue_xmit+0x4b/0x60
[   59.960603]  ? __netdev_pick_tx+0xb50/0xb50
[   59.964898]  packet_sendmsg+0x818b/0x8cc0
[   59.969025]  ? kmsan_set_origin+0x9e/0x160
[   59.973242]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   59.978585]  ? rw_copy_check_uvector+0x5af/0x6c0
[   59.983320]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   59.988749]  ? copy_msghdr_from_user+0x72c/0x830
[   59.994262]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   59.999601]  ? compat_packet_setsockopt+0x360/0x360
[   60.004592]  ___sys_sendmsg+0xec8/0x1320
[   60.008631]  ? __fdget+0x4e/0x60
[   60.011976]  __x64_sys_sendmsg+0x331/0x460
[   60.016384]  ? ___sys_sendmsg+0x1320/0x1320
[   60.020683]  do_syscall_64+0x15b/0x230
[   60.024549]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   60.029712] RIP: 0033:0x441179
[   60.032876] RSP: 002b:00007ffd1d39a708 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   60.040558] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441179
[   60.047804] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000004
[   60.055050] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000
[   60.062301] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000402080
[   60.069556] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000
[   60.077356] Dumping ftrace buffer:
[   60.080900]    (ftrace buffer empty)
[   60.084585] Kernel Offset: disabled
[   60.088190] Rebooting in 86400 seconds..