[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   29.956647] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.001758] random: sshd: uninitialized urandom read (32 bytes read)
[   34.417596] random: sshd: uninitialized urandom read (32 bytes read)
[   35.712800] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
[   41.258822] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/04 21:47:35 fuzzer started
2018/06/04 21:47:35 dialing manager at 10.128.0.26:45299
[   64.980959] can: request_module (can-proto-0) failed.
[   64.992074] can: request_module (can-proto-0) failed.
2018/06/04 21:48:00 kcov=true, comps=false
2018/06/04 21:48:06 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000040), &(0x7f0000000080)=0x4)

2018/06/04 21:48:06 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000000)=0x1, 0x4)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000cecffc), 0x4)
sendmsg$nl_generic(r1, &(0x7f00001cb000)={&(0x7f00008e5ff4)={0x10}, 0xc, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}, 0x1}, 0x0)
writev(r0, &(0x7f0000fdbff8)=[{&(0x7f0000ac9000)="290000002000190000003fffffffda060200000000e80001040000040d000300ea1100000005000000", 0x29}], 0x1)

2018/06/04 21:48:06 executing program 7:
perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x6)
syz_open_pts(r0, 0x0)
readv(r0, &(0x7f00000002c0), 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0)

2018/06/04 21:48:06 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
listen(r0, 0xffffffffffffff7f)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xffffffffffff882f}, 0x10)

2018/06/04 21:48:06 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040))
ioctl(r0, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970")
r1 = socket(0x18, 0x0, 0x1000000000000001)
openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x100000001}, 0x8)

2018/06/04 21:48:06 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970")
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil)

2018/06/04 21:48:06 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='rdma.max\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000180)="e7", 0x1}], 0x1)

2018/06/04 21:48:06 executing program 6:
r0 = socket$inet(0x10, 0x2, 0x6)
socket$inet6(0xa, 0x0, 0x0)
sendmsg(r0, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000006ff0)=[{&(0x7f0000005000)="10000000150061dd18c84c16290c729b", 0x10}], 0x1, &(0x7f0000001f88)}, 0x0)

