[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   36.664344] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   39.270953] random: sshd: uninitialized urandom read (32 bytes read)
[   39.825671] random: sshd: uninitialized urandom read (32 bytes read)
[   41.301373] random: sshd: uninitialized urandom read (32 bytes read)
[   41.551994] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts.
[   47.130518] random: sshd: uninitialized urandom read (32 bytes read)
[   47.268501] IPVS: ftp: loaded support on port[0] = 21
[   47.388301] ip (4611) used greatest stack depth: 53744 bytes left
[   47.501497] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.507966] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.515686] device bridge_slave_0 entered promiscuous mode
[   47.542643] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.549217] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.556813] device bridge_slave_1 entered promiscuous mode
[   47.581333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.606788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.640669] ip (4630) used greatest stack depth: 53616 bytes left
[   47.685679] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   47.715494] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   47.833311] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   47.840783] team0: Port device team_slave_0 added
[   47.866326] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   47.873754] team0: Port device team_slave_1 added
[   47.899607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.929527] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.958539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.987098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[   48.234697] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.241177] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.248148] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.254602] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   49.212319] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.306118] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.393800] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.400179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.408014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.488580] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   49.987235] ==================================================================
[   49.994666] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x63a/0x3b10
[   50.001100] CPU: 1 PID: 4603 Comm: syz-executor712 Not tainted 4.18.0-rc4+ #27
[   50.008447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.017792] Call Trace:
[   50.020381]  dump_stack+0x185/0x1e0
[   50.024006]  kmsan_report+0x195/0x2c0
[   50.027809]  __msan_warning+0x7d/0xe0
[   50.031604]  ip_tunnel_xmit+0x63a/0x3b10
[   50.035662]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   50.041055]  ? gre_build_header+0x5ab/0xaa0
[   50.045424]  ipgre_xmit+0xe16/0xef0
[   50.049079]  ? ipgre_close+0x230/0x230
[   50.052978]  dev_hard_start_xmit+0x60f/0xcc0
[   50.057595]  __dev_queue_xmit+0x3060/0x3c70
[   50.061936]  dev_queue_xmit+0x4b/0x60
[   50.065841]  ? __netdev_pick_tx+0xb60/0xb60
[   50.070155]  packet_sendmsg+0x8469/0x9010
[   50.074325]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   50.079777]  ? rw_copy_check_uvector+0x630/0x710
[   50.084575]  ? copy_msghdr_from_user+0x75e/0x8c0
[   50.089388]  ? copy_msghdr_from_user+0x75e/0x8c0
[   50.094190]  ? compat_packet_setsockopt+0x360/0x360
[   50.099264]  ___sys_sendmsg+0xed9/0x1350
[   50.103844]  ? __msan_poison_alloca+0x183/0x220
[   50.108522]  ? __fdget+0x4e/0x60
[   50.111912]  ? __fget_light+0x67/0x760
[   50.115849]  ? __fdget+0x4e/0x60
[   50.119261]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   50.124662]  ? __fget_light+0x205/0x760
[   50.128641]  ? kmsan_set_origin_inline+0x6b/0x120
[   50.133506]  __x64_sys_sendmsg+0x3b0/0x520
[   50.137769]  ? ___sys_sendmsg+0x1350/0x1350
[   50.142112]  do_syscall_64+0x15b/0x230
[   50.146026]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   50.151339] RIP: 0033:0x4412f9
[   50.154525] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   50.173758] RSP: 002b:00007ffdc77f10d8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   50.181484] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004412f9
[   50.188765] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003
[   50.196050] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000
[   50.203363] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402260
[   50.210644] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000
[   50.218026] 
[   50.219674] Uninit was created at:
[   50.223229]  kmsan_internal_poison_shadow+0xc8/0x1d0
[   50.228350]  kmsan_kmalloc+0xa1/0x120
[   50.232423]  kmsan_slab_alloc+0x10/0x20
[   50.236448]  __kmalloc_node_track_caller+0xb48/0x11d0
[   50.241688]  __alloc_skb+0x2cb/0x9e0
[   50.245695]  alloc_skb_with_frags+0x1e6/0xb80
[   50.250204]  sock_alloc_send_pskb+0xb59/0x11e0
[   50.254793]  packet_sendmsg+0x68cb/0x9010
[   50.258954]  ___sys_sendmsg+0xed9/0x1350
[   50.263045]  __x64_sys_sendmsg+0x3b0/0x520
[   50.267303]  do_syscall_64+0x15b/0x230
[   50.271203]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   50.276413] ==================================================================
[   50.283769] Disabling lock debugging due to kernel taint
[   50.289226] Kernel panic - not syncing: panic_on_warn set ...
[   50.289226] 
[   50.296604] CPU: 1 PID: 4603 Comm: syz-executor712 Tainted: G    B             4.18.0-rc4+ #27
[   50.305342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.314691] Call Trace:
[   50.317282]  dump_stack+0x185/0x1e0
[   50.320963]  panic+0x3d0/0x9b0
[   50.324183]  kmsan_report+0x2bf/0x2c0
[   50.327995]  __msan_warning+0x7d/0xe0
[   50.331803]  ip_tunnel_xmit+0x63a/0x3b10
[   50.335859]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   50.341347]  ? gre_build_header+0x5ab/0xaa0
[   50.345677]  ipgre_xmit+0xe16/0xef0
[   50.349315]  ? ipgre_close+0x230/0x230
[   50.353209]  dev_hard_start_xmit+0x60f/0xcc0
[   50.357630]  __dev_queue_xmit+0x3060/0x3c70
[   50.361965]  dev_queue_xmit+0x4b/0x60
[   50.365780]  ? __netdev_pick_tx+0xb60/0xb60
[   50.370141]  packet_sendmsg+0x8469/0x9010
[   50.374312]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   50.379779]  ? rw_copy_check_uvector+0x630/0x710
[   50.384571]  ? copy_msghdr_from_user+0x75e/0x8c0
[   50.389343]  ? copy_msghdr_from_user+0x75e/0x8c0
[   50.394130]  ? compat_packet_setsockopt+0x360/0x360
[   50.399177]  ___sys_sendmsg+0xed9/0x1350
[   50.403262]  ? __msan_poison_alloca+0x183/0x220
[   50.407936]  ? __fdget+0x4e/0x60
[   50.411307]  ? __fget_light+0x67/0x760
[   50.415200]  ? __fdget+0x4e/0x60
[   50.418584]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   50.423943]  ? __fget_light+0x205/0x760
[   50.427917]  ? kmsan_set_origin_inline+0x6b/0x120
[   50.432803]  __x64_sys_sendmsg+0x3b0/0x520
[   50.437084]  ? ___sys_sendmsg+0x1350/0x1350
[   50.441415]  do_syscall_64+0x15b/0x230
[   50.445367]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   50.450593] RIP: 0033:0x4412f9
[   50.453775] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   50.473220] RSP: 002b:00007ffdc77f10d8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   50.480942] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004412f9
[   50.488218] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003
[   50.495481] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000
[   50.502748] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402260
[   50.510015] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000
[   50.518029] Dumping ftrace buffer:
[   50.521578]    (ftrace buffer empty)
[   50.525288] Kernel Offset: disabled
[   50.528916] Rebooting in 86400 seconds..