[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 39.771781] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 40.228963] random: sshd: uninitialized urandom read (32 bytes read) [ 40.516783] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.414462] random: sshd: uninitialized urandom read (32 bytes read) [ 41.695693] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. [ 47.476559] random: sshd: uninitialized urandom read (32 bytes read) [ 47.625387] IPVS: ftp: loaded support on port[0] = 21 [ 47.824134] ip (4484) used greatest stack depth: 53688 bytes left [ 47.842817] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.849235] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.856853] device bridge_slave_0 entered promiscuous mode [ 47.881450] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.887861] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.895381] device bridge_slave_1 entered promiscuous mode [ 47.919686] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.944309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.015399] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.043829] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.153170] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.161264] team0: Port device team_slave_0 added [ 48.185470] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.192822] team0: Port device team_slave_1 added [ 48.217522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.245600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.273332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.300922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported [ 48.385011] ip (4529) used greatest stack depth: 53680 bytes left RTNETLINK answers: No buffer space available [ 48.531592] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.538160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.544923] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.551404] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 49.390835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.473528] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.553893] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.560159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.568822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.649295] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 50.111832] ================================================================== [ 50.112045] BUG: KMSAN: uninit-value in sit_tunnel_xmit+0x18c0/0x3640 [ 50.112045] CPU: 0 PID: 4467 Comm: syz-executor896 Not tainted 4.18.0-rc8+ #33 [ 50.112045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.112045] Call Trace: [ 50.112045] dump_stack+0x17c/0x1c0 [ 50.112045] kmsan_report+0x188/0x2a0 [ 50.112045] __msan_warning+0x70/0xc0 [ 50.112045] sit_tunnel_xmit+0x18c0/0x3640 [ 50.112045] ? validate_xmit_xfrm+0x73/0x13e0 [ 50.112045] ? ipip6_tunnel_uninit+0x7e0/0x7e0 [ 50.112045] dev_hard_start_xmit+0x5df/0xc20 [ 50.112045] __dev_queue_xmit+0x2eea/0x3a70 [ 50.112045] dev_queue_xmit+0x4b/0x60 [ 50.112045] ? __netdev_pick_tx+0xb20/0xb20 [ 50.112045] packet_sendmsg+0x7fb5/0x8ae0 [ 50.112045] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 50.112045] ? rw_copy_check_uvector+0x13f/0x710 [ 50.112045] ? __msan_poison_alloca+0x173/0x200 [ 50.112045] ? import_iovec+0xb4/0x5c0 [ 50.112045] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 50.112045] ___sys_sendmsg+0xe32/0x1250 [ 50.112045] ? compat_packet_setsockopt+0x360/0x360 [ 50.112045] __x64_sys_sendmsg+0x32d/0x460 [ 50.112045] ? ___sys_sendmsg+0x1250/0x1250 [ 50.112045] do_syscall_64+0x15b/0x220 [ 50.112045] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 50.112045] RIP: 0033:0x441149 [ 50.112045] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 50.112045] RSP: 002b:00007ffdb58f66a8 EFLAGS: 00000286 ORIG_RAX: 000000000000002e [ 50.112045] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441149 [ 50.112045] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 50.112045] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 50.112045] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004020b0 [ 50.112045] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 [ 50.112045] [ 50.112045] Uninit was created at: [ 50.112045] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 50.112045] kmsan_kmalloc+0x98/0x100 [ 50.112045] kmsan_slab_alloc+0x10/0x20 [ 50.112045] __kmalloc_node_track_caller+0xb4c/0x11d0 [ 50.112045] __alloc_skb+0x2ce/0x9b0 [ 50.112045] alloc_skb_with_frags+0x1d0/0xac0 [ 50.112045] sock_alloc_send_pskb+0xb47/0x1120 [ 50.112045] packet_sendmsg+0x6480/0x8ae0 [ 50.112045] ___sys_sendmsg+0xe32/0x1250 [ 50.112045] __x64_sys_sendmsg+0x32d/0x460 [ 50.112045] do_syscall_64+0x15b/0x220 [ 50.112045] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 50.112045] ================================================================== [ 50.112045] Disabling lock debugging due to kernel taint [ 50.112045] Kernel panic - not syncing: panic_on_warn set ... [ 50.112045] [ 50.112045] CPU: 0 PID: 4467 Comm: syz-executor896 Tainted: G B 4.18.0-rc8+ #33 [ 50.112045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.112045] Call Trace: [ 50.112045] dump_stack+0x17c/0x1c0 [ 50.112045] panic+0x3c3/0x9a0 [ 50.112045] kmsan_report+0x29e/0x2a0 [ 50.112045] __msan_warning+0x70/0xc0 [ 50.112045] sit_tunnel_xmit+0x18c0/0x3640 [ 50.112045] ? validate_xmit_xfrm+0x73/0x13e0 [ 50.112045] ? ipip6_tunnel_uninit+0x7e0/0x7e0 [ 50.112045] dev_hard_start_xmit+0x5df/0xc20 [ 50.112045] __dev_queue_xmit+0x2eea/0x3a70 [ 50.112045] dev_queue_xmit+0x4b/0x60 [ 50.112045] ? __netdev_pick_tx+0xb20/0xb20 [ 50.112045] packet_sendmsg+0x7fb5/0x8ae0 [ 50.112045] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 50.112045] ? rw_copy_check_uvector+0x13f/0x710 [ 50.112045] ? __msan_poison_alloca+0x173/0x200 [ 50.112045] ? import_iovec+0xb4/0x5c0 [ 50.112045] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 50.112045] ___sys_sendmsg+0xe32/0x1250 [ 50.112045] ? compat_packet_setsockopt+0x360/0x360 [ 50.112045] __x64_sys_sendmsg+0x32d/0x460 [ 50.112045] ? ___sys_sendmsg+0x1250/0x1250 [ 50.112045] do_syscall_64+0x15b/0x220 [ 50.112045] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 50.112045] RIP: 0033:0x441149 [ 50.112045] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 50.112045] RSP: 002b:00007ffdb58f66a8 EFLAGS: 00000286 ORIG_RAX: 000000000000002e [ 50.112045] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441149 [ 50.112045] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 50.112045] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 50.112045] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004020b0 [ 50.112045] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 [ 50.112045] Dumping ftrace buffer: [ 50.112045] (ftrace buffer empty) [ 50.112045] Kernel Offset: disabled [ 50.112045] Rebooting in 86400 seconds..