[   73.581353] IPVS: ftp: loaded support on port[0] = 21
[   73.603993] IPVS: ftp: loaded support on port[0] = 21
[   73.657527] IPVS: ftp: loaded support on port[0] = 21
[   73.681528] IPVS: ftp: loaded support on port[0] = 21
[   73.684673] IPVS: ftp: loaded support on port[0] = 21
[   73.736709] IPVS: ftp: loaded support on port[0] = 21
[   73.738312] IPVS: ftp: loaded support on port[0] = 21
[   73.749333] IPVS: ftp: loaded support on port[0] = 21
[   75.272016] ip (4651) used greatest stack depth: 54520 bytes left
[   75.697948] ip (4690) used greatest stack depth: 54184 bytes left
[   76.167952] ip (4720) used greatest stack depth: 54040 bytes left
[   76.649381] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.655928] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.690138] device bridge_slave_0 entered promiscuous mode
[   76.930240] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.936706] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.961729] device bridge_slave_1 entered promiscuous mode
[   77.078100] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.084569] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.115862] device bridge_slave_0 entered promiscuous mode
[   77.131760] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.138219] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.161140] device bridge_slave_0 entered promiscuous mode
[   77.189495] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.195983] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.221804] device bridge_slave_0 entered promiscuous mode
[   77.230511] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.236953] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.251021] device bridge_slave_0 entered promiscuous mode
[   77.296109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.303934] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.310406] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.339449] device bridge_slave_1 entered promiscuous mode
[   77.363540] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.370014] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.397001] device bridge_slave_0 entered promiscuous mode
[   77.419280] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.425723] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.445234] device bridge_slave_1 entered promiscuous mode
[   77.462508] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.468958] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.485002] device bridge_slave_1 entered promiscuous mode
[   77.498627] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.505122] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.526161] device bridge_slave_1 entered promiscuous mode
[   77.541315] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.547794] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.561504] device bridge_slave_0 entered promiscuous mode
[   77.570446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.578479] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.584931] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.610993] device bridge_slave_0 entered promiscuous mode
[   77.630218] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.636697] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.650259] device bridge_slave_1 entered promiscuous mode
[   77.661665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.670229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.684391] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.694997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.715718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.732798] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.739260] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.794220] device bridge_slave_1 entered promiscuous mode
[   77.822591] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.829102] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.868141] device bridge_slave_1 entered promiscuous mode
[   77.895100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.908430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.918165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.958143] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.967504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   78.051498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   78.094174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   78.178479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   78.303401] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.314230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   78.336889] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.549963] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   78.572625] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.588132] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.598422] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   78.657482] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.684103] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.765209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   78.772203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   78.822766] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   78.829783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   78.845497] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.860680] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   78.869890] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   78.880791] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   78.926552] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.938630] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   79.001105] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.008356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.048297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.057181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.084208] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.091202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.116368] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   79.127630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.141089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.160249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.167211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.177596] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.191540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.264342] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   79.318408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.325395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.346455] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.353536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.378002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.385517] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.394612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.404396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.446291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.487847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.548358] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.555337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.584959] ip (4967) used greatest stack depth: 53768 bytes left
[   79.592182] ==================================================================
[   79.599557] BUG: KMSAN: uninit-value in do_syslog+0x39c1/0x3be0
[   79.605623] CPU: 0 PID: 4361 Comm: rsyslogd Not tainted 4.17.0-rc5+ #103
[   79.612452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.621815] Call Trace:
[   79.624407]  dump_stack+0x185/0x1d0
[   79.628039]  ? do_syslog+0x39c1/0x3be0
[   79.631931]  kmsan_report+0x149/0x260
[   79.635725]  __msan_warning_32+0x6e/0xc0
[   79.639777]  do_syslog+0x39c1/0x3be0
[   79.643484]  ? init_wait_entry+0x1a0/0x1a0
[   79.647717]  kmsg_read+0x142/0x1a0
[   79.651247]  ? mmap_vmcore_fault+0x30/0x30
[   79.655473]  proc_reg_read+0x1de/0x2f0
[   79.659360]  ? proc_reg_llseek+0x260/0x260
[   79.663597]  __vfs_read+0x1a5/0x9b0
[   79.667229]  vfs_read+0x36c/0x6b0
[   79.670687]  __x64_sys_read+0x1bf/0x3e0
[   79.674660]  do_syscall_64+0x152/0x230
[   79.678550]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   79.683735] RIP: 0033:0x7f64509781fd
[   79.687442] RSP: 002b:00007f644df17e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   79.691607] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   79.695146] RAX: ffffffffffffffda RBX: 0000000000699670 RCX: 00007f64509781fd
[   79.695153] RDX: 0000000000000fff RSI: 00007f644f74c5a0 RDI: 0000000000000004
[   79.695160] RBP: 0000000000000000 R08: 0000000000684260 R09: 0000000000000000
[   79.695167] R10: 625f6f745f306874 R11: 0000000000000293 R12: 000000000065e420
[   79.695174] R13: 00007f644df189c0 R14: 00007f6450fbd040 R15: 0000000000000003
[   79.695183] 
[   79.695186] Uninit was stored to memory at:
[   79.695229]  kmsan_internal_chain_origin+0x12b/0x210
[   79.702683] team0: Port device team_slave_0 added
[   79.709478]  __msan_chain_origin+0x69/0xc0
[   79.709491]  log_store+0x13fc/0x14b0
[   79.709501]  vprintk_emit+0xc44/0xff0
[   79.709511]  vprintk_default+0x90/0xa0
[   79.709543]  vprintk_func+0x517/0x700
[   79.773751]  printk+0x1b6/0x1f0
[   79.777032]  do_exit+0x3377/0x38d0
[   79.780579]  do_group_exit+0x1a0/0x360
[   79.784464]  __do_sys_exit_group+0x21/0x30
[   79.788698]  __se_sys_exit_group+0x14/0x20
[   79.792931]  __x64_sys_exit_group+0x4c/0x50
[   79.795882] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   79.797244]  do_syscall_64+0x152/0x230
[   79.797257]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   79.797262] Local variable description: ----tlb.i@ldt_arch_exit_mmap
[   79.797265] Variable was created at:
[   79.797274]  ldt_arch_exit_mmap+0x46/0x160
[   79.797283]  exit_mmap+0x3ef/0x970
[   79.797307] Disabling lock debugging due to kernel taint
[   79.821242] team0: Port device team_slave_1 added
[   79.823160] Kernel panic - not syncing: panic_on_warn set ...
[   79.823160] 
[   79.823176] CPU: 0 PID: 4361 Comm: rsyslogd Tainted: G    B             4.17.0-rc5+ #103
[   79.823182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.823186] Call Trace:
[   79.823201]  dump_stack+0x185/0x1d0
[   79.823233]  panic+0x39d/0x940
[   79.875501]  ? do_syslog+0x39c1/0x3be0
[   79.879391]  kmsan_report+0x260/0x260
[   79.883191]  __msan_warning_32+0x6e/0xc0
[   79.887245]  do_syslog+0x39c1/0x3be0
[   79.890953]  ? init_wait_entry+0x1a0/0x1a0
[   79.895196]  kmsg_read+0x142/0x1a0
[   79.898819]  ? mmap_vmcore_fault+0x30/0x30
[   79.903073]  proc_reg_read+0x1de/0x2f0
[   79.906961]  ? proc_reg_llseek+0x260/0x260
[   79.911194]  __vfs_read+0x1a5/0x9b0
[   79.914823]  vfs_read+0x36c/0x6b0
[   79.918277]  __x64_sys_read+0x1bf/0x3e0
[   79.922250]  do_syscall_64+0x152/0x230
[   79.926139]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   79.931317] RIP: 0033:0x7f64509781fd
[   79.935023] RSP: 002b:00007f644df17e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   79.942730] RAX: ffffffffffffffda RBX: 0000000000699670 RCX: 00007f64509781fd
[   79.950015] RDX: 0000000000000fff RSI: 00007f644f74c5a0 RDI: 0000000000000004
[   79.957287] RBP: 0000000000000000 R08: 0000000000684260 R09: 0000000000000000
[   79.964556] R10: 625f6f745f306874 R11: 0000000000000293 R12: 000000000065e420
[   79.971829] R13: 00007f644df189c0 R14: 00007f6450fbd040 R15: 0000000000000003
[   79.979582] Dumping ftrace buffer:
[   79.983106]    (ftrace buffer empty)
[   79.986788] Kernel Offset: disabled
[   79.990405] Rebooting in 86400 seconds..