[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 29.557977] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.319438] random: sshd: uninitialized urandom read (32 bytes read) [ 31.680886] random: sshd: uninitialized urandom read (32 bytes read) [ 32.839098] random: sshd: uninitialized urandom read (32 bytes read) [ 33.069112] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. [ 38.647691] random: sshd: uninitialized urandom read (32 bytes read) [ 38.763727] IPVS: ftp: loaded support on port[0] = 21 [ 38.822756] ip (4522) used greatest stack depth: 54440 bytes left [ 38.938236] ip (4535) used greatest stack depth: 54328 bytes left [ 38.954101] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.960559] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.968221] device bridge_slave_0 entered promiscuous mode [ 38.990980] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.997460] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.005098] device bridge_slave_1 entered promiscuous mode [ 39.028193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.052145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.116488] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.141683] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.238122] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.245797] team0: Port device team_slave_0 added [ 39.268375] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.275720] team0: Port device team_slave_1 added [ 39.297890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.322994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.347577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.373614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 39.565233] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.571676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.578478] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.585012] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 40.320543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.394098] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.469475] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.475868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.484582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.553317] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 40.975414] ================================================================== [ 40.983445] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 40.989875] CPU: 1 PID: 4518 Comm: syz-executor406 Not tainted 4.17.0+ #9 [ 40.996804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.006173] Call Trace: [ 41.008782] dump_stack+0x185/0x1d0 [ 41.012542] kmsan_report+0x188/0x2a0 [ 41.016384] __msan_warning_32+0x70/0xc0 [ 41.020476] ip_tunnel_xmit+0x5dc/0x37c0 [ 41.024562] ? skb_push+0x16b/0x260 [ 41.028316] ipgre_xmit+0xe16/0xef0 [ 41.031966] ? ipgre_close+0x230/0x230 [ 41.035959] dev_hard_start_xmit+0x5f6/0xc80 [ 41.040396] __dev_queue_xmit+0x2ad2/0x3540 [ 41.044742] ? packet_sendmsg+0x6672/0x8cc0 [ 41.049100] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 41.053911] dev_queue_xmit+0x4b/0x60 [ 41.057877] ? __netdev_pick_tx+0xb50/0xb50 [ 41.062221] packet_sendmsg+0x818b/0x8cc0 [ 41.066411] ? kmsan_set_origin+0x9e/0x160 [ 41.070704] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 41.076094] ? rw_copy_check_uvector+0x5af/0x6c0 [ 41.080870] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 41.086326] ? copy_msghdr_from_user+0x72c/0x830 [ 41.091081] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 41.097613] ? compat_packet_setsockopt+0x360/0x360 [ 41.102646] ___sys_sendmsg+0xec8/0x1320 [ 41.106722] ? __fdget+0x4e/0x60 [ 41.110091] __x64_sys_sendmsg+0x331/0x460 [ 41.114327] ? ___sys_sendmsg+0x1320/0x1320 [ 41.118666] do_syscall_64+0x15b/0x230 [ 41.122664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.127880] RIP: 0033:0x441159 [ 41.131169] RSP: 002b:00007ffd67f0c0d8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 41.138885] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441159 [ 41.146254] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 41.153704] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 41.160998] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402060 [ 41.168291] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 41.175566] [ 41.177187] Uninit was created at: [ 41.180733] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 41.185837] kmsan_kmalloc+0x94/0x100 [ 41.189645] kmsan_slab_alloc+0x10/0x20 [ 41.193618] __kmalloc_node_track_caller+0xb35/0x11b0 [ 41.198802] __alloc_skb+0x2cb/0x9e0 [ 41.202499] alloc_skb_with_frags+0x1e6/0xb80 [ 41.206989] sock_alloc_send_pskb+0xb56/0x11a0 [ 41.211590] packet_sendmsg+0x6672/0x8cc0 [ 41.215744] ___sys_sendmsg+0xec8/0x1320 [ 41.219814] __x64_sys_sendmsg+0x331/0x460 [ 41.224056] do_syscall_64+0x15b/0x230 [ 41.227939] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.233120] ================================================================== [ 41.240470] Disabling lock debugging due to kernel taint [ 41.245920] Kernel panic - not syncing: panic_on_warn set ... [ 41.245920] [ 41.253289] CPU: 1 PID: 4518 Comm: syz-executor406 Tainted: G B 4.17.0+ #9 [ 41.261634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.271001] Call Trace: [ 41.273605] dump_stack+0x185/0x1d0 [ 41.277238] panic+0x3d0/0x990 [ 41.280434] kmsan_report+0x29e/0x2a0 [ 41.284232] __msan_warning_32+0x70/0xc0 [ 41.288321] ip_tunnel_xmit+0x5dc/0x37c0 [ 41.292395] ? skb_push+0x16b/0x260 [ 41.296047] ipgre_xmit+0xe16/0xef0 [ 41.299689] ? ipgre_close+0x230/0x230 [ 41.303589] dev_hard_start_xmit+0x5f6/0xc80 [ 41.308034] __dev_queue_xmit+0x2ad2/0x3540 [ 41.312386] ? packet_sendmsg+0x6672/0x8cc0 [ 41.316719] ? sock_alloc_send_pskb+0xff3/0x11a0 [ 41.321507] dev_queue_xmit+0x4b/0x60 [ 41.325327] ? __netdev_pick_tx+0xb50/0xb50 [ 41.329681] packet_sendmsg+0x818b/0x8cc0 [ 41.333860] ? kmsan_set_origin+0x9e/0x160 [ 41.338137] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 41.343515] ? rw_copy_check_uvector+0x5af/0x6c0 [ 41.348286] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 41.353744] ? copy_msghdr_from_user+0x72c/0x830 [ 41.358516] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 41.363908] ? compat_packet_setsockopt+0x360/0x360 [ 41.368946] ___sys_sendmsg+0xec8/0x1320 [ 41.373038] ? __fdget+0x4e/0x60 [ 41.376436] __x64_sys_sendmsg+0x331/0x460 [ 41.380701] ? ___sys_sendmsg+0x1320/0x1320 [ 41.385044] do_syscall_64+0x15b/0x230 [ 41.388954] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.394157] RIP: 0033:0x441159 [ 41.397359] RSP: 002b:00007ffd67f0c0d8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 41.405082] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441159 [ 41.412378] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 41.419678] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 41.426965] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000402060 [ 41.434248] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 41.442217] Dumping ftrace buffer: [ 41.445764] (ftrace buffer empty) [ 41.449483] Kernel Offset: disabled [ 41.453143] Rebooting in 86400 seconds..