[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 40.091816] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.566366] random: sshd: uninitialized urandom read (32 bytes read) [ 43.990291] random: sshd: uninitialized urandom read (32 bytes read) [ 45.559983] random: sshd: uninitialized urandom read (32 bytes read) [ 45.835786] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. [ 51.379822] random: sshd: uninitialized urandom read (32 bytes read) [ 51.517014] IPVS: ftp: loaded support on port[0] = 21 [ 51.596383] ip (4645) used greatest stack depth: 54440 bytes left [ 51.702945] ip (4654) used greatest stack depth: 54424 bytes left [ 51.775877] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.783219] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.791284] device bridge_slave_0 entered promiscuous mode [ 51.819815] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.826330] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.834141] device bridge_slave_1 entered promiscuous mode [ 51.863835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.892898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.977998] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.009472] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.139132] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.146768] team0: Port device team_slave_0 added [ 52.176100] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.183834] team0: Port device team_slave_1 added [ 52.212758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.237958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.269737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.300783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available [ 52.563260] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.569902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.576805] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.583342] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 52.769645] ip (4736) used greatest stack depth: 54120 bytes left RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 53.554122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.647623] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.742547] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.748862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.758663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.848495] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 54.392890] ================================================================== [ 54.393057] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 [ 54.393057] CPU: 0 PID: 4641 Comm: syz-executor166 Not tainted 4.17.0+ #22 [ 54.393057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.393057] Call Trace: [ 54.393057] dump_stack+0x185/0x1d0 [ 54.393057] kmsan_report+0x188/0x2a0 [ 54.393057] __msan_warning_32+0x70/0xc0 [ 54.393057] ip_tunnel_xmit+0x5dc/0x37c0 [ 54.393057] ? skb_push+0x16b/0x260 [ 54.393057] ipgre_xmit+0xe16/0xef0 [ 54.393057] ? ipgre_close+0x230/0x230 [ 54.393057] dev_hard_start_xmit+0x5f6/0xc80 [ 54.393057] __dev_queue_xmit+0x2ad2/0x3540 [ 54.393057] ? packet_sendmsg+0x6672/0x8cc0 [ 54.393057] dev_queue_xmit+0x4b/0x60 [ 54.393057] ? __netdev_pick_tx+0xb50/0xb50 [ 54.393057] packet_sendmsg+0x818b/0x8cc0 [ 54.393057] ? kmsan_set_origin+0x9e/0x160 [ 54.393057] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 54.393057] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 54.393057] ? copy_msghdr_from_user+0x72c/0x830 [ 54.393057] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 54.393057] ? compat_packet_setsockopt+0x360/0x360 [ 54.393057] ___sys_sendmsg+0xec8/0x1320 [ 54.393057] ? __fdget+0x4e/0x60 [ 54.393057] __x64_sys_sendmsg+0x331/0x460 [ 54.393057] ? ___sys_sendmsg+0x1320/0x1320 [ 54.393057] do_syscall_64+0x15b/0x230 [ 54.393057] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 54.393057] RIP: 0033:0x441199 [ 54.393057] RSP: 002b:00007fffa10f1cd8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 54.393057] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199 [ 54.393057] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 54.393057] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 54.393057] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100 [ 54.393057] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 54.393057] [ 54.393057] Uninit was created at: [ 54.393057] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 54.393057] kmsan_kmalloc+0x94/0x100 [ 54.393057] kmsan_slab_alloc+0x10/0x20 [ 54.393057] __kmalloc_node_track_caller+0xb35/0x11b0 [ 54.393057] __alloc_skb+0x2cb/0x9e0 [ 54.393057] alloc_skb_with_frags+0x1e6/0xb80 [ 54.393057] sock_alloc_send_pskb+0xb56/0x11a0 [ 54.393057] packet_sendmsg+0x6672/0x8cc0 [ 54.393057] ___sys_sendmsg+0xec8/0x1320 [ 54.393057] __x64_sys_sendmsg+0x331/0x460 [ 54.393057] do_syscall_64+0x15b/0x230 [ 54.393057] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 54.393057] ================================================================== [ 54.393057] Disabling lock debugging due to kernel taint [ 54.393057] Kernel panic - not syncing: panic_on_warn set ... [ 54.393057] [ 54.393057] CPU: 0 PID: 4641 Comm: syz-executor166 Tainted: G B 4.17.0+ #22 [ 54.393057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.393057] Call Trace: [ 54.393057] dump_stack+0x185/0x1d0 [ 54.393057] panic+0x3d0/0x9b0 [ 54.393057] kmsan_report+0x29e/0x2a0 [ 54.393057] __msan_warning_32+0x70/0xc0 [ 54.393057] ip_tunnel_xmit+0x5dc/0x37c0 [ 54.393057] ? skb_push+0x16b/0x260 [ 54.393057] ipgre_xmit+0xe16/0xef0 [ 54.393057] ? ipgre_close+0x230/0x230 [ 54.393057] dev_hard_start_xmit+0x5f6/0xc80 [ 54.393057] __dev_queue_xmit+0x2ad2/0x3540 [ 54.393057] ? packet_sendmsg+0x6672/0x8cc0 [ 54.393057] dev_queue_xmit+0x4b/0x60 [ 54.393057] ? __netdev_pick_tx+0xb50/0xb50 [ 54.393057] packet_sendmsg+0x818b/0x8cc0 [ 54.393057] ? kmsan_set_origin+0x9e/0x160 [ 54.393057] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 54.393057] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 54.393057] ? copy_msghdr_from_user+0x72c/0x830 [ 54.393057] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 54.393057] ? compat_packet_setsockopt+0x360/0x360 [ 54.393057] ___sys_sendmsg+0xec8/0x1320 [ 54.393057] ? __fdget+0x4e/0x60 [ 54.393057] __x64_sys_sendmsg+0x331/0x460 [ 54.393057] ? ___sys_sendmsg+0x1320/0x1320 [ 54.393057] do_syscall_64+0x15b/0x230 [ 54.393057] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 54.393057] RIP: 0033:0x441199 [ 54.393057] RSP: 002b:00007fffa10f1cd8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e [ 54.393057] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199 [ 54.393057] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 54.393057] RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000 [ 54.393057] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100 [ 54.393057] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 54.393057] Dumping ftrace buffer: [ 54.393057] (ftrace buffer empty) [ 54.393057] Kernel Offset: disabled [ 54.393057] Rebooting in 86400 seconds..